Search in sources :

Example 6 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class CompositeRestrictionProviderTest method testGetRestrictionPattern.

@Test
public void testGetRestrictionPattern() throws Exception {
    NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE);
    NodeUtil rNode = aceNode.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
    rNode.setString(REP_GLOB, "*");
    assertFalse(provider.getPattern("/test", aceNode.getTree()) instanceof CompositePattern);
    rNode.setBoolean("boolean", true);
    rNode.setValues("longs", new Value[] { vf.createValue(10), vf.createValue(290) });
    assertTrue(provider.getPattern("/test", rNode.getTree()) instanceof CompositePattern);
}
Also used : CompositePattern(org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositePattern) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 7 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class CompositeRestrictionProviderTest method testWriteUnsupportedRestrictions.

@Test
public void testWriteUnsupportedRestrictions() throws Exception {
    NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE);
    Restriction invalid = new RestrictionImpl(PropertyStates.createProperty("invalid", vf.createValue(true)), false);
    try {
        provider.writeRestrictions("/test", aceNode.getTree(), ImmutableSet.<Restriction>of(invalid));
        fail("AccessControlException expected");
    } catch (AccessControlException e) {
    // success
    }
}
Also used : Restriction(org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction) AccessControlException(javax.jcr.security.AccessControlException) RestrictionImpl(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionImpl) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 8 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class CompositeRestrictionProviderTest method testReadRestrictions.

@Test
public void testReadRestrictions() throws Exception {
    NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE);
    aceNode.setBoolean("boolean", true);
    aceNode.setValues("longs", new Value[] { vf.createValue(10), vf.createValue(290) });
    aceNode.setString(REP_GLOB, "*");
    // empty array
    aceNode.setNames(REP_NT_NAMES);
    aceNode.setString("invalid", "val");
    aceNode.setStrings("invalid2", "val1", "val2", "val3");
    Set<Restriction> restrictions = provider.readRestrictions("/test", aceNode.getTree());
    assertEquals(4, restrictions.size());
    for (Restriction r : restrictions) {
        String name = r.getDefinition().getName();
        if (!supported.contains(name)) {
            fail("read unsupported restriction");
        }
    }
}
Also used : Restriction(org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 9 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class PermissionProviderImplTest method before.

@Override
public void before() throws Exception {
    super.before();
    new NodeUtil(root.getTree("/")).addChild("test", JcrConstants.NT_UNSTRUCTURED);
    UserManager uMgr = getUserManager(root);
    adminstrators = uMgr.createGroup(ADMINISTRATOR_GROUP);
    root.commit();
    config = getSecurityProvider().getConfiguration(AuthorizationConfiguration.class);
}
Also used : AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration) UserManager(org.apache.jackrabbit.api.security.user.UserManager) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil)

Example 10 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class CugValidatorTest method testChangePrimaryTypeOfCug.

@Test
public void testChangePrimaryTypeOfCug() throws Exception {
    node.setNames(JcrConstants.JCR_MIXINTYPES, MIX_REP_CUG_MIXIN);
    NodeUtil cug = node.addChild(REP_CUG_POLICY, NT_REP_CUG_POLICY);
    cug.setStrings(REP_PRINCIPAL_NAMES, EveryonePrincipal.NAME);
    root.commit();
    try {
        cug.setName(JcrConstants.JCR_PRIMARYTYPE, NodeTypeConstants.NT_OAK_UNSTRUCTURED);
        root.commit();
        fail();
    } catch (CommitFailedException e) {
        assertTrue(e.isAccessControlViolation());
        assertEquals(21, e.getCode());
    }
}
Also used : CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) Test(org.junit.Test)

Aggregations

NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)183 Test (org.junit.Test)149 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)74 Tree (org.apache.jackrabbit.oak.api.Tree)67 CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)59 Root (org.apache.jackrabbit.oak.api.Root)28 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)14 Before (org.junit.Before)14 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)13 TokenInfo (org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo)13 AccessControlManager (javax.jcr.security.AccessControlManager)12 Principal (java.security.Principal)10 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)8 AccessControlException (javax.jcr.security.AccessControlException)7 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)7 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)6 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)6 Privilege (javax.jcr.security.Privilege)5 Restriction (org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction)5 AccessControlList (javax.jcr.security.AccessControlList)4