Example 61 with SessionImpl
use of org.apache.jackrabbit.core.SessionImpl in project jackrabbit by apache.
the class UserAccessControlProviderTest method testNodeRemovedForPrincipal.
public void testNodeRemovedForPrincipal() throws RepositoryException, NotExecutableException {
Principal testPrincipal = getTestPrincipal();
final User u = getUserManager(superuser).createUser(testPrincipal.getName(), "pw");
save(superuser);
Path rootPath = ((SessionImpl) s).getQPath("/");
CompiledPermissions cp = null;
try {
Set<Principal> principals = Collections.singleton(u.getPrincipal());
cp = provider.compilePermissions(principals);
assertTrue(cp.canReadAll());
assertTrue(cp.grants(rootPath, Permission.READ));
assertNotSame(CompiledPermissions.NO_PERMISSION, cp);
} finally {
// remove the user to assert that the path doesn't point to an
// existing node any more -> userNode cannot be resolved any more -> permissions denied.
u.remove();
save(superuser);
if (cp != null) {
assertFalse(cp.canReadAll());
assertFalse(cp.grants(rootPath, Permission.READ));
assertTrue(cp.getPrivilegeSet(rootPath).isEmpty());
}
}
}
Also used :
Path(org.apache.jackrabbit.spi.Path)
User(org.apache.jackrabbit.api.security.user.User)
SessionImpl(org.apache.jackrabbit.core.SessionImpl)
CompiledPermissions(org.apache.jackrabbit.core.security.authorization.CompiledPermissions)
Principal(java.security.Principal)
ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)
Example 62 with SessionImpl
use of org.apache.jackrabbit.core.SessionImpl in project jackrabbit by apache.
the class UserManagerImplTest method testEnforceAuthorizableFolderHierarchy.
/**
* Implementation specific test: user(/groups) cannot be nested.
* @throws RepositoryException
*/
public void testEnforceAuthorizableFolderHierarchy() throws RepositoryException {
AuthorizableImpl authImpl = (AuthorizableImpl) userMgr.getAuthorizable(superuser.getUserID());
Node userNode = authImpl.getNode();
SessionImpl sImpl = (SessionImpl) userNode.getSession();
Node folder = userNode.addNode("folder", sImpl.getJCRName(UserConstants.NT_REP_AUTHORIZABLE_FOLDER));
String path = folder.getPath();
try {
// authNode - authFolder -> create User
Authorizable a = null;
try {
Principal p = getTestPrincipal();
a = userMgr.createUser(p.getName(), p.getName(), p, path);
fail("Users may not be nested.");
} catch (RepositoryException e) {
// success
} finally {
if (a != null) {
a.remove();
}
}
} finally {
if (sImpl.nodeExists(path)) {
folder.remove();
sImpl.save();
}
}
Node someContent = userNode.addNode("mystuff", "nt:unstructured");
path = someContent.getPath();
try {
// authNode - anyNode -> create User
Authorizable a = null;
try {
Principal p = getTestPrincipal();
a = userMgr.createUser(p.getName(), p.getName(), p, someContent.getPath());
fail("Users may not be nested.");
} catch (RepositoryException e) {
// success
} finally {
if (a != null) {
a.remove();
a = null;
}
}
// authNode - anyNode - authFolder -> create User
if (!sImpl.nodeExists(path)) {
someContent = userNode.addNode("mystuff", "nt:unstructured");
}
folder = someContent.addNode("folder", sImpl.getJCRName(UserConstants.NT_REP_AUTHORIZABLE_FOLDER));
// this time save node structure
sImpl.save();
try {
Principal p = getTestPrincipal();
a = userMgr.createUser(p.getName(), p.getName(), p, folder.getPath());
fail("Users may not be nested.");
} catch (RepositoryException e) {
// success
} finally {
if (a != null) {
a.remove();
}
}
} finally {
if (sImpl.nodeExists(path)) {
someContent.remove();
sImpl.save();
}
}
}
Also used :
Node(javax.jcr.Node)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
RepositoryException(javax.jcr.RepositoryException)
SessionImpl(org.apache.jackrabbit.core.SessionImpl)
EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal)
TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal)
Principal(java.security.Principal)
Example 63 with SessionImpl
use of org.apache.jackrabbit.core.SessionImpl in project jackrabbit by apache.
the class UserImporterTest method setUp.
@Override
protected void setUp() throws Exception {
super.setUp();
if (!(superuser instanceof SessionImpl)) {
throw new NotExecutableException("SessionImpl expected.");
}
sImpl = (SessionImpl) superuser;
UserManager umgr = sImpl.getUserManager();
if (umgr.isAutoSave()) {
try {
umgr.autoSave(false);
} catch (RepositoryException e) {
// -> test not executable
throw new NotExecutableException("Expected user manager that can have its autosave behavior changed to false.");
}
}
this.umgr = (UserManagerImpl) umgr;
// avoid collision with testing a-folders that may have been created
// with another test (but not removed as user/groups got removed)
String path = this.umgr.getUsersPath() + "/t";
if (sImpl.nodeExists(path)) {
sImpl.getNode(path).remove();
}
path = this.umgr.getGroupsPath() + "/g";
if (sImpl.nodeExists(path)) {
sImpl.getNode(path).remove();
}
sImpl.save();
// make sure the target node for group-import exists
Authorizable administrators = umgr.getAuthorizable(SecurityConstants.ADMINISTRATORS_NAME);
if (administrators == null) {
groupIdToRemove = umgr.createGroup(new PrincipalImpl(SecurityConstants.ADMINISTRATORS_NAME)).getID();
sImpl.save();
} else if (!administrators.isGroup()) {
throw new NotExecutableException("Expected " + administrators.getID() + " to be a group.");
}
}
Also used :
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
RepositoryException(javax.jcr.RepositoryException)
SessionImpl(org.apache.jackrabbit.core.SessionImpl)
PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)
Example 64 with SessionImpl
use of org.apache.jackrabbit.core.SessionImpl in project jackrabbit by apache.
the class UserManagerImplTest method setUp.
