Examples with GroupSecurityReference org.xwiki.security.GroupSecurityReference used on opensource projects

Search in sources :

Example 16 with GroupSecurityReference

use of org.xwiki.security.GroupSecurityReference in project xwiki-platform by xwiki.

the class DefaultSecurityCacheTest method AddRuleEntry.

private String AddRuleEntry(SecurityRuleEntry entry) throws ParentEntryEvictedException, ConflictingInsertionException {
    if (groupUserRefs.contains(entry.getReference())) {
        final List<GroupSecurityReference> groups = new ArrayList<GroupSecurityReference>();
        for (GroupSecurityReference group : groupRefs.keySet()) {
            if (groupRefs.get(group).contains(entry.getReference())) {
                if (group.getOriginalReference().getWikiReference().equals(entry.getReference().getOriginalDocumentReference().getWikiReference())) {
                    groups.add(group);
                }
            }
        }
        AddUserEntry(entry, groups);
    } else if (userRefs.contains(entry.getReference())) {
        AddUserEntry(entry, null);
    } else {
        securityCache.add(entry);
    }
    return cache.getLastInsertedKey();
}
Also used : ArrayList(java.util.ArrayList) GroupSecurityReference(org.xwiki.security.GroupSecurityReference)

Example 17 with GroupSecurityReference

use of org.xwiki.security.GroupSecurityReference in project xwiki-platform by xwiki.

the class DefaultSecurityCache method getGroupsFor.

@Override
public Collection<GroupSecurityReference> getGroupsFor(UserSecurityReference user, SecurityReference entityWiki) {
    Collection<GroupSecurityReference> groups = new HashSet<>();
    SecurityCacheEntry userEntry = (entityWiki != null) ? getShadowEntry(user, entityWiki) : getEntry(user);
    // If the user is not in the cache, or if it is, but not as a user, but as a regular document
    if (userEntry == null || !userEntry.isUser()) {
        // In that case, the ancestors are not fully loaded
        return null;
    }
    // We are going to get the parents of the security cache entry recursively, that is why we use a stack
    // (instead of using the execution stack which would be more costly).
    Deque<SecurityCacheEntry> entriesToExplore = new ArrayDeque<>();
    // Special case if the user is a shadow.
    if (entityWiki != null) {
        // We start with the parents of the original entry, and the parent of this shadow (excluding the original)
        addParentsWhenEntryIsShadow(userEntry, user, groups, entriesToExplore);
    } else {
        // We start with the current user
        entriesToExplore.add(userEntry);
    }
    // Let's go
    while (!entriesToExplore.isEmpty()) {
        SecurityCacheEntry entry = entriesToExplore.pop();
        // We add the parents of the current entry
        addParentsToTheListOfEntriesToExplore(entry.parents, groups, entriesToExplore);
        // If the entry has a shadow (in the concerned subwiki), we also add the parents of the shadow
        if (entityWiki != null) {
            GroupSecurityReference entryRef = (GroupSecurityReference) entry.getEntry().getReference();
            if (entryRef.isGlobal()) {
                SecurityCacheEntry shadow = getShadowEntry(entryRef, entityWiki);
                if (shadow != null) {
                    addParentsToTheListOfEntriesToExplore(shadow.parents, groups, entriesToExplore, entry);
                }
            }
        }
    }
    return groups;
}
Also used : GroupSecurityReference(org.xwiki.security.GroupSecurityReference) ArrayDeque(java.util.ArrayDeque) HashSet(java.util.HashSet)

Example 18 with GroupSecurityReference

use of org.xwiki.security.GroupSecurityReference in project xwiki-platform by xwiki.

the class AbstractAuthorizationSettler method settle.

