Example 56 with PermissionProvider
use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.
the class CompositeAuthorizationConfigurationTest method testMultipleGetPermissionProvider.
@Test
public void testMultipleGetPermissionProvider() {
CompositeAuthorizationConfiguration cc = getCompositeConfiguration(new OpenAuthorizationConfiguration(), new AuthorizationConfigurationImpl(getSecurityProvider()));
PermissionProvider pp = cc.getPermissionProvider(root, root.getContentSession().getWorkspaceName(), Collections.<Principal>emptySet());
assertFalse(pp instanceof CompositePermissionProvider);
}
Also used :
AuthorizationConfigurationImpl(org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl)
EmptyPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider)
PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)
OpenAuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.OpenAuthorizationConfiguration)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 57 with PermissionProvider
use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.
the class CompositeProviderCoverageTest method testGetTreePermissionInstance.
@Override
@Test
public void testGetTreePermissionInstance() throws Exception {
PermissionProvider pp = createPermissionProvider(EveryonePrincipal.getInstance());
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
TreePermission tp = pp.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
assertTrue(tp instanceof LimitedTreePermission);
parentPermission = tp;
}
}
Also used :
PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)
AggregatedPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider)
TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)
Test(org.junit.Test)
Example 58 with PermissionProvider
use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.
the class CompositeProviderNoScopeTest method testGetTreePermissionInstance.
@Override
@Test
public void testGetTreePermissionInstance() throws Exception {
PermissionProvider pp = createPermissionProvider();
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
Tree t = readOnlyRoot.getTree(path);
TreePermission tp = pp.getTreePermission(t, parentPermission);
assertCompositeTreePermission(t.isRoot(), tp);
parentPermission = tp;
}
}
Also used :
PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)
AggregatedPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider)
Tree(org.apache.jackrabbit.oak.api.Tree)
ImmutableTree(org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree)
TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)
Test(org.junit.Test)
Example 59 with PermissionProvider
use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.
the class PermissionHookTest method testDynamicJcrAll.
/**
* @see <a href="https://issues.apache.org/jira/browse/OAK-2015">OAK-2015</a>
*/
@Test
public void testDynamicJcrAll() throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
// grant 'everyone' jcr:all at the child path.
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, childPath);
acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privilegesFromNames(JCR_ALL));
acMgr.setPolicy(childPath, acl);
root.commit();
// verify that the permission store contains an entry for everyone at childPath
// and the privilegeBits for jcr:all are reflect with a placeholder value.
Tree allEntry = getEntry(EveryonePrincipal.getInstance(), childPath, 0);
assertTrue(allEntry.exists());
PropertyState ps = allEntry.getProperty(PermissionConstants.REP_PRIVILEGE_BITS);
assertEquals(1, ps.count());
assertEquals(PermissionStore.DYNAMIC_ALL_BITS, ps.getValue(Type.LONG, 0).longValue());
// verify that the permission provider still exposes the correct privilege
// (jcr:all) for the given childPath irrespective of the dynamic nature of
// the privilege bits in the persisted permission entry.
Set<Principal> principalSet = ImmutableSet.<Principal>of(EveryonePrincipal.getInstance());
PermissionProvider permissionProvider = getConfig(AuthorizationConfiguration.class).getPermissionProvider(root, root.getContentSession().getWorkspaceName(), principalSet);
Tree childTree = root.getTree(childPath);
assertTrue(permissionProvider.hasPrivileges(childTree, PrivilegeConstants.JCR_ALL));
assertTrue(permissionProvider.getPrivileges(childTree).contains(PrivilegeConstants.JCR_ALL));
// also verify the permission evaluation
long diff = Permissions.diff(Permissions.ALL, Permissions.REMOVE_NODE | Permissions.ADD_NODE);
assertFalse(permissionProvider.isGranted(childTree, null, Permissions.REMOVE_NODE));
assertFalse(permissionProvider.isGranted(childTree, null, Permissions.ADD_NODE));
assertTrue(permissionProvider.isGranted(childTree, null, diff));
// remove the ACE again
acl = AccessControlUtils.getAccessControlList(acMgr, childPath);
for (AccessControlEntry ace : acl.getAccessControlEntries()) {
if (EveryonePrincipal.NAME.equals(ace.getPrincipal().getName())) {
acl.removeAccessControlEntry(ace);
}
}
acMgr.setPolicy(childPath, acl);
root.commit();
// verify that the corresponding permission entry has been removed.
Tree everyoneRoot = getPrincipalRoot(EveryonePrincipal.getInstance());
Tree parent = everyoneRoot.getChild(PermissionUtil.getEntryName(childPath));
if (parent.exists()) {
assertFalse(parent.getChild("0").exists());
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)
PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)
Tree(org.apache.jackrabbit.oak.api.Tree)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)
Principal(java.security.Principal)
PropertyState(org.apache.jackrabbit.oak.api.PropertyState)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 60 with PermissionProvider
use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.
the class PermissionProviderImplTest method testReadPath.
@Test
public void testReadPath() throws Exception {
ContentSession testSession = createTestSession();
try {
Root r = testSession.getLatestRoot();
PermissionProvider pp = createPermissionProvider(testSession);
Tree tree = r.getTree("/");
assertFalse(tree.exists());
assertFalse(pp.getTreePermission(tree, TreePermission.EMPTY).canRead());
for (String path : READ_PATHS) {
tree = r.getTree(path);
assertTrue(tree.exists());
assertTrue(pp.getTreePermission(tree, TreePermission.EMPTY).canRead());
}
} finally {
testSession.close();
}
}
Also used :
Root(org.apache.jackrabbit.oak.api.Root)
PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
Tree(org.apache.jackrabbit.oak.api.Tree)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Aggregations
PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)70
Test (org.junit.Test)65
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)44
Tree (org.apache.jackrabbit.oak.api.Tree)21
AggregatedPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider)18
ContentSession (org.apache.jackrabbit.oak.api.ContentSession)15
Root (org.apache.jackrabbit.oak.api.Root)12
EmptyPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider)11
TreePermission (org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)11
ImmutableTree (org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree)8
PropertyState (org.apache.jackrabbit.oak.api.PropertyState)6
AccessControlManager (javax.jcr.security.AccessControlManager)4
CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)4
AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)4
Principal (java.security.Principal)3
Nonnull (javax.annotation.Nonnull)3
AuthorizationConfigurationImpl (org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl)3
ConfigurationParameters (org.apache.jackrabbit.oak.spi.security.ConfigurationParameters)3
OpenAuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.OpenAuthorizationConfiguration)3
AccessControlList (javax.jcr.security.AccessControlList)2
