Examples with PrivilegeBits org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits used on opensource projects

Search in sources :

Example 16 with PrivilegeBits

use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits in project jackrabbit-oak by apache.

the class CugPermissionProviderTest method testSupportedPrivileges.

//---------------------------------------< AggregatedPermissionProvider >---
/**
     * @see org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider#supportedPrivileges(org.apache.jackrabbit.oak.api.Tree, org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)
     */
@Test
public void testSupportedPrivileges() {
    PrivilegeBits readBits = PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ);
    PrivilegeBits readNodeBits = PrivilegeBits.BUILT_IN.get(PrivilegeConstants.REP_READ_NODES);
    PrivilegeBits readPropBits = PrivilegeBits.BUILT_IN.get(PrivilegeConstants.REP_READ_PROPERTIES);
    PrivilegeBitsProvider provider = new PrivilegeBitsProvider(root);
    for (String path : PATH_INCUG_MAP.keySet()) {
        boolean isInCug = PATH_INCUG_MAP.get(path);
        Tree tree = root.getTree(path);
        if (isInCug) {
            assertPrivilegeBits(readBits, cugPermProvider.supportedPrivileges(tree, readBits));
            assertPrivilegeBits(readNodeBits, cugPermProvider.supportedPrivileges(tree, readNodeBits));
            assertPrivilegeBits(readPropBits, cugPermProvider.supportedPrivileges(tree, readPropBits));
            assertPrivilegeBits(readBits, cugPermProvider.supportedPrivileges(tree, provider.getBits(PrivilegeConstants.JCR_ALL)));
            assertPrivilegeBits(readNodeBits, cugPermProvider.supportedPrivileges(tree, provider.getBits(PrivilegeConstants.REP_READ_NODES, PrivilegeConstants.JCR_READ_ACCESS_CONTROL)));
        } else {
            assertTrue(cugPermProvider.supportedPrivileges(tree, readBits).isEmpty());
            assertTrue(cugPermProvider.supportedPrivileges(tree, readNodeBits).isEmpty());
            assertTrue(cugPermProvider.supportedPrivileges(tree, readPropBits).isEmpty());
            assertTrue(cugPermProvider.supportedPrivileges(tree, provider.getBits(PrivilegeConstants.JCR_ALL)).isEmpty());
            assertTrue(cugPermProvider.supportedPrivileges(tree, provider.getBits(PrivilegeConstants.REP_READ_NODES, PrivilegeConstants.JCR_READ_ACCESS_CONTROL)).isEmpty());
        }
        assertTrue(cugPermProvider.supportedPrivileges(tree, provider.getBits(PrivilegeConstants.REP_WRITE)).isEmpty());
        assertTrue(cugPermProvider.supportedPrivileges(tree, provider.getBits(PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_REMOVE_CHILD_NODES, PrivilegeConstants.JCR_REMOVE_NODE)).isEmpty());
        assertTrue(cugPermProvider.supportedPrivileges(tree, provider.getBits(PrivilegeConstants.JCR_READ_ACCESS_CONTROL)).isEmpty());
    }
}
Also used : PrivilegeBitsProvider(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider) Tree(org.apache.jackrabbit.oak.api.Tree) PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits) Test(org.junit.Test)

Example 17 with PrivilegeBits

use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits in project jackrabbit-oak by apache.

the class ACL method internalAddEntry.

private boolean internalAddEntry(@Nonnull ACE entry) throws RepositoryException {
    final Principal principal = entry.getPrincipal();
    List<ACE> subList = Lists.newArrayList(Iterables.filter(entries, new Predicate<ACE>() {

        @Override
        public boolean apply(@Nullable ACE ace) {
            return (ace != null) && ace.getPrincipal().getName().equals(principal.getName());
        }
    }));
    boolean addEntry = true;
    for (ACE existing : subList) {
        PrivilegeBits existingBits = PrivilegeBits.getInstance(existing.getPrivilegeBits());
        PrivilegeBits entryBits = entry.getPrivilegeBits();
        if (entry.getRestrictions().equals(existing.getRestrictions())) {
            if (entry.isAllow() == existing.isAllow()) {
                if (existingBits.includes(entryBits)) {
                    // no changes
                    return false;
                } else {
                    // merge existing and new ace
                    existingBits.add(entryBits);
                    int index = entries.indexOf(existing);
                    entries.remove(existing);
                    entries.add(index, createACE(existing, existingBits));
                    addEntry = false;
                }
            } else {
                // existing is complementary entry -> clean up redundant
                // privileges defined by the existing entry
                PrivilegeBits updated = PrivilegeBits.getInstance(existingBits).diff(entryBits);
                if (updated.isEmpty()) {
                    // remove the existing entry as the new entry covers all privileges
                    entries.remove(existing);
                } else if (!updated.includes(existingBits)) {
                    // replace the existing entry having it's privileges adjusted
                    int index = entries.indexOf(existing);
                    entries.remove(existing);
                    entries.add(index, createACE(existing, updated));
                }
            /* else: no collision that requires adjusting the existing entry.*/
            }
        }
    }
    // finally add the new entry at the end of the list
    if (addEntry) {
        entries.add(entry);
    }
    return true;
}
Also used : ACE(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE) PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits) Principal(java.security.Principal) Nullable(javax.annotation.Nullable) Predicate(com.google.common.base.Predicate)

