Examples with Restriction org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction used on opensource projects

Search in sources :

Example 21 with Restriction

use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction in project jackrabbit-oak by apache.

the class ACETest method testGetRestrictionForSingleValued.

@Test
public void testGetRestrictionForSingleValued() throws Exception {
    // single valued restriction
    Restriction globRestr = createRestriction(AccessControlConstants.REP_GLOB, globValue);
    ACE ace = createEntry(globRestr);
    Value val = ace.getRestriction(AccessControlConstants.REP_GLOB);
    assertNotNull(val);
    assertEquals(globValue, val);
}
Also used : Restriction(org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction) Value(javax.jcr.Value) Test(org.junit.Test)

Example 22 with Restriction

use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction in project jackrabbit-oak by apache.

the class AccessControlManagerImpl method setPrincipalBasedAcl.

private void setPrincipalBasedAcl(PrincipalACL principalAcl) throws RepositoryException {
    AccessControlPolicy[] plcs = getPolicies(principalAcl.principal);
    PrincipalACL existing = (plcs.length == 0) ? null : (PrincipalACL) plcs[0];
    List<ACE> toAdd = Lists.newArrayList(principalAcl.getEntries());
    List<ACE> toRemove = Collections.emptyList();
    if (existing != null) {
        toAdd.removeAll(existing.getEntries());
        toRemove = existing.getEntries();
        toRemove.removeAll(principalAcl.getEntries());
    }
    // add new entries
    for (ACE ace : toAdd) {
        String path = getNodePath(ace);
        Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL, true);
        ACL acl = (ACL) createACL(path, tree, false);
        if (acl == null) {
            acl = new NodeACL(path);
        }
        // calculate single and mv restriction and drop the rep:nodePath restriction
        // present with the principal-based-entries.
        Map<String, Value> restrictions = new HashMap();
        Map<String, Value[]> mvRestrictions = new HashMap();
        for (Restriction r : ace.getRestrictions()) {
            String name = r.getDefinition().getName();
            if (REP_NODE_PATH.equals(name)) {
                continue;
            }
            if (r.getDefinition().getRequiredType().isArray()) {
                mvRestrictions.put(name, ace.getRestrictions(name));
            } else {
                restrictions.put(name, ace.getRestriction(name));
            }
        }
        acl.addEntry(ace.getPrincipal(), ace.getPrivileges(), ace.isAllow(), restrictions, mvRestrictions);
        setNodeBasedAcl(path, tree, acl);
    }
    // remove entries that are not longer present in the acl to write
    for (ACE ace : toRemove) {
        String path = getNodePath(ace);
        Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL, true);
        ACL acl = (ACL) createACL(path, tree, false);
        if (acl != null) {
            // remove rep:nodePath restriction before removing the entry from
            // the node-based policy (see above for adding entries without
            // this special restriction).
            Set<Restriction> rstr = Sets.newHashSet(ace.getRestrictions());
            Iterator<Restriction> it = rstr.iterator();
            while (it.hasNext()) {
                Restriction r = it.next();
                if (REP_NODE_PATH.equals(r.getDefinition().getName())) {
                    it.remove();
                }
            }
            acl.removeAccessControlEntry(new Entry(ace.getPrincipal(), ace.getPrivilegeBits(), ace.isAllow(), rstr, getNamePathMapper()));
            setNodeBasedAcl(path, tree, acl);
        } else {
            log.debug("Missing ACL at {}; cannot remove entry {}", path, ace);
        }
    }
}
Also used : JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) NamedAccessControlPolicy(javax.jcr.security.NamedAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) ACE(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE) HashMap(java.util.HashMap) ImmutableACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ImmutableACL) Restriction(org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction) AccessControlEntry(javax.jcr.security.AccessControlEntry) Value(javax.jcr.Value) Tree(org.apache.jackrabbit.oak.api.Tree)

Example 23 with Restriction

use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction in project jackrabbit-oak by apache.

the class PrincipalRestrictionProvider method writeRestrictions.

