Search in sources :

Example 41 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testGetEffectivePoliciesByPrincipal.

@Test
public void testGetEffectivePoliciesByPrincipal() throws Exception {
    // no ACLs containing entries for the specified principals
    // -> no effective policies expected
    Set<Set<Principal>> principalSets = new HashSet<Set<Principal>>();
    principalSets.add(Collections.singleton(testPrincipal));
    principalSets.add(Collections.<Principal>singleton(EveryonePrincipal.getInstance()));
    principalSets.add(ImmutableSet.of(testPrincipal, EveryonePrincipal.getInstance()));
    for (Set<Principal> principals : principalSets) {
        AccessControlPolicy[] policies = acMgr.getEffectivePolicies(principals);
        assertNotNull(policies);
        assertEquals(0, policies.length);
    }
    setupPolicy(testPath);
    // changes not yet persisted -> no effecitve policies found for testprincipal
    for (Set<Principal> principals : principalSets) {
        AccessControlPolicy[] policies = acMgr.getEffectivePolicies(principals);
        assertNotNull(policies);
        assertEquals(0, policies.length);
    }
    root.commit();
    // after persisting changes -> the policy must be found
    for (Set<Principal> principals : principalSets) {
        AccessControlPolicy[] policies = acMgr.getEffectivePolicies(principals);
        assertNotNull(policies);
        if (principals.contains(testPrincipal)) {
            assertEquals(1, policies.length);
        } else {
            assertEquals(0, policies.length);
        }
    }
    NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
    String childPath = child.getTree().getPath();
    setupPolicy(childPath);
    // changes not yet persisted -> no effecitve policies found for testprincipal
    for (Set<Principal> principals : principalSets) {
        AccessControlPolicy[] policies = acMgr.getEffectivePolicies(principals);
        assertNotNull(policies);
        if (principals.contains(testPrincipal)) {
            assertEquals(1, policies.length);
        } else {
            assertEquals(0, policies.length);
        }
    }
    root.commit();
    // after persisting changes -> the policy must be found
    for (Set<Principal> principals : principalSets) {
        AccessControlPolicy[] policies = acMgr.getEffectivePolicies(principals);
        assertNotNull(policies);
        if (principals.contains(testPrincipal)) {
            assertEquals(2, policies.length);
        } else {
            assertEquals(0, policies.length);
        }
    }
}
Also used : JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) Sets.newHashSet(com.google.common.collect.Sets.newHashSet) ImmutableSet(com.google.common.collect.ImmutableSet) Set(java.util.Set) HashSet(java.util.HashSet) Principal(java.security.Principal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) Sets.newHashSet(com.google.common.collect.Sets.newHashSet) HashSet(java.util.HashSet) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 42 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class AccessControlManagerImplTest method testEffectiveSorting.

@Test
public void testEffectiveSorting() throws Exception {
    Set<Principal> principalSet = ImmutableSet.of(testPrincipal, EveryonePrincipal.getInstance());
    ACL nullPathPolicy = null;
    try {
        // 1. policy at 'testPath'
        ACL policy = getApplicablePolicy(testPath);
        policy.addEntry(testPrincipal, testPrivileges, true, getGlobRestriction("*"));
        policy.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_VERSION_MANAGEMENT), false);
        policy.addEntry(EveryonePrincipal.getInstance(), privilegesFromNames(PrivilegeConstants.JCR_LIFECYCLE_MANAGEMENT), false);
        acMgr.setPolicy(testPath, policy);
        // 2. policy at child node
        NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
        String childPath = child.getTree().getPath();
        setupPolicy(childPath);
        // 3. policy for null-path
        nullPathPolicy = getApplicablePolicy(null);
        assertNotNull(nullPathPolicy);
        nullPathPolicy.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.REP_PRIVILEGE_MANAGEMENT), true);
        acMgr.setPolicy(null, nullPathPolicy);
        root.commit();
        AccessControlPolicy[] effectivePolicies = acMgr.getEffectivePolicies(principalSet);
        assertEquals(3, effectivePolicies.length);
        assertNull(((JackrabbitAccessControlPolicy) effectivePolicies[0]).getPath());
        assertEquals(testPath, ((JackrabbitAccessControlPolicy) effectivePolicies[1]).getPath());
        assertEquals(childPath, ((JackrabbitAccessControlPolicy) effectivePolicies[2]).getPath());
    } finally {
        if (nullPathPolicy != null) {
            acMgr.removePolicy(null, nullPathPolicy);
            root.commit();
        }
    }
}
Also used : JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) TestACL(org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL) Principal(java.security.Principal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 43 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class PermissionHookTest method testReorderAndAddAce.

