Search in sources :

Example 36 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class AccessControlValidatorTest method testAddAceWithAcContent.

@Test
public void testAddAceWithAcContent() throws Exception {
    NodeUtil acl = createAcl();
    NodeUtil ace = acl.getChild(aceName);
    NodeUtil[] acContent = new NodeUtil[] { ace, ace.getChild(REP_RESTRICTIONS) };
    for (NodeUtil node : acContent) {
        NodeUtil entry = node.addChild("invalidACE", NT_REP_DENY_ACE);
        try {
            root.commit();
            fail("Adding an ACE below an ACE or restriction should fail");
        } catch (CommitFailedException e) {
            // success
            assertTrue(e.isConstraintViolation());
            assertThat(e.getMessage(), containsString("/testRoot/rep:policy/validAce"));
        } finally {
            entry.getTree().remove();
        }
    }
}
Also used : CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 37 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class AccessControlValidatorTest method testAddRestrictionWithAcContent.

@Test
public void testAddRestrictionWithAcContent() throws Exception {
    NodeUtil acl = createAcl();
    NodeUtil ace = acl.getChild(aceName);
    NodeUtil[] acContent = new NodeUtil[] { acl, ace.getChild(REP_RESTRICTIONS) };
    for (NodeUtil node : acContent) {
        NodeUtil entry = node.addChild("invalidRestriction", NT_REP_RESTRICTIONS);
        try {
            root.commit();
            fail("Adding an ACE below an ACE or restriction should fail");
        } catch (CommitFailedException e) {
            // success
            assertTrue(e.isConstraintViolation());
            assertThat(e.getMessage(), containsString("/testRoot/rep:policy"));
        } finally {
            entry.getTree().remove();
        }
    }
}
Also used : CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 38 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class TreeTypeProviderTest method before.

@Override
public void before() throws Exception {
    super.before();
    typeProvider = new TreeTypeProvider(getConfig(AuthorizationConfiguration.class).getContext());
    tests = new ArrayList<TypeTest>();
    tests.add(new TypeTest("/", TreeType.DEFAULT));
    tests.add(new TypeTest("/content", TreeType.DEFAULT));
    tests.add(new TypeTest('/' + JcrConstants.JCR_SYSTEM, TreeType.DEFAULT));
    tests.add(new TypeTest(NodeTypeConstants.NODE_TYPES_PATH, TreeType.DEFAULT));
    tests.add(new TypeTest(NodeTypeConstants.NODE_TYPES_PATH + "/rep:system/rep:namedChildNodeDefinitions/jcr:versionStorage", TreeType.DEFAULT));
    tests.add(new TypeTest(NodeTypeConstants.NODE_TYPES_PATH + "/rep:system/rep:namedChildNodeDefinitions/jcr:activities", TreeType.DEFAULT));
    tests.add(new TypeTest(NodeTypeConstants.NODE_TYPES_PATH + "/rep:system/rep:namedChildNodeDefinitions/jcr:configurations", TreeType.DEFAULT));
    tests.add(new TypeTest(NodeTypeConstants.NODE_TYPES_PATH + "/rep:AccessControllable/rep:namedChildNodeDefinitions/rep:policy", TreeType.DEFAULT));
    tests.add(new TypeTest(NodeTypeConstants.NODE_TYPES_PATH + "/rep:AccessControllable/rep:namedChildNodeDefinitions/rep:policy/rep:Policy", TreeType.DEFAULT));
    tests.add(new TypeTest(NodeTypeConstants.NODE_TYPES_PATH + "/rep:ACL/rep:residualChildNodeDefinitions/rep:ACE", TreeType.DEFAULT));
    tests.add(new TypeTest(NodeTypeConstants.NODE_TYPES_PATH + "/rep:GrantACE/rep:namedChildNodeDefinitions/rep:restrictions", TreeType.DEFAULT));
    tests.add(new TypeTest(NodeTypeConstants.NODE_TYPES_PATH + "/rep:RepoAccessControllable/rep:namedChildNodeDefinitions/rep:repoPolicy", TreeType.DEFAULT));
    tests.add(new TypeTest(NodeTypeConstants.NODE_TYPES_PATH + "/rep:PermissionStore", TreeType.DEFAULT));
    tests.add(new TypeTest("/:hidden", TreeType.HIDDEN));
    tests.add(new TypeTest("/:hidden/child", TreeType.HIDDEN, TreeType.HIDDEN));
    tests.add(new TypeTest("/oak:index/nodetype/:index", TreeType.HIDDEN));
    tests.add(new TypeTest("/oak:index/nodetype/:index/child", TreeType.HIDDEN, TreeType.HIDDEN));
    for (String versionPath : VersionConstants.SYSTEM_PATHS) {
        tests.add(new TypeTest(versionPath, TreeType.VERSION));
        tests.add(new TypeTest(versionPath + "/a/b/child", TreeType.VERSION, TreeType.VERSION));
    }
    tests.add(new TypeTest(PermissionConstants.PERMISSIONS_STORE_PATH, TreeType.INTERNAL));
    tests.add(new TypeTest(PermissionConstants.PERMISSIONS_STORE_PATH + "/a/b/child", TreeType.INTERNAL, TreeType.INTERNAL));
    NodeUtil testTree = new NodeUtil(root.getTree("/")).addChild("test", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
    for (String name : AccessControlConstants.POLICY_NODE_NAMES) {
        NodeUtil acl = testTree.addChild(name, AccessControlConstants.NT_REP_ACL);
        tests.add(new TypeTest(acl.getTree().getPath(), TreeType.ACCESS_CONTROL));
        NodeUtil ace = acl.addChild("ace", AccessControlConstants.NT_REP_DENY_ACE);
        tests.add(new TypeTest(ace.getTree().getPath(), TreeType.ACCESS_CONTROL, TreeType.ACCESS_CONTROL));
        NodeUtil ace2 = acl.addChild("ace2", AccessControlConstants.NT_REP_GRANT_ACE);
        tests.add(new TypeTest(ace2.getTree().getPath(), TreeType.ACCESS_CONTROL, TreeType.ACCESS_CONTROL));
        NodeUtil rest = ace2.addChild(AccessControlConstants.REP_RESTRICTIONS, AccessControlConstants.NT_REP_RESTRICTIONS);
        tests.add(new TypeTest(rest.getTree().getPath(), TreeType.ACCESS_CONTROL, TreeType.ACCESS_CONTROL));
        NodeUtil invalid = rest.addChild("invalid", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
        tests.add(new TypeTest(invalid.getTree().getPath(), TreeType.ACCESS_CONTROL, TreeType.ACCESS_CONTROL));
    }
}
Also used : AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil)

