Examples of org.apache.jackrabbit.api.jsr283.security.AccessControlEntry

• org.apache.jackrabbit.api.jsr283.security.AccessControlException
  An AccessControlEntry represents the association of one or more Privilege objects with a specific Principal. @since JCR 2.0

    }

    public void testRemoveNonExisting() throws RepositoryException {
        JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
        try {
            pt.removeAccessControlEntry(new AccessControlEntry() {
                public Principal getPrincipal() {
                    return testPrincipal;
                }
                public Privilege[] getPrivileges() {
                    return new Privilege[0];

        Node trn = getTestNode();
        Node n = createVersionableNode(testRootNode);

        String path = getTestSession().getRootNode().getPath();
        JackrabbitAccessControlList tmpl = getPolicy(acMgr, path, testUser.getPrincipal());
        AccessControlEntry entry;
        try {
            // NOTE: don't use 'modifyPrivileges' in order not to have the
            // root-policy cleared on tear-down.
            tmpl.addEntry(testUser.getPrincipal(), privilegesFromName(Privilege.JCR_VERSION_MANAGEMENT), true, getRestrictions(superuser, path));
            acMgr.setPolicy(tmpl.getPath(), tmpl);

            if (entries.length == 0) {
                fail("GrantPrivileges was successful -> at least 1 entry for principal.");
            }
            int allows = 0;
            for (int i = 0; i < entries.length; i++) {
                AccessControlEntry en = entries[i];
                int bits = PrivilegeRegistry.getBits(en.getPrivileges());
                if (en instanceof JackrabbitAccessControlEntry && ((JackrabbitAccessControlEntry) en).isAllow()) {
                    allows |= bits;
                }
            }
            assertEquals(PrivilegeRegistry.getBits(priv), allows);

        templ.addEntry(princ, privs, true, Collections.EMPTY_MAP);
        AccessControlEntry[] entries = templ.getAccessControlEntries();
        assertTrue("GrantPrivileges was successful -> at least 1 entry for principal.", entries.length > 0);

        for (int i = 0; i < entries.length; i++) {
            AccessControlEntry en = entries[i];
            int bits = PrivilegeRegistry.getBits(en.getPrivileges());
            if (en instanceof JackrabbitAccessControlEntry && ((JackrabbitAccessControlEntry) en).isAllow()) {
                allows |= bits;
            }
        }
        assertTrue("After successfully granting WRITE, the entries must reflect this", allows >= PrivilegeRegistry.getBits(privs));

        int allows = PrivilegeRegistry.NO_PRIVILEGE;
        int denies = PrivilegeRegistry.NO_PRIVILEGE;
        AccessControlEntry[] entries = templ.getAccessControlEntries();
        for (int i = 0; i < entries.length; i++) {
            AccessControlEntry en = entries[i];
            if (princ.equals(en.getPrincipal()) && en instanceof JackrabbitAccessControlEntry) {
                JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) en;
                int entryBits = PrivilegeRegistry.getBits(ace.getPrivileges());
                if (ace.isAllow()) {
                    allows |= Permission.diff(entryBits, denies);
                } else {

        this.acRootPath = session.getJCRPath(acRootPath);
    }

    ACLTemplate getACL(Principal principal) throws RepositoryException {
        if (!session.getPrincipalManager().hasPrincipal(principal.getName())) {
            throw new AccessControlException("Unknown principal.");
        }
        String nPath = getPathToAcNode(principal);
        if (session.nodeExists(nPath)) {
            return (ACLTemplate) getPolicies(nPath)[0];
        } else {

    /**
     * @see AccessControlEditor#editAccessControlPolicies(Principal)
     */
    public AccessControlPolicy[] editAccessControlPolicies(Principal principal) throws RepositoryException {
        if (!session.getPrincipalManager().hasPrincipal(principal.getName())) {
            throw new AccessControlException("Unknown principal.");
        }
        String nPath = getPathToAcNode(principal);
        if (!session.nodeExists(nPath)) {
            createAcNode(nPath);
        }

                }
            }
        }
        // node either not access-controlled or the passed policy didn't apply
        // to the node at 'nodePath' -> throw exception.no policy was removed
        throw new AccessControlException("Policy " + policy + " does not apply to " + nodePath);
    }

     */
    private void checkProtectsNode(String nodePath) throws RepositoryException {
        if (session.nodeExists(nodePath)) {
            NodeImpl n = (NodeImpl) session.getNode(nodePath);
            if (n.isNodeType(NT_REP_ACL) || n.isNodeType(NT_REP_ACE)) {
                throw new AccessControlException("Node " + nodePath + " defines ACL or ACE.");
            }
        }
    }

     * @throws AccessControlException
     */
    private void checkValidPolicy(String nodePath, AccessControlPolicy policy)
            throws AccessControlException {
        if (policy == null || !(policy instanceof ACLTemplate)) {
            throw new AccessControlException("Attempt to set/remove invalid policy " + policy);
        }
        ACLTemplate acl = (ACLTemplate) policy;
        if (!nodePath.equals(acl.getPath())) {
            throw new AccessControlException("Policy " + policy + " is not applicable or does not apply to the node at " + nodePath);
        }
    }