Example 18 with PrivilegeBits

use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits in project jackrabbit-oak by apache.

the class CugPermissionProvider method supportedPrivileges.

//---------------------------------------< AggregatedPermissionProvider >---
@Nonnull
@Override
public PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits) {
    if (tree == null) {
        return PrivilegeBits.EMPTY;
    }
    PrivilegeBits pb;
    if (privilegeBits == null) {
        pb = PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ);
    } else {
        pb = PrivilegeBits.getInstance(privilegeBits);
        pb.retain(PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ));
    }
    if (pb.isEmpty() || !includesCug(tree)) {
        return PrivilegeBits.EMPTY;
    } else {
        return pb;
    }
}
Also used : PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits) Nonnull(javax.annotation.Nonnull)

Example 19 with PrivilegeBits

use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits in project jackrabbit-oak by apache.

the class CompiledPermissionImpl method getPrivilegeBits.

@Nonnull
private PrivilegeBits getPrivilegeBits(@Nullable Tree tree) {
    EntryPredicate pred = (tree == null) ? new EntryPredicate() : new EntryPredicate(tree, null, false);
    Iterator<PermissionEntry> entries = getEntryIterator(pred);
    PrivilegeBits allowBits = PrivilegeBits.getInstance();
    PrivilegeBits denyBits = PrivilegeBits.getInstance();
    while (entries.hasNext()) {
        PermissionEntry entry = entries.next();
        if (entry.isAllow) {
            allowBits.addDifference(entry.privilegeBits, denyBits);
        } else {
            denyBits.addDifference(entry.privilegeBits, allowBits);
        }
    }
    // special handling for paths that are always readable
    if (tree != null && readPolicy.isReadableTree(tree, false)) {
        allowBits.add(bitsProvider.getBits(PrivilegeConstants.JCR_READ));
    }
    return allowBits;
}
Also used : PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits) Nonnull(javax.annotation.Nonnull)

Example 20 with PrivilegeBits

use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits in project jackrabbit-oak by apache.

the class PrivilegeDefinitionWriter method writePrivilegeNode.

private void writePrivilegeNode(Tree privilegesTree, PrivilegeDefinition definition) throws RepositoryException {
    String name = definition.getName();
    Tree privNode = TreeUtil.addChild(privilegesTree, name, NT_REP_PRIVILEGE);
    if (definition.isAbstract()) {
        privNode.setProperty(REP_IS_ABSTRACT, true);
    }
    Set<String> declAggrNames = definition.getDeclaredAggregateNames();
    boolean isAggregate = declAggrNames.size() > 0;
    if (isAggregate) {
        privNode.setProperty(REP_AGGREGATES, declAggrNames, Type.NAMES);
    }
    PrivilegeBits bits;
    if (PrivilegeBits.BUILT_IN.containsKey(name)) {
        bits = PrivilegeBits.BUILT_IN.get(name);
    } else if (isAggregate) {
        bits = bitsMgr.getBits(declAggrNames);
    } else {
        bits = next();
    }
    bits.writeTo(privNode);
}
Also used : Tree(org.apache.jackrabbit.oak.api.Tree) PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)

Aggregations

PrivilegeBits (org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)29 Test (org.junit.Test)18 Tree (org.apache.jackrabbit.oak.api.Tree)9 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)8 PrivilegeBitsProvider (org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider)6 Nonnull (javax.annotation.Nonnull)5 Principal (java.security.Principal)2 Nullable (javax.annotation.Nullable)2 PrivilegeManager (org.apache.jackrabbit.api.security.authorization.PrivilegeManager)2 ImmutableTree (org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree)2 ACE (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE)2 AggregatedPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider)2 Function (com.google.common.base.Function)1 Predicate (com.google.common.base.Predicate)1 ImmutableSet (com.google.common.collect.ImmutableSet)1 Sets.newHashSet (com.google.common.collect.Sets.newHashSet)1 HashSet (java.util.HashSet)1 Set (java.util.Set)1 Node (javax.jcr.Node)1 Privilege (javax.jcr.security.Privilege)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial