Example 16 with TreeLocation
use of org.apache.jackrabbit.oak.plugins.tree.TreeLocation in project jackrabbit-oak by apache.
the class PermissionsTest method testGetPermissionsFromActions.
@Test
public void testGetPermissionsFromActions() {
TreeLocation tl = TreeLocation.create(existingTree);
Map<String, Long> map = ImmutableMap.of(Session.ACTION_READ, Permissions.READ_NODE, Session.ACTION_READ + "," + Session.ACTION_REMOVE, Permissions.READ_NODE | Permissions.REMOVE_NODE);
for (Map.Entry<String, Long> entry : map.entrySet()) {
assertEquals(entry.getValue().longValue(), Permissions.getPermissions(entry.getKey(), tl, false));
}
}
Also used :
TreeLocation(org.apache.jackrabbit.oak.plugins.tree.TreeLocation)
HashMap(java.util.HashMap)
Map(java.util.Map)
ImmutableMap(com.google.common.collect.ImmutableMap)
Test(org.junit.Test)
Example 17 with TreeLocation
use of org.apache.jackrabbit.oak.plugins.tree.TreeLocation in project jackrabbit-oak by apache.
the class CugPermissionProviderTest method testIsGrantedByLocation.
/**
* @see org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider#isGranted(org.apache.jackrabbit.oak.plugins.tree.TreeLocation, long)
*/
@Test
public void testIsGrantedByLocation() throws Exception {
for (String p : NOT_READABLE_PATHS) {
TreeLocation location = TreeLocation.create(root, p);
assertFalse(cugPermProvider.isGranted(location, Permissions.READ));
assertFalse(cugPermProvider.isGranted(location, Permissions.READ_NODE));
assertFalse(cugPermProvider.isGranted(location, Permissions.READ_PROPERTY));
assertFalse(cugPermProvider.isGranted(location, Permissions.ALL));
assertFalse(cugPermProvider.isGranted(location, Permissions.ADD_NODE));
assertFalse(cugPermProvider.isGranted(location, Permissions.READ_ACCESS_CONTROL));
}
for (String p : READABLE_PATHS) {
TreeLocation location = TreeLocation.create(root, p);
assertTrue(cugPermProvider.isGranted(location, Permissions.READ));
assertTrue(cugPermProvider.isGranted(location, Permissions.READ_NODE));
assertTrue(cugPermProvider.isGranted(location, Permissions.READ_PROPERTY));
assertFalse(cugPermProvider.isGranted(location, Permissions.ALL));
assertFalse(cugPermProvider.isGranted(location, Permissions.ADD_NODE));
assertFalse(cugPermProvider.isGranted(location, Permissions.READ_ACCESS_CONTROL));
}
}
Also used :
TreeLocation(org.apache.jackrabbit.oak.plugins.tree.TreeLocation)
Test(org.junit.Test)
Example 18 with TreeLocation
use of org.apache.jackrabbit.oak.plugins.tree.TreeLocation in project jackrabbit-oak by apache.
the class CugPermissionProviderTest method testIsGrantedNonExistingLocation.
/**
* @see org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider#isGranted(org.apache.jackrabbit.oak.plugins.tree.TreeLocation, long)
*/
@Test
public void testIsGrantedNonExistingLocation() throws Exception {
ContentSession anonymous = login(new GuestCredentials());
try {
// additionally create a root that doesn't have access to the root node
Root anonymousRoot = anonymous.getLatestRoot();
for (Root r : new Root[] { anonymousRoot, root }) {
TreeLocation location = TreeLocation.create(r, "/path/to/non/existing/tree");
assertFalse(cugPermProvider.isGranted(location, Permissions.READ));
assertFalse(cugPermProvider.isGranted(location, Permissions.READ_NODE));
assertFalse(cugPermProvider.isGranted(location, Permissions.READ_PROPERTY));
assertFalse(cugPermProvider.isGranted(location, Permissions.ALL));
assertFalse(cugPermProvider.isGranted(location, Permissions.ADD_NODE));
assertFalse(cugPermProvider.isGranted(location, Permissions.READ_ACCESS_CONTROL));
}
} finally {
anonymous.close();
}
}
Also used :
Root(org.apache.jackrabbit.oak.api.Root)
TreeLocation(org.apache.jackrabbit.oak.plugins.tree.TreeLocation)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
GuestCredentials(javax.jcr.GuestCredentials)
Test(org.junit.Test)
Example 19 with TreeLocation
use of org.apache.jackrabbit.oak.plugins.tree.TreeLocation in project jackrabbit-oak by apache.
