Examples with SecurityRuleEntry org.xwiki.security.authorization.SecurityRuleEntry used on opensource projects

Example 6 with SecurityRuleEntry

use of org.xwiki.security.authorization.SecurityRuleEntry in project xwiki-platform by xwiki.

the class DefaultAuthorizationSettlerTest method getMockedSecurityRuleEntries.

private Deque<SecurityRuleEntry> getMockedSecurityRuleEntries(String name, final SecurityReference reference, final List<List<SecurityRule>> ruleEntries) {
    final Deque<SecurityReference> refs = reference.getReversedSecurityReferenceChain();
    final Deque<SecurityRuleEntry> entries = new ArrayDeque<SecurityRuleEntry>(refs.size());
    for (SecurityReference ref : refs) {
        entries.push(mock(SecurityRuleEntry.class, name + ref));
    }
    int i = 0;
    SecurityReference ref = reference;
    for (SecurityRuleEntry entry : entries) {
        List<SecurityRule> rules;
        if (i < ruleEntries.size()) {
            rules = ruleEntries.get(i);
        } else {
            rules = Collections.emptyList();
        }
        when(entry.getReference()).thenReturn(ref);
        when(entry.getRules()).thenReturn(rules);
        when(entry.isEmpty()).thenReturn(rules.size() == 0);
        ref = ref.getParentSecurityReference();
        i++;
    }
    return entries;
}

Example 7 with SecurityRuleEntry

use of org.xwiki.security.authorization.SecurityRuleEntry in project xwiki-platform by xwiki.

the class DefaultSecurityCacheLoaderTest method loadWithConflictingInsertionException.

@Test
public void loadWithConflictingInsertionException() throws Exception {
    DocumentReference userReference = new DocumentReference("wiki", "Users", "mflorea");
    UserSecurityReference user = securityReferenceFactory.newUserReference(userReference);
    DocumentReference documentReference = new DocumentReference("wiki", "Space", "Document");
    SecurityReference entity = securityReferenceFactory.newEntityReference(documentReference);
    SecurityRuleEntry documentEntry = mock(SecurityRuleEntry.class, "document");
    when(documentEntry.getReference()).thenReturn(entity);
    when(documentEntry.isEmpty()).thenReturn(true);
    SecurityRuleEntry spaceEntry = mock(SecurityRuleEntry.class, "space");
    when(spaceEntry.getReference()).thenReturn(entity.getParentSecurityReference());
    when(spaceEntry.isEmpty()).thenReturn(true);
    SecurityRuleEntry wikiEntry = mock(SecurityRuleEntry.class, "wiki");
    when(wikiEntry.getReference()).thenReturn(entity.getParentSecurityReference().getParentSecurityReference());
    when(wikiEntry.isEmpty()).thenReturn(true);
    SecurityCache securityCache = mocker.getInstance(SecurityCache.class);
    when(securityCache.get(entity)).thenReturn(documentEntry);
    when(securityCache.get(entity.getParentSecurityReference())).thenReturn(spaceEntry);
    when(securityCache.get(entity.getParentSecurityReference().getParentSecurityReference())).thenReturn(wikiEntry);
    when(securityCache.getGroupsFor(user, null)).thenReturn(null);
    UserBridge userBridge = mocker.getInstance(UserBridge.class);
    DocumentReference groupReference = new DocumentReference("wiki", "Groups", "AllGroup");
    Set<GroupSecurityReference> groups = Collections.singleton(securityReferenceFactory.newGroupReference(groupReference));
    when(userBridge.getAllGroupsFor(user, userReference.getWikiReference())).thenReturn(groups);
    SecurityAccessEntry securityAccessEntry = mock(SecurityAccessEntry.class);
    AuthorizationSettler authorizationSettler = mocker.getInstance(AuthorizationSettler.class);
    Deque<SecurityRuleEntry> securityRuleEntries = new LinkedList<SecurityRuleEntry>(Arrays.asList(documentEntry, spaceEntry, wikiEntry));
    when(authorizationSettler.settle(user, groups, securityRuleEntries)).thenReturn(securityAccessEntry);
    doThrow(ConflictingInsertionException.class).when(securityCache).add(securityAccessEntry);
    doThrow(ConflictingInsertionException.class).when(securityCache).add(securityAccessEntry, null);
    try {
        securityCacheLoader.load(user, entity);
        fail();
    } catch (AuthorizationException e) {
        assertEquals("Failed to load the cache in 5 attempts. Giving up. when checking  " + "access to [wiki:Space.Document] for user [wiki:Users.mflorea]", e.getMessage());
        assertTrue(ExceptionUtils.getRootCauseMessage(e).contains("ConflictingInsertionException"));
    }
    // Assert that we've also emitted a log
    assertEquals(1, this.logRule.size());
    assertEquals("Failed to load the cache in 5 attempts. Giving up.", this.logRule.getMessage(0));
}