@Override
public SecurityAccessEntry settle(UserSecurityReference user, Collection<GroupSecurityReference> groups, Deque<SecurityRuleEntry> ruleEntries) {
    XWikiSecurityAccess access = new XWikiSecurityAccess();
    SecurityReference reference = null;
    Policies policies = new Policies();
    for (SecurityRuleEntry entry : ruleEntries) {
        if (!entry.isEmpty()) {
            // Chose the highest possible level to store the resulting access
            if (reference == null) {
                reference = entry.getReference();
            }
            // Compute access of this level and merge it with previous access result
            merge(settle(user, groups, entry, policies), access, entry.getReference(), policies);
        }
        if (reference == null && entry.getReference().getType() == EntityType.WIKI) {
            reference = entry.getReference();
        }
    }
    // Apply defaults and return the resulting access entry
    return new InternalSecurityAccessEntry(user, reference, applyDefaults(user, reference, access));
}
Also used : SecurityRuleEntry(org.xwiki.security.authorization.SecurityRuleEntry) GroupSecurityReference(org.xwiki.security.GroupSecurityReference) SecurityReference(org.xwiki.security.SecurityReference) UserSecurityReference(org.xwiki.security.UserSecurityReference)

Example 19 with GroupSecurityReference

use of org.xwiki.security.GroupSecurityReference in project xwiki-platform by xwiki.

the class DefaultAuthorizationSettlerTest method getMockedSecurityRule.

private SecurityRule getMockedSecurityRule(String name, Iterable<UserSecurityReference> users, Iterable<GroupSecurityReference> groups, Iterable<Right> rights, final RuleState state) {
    final SecurityRule rule = mock(SecurityRule.class, name);
    final List<Matcher<? super UserSecurityReference>> userMatchers = new ArrayList<Matcher<? super UserSecurityReference>>();
    final List<Matcher<? super GroupSecurityReference>> groupMatchers = new ArrayList<Matcher<? super GroupSecurityReference>>();
    final List<Matcher<? super Right>> rightMatchers = new ArrayList<Matcher<? super Right>>();
    for (UserSecurityReference user : users) {
        userMatchers.add(is(user));
    }
    for (GroupSecurityReference group : groups) {
        groupMatchers.add(is(group));
    }
    for (Right right : rights) {
        rightMatchers.add(is(right));
    }
    when(rule.match(argThat(anyOf(userMatchers)))).thenReturn(true);
    when(rule.match(argThat(anyOf(groupMatchers)))).thenReturn(true);
    when(rule.match(argThat(anyOf(rightMatchers)))).thenReturn(true);
    when(rule.match(argThat(not(anyOf(userMatchers))))).thenReturn(false);
    when(rule.match(argThat(not(anyOf(groupMatchers))))).thenReturn(false);
    when(rule.match(argThat(not(anyOf(rightMatchers))))).thenReturn(false);
    when(rule.getState()).thenReturn(state);
    return rule;
}
Also used : Matcher(org.hamcrest.Matcher) ArrayList(java.util.ArrayList) Right(org.xwiki.security.authorization.Right) SecurityRule(org.xwiki.security.authorization.SecurityRule) UserSecurityReference(org.xwiki.security.UserSecurityReference) GroupSecurityReference(org.xwiki.security.GroupSecurityReference)

Example 20 with GroupSecurityReference

use of org.xwiki.security.GroupSecurityReference in project xwiki-platform by xwiki.

the class DefaultAuthorizationSettlerTest method testSettleInheritancePolicy.

