Example 1 with RestrictionProvider
use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider in project jackrabbit-oak by apache.
the class CustomRestrictionProviderTest method getSecurityConfigParameters.
@Override
protected ConfigurationParameters getSecurityConfigParameters() {
RestrictionProvider rProvider = CompositeRestrictionProvider.newInstance(new PropertyRestrictionProvider(), new RestrictionProviderImpl());
Map<String, RestrictionProvider> authorizMap = ImmutableMap.of(AccessControlConstants.PARAM_RESTRICTION_PROVIDER, rProvider);
return ConfigurationParameters.of(ImmutableMap.of(AuthorizationConfiguration.NAME, ConfigurationParameters.of(authorizMap)));
}
Also used :
RestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)
AbstractRestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.AbstractRestrictionProvider)
CompositeRestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositeRestrictionProvider)
Example 2 with RestrictionProvider
use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider in project jackrabbit-oak by apache.
the class ACLTest method testInvalidRestrictionType.
@Test
public void testInvalidRestrictionType() throws Exception {
RestrictionProvider rp = new TestRestrictionProvider("restr", Type.NAME, false);
JackrabbitAccessControlList acl = createACL(TEST_PATH, new ArrayList(), namePathMapper, rp);
try {
acl.addEntry(testPrincipal, testPrivileges, false, Collections.<String, Value>singletonMap("restr", getValueFactory().createValue(true)));
fail("Invalid restriction type.");
} catch (AccessControlException e) {
// mandatory restriction missing -> success
}
}
Also used :
RestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)
AbstractRestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.AbstractRestrictionProvider)
ArrayList(java.util.ArrayList)
AccessControlException(javax.jcr.security.AccessControlException)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Test(org.junit.Test)
Example 3 with RestrictionProvider
use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider in project jackrabbit-oak by apache.
the class AccessControlManagerImpl method createPrincipalACL.
@Nullable
private JackrabbitAccessControlList createPrincipalACL(@Nullable String oakPath, @Nonnull Principal principal) throws RepositoryException {
Root root = getRoot();
Result aceResult = searchAces(Collections.<Principal>singleton(principal), root);
RestrictionProvider restrProvider = new PrincipalRestrictionProvider(restrictionProvider);
List<ACE> entries = new ArrayList<ACE>();
for (ResultRow row : aceResult.getRows()) {
Tree aceTree = root.getTree(row.getPath());
if (Util.isACE(aceTree, ntMgr)) {
String aclPath = Text.getRelativeParent(aceTree.getPath(), 1);
String path;
if (aclPath.endsWith(REP_REPO_POLICY)) {
path = null;
} else {
path = Text.getRelativeParent(aclPath, 1);
}
entries.add(createACE(path, aceTree, restrProvider));
}
}
if (entries.isEmpty()) {
// nothing found
return null;
} else {
return new PrincipalACL(oakPath, principal, entries, restrProvider);
}
}
Also used :
ResultRow(org.apache.jackrabbit.oak.api.ResultRow)
ACE(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE)
Root(org.apache.jackrabbit.oak.api.Root)
PrincipalRestrictionProvider(org.apache.jackrabbit.oak.security.authorization.restriction.PrincipalRestrictionProvider)
PrincipalRestrictionProvider(org.apache.jackrabbit.oak.security.authorization.restriction.PrincipalRestrictionProvider)
RestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)
ArrayList(java.util.ArrayList)
Tree(org.apache.jackrabbit.oak.api.Tree)
Result(org.apache.jackrabbit.oak.api.Result)
Nullable(javax.annotation.Nullable)
Example 4 with RestrictionProvider
use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider in project jackrabbit-oak by apache.
the class CompositeAuthorizationConfigurationTest method testSingleRestrictionProvider.
@Test
public void testSingleRestrictionProvider() {
CompositeAuthorizationConfiguration cc = getCompositeConfiguration(createAuthorizationConfigurationImpl());
RestrictionProvider rp = cc.getRestrictionProvider();
assertFalse(rp instanceof CompositeRestrictionProvider);
}
Also used :
RestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)
CompositeRestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositeRestrictionProvider)
CompositeRestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositeRestrictionProvider)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 5 with RestrictionProvider
use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method createPolicy.
private ACL createPolicy(@Nullable String path) {
final PrincipalManager pm = getPrincipalManager(root);
final PrivilegeManager pvMgr = getPrivilegeManager(root);
final RestrictionProvider rp = getRestrictionProvider();
return new ACL(path, null, getNamePathMapper()) {
@Override
ACE createACE(Principal principal, PrivilegeBits privilegeBits, boolean isAllow, Set<Restriction> restrictions) {
throw new UnsupportedOperationException();
}
@Override
boolean checkValidPrincipal(Principal principal) throws AccessControlException {
Util.checkValidPrincipal(principal, pm);
return true;
}
@Override
PrivilegeManager getPrivilegeManager() {
return pvMgr;
}
@Override
PrivilegeBits getPrivilegeBits(Privilege[] privileges) {
return getBitsProvider().getBits(privileges, getNamePathMapper());
}
@Nonnull
@Override
public RestrictionProvider getRestrictionProvider() {
return rp;
}
};
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
Sets.newHashSet(com.google.common.collect.Sets.newHashSet)
ImmutableSet(com.google.common.collect.ImmutableSet)
Set(java.util.Set)
HashSet(java.util.HashSet)
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
RestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)
PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)
Principal(java.security.Principal)
EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)
Aggregations
RestrictionProvider (org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)22
Test (org.junit.Test)17
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)12
CompositeRestrictionProvider (org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositeRestrictionProvider)7
WhiteboardRestrictionProvider (org.apache.jackrabbit.oak.security.authorization.restriction.WhiteboardRestrictionProvider)6
SecurityProvider (org.apache.jackrabbit.oak.spi.security.SecurityProvider)6
AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)6
AccessControlException (javax.jcr.security.AccessControlException)5
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)5
AuthorizationConfigurationImpl (org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl)5
ArrayList (java.util.ArrayList)4
CompositeAuthorizationConfiguration (org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration)4
AbstractRestrictionProvider (org.apache.jackrabbit.oak.spi.security.authorization.restriction.AbstractRestrictionProvider)4
Nonnull (javax.annotation.Nonnull)2
PrivilegeManager (org.apache.jackrabbit.api.security.authorization.PrivilegeManager)2
Root (org.apache.jackrabbit.oak.api.Root)2
OpenAuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.OpenAuthorizationConfiguration)2
NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)2
ImmutableSet (com.google.common.collect.ImmutableSet)1
Sets.newHashSet (com.google.common.collect.Sets.newHashSet)1
