Examples with ContextualAuthorizationManager org.xwiki.security.authorization.ContextualAuthorizationManager used on opensource projects

Search in sources :

Example 1 with ContextualAuthorizationManager

use of org.xwiki.security.authorization.ContextualAuthorizationManager in project xwiki-platform by xwiki.

the class RefactoringScriptServiceTest method moveWithPR.

@Test
public void moveWithPR() throws Exception {
    MoveRequest request = new MoveRequest();
    request.setCheckRights(false);
    DocumentReference bobReference = new DocumentReference("wiki", "Users", "Bob");
    request.setUserReference(bobReference);
    ContextualAuthorizationManager authorization = this.mocker.getInstance(ContextualAuthorizationManager.class);
    when(authorization.hasAccess(Right.PROGRAM)).thenReturn(true);
    getService().move(request);
    assertFalse(request.isCheckRights());
    assertEquals(bobReference, request.getUserReference());
}
Also used : ContextualAuthorizationManager(org.xwiki.security.authorization.ContextualAuthorizationManager) MoveRequest(org.xwiki.refactoring.job.MoveRequest) DocumentReference(org.xwiki.model.reference.DocumentReference) Test(org.junit.Test)

Example 2 with ContextualAuthorizationManager

use of org.xwiki.security.authorization.ContextualAuthorizationManager in project xwiki-platform by xwiki.

the class SecureGroovyCompilationCustomizerTest method executeWithSecureCustomizerWhenProgrammingRights.

@Test
public void executeWithSecureCustomizerWhenProgrammingRights() throws Exception {
    final ConfigurationSource source = registerMockComponent(ConfigurationSource.class);
    final ContextualAuthorizationManager cam = registerMockComponent(ContextualAuthorizationManager.class);
    getMockery().checking(new Expectations() {

        {
            oneOf(source).getProperty("groovy.compilationCustomizers", Collections.emptyList());
            will(returnValue(Arrays.asList("secure")));
            oneOf(cam).hasAccess(Right.PROGRAM);
            will(returnValue(true));
        }
    });
    ScriptEngineManager manager = new ScriptEngineManager();
    ScriptEngineFactory groovyScriptEngineFactory = getComponentManager().getInstance(ScriptEngineFactory.class, "groovy");
    manager.registerEngineName("groovy", groovyScriptEngineFactory);
    final ScriptEngine engine = manager.getEngineByName("groovy");
    // Verify that the Secure AST Customizer is not active by running a Groovy script that raise an exception
    // when the Secure AST Customizer is active
    engine.eval("synchronized(this) { }");
}
Also used : ContextualAuthorizationManager(org.xwiki.security.authorization.ContextualAuthorizationManager) Expectations(org.jmock.Expectations) ConfigurationSource(org.xwiki.configuration.ConfigurationSource) ScriptEngineFactory(javax.script.ScriptEngineFactory) ScriptEngineManager(javax.script.ScriptEngineManager) ScriptEngine(javax.script.ScriptEngine) Test(org.junit.Test)

Example 3 with ContextualAuthorizationManager

use of org.xwiki.security.authorization.ContextualAuthorizationManager in project xwiki-platform by xwiki.

the class SecureGroovyCompilationCustomizerTest method setUpWhenNoProgrammingRights.

private void setUpWhenNoProgrammingRights() throws Exception {
    final ConfigurationSource source = registerMockComponent(ConfigurationSource.class);
    final ContextualAuthorizationManager cam = registerMockComponent(ContextualAuthorizationManager.class);
    getMockery().checking(new Expectations() {

        {
            oneOf(source).getProperty("groovy.compilationCustomizers", Collections.emptyList());
            will(returnValue(Arrays.asList("secure")));
            oneOf(cam).hasAccess(Right.PROGRAM);
            will(returnValue(false));
        }
    });
    ScriptEngineManager manager = new ScriptEngineManager();
    ScriptEngineFactory groovyScriptEngineFactory = getComponentManager().getInstance(ScriptEngineFactory.class, "groovy");
    manager.registerEngineName("groovy", groovyScriptEngineFactory);
    this.engine = manager.getEngineByName("groovy");
}
Also used : ContextualAuthorizationManager(org.xwiki.security.authorization.ContextualAuthorizationManager) Expectations(org.jmock.Expectations) ConfigurationSource(org.xwiki.configuration.ConfigurationSource) ScriptEngineFactory(javax.script.ScriptEngineFactory) ScriptEngineManager(javax.script.ScriptEngineManager)

