Search in sources :

Example 21 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class CugConfigurationTest method testExcludedPrincipals.

@Test
public void testExcludedPrincipals() {
    ConfigurationParameters params = ConfigurationParameters.of(CugConstants.PARAM_CUG_ENABLED, true, CugConstants.PARAM_CUG_SUPPORTED_PATHS, "/content");
    CugConfiguration cc = createConfiguration(params);
    List<Principal> excluded = ImmutableList.of(SystemPrincipal.INSTANCE, new AdminPrincipal() {

        @Override
        public String getName() {
            return "admin";
        }
    }, new SystemUserPrincipal() {

        @Override
        public String getName() {
            return "systemUser";
        }
    });
    for (Principal p : excluded) {
        Set<Principal> principals = ImmutableSet.of(p, EveryonePrincipal.getInstance());
        PermissionProvider pp = cc.getPermissionProvider(root, "default", principals);
        assertSame(EmptyPermissionProvider.getInstance(), pp);
    }
}
Also used : AdminPrincipal(org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal) SystemUserPrincipal(org.apache.jackrabbit.oak.spi.security.principal.SystemUserPrincipal) EmptyPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider) PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) ConfigurationParameters(org.apache.jackrabbit.oak.spi.security.ConfigurationParameters) AdminPrincipal(org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) SystemPrincipal(org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal) SystemUserPrincipal(org.apache.jackrabbit.oak.spi.security.principal.SystemUserPrincipal) Principal(java.security.Principal) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 22 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class CugConfigurationTest method testGetPermissionProviderDisabled3.

@Test
public void testGetPermissionProviderDisabled3() {
    CugConfiguration cc = createConfiguration(ConfigurationParameters.EMPTY);
    PermissionProvider pp = cc.getPermissionProvider(root, "default", ImmutableSet.<Principal>of(EveryonePrincipal.getInstance()));
    assertSame(EmptyPermissionProvider.getInstance(), pp);
}
Also used : EmptyPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider) PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 23 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class CugEvaluationTest method testGetPrivilegesTestGroup.

@Test
public void testGetPrivilegesTestGroup() throws Exception {
    Set<String> w_rac = ImmutableSet.of(PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
    Set<String> r_w_rac = ImmutableSet.of(PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
    // testGroup
    PermissionProvider pp = createPermissionProvider(testGroupPrincipal);
    assertEquals(r_w_rac, pp.getPrivileges(content));
    assertEquals(r_w_rac, pp.getPrivileges(a));
    assertEquals(w_rac, pp.getPrivileges(c));
    assertTrue(pp.getPrivileges(content2).isEmpty());
}
Also used : PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) Test(org.junit.Test)

Example 24 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class CugEvaluationTest method testGetPrivilegesTestGroupEveryone.

@Test
public void testGetPrivilegesTestGroupEveryone() throws Exception {
    Set<String> r_w_rac = ImmutableSet.of(PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
    // testGroup + everyone
    PermissionProvider pp = createPermissionProvider(testGroupPrincipal, EveryonePrincipal.getInstance());
    assertEquals(r_w_rac, pp.getPrivileges(content));
    assertEquals(r_w_rac, pp.getPrivileges(a));
    assertEquals(r_w_rac, pp.getPrivileges(c));
    assertTrue(pp.getPrivileges(content2).isEmpty());
}
Also used : PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) Test(org.junit.Test)

Example 25 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class CugConfigurationTest method testGetPermissionProviderDisabled2.

@Test
public void testGetPermissionProviderDisabled2() {
    ConfigurationParameters params = ConfigurationParameters.of(CugConstants.PARAM_CUG_ENABLED, false, CugConstants.PARAM_CUG_SUPPORTED_PATHS, "/content");
    CugConfiguration cc = createConfiguration(params);
    PermissionProvider pp = cc.getPermissionProvider(root, "default", ImmutableSet.<Principal>of(EveryonePrincipal.getInstance()));
    assertSame(EmptyPermissionProvider.getInstance(), pp);
}
Also used : EmptyPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider) PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) ConfigurationParameters(org.apache.jackrabbit.oak.spi.security.ConfigurationParameters) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)70 Test (org.junit.Test)65 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)44 Tree (org.apache.jackrabbit.oak.api.Tree)21 AggregatedPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider)18 ContentSession (org.apache.jackrabbit.oak.api.ContentSession)15 Root (org.apache.jackrabbit.oak.api.Root)12 EmptyPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider)11 TreePermission (org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)11 ImmutableTree (org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree)8 PropertyState (org.apache.jackrabbit.oak.api.PropertyState)6 AccessControlManager (javax.jcr.security.AccessControlManager)4 CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)4 AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)4 Principal (java.security.Principal)3 Nonnull (javax.annotation.Nonnull)3 AuthorizationConfigurationImpl (org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl)3 ConfigurationParameters (org.apache.jackrabbit.oak.spi.security.ConfigurationParameters)3 OpenAuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.OpenAuthorizationConfiguration)3 AccessControlList (javax.jcr.security.AccessControlList)2