Search in sources :

Example 1 with AccessControlAction

use of org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction in project jackrabbit-oak by apache.

the class SystemUserImplTest method getSecurityConfigParameters.

@Override
protected ConfigurationParameters getSecurityConfigParameters() {
    return ConfigurationParameters.of(UserConfiguration.NAME, ConfigurationParameters.of(UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, new AuthorizableActionProvider() {

        @Nonnull
        @Override
        public List<? extends AuthorizableAction> getAuthorizableActions(@Nonnull SecurityProvider securityProvider) {
            AuthorizableAction action = new AccessControlAction();
            action.init(securityProvider, ConfigurationParameters.of(AccessControlAction.USER_PRIVILEGE_NAMES, new String[] { PrivilegeConstants.JCR_ALL }));
            return ImmutableList.of(action);
        }
    }));
}
Also used : AccessControlAction(org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction) Nonnull(javax.annotation.Nonnull) SecurityProvider(org.apache.jackrabbit.oak.spi.security.SecurityProvider) AuthorizableAction(org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction) AuthorizableActionProvider(org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableActionProvider)

Example 2 with AccessControlAction

use of org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction in project jackrabbit-oak by apache.

the class UserImportWithActionsTest method testAccessControlActionExecutionForUser.

@Test
public void testAccessControlActionExecutionForUser() throws Exception {
    AccessControlAction a1 = new AccessControlAction();
    a1.init(securityProvider, ConfigurationParameters.of(AccessControlAction.USER_PRIVILEGE_NAMES, new String[] { Privilege.JCR_ALL }));
    setAuthorizableActions(a1);
    String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" + "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>tPrincipal</sv:value></sv:property>" + "</sv:node>";
    doImport(USERPATH, xml);
    Authorizable a = getUserManager().getAuthorizable("t");
    assertNotNull(a);
    assertFalse(a.isGroup());
    AccessControlManager acMgr = getImportSession().getAccessControlManager();
    AccessControlPolicy[] policies = acMgr.getPolicies(a.getPath());
    assertNotNull(policies);
    assertEquals(1, policies.length);
    assertTrue(policies[0] instanceof AccessControlList);
    AccessControlEntry[] aces = ((AccessControlList) policies[0]).getAccessControlEntries();
    assertEquals(1, aces.length);
    assertEquals("tPrincipal", aces[0].getPrincipal().getName());
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessControlAction(org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) AccessControlEntry(javax.jcr.security.AccessControlEntry) Test(org.junit.Test)

Example 3 with AccessControlAction

use of org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction in project jackrabbit-oak by apache.

the class UserImportWithActionsTest method testAccessControlActionExecutionForGroup.

@Test
public void testAccessControlActionExecutionForGroup() throws Exception {
    AccessControlAction a1 = new AccessControlAction();
    a1.init(securityProvider, ConfigurationParameters.of(AccessControlAction.GROUP_PRIVILEGE_NAMES, new String[] { Privilege.JCR_READ }));
    setAuthorizableActions(a1);
    String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"g\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Group</sv:value></sv:property>" + "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>b2f5ff47-4366-31b6-a533-d8dc3614845d</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>gPrincipal</sv:value></sv:property>" + "</sv:node>";
    doImport(GROUPPATH, xml);
    Authorizable a = getUserManager().getAuthorizable("g");
    assertNotNull(a);
    assertTrue(a.isGroup());
    AccessControlManager acMgr = getImportSession().getAccessControlManager();
    AccessControlPolicy[] policies = acMgr.getPolicies(a.getPath());
    assertNotNull(policies);
    assertEquals(1, policies.length);
    assertTrue(policies[0] instanceof AccessControlList);
    AccessControlEntry[] aces = ((AccessControlList) policies[0]).getAccessControlEntries();
    assertEquals(1, aces.length);
    assertEquals("gPrincipal", aces[0].getPrincipal().getName());
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessControlAction(org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) AccessControlEntry(javax.jcr.security.AccessControlEntry) Test(org.junit.Test)

Example 4 with AccessControlAction

use of org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction in project jackrabbit-oak by apache.

the class UserImportWithActionsTest method testAccessControlActionExecutionForUser2.

@Test
public void testAccessControlActionExecutionForUser2() throws Exception {
    AccessControlAction a1 = new AccessControlAction();
    a1.init(securityProvider, ConfigurationParameters.of(AccessControlAction.USER_PRIVILEGE_NAMES, new String[] { Privilege.JCR_ALL }));
    setAuthorizableActions(a1);
    String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" + "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>tPrincipal</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" + "</sv:node>";
    doImport(USERPATH, xml);
    Authorizable a = getUserManager().getAuthorizable("t");
    assertNotNull(a);
    assertFalse(a.isGroup());
    AccessControlManager acMgr = getImportSession().getAccessControlManager();
    AccessControlPolicy[] policies = acMgr.getPolicies(a.getPath());
    assertNotNull(policies);
    assertEquals(1, policies.length);
    assertTrue(policies[0] instanceof AccessControlList);
    AccessControlEntry[] aces = ((AccessControlList) policies[0]).getAccessControlEntries();
    assertEquals(1, aces.length);
    assertEquals("tPrincipal", aces[0].getPrincipal().getName());
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessControlAction(org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) AccessControlEntry(javax.jcr.security.AccessControlEntry) Test(org.junit.Test)

Example 5 with AccessControlAction

use of org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction in project jackrabbit-oak by apache.

the class UserImportWithActionsTest method testAccessControlActionExecutionForSystemUser.

@Test
public void testAccessControlActionExecutionForSystemUser() throws Exception {
    AccessControlAction a1 = new AccessControlAction();
    a1.init(securityProvider, ConfigurationParameters.of(AccessControlAction.USER_PRIVILEGE_NAMES, new String[] { Privilege.JCR_ALL }));
    setAuthorizableActions(a1);
    String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:SystemUser</sv:value></sv:property>" + "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>tSystemPrincipal</sv:value></sv:property>" + "</sv:node>";
    doImport(USERPATH, xml);
    Authorizable a = getUserManager().getAuthorizable("t");
    assertNotNull(a);
    assertFalse(a.isGroup());
    assertTrue(((User) a).isSystemUser());
    AccessControlManager acMgr = getImportSession().getAccessControlManager();
    AccessControlPolicy[] policies = acMgr.getPolicies(a.getPath());
    assertNotNull(policies);
    assertEquals(0, policies.length);
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessControlAction(org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) Test(org.junit.Test)

Aggregations

AccessControlAction (org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction)5 AccessControlManager (javax.jcr.security.AccessControlManager)4 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)4 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)4 Test (org.junit.Test)4 AccessControlEntry (javax.jcr.security.AccessControlEntry)3 AccessControlList (javax.jcr.security.AccessControlList)3 Nonnull (javax.annotation.Nonnull)1 SecurityProvider (org.apache.jackrabbit.oak.spi.security.SecurityProvider)1 AuthorizableAction (org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction)1 AuthorizableActionProvider (org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableActionProvider)1