Search in sources :

Example 6 with AuthorizationConfiguration

use of org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration in project jackrabbit-oak by apache.

the class CompositeProviderCustomMixTest method buildCpp.

private CompositePermissionProvider buildCpp(Set<String> supported1, Set<String> granted1, Set<String> supported2, Set<String> granted2, CompositionType type, Map<String, Long> grantMap) {
    AggregatedPermissionProvider a1 = new CustomProvider(root, supported1, granted1, grantMap);
    AggregatedPermissionProvider a2 = new CustomProvider(root, supported2, granted2, grantMap);
    AuthorizationConfiguration config = getConfig(AuthorizationConfiguration.class);
    List<AggregatedPermissionProvider> composite = ImmutableList.of(a1, a2);
    return new CompositePermissionProvider(root, composite, config.getContext(), type, getRootProvider());
}
Also used : AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration) AggregatedPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider)

Example 7 with AuthorizationConfiguration

use of org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration in project jackrabbit-oak by apache.

the class DefaultAuthorizableActionProviderTest method getSecurityProvider.

private SecurityProvider getSecurityProvider() {
    AuthorizationConfiguration ac = Mockito.mock(AuthorizationConfiguration.class);
    when(ac.getParameters()).thenReturn(ConfigurationParameters.EMPTY);
    SecurityProvider sp = Mockito.mock(SecurityProvider.class);
    when(sp.getConfiguration(AuthorizationConfiguration.class)).thenReturn(ac);
    return sp;
}
Also used : AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration) SecurityProvider(org.apache.jackrabbit.oak.spi.security.SecurityProvider)

Example 8 with AuthorizationConfiguration

use of org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration in project jackrabbit-oak by apache.

the class SecurityProviderRegistrationTest method testBindRestrictionProviderWithoutAuthorizationConfig.

@Test
public void testBindRestrictionProviderWithoutAuthorizationConfig() {
    registration.activate(context.bundleContext(), configWithRequiredServiceIds("serviceId"));
    RestrictionProvider mockRp = Mockito.mock(RestrictionProvider.class);
    registration.bindRestrictionProvider(mockRp, ImmutableMap.of(Constants.SERVICE_PID, "serviceId"));
    SecurityProvider service = context.getService(SecurityProvider.class);
    assertNotNull(service);
    AuthorizationConfiguration ac = service.getConfiguration(AuthorizationConfiguration.class);
    assertTrue(ac instanceof CompositeAuthorizationConfiguration);
    // empty composite configuration => empty rp
    RestrictionProvider rp = ac.getRestrictionProvider();
    assertSame(RestrictionProvider.EMPTY, rp);
}
Also used : CompositeAuthorizationConfiguration(org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration) AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration) RestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider) WhiteboardRestrictionProvider(org.apache.jackrabbit.oak.security.authorization.restriction.WhiteboardRestrictionProvider) SecurityProvider(org.apache.jackrabbit.oak.spi.security.SecurityProvider) CompositeAuthorizationConfiguration(org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 9 with AuthorizationConfiguration

use of org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration in project jackrabbit-oak by apache.

the class AbstractPermissionRandomTestIT method testRandomRead.

