Examples of AccessControlManager

Examples of javax.jcr.security.AccessControlManager

87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
        // make sure the 'rep:policy' node has been created.
        assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));

        Session testSession = getTestSession();
        AccessControlManager testAcMgr = getTestACManager();
        // test: MODIFY_AC granted at 'path'
        assertTrue(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_MODIFY_ACCESS_CONTROL)));

        // test if testuser can READ access control on the path and on the
        // entire subtree that gets the policy inherited.
        AccessControlPolicy[] policies = testAcMgr.getPolicies(path);
        testAcMgr.getEffectivePolicies(path);
        testAcMgr.getEffectivePolicies(childNPath);

        // test: READ_AC privilege does not apply outside of the tree.
        try {
            testAcMgr.getPolicies(siblingPath);
            fail("READ_AC privilege must not apply outside of the tree it has applied to.");
        } catch (AccessDeniedException e) {
            // success
        }

        // test: MODIFY_AC privilege does not apply outside of the tree.
        try {
            testAcMgr.setPolicy(siblingPath, policies[0]);
            fail("MODIFY_AC privilege must not apply outside of the tree it has applied to.");
        } catch (AccessDeniedException e) {
            // success
        }

        // test if testuser can modify AC-items
        // 1) add an ac-entry
        ACLTemplate acl = (ACLTemplate) policies[0];
        acl.addAccessControlEntry(testUser.getPrincipal(), privilegesFromName(PrivilegeRegistry.REP_WRITE));
        testAcMgr.setPolicy(path, acl);
        testSession.save();

        assertTrue(testAcMgr.hasPrivileges(path,
                privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES)));

        // 2) remove the policy
        testAcMgr.removePolicy(path, policies[0]);
        testSession.save();

        // Finally: testuser removed the policy that granted him permission
        // to modify the AC content. Since testuser removed the policy, it's
        // privileges must be gone again...
        try {
            testAcMgr.getEffectivePolicies(childNPath);
            fail("READ_AC privilege has been revoked -> must throw again.");
        } catch (AccessDeniedException e) {
            // success
        }
        // ... and since the ACE is stored with the policy all right except
View Full Code Here

Examples of javax.jcr.security.AccessControlManager

142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
        // READ must be gone.
        checkReadOnly(path);
    }

    public void testRemovePermission9() throws NotExecutableException, RepositoryException {
        AccessControlManager testAcMgr = getTestACManager();
        /*
          precondition:
          testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);
        checkReadOnly(childNPath);

        Privilege[] rmChildNodes = privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES);
        Privilege[] rmNode = privilegesFromName(Privilege.JCR_REMOVE_NODE);

        // add 'remove_child_nodes' at 'path and allow 'remove_node' at childNPath
        givePrivileges(path, rmChildNodes, getRestrictions(superuser, path));
        givePrivileges(childNPath, rmNode, getRestrictions(superuser, childNPath));
        /*
         expected result:
         - rep:policy node can still not be remove for it is access-control
           content that requires jcr:modifyAccessControl privilege instead.
         */
        String policyPath = childNPath + "/rep:policy";
        assertFalse(getTestSession().hasPermission(policyPath, javax.jcr.Session.ACTION_REMOVE));
        assertTrue(testAcMgr.hasPrivileges(policyPath, new Privilege[] {rmChildNodes[0], rmNode[0]}));
    }
View Full Code Here

Examples of javax.jcr.security.AccessControlManager

180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
        assertTrue(it.hasNext());
    }

    public void testInheritance2() throws RepositoryException, NotExecutableException {
        Session testSession = getTestSession();
        AccessControlManager testAcMgr = getTestACManager();

        /*
          precondition:
          testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);
        checkReadOnly(childNPath);

        // give jcr:write privilege on 'path' and withdraw them on 'childNPath'
        Privilege[] privileges = privilegesFromNames(new String[] {Privilege.JCR_WRITE});
        givePrivileges(path, privileges, getRestrictions(superuser, path));
        withdrawPrivileges(childNPath, privileges, getRestrictions(superuser, path));

        /*
        since evaluation respects inheritance through the node
        hierarchy, the jcr:write privilege must not be granted at childNPath
        */
        assertFalse(testAcMgr.hasPrivileges(childNPath, privileges));

        /*
         ... same for permissions at 'childNPath'
         */
        String actions = Session.ACTION_SET_PROPERTY + "," + Session.ACTION_REMOVE + "," + Session.ACTION_ADD_NODE;

        String nonExistingItemPath = childNPath + "/anyItem";
        assertFalse(testSession.hasPermission(nonExistingItemPath, actions));

        // yet another level in the hierarchy
        Node grandChild = superuser.getNode(childNPath).addNode(nodeName3);
        superuser.save();
        String gcPath = grandChild.getPath();

        // grant write privilege again
        givePrivileges(gcPath, privileges, getRestrictions(superuser, path));
        assertTrue(testAcMgr.hasPrivileges(gcPath, privileges));
        assertTrue(testSession.hasPermission(gcPath + "/anyProp", Session.ACTION_SET_PROPERTY));
        // however: removing the grand-child nodes must not be allowed as
        // remove_child_node privilege is missing on the direct ancestor.
        assertFalse(testSession.hasPermission(gcPath, Session.ACTION_REMOVE));
    }
View Full Code Here