the class CugPermissionProvider method isGranted.
@Override
public boolean isGranted(@Nonnull String oakPath, @Nonnull String jcrActions) {
TreeLocation location = TreeLocation.create(immutableRoot, oakPath);
if (ctx.definesLocation(location) || NodeStateUtils.isHiddenPath(oakPath)) {
return false;
}
long permissions = Permissions.getPermissions(jcrActions, location, false);
return isGranted(location, permissions);
}
Also used :
TreeLocation(org.apache.jackrabbit.oak.plugins.tree.TreeLocation)
Example 20 with TreeLocation
use of org.apache.jackrabbit.oak.plugins.tree.TreeLocation in project jackrabbit-oak by apache.
the class CugOakTest method runTest.
@Override
protected void runTest() throws Exception {
boolean logout = false;
ContentSession readSession;
if (singleSession) {
readSession = cs;
} else {
readSession = Subject.doAs(subject, new PrivilegedAction<ContentSession>() {
@Override
public ContentSession run() {
try {
return contentRepository.login(null, null);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
});
logout = true;
}
Root root = readSession.getLatestRoot();
try {
int nodeCnt = 0;
int propertyCnt = 0;
int noAccess = 0;
int size = allPaths.size();
long start = System.currentTimeMillis();
for (int i = 0; i < itemsToRead; i++) {
double rand = size * Math.random();
int index = (int) Math.floor(rand);
String path = allPaths.get(index);
TreeLocation treeLocation = TreeLocation.create(root, path);
if (treeLocation.exists()) {
PropertyState ps = treeLocation.getProperty();
if (ps != null) {
propertyCnt++;
} else {
nodeCnt++;
}
} else {
noAccess++;
}
}
long end = System.currentTimeMillis();
if (doReport) {
System.out.println("ContentSession " + cs.getAuthInfo().getUserID() + " reading " + (itemsToRead - noAccess) + " (Tree: " + nodeCnt + "; PropertyState: " + propertyCnt + ") completed in " + (end - start));
}
} finally {
if (logout) {
readSession.close();
}
}
}
Also used :
Root(org.apache.jackrabbit.oak.api.Root)
PrivilegedAction(java.security.PrivilegedAction)
TreeLocation(org.apache.jackrabbit.oak.plugins.tree.TreeLocation)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
PropertyState(org.apache.jackrabbit.oak.api.PropertyState)
Aggregations
TreeLocation (org.apache.jackrabbit.oak.plugins.tree.TreeLocation)27
Test (org.junit.Test)21
Tree (org.apache.jackrabbit.oak.api.Tree)7
PropertyState (org.apache.jackrabbit.oak.api.PropertyState)4
ImmutableMap (com.google.common.collect.ImmutableMap)3
HashMap (java.util.HashMap)3
Map (java.util.Map)3
ContentSession (org.apache.jackrabbit.oak.api.ContentSession)2
Root (org.apache.jackrabbit.oak.api.Root)2
PrivilegedAction (java.security.PrivilegedAction)1
ArrayList (java.util.ArrayList)1
Collection (java.util.Collection)1
Nonnull (javax.annotation.Nonnull)1
GuestCredentials (javax.jcr.GuestCredentials)1
RepositoryException (javax.jcr.RepositoryException)1
ConstraintViolationException (javax.jcr.nodetype.ConstraintViolationException)1
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)1
ImmutableTree (org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree)1
AggregatedPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider)1
PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)1