Example 39 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class ReadOnlyVersionManagerTest method testPreserveHistoryAfterMovingVersionable.

@Test
public void testPreserveHistoryAfterMovingVersionable() throws RepositoryException, CommitFailedException {
    NodeUtil node = new NodeUtil(root.getTree("/"));
    NodeUtil testVersionable = node.addChild("testVersionable", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
    TreeUtil.addMixin(testVersionable.getTree(), JcrConstants.MIX_VERSIONABLE, root.getTree(NodeTypeConstants.NODE_TYPES_PATH), null);
    root.commit();
    Tree history = versionManager.getVersionHistory(testVersionable.getTree());
    assertTrue(history.exists());
    String historyUuid = history.getProperty(JCR_UUID).getValue(Type.STRING);
    assertTrue(root.move("/testVersionable", "/testVersionable2"));
    root.commit();
    history = versionManager.getVersionHistory(root.getTree("/testVersionable2"));
    assertTrue(history.exists());
    assertEquals(historyUuid, history.getProperty(JCR_UUID).getValue(Type.STRING));
}
Also used : Tree(org.apache.jackrabbit.oak.api.Tree) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 40 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testTestSessionGetEffectivePoliciesByPrincipal.

@Test
public void testTestSessionGetEffectivePoliciesByPrincipal() throws Exception {
    NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
    String childPath = child.getTree().getPath();
    Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
    setupPolicy(testPath, privs);
    setupPolicy(childPath, privs);
    root.commit();
    Root testRoot = getTestRoot();
    testRoot.refresh();
    JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
    AccessControlPolicy[] effective = testAcMgr.getEffectivePolicies(Collections.singleton(testPrincipal));
    assertNotNull(effective);
    assertEquals(2, effective.length);
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) Root(org.apache.jackrabbit.oak.api.Root) Privilege(javax.jcr.security.Privilege) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)183 Test (org.junit.Test)149 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)74 Tree (org.apache.jackrabbit.oak.api.Tree)67 CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)59 Root (org.apache.jackrabbit.oak.api.Root)28 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)14 Before (org.junit.Before)14 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)13 TokenInfo (org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo)13 AccessControlManager (javax.jcr.security.AccessControlManager)12 Principal (java.security.Principal)10 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)8 AccessControlException (javax.jcr.security.AccessControlException)7 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)7 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)6 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)6 Privilege (javax.jcr.security.Privilege)5 Restriction (org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction)5 AccessControlList (javax.jcr.security.AccessControlList)4