Example 8 with SecurityRuleEntry

use of org.xwiki.security.authorization.SecurityRuleEntry in project xwiki-platform by xwiki.

the class DefaultSecurityCacheTest method checkEntries.

private void checkEntries(Map<String, SecurityEntry> entries, KeepEntries keeper) {
    for (Iterator<Map.Entry<String, SecurityEntry>> it = entries.entrySet().iterator(); it.hasNext(); ) {
        Map.Entry<String, SecurityEntry> entry = it.next();
        if (entry.getValue() instanceof SecurityRuleEntry) {
            SecurityRuleEntry sentry = (SecurityRuleEntry) entry.getValue();
            if (keeper.keepRule(sentry)) {
                assertThat(((DefaultSecurityCache) securityCache).get(entry.getKey()), sameInstance(entry.getValue()));
            } else {
                it.remove();
                assertThat(((DefaultSecurityCache) securityCache).get(entry.getKey()), nullValue());
            }
        } else if (entry.getValue() instanceof SecurityAccessEntry) {
            SecurityAccessEntry sentry = (SecurityAccessEntry) entry.getValue();
            if (keeper.keepAccess(sentry)) {
                assertThat(((DefaultSecurityCache) securityCache).get(entry.getKey()), sameInstance(entry.getValue()));
            } else {
                it.remove();
                assertThat(((DefaultSecurityCache) securityCache).get(entry.getKey()), nullValue());
            }
        } else {
            SecurityShadowEntry sentry = (SecurityShadowEntry) entry.getValue();
            if (keeper.keepShadow(sentry)) {
                assertThat(((DefaultSecurityCache) securityCache).get(entry.getKey()), sameInstance(entry.getValue()));
            } else {
                it.remove();
                assertThat(((DefaultSecurityCache) securityCache).get(entry.getKey()), nullValue());
            }
        }
    }
}

Example 9 with SecurityRuleEntry

use of org.xwiki.security.authorization.SecurityRuleEntry in project xwiki-platform by xwiki.

the class DefaultSecurityCacheTest method testAddSecurityRuleEntry.

