Search in sources :

Example 6 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class PermissionProviderImplTest method testIsGrantedForReadPaths.

@Test
public void testIsGrantedForReadPaths() throws Exception {
    ContentSession testSession = createTestSession();
    try {
        PermissionProvider pp = createPermissionProvider(testSession);
        for (String path : READ_PATHS) {
            assertTrue(pp.isGranted(path, Permissions.getString(Permissions.READ)));
            assertTrue(pp.isGranted(path, Permissions.getString(Permissions.READ_NODE)));
            assertTrue(pp.isGranted(path + '/' + JcrConstants.JCR_PRIMARYTYPE, Permissions.getString(Permissions.READ_PROPERTY)));
            assertFalse(pp.isGranted(path, Permissions.getString(Permissions.READ_ACCESS_CONTROL)));
        }
        for (String path : READ_PATHS) {
            Tree tree = root.getTree(path);
            assertTrue(pp.isGranted(tree, null, Permissions.READ));
            assertTrue(pp.isGranted(tree, null, Permissions.READ_NODE));
            assertTrue(pp.isGranted(tree, tree.getProperty(JcrConstants.JCR_PRIMARYTYPE), Permissions.READ_PROPERTY));
            assertFalse(pp.isGranted(tree, null, Permissions.READ_ACCESS_CONTROL));
        }
        RepositoryPermission rp = pp.getRepositoryPermission();
        assertFalse(rp.isGranted(Permissions.READ));
        assertFalse(rp.isGranted(Permissions.READ_NODE));
        assertFalse(rp.isGranted(Permissions.READ_PROPERTY));
        assertFalse(rp.isGranted(Permissions.READ_ACCESS_CONTROL));
    } finally {
        testSession.close();
    }
}
Also used : RepositoryPermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission) PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) Tree(org.apache.jackrabbit.oak.api.Tree) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 7 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class PermissionProviderImplTest method testHasPrivileges.

@Test
public void testHasPrivileges() throws Exception {
    ContentSession testSession = createTestSession();
    try {
        PermissionProvider pp = createPermissionProvider(testSession);
        assertTrue(pp.hasPrivileges(null));
        assertTrue(pp.hasPrivileges(null, new String[0]));
        assertFalse(pp.hasPrivileges(null, PrivilegeConstants.JCR_WORKSPACE_MANAGEMENT));
    } finally {
        testSession.close();
    }
}
Also used : PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 8 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class PermissionProviderImplTest method testHasPrivilegesForReadPaths.

@Test
public void testHasPrivilegesForReadPaths() throws Exception {
    ContentSession testSession = createTestSession();
    try {
        PermissionProvider pp = createPermissionProvider(testSession);
        for (String path : READ_PATHS) {
            Tree tree = root.getTree(path);
            assertTrue(pp.hasPrivileges(tree, PrivilegeConstants.JCR_READ));
            assertTrue(pp.hasPrivileges(tree, PrivilegeConstants.REP_READ_NODES));
            assertTrue(pp.hasPrivileges(tree, PrivilegeConstants.REP_READ_PROPERTIES));
            assertFalse(pp.hasPrivileges(tree, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
        }
        assertFalse(pp.hasPrivileges(null, PrivilegeConstants.JCR_READ));
    } finally {
        testSession.close();
    }
}
Also used : PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) Tree(org.apache.jackrabbit.oak.api.Tree) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 9 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class HiddenTest method testCombinedSetup.

@Test
public void testCombinedSetup() throws Exception {
    AccessControlManager acMgr = getAccessControlManager(root);
    try {
        AccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
        acl.addAccessControlEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(acMgr, PrivilegeConstants.JCR_READ));
        acMgr.setPolicy("/", acl);
        root.commit();
        PermissionProvider combined = getConfig(AuthorizationConfiguration.class).getPermissionProvider(readOnlyRoot, root.getContentSession().getWorkspaceName(), ImmutableSet.<Principal>of(EveryonePrincipal.getInstance()));
        assertFalse(combined.hasPrivileges(hiddenTree, PrivilegeConstants.JCR_READ));
        assertTrue(combined.getPrivileges(hiddenTree).isEmpty());
        assertTrue(combined.isGranted(hiddenTree, null, Permissions.ALL));
        assertTrue(combined.isGranted(hiddenTree.getPath(), Permissions.getString(Permissions.ALL)));
        Tree t = readOnlyRoot.getTree("/");
        TreePermission tp = combined.getTreePermission(t, TreePermission.EMPTY);
        for (String name : PathUtils.elements(hiddenTree.getPath())) {
            t = t.getChild(name);
            tp = combined.getTreePermission(t, tp);
        }
        assertTrue(tp.isGranted(Permissions.ALL));
    } finally {
        AccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
        acl.addAccessControlEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(acMgr, PrivilegeConstants.JCR_READ));
        acMgr.removePolicy("/", acl);
        root.commit();
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration) PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) Tree(org.apache.jackrabbit.oak.api.Tree) TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission) Test(org.junit.Test)

Example 10 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class AbstractCompositeProviderTest method testIsGrantedNone.

@Test
public void testIsGrantedNone() throws Exception {
    PermissionProvider pp = createPermissionProvider();
    for (String p : NODE_PATHS) {
        Tree tree = readOnlyRoot.getTree(p);
        PropertyState ps = tree.getProperty(JcrConstants.JCR_PRIMARYTYPE);
        assertFalse(p, pp.isGranted(tree, null, Permissions.NO_PERMISSION));
        assertFalse(PathUtils.concat(p, JcrConstants.JCR_PRIMARYTYPE), pp.isGranted(tree, ps, Permissions.NO_PERMISSION));
    }
}
Also used : PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) AggregatedPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider) Tree(org.apache.jackrabbit.oak.api.Tree) ImmutableTree(org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree) PropertyState(org.apache.jackrabbit.oak.api.PropertyState) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)70 Test (org.junit.Test)65 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)44 Tree (org.apache.jackrabbit.oak.api.Tree)21 AggregatedPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider)18 ContentSession (org.apache.jackrabbit.oak.api.ContentSession)15 Root (org.apache.jackrabbit.oak.api.Root)12 EmptyPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider)11 TreePermission (org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)11 ImmutableTree (org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree)8 PropertyState (org.apache.jackrabbit.oak.api.PropertyState)6 AccessControlManager (javax.jcr.security.AccessControlManager)4 CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)4 AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)4 Principal (java.security.Principal)3 Nonnull (javax.annotation.Nonnull)3 AuthorizationConfigurationImpl (org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl)3 ConfigurationParameters (org.apache.jackrabbit.oak.spi.security.ConfigurationParameters)3 OpenAuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.OpenAuthorizationConfiguration)3 AccessControlList (javax.jcr.security.AccessControlList)2