@Override
public void writeRestrictions(String oakPath, Tree aceTree, Set<Restriction> restrictions) throws RepositoryException {
    Iterator<Restriction> it = Sets.newHashSet(restrictions).iterator();
    while (it.hasNext()) {
        Restriction r = it.next();
        if (REP_NODE_PATH.equals(r.getDefinition().getName())) {
            it.remove();
        }
    }
    base.writeRestrictions(oakPath, aceTree, restrictions);
}
Also used : Restriction(org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction)

Example 24 with Restriction

use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction in project jackrabbit-oak by apache.

the class AccessControlManagerImpl method setNodeBasedAcl.

private void setNodeBasedAcl(@Nullable String oakPath, @Nonnull Tree tree, @Nonnull ACL acl) throws RepositoryException {
    Tree aclTree = getAclTree(oakPath, tree);
    if (aclTree != null) {
        // remove all existing aces
        for (Tree aceTree : aclTree.getChildren()) {
            aceTree.remove();
        }
    } else {
        aclTree = createAclTree(oakPath, tree);
    }
    aclTree.setOrderableChildren(true);
    List<ACE> entries = acl.getEntries();
    for (int i = 0; i < entries.size(); i++) {
        ACE ace = entries.get(i);
        String nodeName = Util.generateAceName(ace, i);
        String ntName = (ace.isAllow()) ? NT_REP_GRANT_ACE : NT_REP_DENY_ACE;
        Tree aceNode = TreeUtil.addChild(aclTree, nodeName, ntName);
        aceNode.setProperty(REP_PRINCIPAL_NAME, ace.getPrincipal().getName());
        aceNode.setProperty(REP_PRIVILEGES, ImmutableList.copyOf(AccessControlUtils.namesFromPrivileges(ace.getPrivileges())), Type.NAMES);
        Set<Restriction> restrictions = ace.getRestrictions();
        restrictionProvider.writeRestrictions(oakPath, aceNode, restrictions);
    }
}
Also used : Restriction(org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction) ACE(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE) Tree(org.apache.jackrabbit.oak.api.Tree)

Example 25 with Restriction

use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction in project jackrabbit-oak by apache.

the class EntryTest method testGetRestrictionNames.

@Test
public void testGetRestrictionNames() throws Exception {
    // empty restrictions
    String[] restrictionNames = createEntry(Collections.<Restriction>emptySet()).getRestrictionNames();
    assertNotNull(restrictionNames);
    assertEquals(0, restrictionNames.length);
    Restriction globRestr = createRestriction(AccessControlConstants.REP_GLOB, globValue);
    Restriction nameRestr = createRestriction(AccessControlConstants.REP_NT_NAMES, nameValues);
    // single restriction
    restrictionNames = createEntry(ImmutableSet.of(globRestr)).getRestrictionNames();
    assertEquals(1, restrictionNames.length);
    // 2 restrictions
    restrictionNames = createEntry(ImmutableSet.of(globRestr, nameRestr)).getRestrictionNames();
    assertEquals(2, restrictionNames.length);
}
Also used : Restriction(org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction) Test(org.junit.Test)

Aggregations

Restriction (org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction)39 Test (org.junit.Test)33 Value (javax.jcr.Value)12 ACE (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE)12 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)10 AccessControlException (javax.jcr.security.AccessControlException)6 Tree (org.apache.jackrabbit.oak.api.Tree)6 NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)5 Nonnull (javax.annotation.Nonnull)2 RestrictionImpl (org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionImpl)2 RestrictionPattern (org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern)2 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 AccessControlEntry (javax.jcr.security.AccessControlEntry)1 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)1 NamedAccessControlPolicy (javax.jcr.security.NamedAccessControlPolicy)1 Privilege (javax.jcr.security.Privilege)1 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)1 PropertyState (org.apache.jackrabbit.oak.api.PropertyState)1 ImmutableACL (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ImmutableACL)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial