use of org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration in project jackrabbit-oak by apache.
the class CompositeProviderCustomMixTest method buildCpp.
private CompositePermissionProvider buildCpp(Set<String> supported1, Set<String> granted1, Set<String> supported2, Set<String> granted2, CompositionType type, Map<String, Long> grantMap) {
AggregatedPermissionProvider a1 = new CustomProvider(root, supported1, granted1, grantMap);
AggregatedPermissionProvider a2 = new CustomProvider(root, supported2, granted2, grantMap);
AuthorizationConfiguration config = getConfig(AuthorizationConfiguration.class);
List<AggregatedPermissionProvider> composite = ImmutableList.of(a1, a2);
return new CompositePermissionProvider(root, composite, config.getContext(), type, getRootProvider());
}
use of org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration in project jackrabbit-oak by apache.
the class DefaultAuthorizableActionProviderTest method getSecurityProvider.
private SecurityProvider getSecurityProvider() {
AuthorizationConfiguration ac = Mockito.mock(AuthorizationConfiguration.class);
when(ac.getParameters()).thenReturn(ConfigurationParameters.EMPTY);
SecurityProvider sp = Mockito.mock(SecurityProvider.class);
when(sp.getConfiguration(AuthorizationConfiguration.class)).thenReturn(ac);
return sp;
}
use of org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration in project jackrabbit-oak by apache.
the class SecurityProviderRegistrationTest method testBindRestrictionProviderWithoutAuthorizationConfig.
@Test
public void testBindRestrictionProviderWithoutAuthorizationConfig() {
registration.activate(context.bundleContext(), configWithRequiredServiceIds("serviceId"));
RestrictionProvider mockRp = Mockito.mock(RestrictionProvider.class);
registration.bindRestrictionProvider(mockRp, ImmutableMap.of(Constants.SERVICE_PID, "serviceId"));
SecurityProvider service = context.getService(SecurityProvider.class);
assertNotNull(service);
AuthorizationConfiguration ac = service.getConfiguration(AuthorizationConfiguration.class);
assertTrue(ac instanceof CompositeAuthorizationConfiguration);
// empty composite configuration => empty rp
RestrictionProvider rp = ac.getRestrictionProvider();
assertSame(RestrictionProvider.EMPTY, rp);
}
use of org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration in project jackrabbit-oak by apache.
the class AbstractPermissionRandomTestIT method testRandomRead.
@Test
public void testRandomRead() throws Exception {
Principal u = getTestUser().getPrincipal();
Group group = getUserManager(root).createGroup(groupId);
group.addMember(getTestUser());
Principal g = group.getPrincipal();
// set user allow read
for (String path : allowU) {
setPrivileges(u, path, true, JCR_READ);
}
// set user deny read
for (String path : denyU) {
setPrivileges(u, path, false, JCR_READ);
}
// set group allow read
for (String path : allowG) {
setPrivileges(g, path, true, JCR_READ);
}
// set group deny read
for (String path : denyG) {
setPrivileges(g, path, false, JCR_READ);
}
testSession = createTestSession();
Root testRoot = testSession.getLatestRoot();
AuthorizationConfiguration acConfig = getConfig(AuthorizationConfiguration.class);
PermissionProvider pp = acConfig.getPermissionProvider(testRoot, testSession.getWorkspaceName(), testSession.getAuthInfo().getPrincipals());
PermissionProvider candidate = candidatePermissionProvider(testRoot, testSession.getWorkspaceName(), testSession.getAuthInfo().getPrincipals());
boolean isSetImpl = candidate instanceof SetsPP;
for (String path : paths) {
Tree t = testRoot.getTree(path);
boolean hasPrivileges0 = pp.hasPrivileges(t, JCR_READ);
boolean isGrantedA0 = pp.isGranted(t.getPath(), Session.ACTION_READ);
boolean isGrantedP0 = pp.isGranted(t, null, Permissions.READ);
String[] privs0 = pp.getPrivileges(t).toArray(new String[] {});
Arrays.sort(privs0);
boolean hasPrivileges1 = candidate.hasPrivileges(t, JCR_READ);
boolean isGrantedA1 = candidate.isGranted(t.getPath(), Session.ACTION_READ);
boolean isGrantedP1 = candidate.isGranted(t, null, Permissions.READ);
String[] privs1 = candidate.getPrivileges(t).toArray(new String[] {});
Arrays.sort(privs1);
if (isSetImpl) {
assertTrue("Unexpected #hasPrivileges on [" + path + "] expecting " + hasPrivileges1 + " got " + hasPrivileges0 + ", seed " + seed, hasPrivileges1 == hasPrivileges0);
assertTrue("Unexpected #isGranted on [" + path + "] expecting " + isGrantedA1 + " got " + isGrantedA0 + ", seed " + seed, isGrantedA1 == isGrantedA0);
assertTrue("Unexpected #isGranted on [" + path + "] expecting " + isGrantedP1 + " got " + isGrantedP0 + ", seed " + seed, isGrantedP1 == isGrantedP0);
assertArrayEquals(privs1, privs0);
} else {
assertTrue("Unexpected #hasPrivileges on [" + path + "] expecting " + hasPrivileges0 + " got " + hasPrivileges1 + ", seed " + seed, hasPrivileges1 == hasPrivileges0);
assertTrue("Unexpected #isGranted on [" + path + "] expecting " + isGrantedA0 + " got " + isGrantedA1 + ", seed " + seed, isGrantedA1 == isGrantedA0);
assertTrue("Unexpected #isGranted on [" + path + "] expecting " + isGrantedP0 + " got " + isGrantedP1 + ", seed " + seed, isGrantedP1 == isGrantedP0);
assertArrayEquals(privs0, privs1);
}
}
}
use of org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration in project jackrabbit-oak by apache.
the class CugTest method newTestSecurityProvider.
private static SecurityProvider newTestSecurityProvider(@Nonnull ConfigurationParameters params, boolean reverseOrder) {
SecurityProvider delegate = SecurityProviderBuilder.newBuilder().with(params).build();
CompositeAuthorizationConfiguration authorizationConfiguration = (CompositeAuthorizationConfiguration) delegate.getConfiguration((AuthorizationConfiguration.class));
AuthorizationConfiguration defaultAuthorization = checkNotNull(authorizationConfiguration.getDefaultConfig());
if (reverseOrder) {
authorizationConfiguration.addConfiguration(defaultAuthorization);
authorizationConfiguration.addConfiguration(new CugConfiguration(delegate));
} else {
authorizationConfiguration.addConfiguration(new CugConfiguration(delegate));
authorizationConfiguration.addConfiguration(defaultAuthorization);
}
return delegate;
}
Aggregations