@Override
protected void setUp() throws Exception {
super.setUp();
if (!(userMgr instanceof UserManagerImpl)) {
throw new NotExecutableException("UserManagerImpl expected -> cannot perform test.");
}
NameResolver resolver = (SessionImpl) superuser;
pPrincipalName = resolver.getJCRName(UserConstants.P_PRINCIPAL_NAME);
}
Also used :
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
SessionImpl(org.apache.jackrabbit.core.SessionImpl)
NameResolver(org.apache.jackrabbit.spi.commons.conversion.NameResolver)
Example 65 with SessionImpl
use of org.apache.jackrabbit.core.SessionImpl in project pentaho-platform by pentaho.
the class PentahoEntry method readEntries.
static List<PentahoEntry> readEntries(NodeImpl aclNode, String path) throws RepositoryException {
if (aclNode == null || !NT_REP_ACL.equals(aclNode.getPrimaryNodeTypeName())) {
throw new IllegalArgumentException("Node must be of type 'rep:ACL'");
}
SessionImpl sImpl = (SessionImpl) aclNode.getSession();
PrincipalManager principalMgr = sImpl.getPrincipalManager();
PrivilegeManagerImpl privilegeMgr = (PrivilegeManagerImpl) ((JackrabbitWorkspace) sImpl.getWorkspace()).getPrivilegeManager();
NodeId nodeId = aclNode.getParentId();
List<PentahoEntry> entries = new ArrayList<PentahoEntry>();
// load the entries:
NodeIterator itr = aclNode.getNodes();
while (itr.hasNext()) {
NodeImpl aceNode = (NodeImpl) itr.nextNode();
try {
String principalName = aceNode.getProperty(P_PRINCIPAL_NAME).getString();
boolean isGroupEntry = false;
Principal princ = principalMgr.getPrincipal(principalName);
if (princ != null) {
isGroupEntry = (princ instanceof Group);
}
InternalValue[] privValues = aceNode.getProperty(P_PRIVILEGES).internalGetValues();
Name[] privNames = new Name[privValues.length];
for (int i = 0; i < privValues.length; i++) {
privNames[i] = privValues[i].getName();
}
Value globValue = null;
if (aceNode.hasProperty(P_GLOB)) {
globValue = aceNode.getProperty(P_GLOB).getValue();
}
boolean isAllow = NT_REP_GRANT_ACE.equals(aceNode.getPrimaryNodeTypeName());
PentahoEntry ace = new PentahoEntry(nodeId, principalName, isGroupEntry, privilegeMgr.getBits(privNames), isAllow, path, globValue);
entries.add(ace);
} catch (RepositoryException e) {
log.debug("Failed to build ACE from content. {}", e.getMessage());
}
}
return entries;
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
NodeIterator(javax.jcr.NodeIterator)
Group(java.security.acl.Group)
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
ArrayList(java.util.ArrayList)
RepositoryException(javax.jcr.RepositoryException)
InternalValue(org.apache.jackrabbit.core.value.InternalValue)
Name(org.apache.jackrabbit.spi.Name)
NodeId(org.apache.jackrabbit.core.id.NodeId)
InternalValue(org.apache.jackrabbit.core.value.InternalValue)
Value(javax.jcr.Value)
SessionImpl(org.apache.jackrabbit.core.SessionImpl)
Principal(java.security.Principal)
PrivilegeManagerImpl(org.apache.jackrabbit.core.security.authorization.PrivilegeManagerImpl)
Aggregations
SessionImpl (org.apache.jackrabbit.core.SessionImpl)66
RepositoryException (javax.jcr.RepositoryException)17
Node (javax.jcr.Node)12
Value (javax.jcr.Value)12
Name (org.apache.jackrabbit.spi.Name)12
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)11
Session (javax.jcr.Session)10
NodeImpl (org.apache.jackrabbit.core.NodeImpl)9
NodeId (org.apache.jackrabbit.core.id.NodeId)9
Principal (java.security.Principal)8
NodeIterator (javax.jcr.NodeIterator)7
Privilege (javax.jcr.security.Privilege)7
DataStoreGarbageCollector (org.apache.jackrabbit.api.management.DataStoreGarbageCollector)7
UserManager (org.apache.jackrabbit.api.security.user.UserManager)6
Path (org.apache.jackrabbit.spi.Path)6
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)5
PathMap (org.apache.jackrabbit.spi.commons.name.PathMap)5
ArrayList (java.util.ArrayList)4
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)4
GarbageCollector (org.apache.jackrabbit.core.gc.GarbageCollector)4
