Examples with Restriction - org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction

Example 16 with Restriction

use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction in project jackrabbit-oak by apache.

the class EntryTest method testGetRestrictionsForMultiValued2.

/**
 * @since OAK 1.0: support for multi-value restrictions
 */
@Test
public void testGetRestrictionsForMultiValued2() throws Exception {
    // single value restriction stored in multi-value property
    Restriction singleNameRestr = createRestriction(AccessControlConstants.REP_NT_NAMES, new Value[] { nameValue });
    ACE ace = createEntry(ImmutableSet.of(singleNameRestr));
    Value[] vs = ace.getRestrictions(AccessControlConstants.REP_NT_NAMES);
    assertEquals(1, vs.length);
    assertEquals(nameValue, vs[0]);
}

Example 17 with Restriction

use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction in project jackrabbit-oak by apache.

the class ACL method addEntry.

// ----------------------------------------< JackrabbitAccessControlList >---
@Override
public boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions, Map<String, Value[]> mvRestrictions) throws RepositoryException {
    if (privileges == null || privileges.length == 0) {
        throw new AccessControlException("Privileges may not be null nor an empty array");
    }
    for (Privilege p : privileges) {
        Privilege pv = getPrivilegeManager().getPrivilege(p.getName());
        if (pv.isAbstract()) {
            throw new AccessControlException("Privilege " + p + " is abstract.");
        }
    }
    if (!checkValidPrincipal(principal)) {
        return false;
    }
    for (RestrictionDefinition def : getRestrictionProvider().getSupportedRestrictions(getOakPath())) {
        String jcrName = getNamePathMapper().getJcrName(def.getName());
        if (def.isMandatory() && (restrictions == null || !restrictions.containsKey(jcrName))) {
            throw new AccessControlException("Mandatory restriction " + jcrName + " is missing.");
        }
    }
    Set<Restriction> rs;
    if (restrictions == null && mvRestrictions == null) {
        rs = Collections.emptySet();
    } else {
        rs = new HashSet<Restriction>();
        if (restrictions != null) {
            for (String jcrName : restrictions.keySet()) {
                String oakName = getNamePathMapper().getOakName(jcrName);
                rs.add(getRestrictionProvider().createRestriction(getOakPath(), oakName, restrictions.get(oakName)));
            }
        }
        if (mvRestrictions != null) {
            for (String jcrName : mvRestrictions.keySet()) {
                String oakName = getNamePathMapper().getOakName(jcrName);
                rs.add(getRestrictionProvider().createRestriction(getOakPath(), oakName, mvRestrictions.get(oakName)));
            }
        }
    }
    ACE entry = createACE(principal, getPrivilegeBits(privileges), isAllow, rs);
    if (entries.contains(entry)) {
        log.debug("Entry is already contained in policy -> no modification.");
        return false;
    } else {
        return internalAddEntry(entry);
    }
}

Also used : Restriction(org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction) ACE(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE) AccessControlException(javax.jcr.security.AccessControlException) Privilege(javax.jcr.security.Privilege) RestrictionDefinition(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition)

Example 18 with Restriction

use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction in project jackrabbit-oak by apache.

the class ACETest method testGetRestrictionsForMultiValued2.

/**
 * @since OAK 1.0: support for multi-value restrictions
 */
@Test
public void testGetRestrictionsForMultiValued2() throws Exception {
    // single value restriction stored in multi-value property
    Restriction singleNameRestr = createRestriction(AccessControlConstants.REP_NT_NAMES, new Value[] { nameValue });
    ACE ace = createEntry(singleNameRestr);
    Value[] vs = ace.getRestrictions(AccessControlConstants.REP_NT_NAMES);
    assertEquals(1, vs.length);
    assertEquals(nameValue, vs[0]);
}

Also used : Restriction(org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction) Value(javax.jcr.Value) Test(org.junit.Test)

Example 19 with Restriction

use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction in project jackrabbit-oak by apache.

the class ACETest method testGetRestrictionForMultiValued.

/**
 * @since OAK 1.0: support for multi-value restrictions
 */
@Test(expected = ValueFormatException.class)
public void testGetRestrictionForMultiValued() throws Exception {
    // multivalued restriction
    Restriction nameRestr = createRestriction(AccessControlConstants.REP_NT_NAMES, nameValues);
    ACE ace = createEntry(nameRestr);
    ace.getRestriction(AccessControlConstants.REP_NT_NAMES);
}

Also used : Restriction(org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction) Test(org.junit.Test)

Example 20 with Restriction

use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction in project jackrabbit-oak by apache.

the class ACETest method testGetNonExistingRestriction.

@Test
public void testGetNonExistingRestriction() throws Exception {
    // single valued restriction
    Restriction globRestr = createRestriction(AccessControlConstants.REP_GLOB, globValue);
    ACE ace = createEntry(globRestr);
    assertNull(ace.getRestriction(AccessControlConstants.REP_NT_NAMES));
}

Also used : Restriction(org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction) Test(org.junit.Test)

Aggregations

Restriction (org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction)39 Test (org.junit.Test)33 Value (javax.jcr.Value)12 ACE (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE)12 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)10 AccessControlException (javax.jcr.security.AccessControlException)6 Tree (org.apache.jackrabbit.oak.api.Tree)6 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)5 Nonnull (javax.annotation.Nonnull)2 RestrictionImpl (org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionImpl)2 RestrictionPattern (org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern)2 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 AccessControlEntry (javax.jcr.security.AccessControlEntry)1 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)1 NamedAccessControlPolicy (javax.jcr.security.NamedAccessControlPolicy)1 Privilege (javax.jcr.security.Privilege)1 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)1 PropertyState (org.apache.jackrabbit.oak.api.PropertyState)1 ImmutableACL (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ImmutableACL)1