Search in sources :

Example 1 with TestPrincipal

use of org.apache.jackrabbit.core.security.TestPrincipal in project jackrabbit by apache.

the class WriteTest method testEditor2.

public void testEditor2() throws NotExecutableException, RepositoryException {
    UserManager uMgr = getUserManager(superuser);
    User u = null;
    User u2 = null;
    try {
        u = uMgr.createUser("t", "t");
        u2 = uMgr.createUser("tt", "tt", new TestPrincipal("tt"), "t/tt");
        if (!uMgr.isAutoSave()) {
            superuser.save();
        }
        Principal p = u.getPrincipal();
        Principal p2 = u2.getPrincipal();
        if (p instanceof ItemBasedPrincipal && p2 instanceof ItemBasedPrincipal && Text.isDescendant(((ItemBasedPrincipal) p).getPath(), ((ItemBasedPrincipal) p2).getPath())) {
            JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) getAccessControlManager(superuser);
            JackrabbitAccessControlPolicy[] acls = acMgr.getApplicablePolicies(p2);
            acMgr.setPolicy(acls[0].getPath(), acls[0]);
            acls = acMgr.getApplicablePolicies(p);
            String path = acls[0].getPath();
            Node n = superuser.getNode(path);
            assertEquals("rep:PrincipalAccessControl", n.getPrimaryNodeType().getName());
        } else {
            throw new NotExecutableException();
        }
    } finally {
        superuser.refresh(false);
        if (u2 != null)
            u2.remove();
        if (u != null)
            u.remove();
        if (!uMgr.isAutoSave()) {
            superuser.save();
        }
    }
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) User(org.apache.jackrabbit.api.security.user.User) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) NotExecutableException(org.apache.jackrabbit.test.NotExecutableException) UserManager(org.apache.jackrabbit.api.security.user.UserManager) Node(javax.jcr.Node) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) Principal(java.security.Principal)

Example 2 with TestPrincipal

use of org.apache.jackrabbit.core.security.TestPrincipal in project jackrabbit by apache.

the class WriteTest method testMultipleGroupPermissionsOnNode2.

public void testMultipleGroupPermissionsOnNode2() throws NotExecutableException, RepositoryException {
    Group testGroup = getTestGroup();
    /* create a second group the test user is member of */
    Principal principal = new TestPrincipal("testGroup" + UUID.randomUUID());
    UserManager umgr = getUserManager(superuser);
    Group group2 = umgr.createGroup(principal);
    try {
        group2.addMember(testUser);
        if (!umgr.isAutoSave() && superuser.hasPendingChanges()) {
            superuser.save();
        }
        /* add privileges for the Group the test-user is member of */
        Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        withdrawPrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));
        givePrivileges(path, group2.getPrincipal(), privileges, getRestrictions(superuser, path));
        /*
             testuser must get the permissions/privileges inherited from
             the group it is member of.
             granting permissions for group2 must be effective
            */
        String actions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;
        AccessControlManager testAcMgr = getTestACManager();
        assertTrue(getTestSession().hasPermission(path, actions));
        Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        assertTrue(testAcMgr.hasPrivileges(path, privs));
    } finally {
        group2.remove();
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Group(org.apache.jackrabbit.api.security.user.Group) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) UserManager(org.apache.jackrabbit.api.security.user.UserManager) Privilege(javax.jcr.security.Privilege) EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) Principal(java.security.Principal)

Example 3 with TestPrincipal

use of org.apache.jackrabbit.core.security.TestPrincipal in project jackrabbit by apache.

the class WriteTest method testReorderGroupPermissions.