@Test
public void testAddSecurityRuleEntry() throws Exception {
    final List<SecurityRuleEntry> ruleEntries = new ArrayList<SecurityRuleEntry>();
    // Insert and check insertion individually
    for (SecurityReference ref : entityRefs) {
        assertThat(securityCache.get(ref), is(nullValue()));
        SecurityRuleEntry entry = mockSecurityRuleEntry(ref);
        AddRuleEntry(entry);
        assertThat(securityCache.get(ref), sameInstance(entry));
        ruleEntries.add(entry);
    }
    // XWiki spaces are required to load user entries
    for (SecurityReference ref : xwikiSpaceRefs) {
        SecurityRuleEntry entry = mockSecurityRuleEntry(ref);
        AddRuleEntry(entry);
        assertThat(securityCache.get(ref), sameInstance(entry));
        ruleEntries.add(entry);
    }
    // Check inserting users
    for (SecurityReference ref : userRefs) {
        SecurityRuleEntry entry = mockSecurityRuleEntry(ref);
        AddRuleEntry(entry);
        assertThat(securityCache.get(ref), sameInstance(entry));
        ruleEntries.add(entry);
    }
    // Insert some groups
    for (SecurityReference ref : groupRefs.keySet()) {
        SecurityRuleEntry entry = mockSecurityRuleEntry(ref);
        AddRuleEntry(entry);
        assertThat(securityCache.get(ref), sameInstance(entry));
        ruleEntries.add(entry);
    }
    // Check inserting users in groups
    for (SecurityReference ref : groupUserRefs) {
        SecurityRuleEntry entry = mockSecurityRuleEntry(ref);
        AddRuleEntry(entry);
        assertThat(securityCache.get(ref), sameInstance(entry));
        ruleEntries.add(entry);
    }
    // Check all insertions
    for (SecurityRuleEntry entry : ruleEntries) {
        assertThat(securityCache.get(entry.getReference()), sameInstance(entry));
    }
    // Check a non-conflicting duplicate insertion
    try {
        AddRuleEntry(ruleEntries.get(0));
    } catch (ConflictingInsertionException e) {
        fail("Inserting the same rule entry twice should NOT throw a ConflictingInsertionException.");
    }
    // Check a conflicting duplicate insertion
    try {
        final SecurityReference ref = ruleEntries.get(0).getReference();
        SecurityRuleEntry entry = mock(SecurityRuleEntry.class, "Another entry for " + ruleEntries.get(0).getReference().toString());
        when(entry.getReference()).thenReturn(ref);
        AddRuleEntry(entry);
        fail("Inserting a different rule entry for the same reference should throw" + " a ConflictingInsertionException.");
    } catch (ConflictingInsertionException ignore) {
    // Expected.
    }
    // Check an insertion of an entry without inserting all its parents first
    try {
        AddRuleEntry(mockSecurityRuleEntry(aMissingParentRef));
        fail("Inserting a rule entry without its parents should throw a ParentEntryEvictedException.");
    } catch (ParentEntryEvictedException ignore) {
    // Expected.
    }
    // Check an insertion of a user without inserting all its groups first
    try {
        AddUserEntry(mockSecurityRuleEntry(aMissingUserRef), Arrays.asList(groupRef, aMissingGroupRef));
        fail("Inserting a user entry without its parents should throw a ParentEntryEvictedException.");
    } catch (ParentEntryEvictedException ignore) {
    // Expected.
    }
}

Example 10 with SecurityRuleEntry

use of org.xwiki.security.authorization.SecurityRuleEntry in project xwiki-platform by xwiki.

the class DefaultSecurityCacheLoader method getRules.

/**
 * Retrieve rules for all hierarchy levels of the provided reference.
 * Rules may be read from the cache, or from the entities and fill the cache.
 *
 * @param entity The entity for which rules should be loaded and retrieve.
 * @return A collection of security rule entry, once for each level of the hierarchy.
 * @exception org.xwiki.security.authorization.AuthorizationException if an error occurs
 * @exception ParentEntryEvictedException if any parent entry is
 * evicted before the operation completes.
 * @throws ConflictingInsertionException When different threads
 * have inserted conflicting entries into the cache.
 */
private Deque<SecurityRuleEntry> getRules(SecurityReference entity) throws AuthorizationException, ParentEntryEvictedException, ConflictingInsertionException {
    Deque<SecurityRuleEntry> rules = new LinkedList<SecurityRuleEntry>();
    List<SecurityRuleEntry> emptyRuleEntryTail = new ArrayList<SecurityRuleEntry>();
    for (SecurityReference ref : entity.getReversedSecurityReferenceChain()) {
        SecurityRuleEntry entry = securityCache.get(ref);
        if (entry == null) {
            if (Right.getEnabledRights(ref.getType()).isEmpty()) {
                // Do not call the reader on entity that will give useless rules
                entry = new EmptySecurityRuleEntry(ref);
                emptyRuleEntryTail.add(entry);
            } else {
                entry = securityEntryReader.read(ref);
                if (!emptyRuleEntryTail.isEmpty()) {
                    // Add intermediate empty rules sets to the cache to hold this significant one
                    for (SecurityRuleEntry emptyRuleEntry : emptyRuleEntryTail) {
                        securityCache.add(emptyRuleEntry);
                    }
                    emptyRuleEntryTail.clear();
                }
                securityCache.add(entry);
            }
        }
        rules.push(entry);
    }
    return rules;
}