@Test
public void testRandomRead() throws Exception {
    Principal u = getTestUser().getPrincipal();
    Group group = getUserManager(root).createGroup(groupId);
    group.addMember(getTestUser());
    Principal g = group.getPrincipal();
    // set user allow read
    for (String path : allowU) {
        setPrivileges(u, path, true, JCR_READ);
    }
    // set user deny read
    for (String path : denyU) {
        setPrivileges(u, path, false, JCR_READ);
    }
    // set group allow read
    for (String path : allowG) {
        setPrivileges(g, path, true, JCR_READ);
    }
    // set group deny read
    for (String path : denyG) {
        setPrivileges(g, path, false, JCR_READ);
    }
    testSession = createTestSession();
    Root testRoot = testSession.getLatestRoot();
    AuthorizationConfiguration acConfig = getConfig(AuthorizationConfiguration.class);
    PermissionProvider pp = acConfig.getPermissionProvider(testRoot, testSession.getWorkspaceName(), testSession.getAuthInfo().getPrincipals());
    PermissionProvider candidate = candidatePermissionProvider(testRoot, testSession.getWorkspaceName(), testSession.getAuthInfo().getPrincipals());
    boolean isSetImpl = candidate instanceof SetsPP;
    for (String path : paths) {
        Tree t = testRoot.getTree(path);
        boolean hasPrivileges0 = pp.hasPrivileges(t, JCR_READ);
        boolean isGrantedA0 = pp.isGranted(t.getPath(), Session.ACTION_READ);
        boolean isGrantedP0 = pp.isGranted(t, null, Permissions.READ);
        String[] privs0 = pp.getPrivileges(t).toArray(new String[] {});
        Arrays.sort(privs0);
        boolean hasPrivileges1 = candidate.hasPrivileges(t, JCR_READ);
        boolean isGrantedA1 = candidate.isGranted(t.getPath(), Session.ACTION_READ);
        boolean isGrantedP1 = candidate.isGranted(t, null, Permissions.READ);
        String[] privs1 = candidate.getPrivileges(t).toArray(new String[] {});
        Arrays.sort(privs1);
        if (isSetImpl) {
            assertTrue("Unexpected #hasPrivileges on [" + path + "] expecting " + hasPrivileges1 + " got " + hasPrivileges0 + ", seed " + seed, hasPrivileges1 == hasPrivileges0);
            assertTrue("Unexpected #isGranted on [" + path + "] expecting " + isGrantedA1 + " got " + isGrantedA0 + ", seed " + seed, isGrantedA1 == isGrantedA0);
            assertTrue("Unexpected #isGranted on [" + path + "] expecting " + isGrantedP1 + " got " + isGrantedP0 + ", seed " + seed, isGrantedP1 == isGrantedP0);
            assertArrayEquals(privs1, privs0);
        } else {
            assertTrue("Unexpected #hasPrivileges on [" + path + "] expecting " + hasPrivileges0 + " got " + hasPrivileges1 + ", seed " + seed, hasPrivileges1 == hasPrivileges0);
            assertTrue("Unexpected #isGranted on [" + path + "] expecting " + isGrantedA0 + " got " + isGrantedA1 + ", seed " + seed, isGrantedA1 == isGrantedA0);
            assertTrue("Unexpected #isGranted on [" + path + "] expecting " + isGrantedP0 + " got " + isGrantedP1 + ", seed " + seed, isGrantedP1 == isGrantedP0);
            assertArrayEquals(privs0, privs1);
        }
    }
}
Also used : Group(org.apache.jackrabbit.api.security.user.Group) AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration) Root(org.apache.jackrabbit.oak.api.Root) PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) Tree(org.apache.jackrabbit.oak.api.Tree) Principal(java.security.Principal) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 10 with AuthorizationConfiguration

use of org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration in project jackrabbit-oak by apache.

the class CugTest method newTestSecurityProvider.

private static SecurityProvider newTestSecurityProvider(@Nonnull ConfigurationParameters params, boolean reverseOrder) {
    SecurityProvider delegate = SecurityProviderBuilder.newBuilder().with(params).build();
    CompositeAuthorizationConfiguration authorizationConfiguration = (CompositeAuthorizationConfiguration) delegate.getConfiguration((AuthorizationConfiguration.class));
    AuthorizationConfiguration defaultAuthorization = checkNotNull(authorizationConfiguration.getDefaultConfig());
    if (reverseOrder) {
        authorizationConfiguration.addConfiguration(defaultAuthorization);
        authorizationConfiguration.addConfiguration(new CugConfiguration(delegate));
    } else {
        authorizationConfiguration.addConfiguration(new CugConfiguration(delegate));
        authorizationConfiguration.addConfiguration(defaultAuthorization);
    }
    return delegate;
}
Also used : CugConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugConfiguration) CompositeAuthorizationConfiguration(org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration) AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration) SecurityProvider(org.apache.jackrabbit.oak.spi.security.SecurityProvider) CompositeAuthorizationConfiguration(org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration)

Aggregations

AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)24 Test (org.junit.Test)11 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)10 PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)8 CompositeAuthorizationConfiguration (org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration)6 SecurityProvider (org.apache.jackrabbit.oak.spi.security.SecurityProvider)6 EmptyPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider)6 PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)5 Principal (java.security.Principal)3 Tree (org.apache.jackrabbit.oak.api.Tree)3 AuthorizationConfigurationImpl (org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl)3 Field (java.lang.reflect.Field)2 OpenAuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.OpenAuthorizationConfiguration)2 AggregatedPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider)2 RestrictionProvider (org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)2 ArrayList (java.util.ArrayList)1 Nonnull (javax.annotation.Nonnull)1 RepositoryException (javax.jcr.RepositoryException)1 AccessControlManager (javax.jcr.security.AccessControlManager)1 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)1