Examples of javax.jcr.security.AccessControlManager

246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
        assertFalse(testAcMgr.hasPrivileges(childNPath, privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES)));   
    }

    public void testInheritedGroupPermissions2() throws NotExecutableException, RepositoryException {
        Group testGroup = getTestGroup();
        AccessControlManager testAcMgr = getTestACManager();
        /*
         precondition:
         testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);

        Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);

        // NOTE: same as testInheritedGroupPermissions above but using
        // everyone on path, testgroup on childpath -> result must be the same

        /* give MODIFY_PROPERTIES privilege for everyone at 'path' */
        givePrivileges(path, EveryonePrincipal.getInstance(), privileges, getRestrictions(superuser, path));
        /*
         withdraw MODIFY_PROPERTIES privilege for testGroup at 'childNPath'
         */
        withdrawPrivileges(childNPath, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));

        // result at 'child path' must be deny
        assertFalse(testAcMgr.hasPrivileges(childNPath, privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES)));
    }
View Full Code Here

Examples of javax.jcr.security.AccessControlManager

295
296
297
298
299
300
301
302
303
304
305
306
307
308
             the group it is member of.
             the denial of group2 must succeed
            */
            String actions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;

            AccessControlManager testAcMgr = getTestACManager();

            assertFalse(getTestSession().hasPermission(path, actions));
            Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
            assertFalse(testAcMgr.hasPrivileges(path, privs));
        } finally {
            group2.remove();
        }
    }
View Full Code Here

Examples of javax.jcr.security.AccessControlManager

332
333
334
335
336
337
338
339
340
341
342
343
344
             the group it is member of.
             granting permissions for group2 must be effective
            */
            String actions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;

            AccessControlManager testAcMgr = getTestACManager();
            assertTrue(getTestSession().hasPermission(path, actions));
            Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
            assertTrue(testAcMgr.hasPrivileges(path, privs));
        } finally {
            group2.remove();
        }
    }
View Full Code Here

Examples of javax.jcr.security.AccessControlManager

367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
             the group it is member of.
             granting permissions for group2 must be effective
            */
            String actions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;

            AccessControlManager testAcMgr = getTestACManager();
            assertTrue(getTestSession().hasPermission(path, actions));
            Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
            assertTrue(testAcMgr.hasPrivileges(path, privs));

            // reorder the ACEs
            AccessControlEntry srcEntry = null;
            AccessControlEntry destEntry = null;
            JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acMgr.getPolicies(path)[0];
            for (AccessControlEntry entry : acl.getAccessControlEntries()) {
                Principal princ = entry.getPrincipal();
                if (testGroup.getPrincipal().equals(princ)) {
                    destEntry = entry;
                } else if (group2.getPrincipal().equals(princ)) {
                    srcEntry = entry;
                }

            }

            acl.orderBefore(srcEntry, destEntry);
            acMgr.setPolicy(path, acl);
            superuser.save();

            /* after reordering the permissions must be denied */
            assertFalse(getTestSession().hasPermission(path, actions));
            assertFalse(testAcMgr.hasPrivileges(path, privs));
           
        } finally {
            group2.remove();
        }
    }
View Full Code Here

Examples of javax.jcr.security.AccessControlManager

60
61
62
63
64
65
66
67
68
   * @param absPath the path to get the privileges for
   * @return array of Privileges
   * @throws RepositoryException
   */
  public Privilege [] getSupportedPrivileges(Session session, String absPath) throws RepositoryException {
    AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
    Privilege[] supportedPrivileges = accessControlManager.getSupportedPrivileges(absPath);
    return supportedPrivileges;
  }
View Full Code Here

Examples of javax.jcr.security.AccessControlManager

174
175
176
177
178
179
180
181
182
183
184
185
   
    return accessMap;
  }

  private AccessControlEntry[] getDeclaredAccessControlEntries(Session session, String absPath) throws RepositoryException {
    AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
    AccessControlPolicy[] policies = accessControlManager.getPolicies(absPath);
    for (AccessControlPolicy accessControlPolicy : policies) {
      if (accessControlPolicy instanceof AccessControlList) {
        AccessControlEntry[] accessControlEntries = ((AccessControlList)accessControlPolicy).getAccessControlEntries();
        return accessControlEntries;
      }
View Full Code Here

Examples of javax.jcr.security.AccessControlManager

211
212
213
214
215
216
217
218
219
220
221
222
   * @throws RepositoryException
   */
  public AccessRights getDeclaredAccessRightsForPrincipal(Session session, String absPath, String principalId) throws RepositoryException {
    AccessRights rights = new AccessRights();
    if (principalId != null && principalId.length() > 0) {
      AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
      AccessControlPolicy[] policies = accessControlManager.getPolicies(absPath);
      for (AccessControlPolicy accessControlPolicy : policies) {
        if (accessControlPolicy instanceof AccessControlList) {
          AccessControlEntry[] accessControlEntries = ((AccessControlList)accessControlPolicy).getAccessControlEntries();
          for (AccessControlEntry ace : accessControlEntries) {
            if (principalId.equals(ace.getPrincipal().getName())) {
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.