@Test
public void testReorderAndAddAce() throws Exception {
    Tree entry = getEntry(testPrincipal, testPath, 0);
    assertIndex(0, entry);
    Tree aclTree = root.getTree(testPath + "/rep:policy");
    // reorder
    aclTree.getChildren().iterator().next().orderBefore(null);
    // add a new entry
    NodeUtil ace = new NodeUtil(aclTree).addChild("denyEveryoneLockMgt", NT_REP_DENY_ACE);
    ace.setString(REP_PRINCIPAL_NAME, EveryonePrincipal.NAME);
    ace.setNames(AccessControlConstants.REP_PRIVILEGES, JCR_LOCK_MANAGEMENT);
    root.commit();
    entry = getEntry(testPrincipal, testPath, 1);
    assertIndex(1, entry);
}
Also used : Tree(org.apache.jackrabbit.oak.api.Tree) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 44 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class PermissionHookTest method before.

@Override
@Before
public void before() throws Exception {
    super.before();
    testPrincipal = getTestUser().getPrincipal();
    NodeUtil rootNode = new NodeUtil(root.getTree("/"), namePathMapper);
    NodeUtil testNode = rootNode.addChild("testPath", JcrConstants.NT_UNSTRUCTURED);
    testNode.addChild("childNode", JcrConstants.NT_UNSTRUCTURED);
    AccessControlManager acMgr = getAccessControlManager(root);
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testPath);
    acl.addAccessControlEntry(testPrincipal, privilegesFromNames(JCR_ADD_CHILD_NODES));
    acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privilegesFromNames(JCR_READ));
    acMgr.setPolicy(testPath, acl);
    root.commit();
    bitsProvider = new PrivilegeBitsProvider(root);
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) PrivilegeBitsProvider(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) Before(org.junit.Before)

Example 45 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class PermissionHookTest method testModifyRestrictions.

@Test
public void testModifyRestrictions() throws Exception {
    Tree testAce = root.getTree(testPath + "/rep:policy").getChildren().iterator().next();
    assertEquals(testPrincipal.getName(), testAce.getProperty(REP_PRINCIPAL_NAME).getValue(Type.STRING));
    // add a new restriction node through the OAK API instead of access control manager
    NodeUtil node = new NodeUtil(testAce);
    NodeUtil restrictions = node.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
    restrictions.setString(REP_GLOB, "*");
    String restrictionsPath = restrictions.getTree().getPath();
    root.commit();
    Tree principalRoot = getPrincipalRoot(testPrincipal);
    assertEquals(2, cntEntries(principalRoot));
    Tree parent = principalRoot.getChildren().iterator().next();
    assertEquals("*", parent.getChildren().iterator().next().getProperty(REP_GLOB).getValue(Type.STRING));
    // modify the restrictions node
    Tree restrictionsNode = root.getTree(restrictionsPath);
    restrictionsNode.setProperty(REP_GLOB, "/*/jcr:content/*");
    root.commit();
    principalRoot = getPrincipalRoot(testPrincipal);
    assertEquals(2, cntEntries(principalRoot));
    parent = principalRoot.getChildren().iterator().next();
    assertEquals("/*/jcr:content/*", parent.getChildren().iterator().next().getProperty(REP_GLOB).getValue(Type.STRING));
    // remove the restriction again
    root.getTree(restrictionsPath).remove();
    root.commit();
    principalRoot = getPrincipalRoot(testPrincipal);
    assertEquals(2, cntEntries(principalRoot));
    parent = principalRoot.getChildren().iterator().next();
    assertNull(parent.getChildren().iterator().next().getProperty(REP_GLOB));
}
Also used : Tree(org.apache.jackrabbit.oak.api.Tree) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)183 Test (org.junit.Test)149 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)74 Tree (org.apache.jackrabbit.oak.api.Tree)67 CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)59 Root (org.apache.jackrabbit.oak.api.Root)28 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)14 Before (org.junit.Before)14 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)13 TokenInfo (org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo)13 AccessControlManager (javax.jcr.security.AccessControlManager)12 Principal (java.security.Principal)10 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)8 AccessControlException (javax.jcr.security.AccessControlException)7 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)7 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)6 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)6 Privilege (javax.jcr.security.Privilege)5 Restriction (org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction)5 AccessControlList (javax.jcr.security.AccessControlList)4