@Test
public void testSettleInheritancePolicy() throws Exception {
    SecurityRule allowAllTestRightsRulesToXuser = getMockedSecurityRule("allowAllTestRightsRulesToXuser", Arrays.asList(xuserRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, ALLOW);
    SecurityRule denyAllTestRightsRulesToXuser = getMockedSecurityRule("denyAllTestRightsRulesToXuser", Arrays.asList(xuserRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, DENY);
    SecurityRule allowAllTestRightsRulesToUser = getMockedSecurityRule("allowAllTestRightsRulesToUser", Arrays.asList(userRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, ALLOW);
    SecurityRule denyAllTestRightsRulesToUser = getMockedSecurityRule("denyAllTestRightsRulesToUser", Arrays.asList(userRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, DENY);
    SecurityRule allowAllTestRightsRulesToAnotherWikiUser = getMockedSecurityRule("allowAllTestRightsRulesToAnotherWikiUser", Arrays.asList(anotherWikiUserRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, ALLOW);
    SecurityRule denyAllTestRightsRulesToAnotherWikiUser = getMockedSecurityRule("denyAllTestRightsRulesToAnotherWikiUser", Arrays.asList(anotherWikiUserRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, DENY);
    Deque<SecurityRuleEntry> allowThenDenyRulesForXdocSpace = getMockedSecurityRuleEntries("allowThenDenyRulesForXdocSpace", xdocRef, Arrays.asList(Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser), Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser)));
    Deque<SecurityRuleEntry> denyThenAllowRulesForXdocSpace = getMockedSecurityRuleEntries("denyThenAllowRulesForXdocSpace", xdocRef, Arrays.asList(Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser), Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser)));
    Deque<SecurityRuleEntry> allowThenDenyRulesForDocSpace = getMockedSecurityRuleEntries("allowThenDenyRulesForDocSpace", docRef, Arrays.asList(Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser), Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser)));
    Deque<SecurityRuleEntry> denyThenAllowRulesForDocSpace = getMockedSecurityRuleEntries("denyThenAllowRulesForDocSpace", docRef, Arrays.asList(Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser), Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser)));
    Deque<SecurityRuleEntry> allowThenDenyRulesForXDocWiki = getMockedSecurityRuleEntries("allowThenDenyRulesForXDocWiki", xdocRef, Arrays.asList(Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser), Collections.<SecurityRule>emptyList(), Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser)));
    Deque<SecurityRuleEntry> denyThenAllowRulesForXdocWiki = getMockedSecurityRuleEntries("denyThenAllowRulesForXdocWiki", xdocRef, Arrays.asList(Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser), Collections.<SecurityRule>emptyList(), Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser)));
    Deque<SecurityRuleEntry> allowThenDenyRulesForDocWiki = getMockedSecurityRuleEntries("allowThenDenyRulesForDocWiki", docRef, Arrays.asList(Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser), Collections.<SecurityRule>emptyList(), Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser)));
    Deque<SecurityRuleEntry> denyThenAllowRulesForDocWiki = getMockedSecurityRuleEntries("denyThenAllowRulesForDocWiki", docRef, Arrays.asList(Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser), Collections.<SecurityRule>emptyList(), Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser)));
    Deque<SecurityRuleEntry> allowThenDenyRulesForDocXWiki = getMockedSecurityRuleEntries("allowThenDenyRulesForDocXWiki", docRef, Arrays.asList(Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser), Collections.<SecurityRule>emptyList(), Collections.<SecurityRule>emptyList(), Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser)));
    Deque<SecurityRuleEntry> denyThenAllowRulesForDocXWiki = getMockedSecurityRuleEntries("denyThenAllowRulesForDocXWiki", docRef, Arrays.asList(Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser), Collections.<SecurityRule>emptyList(), Collections.<SecurityRule>emptyList(), Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser)));
    XWikiSecurityAccess allowDenyAccess = new XWikiSecurityAccess();
    for (Right right : allTestRights) {
        allowDenyAccess.allow(right);
    }
    XWikiSecurityAccess denyAllowAccess = new XWikiSecurityAccess();
    for (Right right : allTestRights) {
        denyAllowAccess.set(right, right.getInheritanceOverridePolicy() ? DENY : ALLOW);
    }
    assertAccess("When allowed right on doc are denied on space from main wiki for main wiki user, use inheritance policy", xuserRef, xdocRef, allowDenyAccess, authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForXdocSpace));
    assertAccess("When denied right on doc are allowed on space from main wiki for main wiki user, use inheritance policy", xuserRef, xdocRef, denyAllowAccess, authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForXdocSpace));
    assertAccess("When allowed right on doc are denied on space from local wiki for main wiki user, use inheritance policy", xuserRef, docRef, allowDenyAccess, authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForDocSpace));
    assertAccess("When denied right on doc are allowed on space from local wiki for main wiki user, use inheritance policy", xuserRef, docRef, denyAllowAccess, authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForDocSpace));
    assertAccess("When allowed right on doc are denied on space from local wiki for local wiki user, use inheritance policy", userRef, docRef, allowDenyAccess, authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForDocSpace));
    assertAccess("When denied right on doc are allowed on space from local wiki for local wiki user, use inheritance policy", userRef, docRef, denyAllowAccess, authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForDocSpace));
    assertAccess("When allowed right on doc are denied on space from local wiki for another wiki user, use inheritance policy", anotherWikiUserRef, docRef, allowDenyAccess, authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForDocSpace));
    assertAccess("When denied right on doc are allowed on space from local wiki for another wiki user, use inheritance policy", anotherWikiUserRef, docRef, denyAllowAccess, authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForDocSpace));
    // 
    assertAccess("When allowed right on doc are denied on wiki from main wiki for main wiki user, use inheritance policy", xuserRef, xdocRef, allowDenyAccess, authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForXDocWiki));
    assertAccess("When denied right on doc are allowed on wiki from main wiki for main wiki user, use inheritance policy", xuserRef, xdocRef, denyAllowAccess, authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForXdocWiki));
    assertAccess("When allowed right on doc are denied on wiki from local wiki for main wiki user, use inheritance policy", xuserRef, docRef, allowDenyAccess, authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForDocWiki));
    assertAccess("When denied right on doc are allowed on wiki from local wiki for main wiki user, use inheritance policy", xuserRef, docRef, denyAllowAccess, authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForDocWiki));
    assertAccess("When allowed right on doc are denied on wiki from local wiki for local wiki user, use inheritance policy", userRef, docRef, allowDenyAccess, authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForDocWiki));
    assertAccess("When denied right on doc are allowed on wiki from local wiki for local wiki user, use inheritance policy", userRef, docRef, denyAllowAccess, authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForDocWiki));
    assertAccess("When allowed right on doc are denied on wiki from local wiki for another wiki user, use inheritance policy", anotherWikiUserRef, docRef, allowDenyAccess, authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForDocWiki));
    assertAccess("When denied right on doc are allowed on wiki from local wiki for another wiki user, use inheritance policy", anotherWikiUserRef, docRef, denyAllowAccess, authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForDocWiki));
    // 
    assertAccess("When allowed right on doc are denied on main wiki from local wiki for local wiki user, use inheritance policy", userRef, docRef, allowDenyAccess, authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForDocXWiki));
    assertAccess("When denied right on doc are allowed on main wiki from local wiki for local wiki user, use inheritance policy", userRef, docRef, denyAllowAccess, authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForDocXWiki));
    assertAccess("When allowed right on doc are denied on main wiki from local wiki for another wiki user, use inheritance policy", anotherWikiUserRef, docRef, allowDenyAccess, authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), allowThenDenyRulesForDocXWiki));
    assertAccess("When denied right on doc are allowed on main wiki from local wiki for another wiki user, use inheritance policy", anotherWikiUserRef, docRef, denyAllowAccess, authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), denyThenAllowRulesForDocXWiki));
}
Also used : SecurityRuleEntry(org.xwiki.security.authorization.SecurityRuleEntry) Right(org.xwiki.security.authorization.Right) SecurityRule(org.xwiki.security.authorization.SecurityRule) GroupSecurityReference(org.xwiki.security.GroupSecurityReference) Test(org.junit.Test)

