Examples of org.apache.jackrabbit.api.jsr283.security.AccessControlEntry

• org.apache.jackrabbit.api.jsr283.security.AccessControlEntry
  An AccessControlEntry represents the association of one or more Privilege objects with a specific Principal. @since JCR 2.0

            if (entries.length == 0) {
                fail("GrantPrivileges was successful -> at least 1 entry for principal.");
            }
            int allows = 0;
            for (int i = 0; i < entries.length; i++) {
                AccessControlEntry en = entries[i];
                int bits = PrivilegeRegistry.getBits(en.getPrivileges());
                if (en instanceof JackrabbitAccessControlEntry && ((JackrabbitAccessControlEntry) en).isAllow()) {
                    allows |= bits;
                }
            }
            assertEquals(PrivilegeRegistry.ALL, allows);

        templ.addEntry(princ, privs, true, Collections.EMPTY_MAP);
        AccessControlEntry[] entries = templ.getAccessControlEntries();
        assertTrue("GrantPrivileges was successful -> at least 1 entry for principal.", entries.length > 0);

        for (int i = 0; i < entries.length; i++) {
            AccessControlEntry en = entries[i];
            int bits = PrivilegeRegistry.getBits(en.getPrivileges());
            if (en instanceof JackrabbitAccessControlEntry && ((JackrabbitAccessControlEntry) en).isAllow()) {
                allows |= bits;
            }
        }
        assertTrue("After successfully granting WRITE, the entries must reflect this", allows >= PrivilegeRegistry.WRITE);

        int allows = PrivilegeRegistry.NO_PRIVILEGE;
        int denies = PrivilegeRegistry.NO_PRIVILEGE;
        AccessControlEntry[] entries = templ.getAccessControlEntries();
        for (int i = 0; i < entries.length; i++) {
            AccessControlEntry en = entries[i];
            if (princ.equals(en.getPrincipal()) && en instanceof JackrabbitAccessControlEntry) {
                JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) en;
                int entryBits = ace.getPrivilegeBits();
                if (ace.isAllow()) {
                    allows |= Permission.diff(entryBits, denies);
                } else {

        // test net-effect
        int allows = PrivilegeRegistry.NO_PRIVILEGE;
        int denies = PrivilegeRegistry.NO_PRIVILEGE;
        AccessControlEntry[] entries = pt.getAccessControlEntries();
        for (int i = 0; i < entries.length; i++) {
            AccessControlEntry ace = entries[i];
            if (testPrincipal.equals(ace.getPrincipal()) && ace instanceof JackrabbitAccessControlEntry) {
                int entryBits = ((JackrabbitAccessControlEntry) ace).getPrivilegeBits();
                if (((JackrabbitAccessControlEntry) ace).isAllow()) {
                    allows |= Permission.diff(entryBits, denies);
                } else {
                    denies |= Permission.diff(entryBits, allows);

        // test net-effect
        int allows = PrivilegeRegistry.NO_PRIVILEGE;
        int denies = PrivilegeRegistry.NO_PRIVILEGE;
        AccessControlEntry[] entries = pt.getAccessControlEntries();
        for (int i = 0; i < entries.length; i++) {
            AccessControlEntry ace = entries[i];
            if (testPrincipal.equals(ace.getPrincipal()) && ace instanceof JackrabbitAccessControlEntry) {
                int entryBits = ((JackrabbitAccessControlEntry) ace).getPrivilegeBits();
                if (((JackrabbitAccessControlEntry) ace).isAllow()) {
                    allows |= Permission.diff(entryBits, denies);
                } else {
                    denies |= Permission.diff(entryBits, allows);

    }

    public void testRemoveNonExisting() throws RepositoryException {
        JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
        try {
            pt.removeAccessControlEntry(new AccessControlEntry() {
                public Principal getPrincipal() {
                    return testPrincipal;
                }
                public Privilege[] getPrivileges() {
                    return new Privilege[0];

                    if (aceNode.hasProperty(P_GLOB)) {
                        prop = aceNode.getProperty(P_GLOB);
                        restrictions.put(prop.getName(), prop.getValue());
                    }
                    // finally add the entry
                    AccessControlEntry entry = createEntry(principal, privileges, isAllow, restrictions);
                    entries.add(entry);
                } else {
                    log.warn("ACE must be of nodetype rep:ACE -> ignored child-node " + aceNode.getPath());
                }
            }

            log.debug("Restrictions missing. Using default: rep:nodePath = " + getPath() + "; rep:glob = null.");
            // default restrictions:
            restrictions = Collections.singletonMap(jcrNodePathName,
                    valueFactory.createValue(getPath(), PropertyType.PATH));
        }
        AccessControlEntry entry = createEntry(principal, privileges, isAllow, restrictions);
        if (entries.contains(entry)) {
            log.debug("Entry is already contained in policy -> no modification.");
            return false;
        } else {
            // TODO: to be improved. clean redundant entries

        // test net-effect
        int allows = PrivilegeRegistry.NO_PRIVILEGE;
        int denies = PrivilegeRegistry.NO_PRIVILEGE;
        AccessControlEntry[] entries = pt.getAccessControlEntries();
        for (int i = 0; i < entries.length; i++) {
            AccessControlEntry ace = entries[i];
            if (testPrincipal.equals(ace.getPrincipal()) && ace instanceof JackrabbitAccessControlEntry) {
                int entryBits = PrivilegeRegistry.getBits(ace.getPrivileges());
                if (((JackrabbitAccessControlEntry) ace).isAllow()) {
                    allows |= Permission.diff(entryBits, denies);
                } else {
                    denies |= Permission.diff(entryBits, allows);
                }

        // test net-effect
        int allows = PrivilegeRegistry.NO_PRIVILEGE;
        int denies = PrivilegeRegistry.NO_PRIVILEGE;
        AccessControlEntry[] entries = pt.getAccessControlEntries();
        for (int i = 0; i < entries.length; i++) {
            AccessControlEntry ace = entries[i];
            if (testPrincipal.equals(ace.getPrincipal()) && ace instanceof JackrabbitAccessControlEntry) {
                int entryBits = PrivilegeRegistry.getBits(ace.getPrivileges());
                if (((JackrabbitAccessControlEntry) ace).isAllow()) {
                    allows |= Permission.diff(entryBits, denies);
                } else {
                    denies |= Permission.diff(entryBits, allows);
                }