public void testReorderGroupPermissions() throws NotExecutableException, RepositoryException {
    Group testGroup = getTestGroup();
    /* create a second group the test user is member of */
    Principal principal = new TestPrincipal("testGroup" + UUID.randomUUID());
    UserManager umgr = getUserManager(superuser);
    Group group2 = umgr.createGroup(principal);
    try {
        group2.addMember(testUser);
        if (!umgr.isAutoSave() && superuser.hasPendingChanges()) {
            superuser.save();
        }
        /* add privileges for the Group the test-user is member of */
        Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        withdrawPrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));
        givePrivileges(path, group2.getPrincipal(), privileges, getRestrictions(superuser, path));
        /*
             testuser must get the permissions/privileges inherited from
             the group it is member of.
             granting permissions for group2 must be effective
            */
        String actions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;
        AccessControlManager testAcMgr = getTestACManager();
        assertTrue(getTestSession().hasPermission(path, actions));
        Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        assertTrue(testAcMgr.hasPrivileges(path, privs));
        // reorder the ACEs
        AccessControlEntry srcEntry = null;
        AccessControlEntry destEntry = null;
        JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acMgr.getPolicies(path)[0];
        for (AccessControlEntry entry : acl.getAccessControlEntries()) {
            Principal princ = entry.getPrincipal();
            if (testGroup.getPrincipal().equals(princ)) {
                destEntry = entry;
            } else if (group2.getPrincipal().equals(princ)) {
                srcEntry = entry;
            }
        }
        acl.orderBefore(srcEntry, destEntry);
        acMgr.setPolicy(path, acl);
        superuser.save();
        /* after reordering the permissions must be denied */
        assertFalse(getTestSession().hasPermission(path, actions));
        assertFalse(testAcMgr.hasPrivileges(path, privs));
    } finally {
        group2.remove();
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Group(org.apache.jackrabbit.api.security.user.Group) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) UserManager(org.apache.jackrabbit.api.security.user.UserManager) AccessControlEntry(javax.jcr.security.AccessControlEntry) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) Principal(java.security.Principal)

Example 4 with TestPrincipal

use of org.apache.jackrabbit.core.security.TestPrincipal in project jackrabbit by apache.

the class WriteTest method testMultipleGroupPermissionsOnNode.

public void testMultipleGroupPermissionsOnNode() throws NotExecutableException, RepositoryException {
    Group testGroup = getTestGroup();
    /* create a second group the test user is member of */
    Principal principal = new TestPrincipal("testGroup" + UUID.randomUUID());
    UserManager umgr = getUserManager(superuser);
    Group group2 = umgr.createGroup(principal);
    try {
        group2.addMember(testUser);
        if (!umgr.isAutoSave() && superuser.hasPendingChanges()) {
            superuser.save();
        }
        /* add privileges for the Group the test-user is member of */
        Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        givePrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));
        withdrawPrivileges(path, group2.getPrincipal(), privileges, getRestrictions(superuser, path));
        /*
             testuser must get the permissions/privileges inherited from
             the group it is member of.
             the denial of group2 must succeed
            */
        String actions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;
        AccessControlManager testAcMgr = getTestACManager();
        assertFalse(getTestSession().hasPermission(path, actions));
        Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        assertFalse(testAcMgr.hasPrivileges(path, privs));
    } finally {
        group2.remove();
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Group(org.apache.jackrabbit.api.security.user.Group) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) UserManager(org.apache.jackrabbit.api.security.user.UserManager) Privilege(javax.jcr.security.Privilege) EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) Principal(java.security.Principal)

Example 5 with TestPrincipal

use of org.apache.jackrabbit.core.security.TestPrincipal in project jackrabbit by apache.

the class DefaultPrincipalProviderTest method testCacheDoesntContainTestPrincipalImpl.

/**
     *
     * @throws Exception
     */
public void testCacheDoesntContainTestPrincipalImpl() throws Exception {
    Set<Principal> principals = getPrincipalSetFromSession(superuser);
    for (Principal p : principals) {
        Principal testPrinc = new TestPrincipal(p.getName());
        principalProvider.getGroupMembership(testPrinc);
        Principal fromProvider = principalProvider.getPrincipal(p.getName());
        assertNotSame(testPrinc, fromProvider);
        assertFalse(fromProvider instanceof TestPrincipal);
    }
}
Also used : TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) Principal(java.security.Principal)

Aggregations

TestPrincipal (org.apache.jackrabbit.core.security.TestPrincipal)18 Principal (java.security.Principal)16 EveryonePrincipal (org.apache.jackrabbit.core.security.principal.EveryonePrincipal)7 Privilege (javax.jcr.security.Privilege)6 UserManager (org.apache.jackrabbit.api.security.user.UserManager)6 AccessControlException (javax.jcr.security.AccessControlException)5 JackrabbitAccessControlEntry (org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry)5 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)5 Group (org.apache.jackrabbit.api.security.user.Group)5 AccessControlEntry (javax.jcr.security.AccessControlEntry)4 Node (javax.jcr.Node)3 RepositoryException (javax.jcr.RepositoryException)3 AccessControlManager (javax.jcr.security.AccessControlManager)3 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)3 Value (javax.jcr.Value)2 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)2 User (org.apache.jackrabbit.api.security.user.User)2 HashMap (java.util.HashMap)1 InvalidItemStateException (javax.jcr.InvalidItemStateException)1 Session (javax.jcr.Session)1