Aggregations

GroupSecurityReference (org.xwiki.security.GroupSecurityReference)20 UserSecurityReference (org.xwiki.security.UserSecurityReference)10 SecurityReference (org.xwiki.security.SecurityReference)9 ArrayList (java.util.ArrayList)6 Test (org.junit.Test)5 Right (org.xwiki.security.authorization.Right)4 SecurityRule (org.xwiki.security.authorization.SecurityRule)4 SecurityRuleEntry (org.xwiki.security.authorization.SecurityRuleEntry)4 HashSet (java.util.HashSet)3 DocumentReference (org.xwiki.model.reference.DocumentReference)2 SecurityAccessEntry (org.xwiki.security.authorization.SecurityAccessEntry)2 SecurityEntry (org.xwiki.security.authorization.SecurityEntry)2 SecurityShadowEntry (org.xwiki.security.authorization.cache.SecurityShadowEntry)2 AbstractSecurityRuleEntry (org.xwiki.security.authorization.internal.AbstractSecurityRuleEntry)2 ArrayDeque (java.util.ArrayDeque)1 Collection (java.util.Collection)1 LinkedList (java.util.LinkedList)1 Matcher (org.hamcrest.Matcher)1 InvocationOnMock (org.mockito.invocation.InvocationOnMock)1 WikiReference (org.xwiki.model.reference.WikiReference)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial