Example 6 with PrincipalManager
use of org.apache.jackrabbit.api.security.principal.PrincipalManager in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testTestSessionGetPolicies.
@Test
public void testTestSessionGetPolicies() throws Exception {
setupPolicy(testPath);
root.commit();
Root testRoot = getTestRoot();
testRoot.refresh();
JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
PrincipalManager testPrincipalMgr = getPrincipalManager(testRoot);
List<Principal> principals = ImmutableList.of(testPrincipal, EveryonePrincipal.getInstance());
for (Principal principal : principals) {
if (testPrincipalMgr.hasPrincipal(principal.getName())) {
// testRoot can't read access control content -> doesn't see
// the existing policies and creates a new applicable policy.
AccessControlPolicy[] policies = testAcMgr.getPolicies(principal);
assertNotNull(policies);
assertEquals(0, policies.length);
} else {
// testRoot can't read principal -> no policies for that principal
assertEquals(0, testAcMgr.getPolicies(principal).length);
}
}
}
Also used :
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
Root(org.apache.jackrabbit.oak.api.Root)
Principal(java.security.Principal)
EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 7 with PrincipalManager
use of org.apache.jackrabbit.api.security.principal.PrincipalManager in project jackrabbit by apache.
the class ImpersonationImpl method getImpersonators.
//------------------------------------------------------< Impersonation >---
/**
* @see Impersonation#getImpersonators()
*/
public PrincipalIterator getImpersonators() throws RepositoryException {
Set<String> impersonators = getImpersonatorNames();
if (impersonators.isEmpty()) {
return PrincipalIteratorAdapter.EMPTY;
} else {
final PrincipalManager pMgr = user.getSession().getPrincipalManager();
Set<Principal> s = new HashSet<Principal>();
for (String pName : impersonators) {
Principal p = pMgr.getPrincipal(pName);
if (p == null) {
log.debug("Impersonator " + pName + " does not correspond to a known Principal.");
p = new PrincipalImpl(pName);
}
s.add(p);
}
return new PrincipalIteratorAdapter(s);
}
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
PrincipalIteratorAdapter(org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter)
Principal(java.security.Principal)
PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)
HashSet(java.util.HashSet)
Example 8 with PrincipalManager
use of org.apache.jackrabbit.api.security.principal.PrincipalManager in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method createPolicy.
private ACL createPolicy(@Nullable String path) {
final PrincipalManager pm = getPrincipalManager(root);
final PrivilegeManager pvMgr = getPrivilegeManager(root);
final RestrictionProvider rp = getRestrictionProvider();
return new ACL(path, null, getNamePathMapper()) {
@Override
ACE createACE(Principal principal, PrivilegeBits privilegeBits, boolean isAllow, Set<Restriction> restrictions) {
throw new UnsupportedOperationException();
}
@Override
boolean checkValidPrincipal(Principal principal) throws AccessControlException {
Util.checkValidPrincipal(principal, pm);
return true;
}
@Override
PrivilegeManager getPrivilegeManager() {
return pvMgr;
}
@Override
PrivilegeBits getPrivilegeBits(Privilege[] privileges) {
return getBitsProvider().getBits(privileges, getNamePathMapper());
}
@Nonnull
@Override
public RestrictionProvider getRestrictionProvider() {
return rp;
}
};
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
Sets.newHashSet(com.google.common.collect.Sets.newHashSet)
ImmutableSet(com.google.common.collect.ImmutableSet)
Set(java.util.Set)
HashSet(java.util.HashSet)
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
RestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)
TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL)
PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)
Principal(java.security.Principal)
EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)
Example 9 with PrincipalManager
use of org.apache.jackrabbit.api.security.principal.PrincipalManager in project jackrabbit by apache.
the class JackrabbitAccessControlListTest method getValidPrincipal.
private Principal getValidPrincipal() throws NotExecutableException, RepositoryException {
if (!(superuser instanceof JackrabbitSession)) {
throw new NotExecutableException();
}
PrincipalManager pMgr = ((JackrabbitSession) superuser).getPrincipalManager();
PrincipalIterator it = pMgr.getPrincipals(PrincipalManager.SEARCH_TYPE_NOT_GROUP);
if (it.hasNext()) {
return it.nextPrincipal();
} else {
throw new NotExecutableException();
}
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
PrincipalIterator(org.apache.jackrabbit.api.security.principal.PrincipalIterator)
JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)
Example 10 with PrincipalManager
use of org.apache.jackrabbit.api.security.principal.PrincipalManager in project jackrabbit by apache.
the class ACLProvider method initRootACL.
/**
* Set-up minimal permissions for the workspace:
*
* <ul>
* <li>'adminstrators' principal -> all privileges</li>
* <li>'everyone' -> read privilege</li>
* </ul>
*
* @param session to the workspace to set-up initial ACL to
* @param editor for the specified session.
* @throws RepositoryException If an error occurs.
*/
private static void initRootACL(SessionImpl session, AccessControlEditor editor) throws RepositoryException {
try {
log.debug("Install initial ACL:...");
String rootPath = session.getRootNode().getPath();
AccessControlPolicy[] acls = editor.editAccessControlPolicies(rootPath);
if (acls.length > 0) {
ACLTemplate acl = (ACLTemplate) acls[0];
PrincipalManager pMgr = session.getPrincipalManager();
AccessControlManager acMgr = session.getAccessControlManager();
String pName = SecurityConstants.ADMINISTRATORS_NAME;
if (pMgr.hasPrincipal(pName)) {
Principal administrators = pMgr.getPrincipal(pName);
log.debug("... Privilege.ALL for administrators.");
Privilege[] privs = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_ALL) };
acl.addAccessControlEntry(administrators, privs);
} else {
log.info("Administrators principal group is missing -> omitting initialization of default permissions.");
}
Principal everyone = pMgr.getEveryone();
log.debug("... Privilege.READ for everyone.");
Privilege[] privs = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ) };
acl.addAccessControlEntry(everyone, privs);
editor.setPolicy(rootPath, acl);
session.save();
} else {
log.info("No applicable ACL available for the root node -> skip initialization of the root node's ACL.");
}
} catch (RepositoryException e) {
log.error("Failed to set-up minimal access control for root node of workspace " + session.getWorkspace().getName());
session.getRootNode().refresh(false);
}
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
AccessControlManager(javax.jcr.security.AccessControlManager)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
RepositoryException(javax.jcr.RepositoryException)
Privilege(javax.jcr.security.Privilege)
Principal(java.security.Principal)
Aggregations
PrincipalManager (org.apache.jackrabbit.api.security.principal.PrincipalManager)27
Principal (java.security.Principal)16
Test (org.junit.Test)11
JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)9
PrincipalIterator (org.apache.jackrabbit.api.security.principal.PrincipalIterator)9
HashSet (java.util.HashSet)6
RepositoryException (javax.jcr.RepositoryException)6
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)6
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)4
Session (javax.jcr.Session)3
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)3
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)3
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)3
Group (org.apache.jackrabbit.api.security.user.Group)3
NodeImpl (org.apache.jackrabbit.core.NodeImpl)3
PrincipalImpl (org.apache.jackrabbit.core.security.principal.PrincipalImpl)3
AbstractCompositeConfigurationTest (org.apache.jackrabbit.oak.spi.security.AbstractCompositeConfigurationTest)3
EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)3
Group (java.security.acl.Group)2
ArrayList (java.util.ArrayList)2