Example 4 with ContextualAuthorizationManager

use of org.xwiki.security.authorization.ContextualAuthorizationManager in project xwiki-platform by xwiki.

the class XWikiDocument method executeValidationScript.

private boolean executeValidationScript(XWikiContext context, String validationScript) {
    try {
        ContextualAuthorizationManager authorization = Utils.getComponent(ContextualAuthorizationManager.class);
        DocumentReference validationScriptReference = getCurrentDocumentReferenceResolver().resolve(validationScript, getDocumentReference());
        // Make sure target document is allowed to execute Groovy
        // TODO: this check should probably be right in XWiki#parseGroovyFromPage
        authorization.checkAccess(Right.PROGRAM, validationScriptReference);
        XWikiValidationInterface validObject = (XWikiValidationInterface) context.getWiki().parseGroovyFromPage(validationScript, context);
        return validObject.validateDocument(this, context);
    } catch (Throwable e) {
        XWikiValidationStatus.addExceptionToContext(getFullName(), "", e, context);
        return false;
    }
}
Also used : ContextualAuthorizationManager(org.xwiki.security.authorization.ContextualAuthorizationManager) XWikiValidationInterface(com.xpn.xwiki.validation.XWikiValidationInterface) DocumentReference(org.xwiki.model.reference.DocumentReference) LocalDocumentReference(org.xwiki.model.reference.LocalDocumentReference)

Example 5 with ContextualAuthorizationManager

use of org.xwiki.security.authorization.ContextualAuthorizationManager in project xwiki-platform by xwiki.

the class BaseClass method executeValidationScript.

private boolean executeValidationScript(BaseObject obj, String validationScript, XWikiContext context) {
    try {
        ContextualAuthorizationManager authorization = Utils.getComponent(ContextualAuthorizationManager.class);
        DocumentReference validationScriptReference = getCurrentDocumentReferenceResolver().resolve(validationScript, getDocumentReference());
        // Make sure target document is allowed to execute Groovy
        // TODO: this check should probably be right in XWiki#parseGroovyFromPage
        authorization.checkAccess(Right.PROGRAM, validationScriptReference);
        XWikiValidationInterface validObject = (XWikiValidationInterface) context.getWiki().parseGroovyFromPage(validationScript, context);
        return validObject.validateObject(obj, context);
    } catch (Throwable e) {
        XWikiValidationStatus.addExceptionToContext(getName(), "", e, context);
        return false;
    }
}
Also used : ContextualAuthorizationManager(org.xwiki.security.authorization.ContextualAuthorizationManager) XWikiValidationInterface(com.xpn.xwiki.validation.XWikiValidationInterface) DocumentReference(org.xwiki.model.reference.DocumentReference)

Aggregations

ContextualAuthorizationManager (org.xwiki.security.authorization.ContextualAuthorizationManager)9 DocumentReference (org.xwiki.model.reference.DocumentReference)6 Test (org.junit.Test)4 Expectations (org.jmock.Expectations)3 ConfigurationSource (org.xwiki.configuration.ConfigurationSource)3 XWiki (com.xpn.xwiki.XWiki)2 XWikiContext (com.xpn.xwiki.XWikiContext)2 XWikiDocument (com.xpn.xwiki.doc.XWikiDocument)2 XWikiGroupService (com.xpn.xwiki.user.api.XWikiGroupService)2 XWikiRightService (com.xpn.xwiki.user.api.XWikiRightService)2 XWikiValidationInterface (com.xpn.xwiki.validation.XWikiValidationInterface)2 ScriptEngineFactory (javax.script.ScriptEngineFactory)2 ScriptEngineManager (javax.script.ScriptEngineManager)2 LocalDocumentReference (org.xwiki.model.reference.LocalDocumentReference)2 CoreConfiguration (com.xpn.xwiki.CoreConfiguration)1 XWikiAttachment (com.xpn.xwiki.doc.XWikiAttachment)1 XWikiCfgConfigurationSource (com.xpn.xwiki.internal.XWikiCfgConfigurationSource)1 BaseObject (com.xpn.xwiki.objects.BaseObject)1 BaseClass (com.xpn.xwiki.objects.classes.BaseClass)1 XWikiHibernateStore (com.xpn.xwiki.store.XWikiHibernateStore)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial