Example 6 with RestrictionProvider
use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method createPolicy.
private ACL createPolicy(@Nullable String path) {
final PrincipalManager pm = getPrincipalManager(root);
final PrivilegeManager pvMgr = getPrivilegeManager(root);
final RestrictionProvider rp = getRestrictionProvider();
return new ACL(path, null, getNamePathMapper()) {
@Override
ACE createACE(Principal principal, PrivilegeBits privilegeBits, boolean isAllow, Set<Restriction> restrictions) {
throw new UnsupportedOperationException();
}
@Override
boolean checkValidPrincipal(Principal principal) throws AccessControlException {
Util.checkValidPrincipal(principal, pm);
return true;
}
@Override
PrivilegeManager getPrivilegeManager() {
return pvMgr;
}
@Override
PrivilegeBits getPrivilegeBits(Privilege[] privileges) {
return getBitsProvider().getBits(privileges, getNamePathMapper());
}
@Nonnull
@Override
public RestrictionProvider getRestrictionProvider() {
return rp;
}
};
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
Sets.newHashSet(com.google.common.collect.Sets.newHashSet)
ImmutableSet(com.google.common.collect.ImmutableSet)
Set(java.util.Set)
HashSet(java.util.HashSet)
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
RestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)
TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL)
PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)
Principal(java.security.Principal)
EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)
Example 7 with RestrictionProvider
use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider in project jackrabbit-oak by apache.
the class CompositeAuthorizationConfigurationTest method testSingleRestrictionProvider.
@Test
public void testSingleRestrictionProvider() {
CompositeAuthorizationConfiguration cc = getCompositeConfiguration(new AuthorizationConfigurationImpl(getSecurityProvider()));
RestrictionProvider rp = cc.getRestrictionProvider();
assertFalse(rp instanceof CompositeRestrictionProvider);
}
Also used :
AuthorizationConfigurationImpl(org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl)
RestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)
CompositeRestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositeRestrictionProvider)
CompositeRestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositeRestrictionProvider)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 8 with RestrictionProvider
use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider in project jackrabbit-oak by apache.
the class ImmutableACLTest method testEquals.
@Test
public void testEquals() throws Exception {
RestrictionProvider rp = getRestrictionProvider();
ACE ace1 = createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_VERSION_MANAGEMENT), false);
ACE ace2 = createEntry(true, PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_ADD_CHILD_NODES);
ACE ace2b = createEntry(true, PrivilegeConstants.REP_READ_NODES, PrivilegeConstants.REP_READ_PROPERTIES, PrivilegeConstants.JCR_ADD_CHILD_NODES);
JackrabbitAccessControlList acl = createACL(ace1, ace2);
assertTrue(acl instanceof ImmutableACL);
assertEquals(acl, acl);
JackrabbitAccessControlList repoAcl = createACL((String) null, ace1, ace2);
assertTrue(repoAcl instanceof ImmutableACL);
assertEquals(repoAcl, repoAcl);
assertEquals(acl, createACL(ace1, ace2));
assertEquals(acl, createACL(ace1, ace2b));
assertEquals(repoAcl, createACL((String) null, ace1, ace2b));
assertFalse(acl.equals(createACL(ace2, ace1)));
assertFalse(acl.equals(repoAcl));
assertFalse(acl.equals(createEmptyACL()));
assertFalse(acl.equals(createACL("/anotherPath", ace1, ace2)));
assertFalse(acl.equals(new TestACL("/anotherPath", rp, getNamePathMapper(), ace1, ace2)));
assertFalse(acl.equals(new TestACL("/anotherPath", rp, getNamePathMapper(), ace1, ace2)));
assertFalse(acl.equals(new TestACL("/anotherPath", rp, getNamePathMapper())));
assertFalse(acl.equals(new TestACL(getTestPath(), rp, getNamePathMapper(), ace1, ace2)));
}
Also used :
RestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Test(org.junit.Test)
Example 9 with RestrictionProvider
use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider in project jackrabbit-oak by apache.
the class AccessControlValidatorProvider method getRootValidator.
//--------------------------------------------------< ValidatorProvider >---
@Nonnull
@Override
public Validator getRootValidator(NodeState before, NodeState after, CommitInfo info) {
RestrictionProvider restrictionProvider = getConfig(AuthorizationConfiguration.class).getRestrictionProvider();
Root root = RootFactory.createReadOnlyRoot(before);
PrivilegeManager privilegeManager = getConfig(PrivilegeConfiguration.class).getPrivilegeManager(root, NamePathMapper.DEFAULT);
PrivilegeBitsProvider privilegeBitsProvider = new PrivilegeBitsProvider(root);
return new AccessControlValidator(after, privilegeManager, privilegeBitsProvider, restrictionProvider);
}
Also used :
AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)
Root(org.apache.jackrabbit.oak.api.Root)
RestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
PrivilegeBitsProvider(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider)
PrivilegeConfiguration(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration)
Nonnull(javax.annotation.Nonnull)
Example 10 with RestrictionProvider
use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider in project jackrabbit-oak by apache.
the class CompositeAuthorizationConfigurationTest method testOnlyEmptyRestrictionProvider.
@Test
public void testOnlyEmptyRestrictionProvider() {
AuthorizationConfiguration ac = new OpenAuthorizationConfiguration() {
@Nonnull
@Override
public RestrictionProvider getRestrictionProvider() {
return RestrictionProvider.EMPTY;
}
};
CompositeAuthorizationConfiguration cc = getCompositeConfiguration(ac, ac);
RestrictionProvider rp = cc.getRestrictionProvider();
assertFalse(rp instanceof CompositeRestrictionProvider);
assertSame(RestrictionProvider.EMPTY, rp);
}
Also used :
AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)
OpenAuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.OpenAuthorizationConfiguration)
RestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)
CompositeRestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositeRestrictionProvider)
CompositeRestrictionProvider(org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositeRestrictionProvider)
OpenAuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.OpenAuthorizationConfiguration)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Aggregations
RestrictionProvider (org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)20
Test (org.junit.Test)16
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)11
AuthorizationConfigurationImpl (org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl)7
CompositeRestrictionProvider (org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositeRestrictionProvider)7
AccessControlException (javax.jcr.security.AccessControlException)5
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)5
WhiteboardRestrictionProvider (org.apache.jackrabbit.oak.security.authorization.restriction.WhiteboardRestrictionProvider)5
SecurityProvider (org.apache.jackrabbit.oak.spi.security.SecurityProvider)5
AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)5
ArrayList (java.util.ArrayList)4
AbstractRestrictionProvider (org.apache.jackrabbit.oak.spi.security.authorization.restriction.AbstractRestrictionProvider)4
CompositeAuthorizationConfiguration (org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration)3
Nonnull (javax.annotation.Nonnull)2
PrivilegeManager (org.apache.jackrabbit.api.security.authorization.PrivilegeManager)2
Root (org.apache.jackrabbit.oak.api.Root)2
OpenAuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.OpenAuthorizationConfiguration)2
NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)2
ImmutableSet (com.google.common.collect.ImmutableSet)1
Sets.newHashSet (com.google.common.collect.Sets.newHashSet)1
