Package org.apache.jackrabbit.api.security

Examples of org.apache.jackrabbit.api.security.JackrabbitAccessControlList


        // give 'testUser' READ_AC|MODIFY_AC privileges at 'path'
        Privilege[] privileges = privilegesFromNames(new String[] {
                Privilege.JCR_READ_ACCESS_CONTROL,
                Privilege.JCR_MODIFY_ACCESS_CONTROL
        });
        JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path));
        /*
         testuser must
         - still have the inherited READ permission.
         - must have permission to view AC items at 'path' (and below)
         - must have permission to modify AC items at 'path'

         testuser must not have
         - permission to view AC items outside of the tree defined by path.
        */

        // make sure the 'rep:policy' node has been created.
        assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));

        Session testSession = getTestSession();
        AccessControlManager testAcMgr = getTestACManager();
        // test: MODIFY_AC granted at 'path'
        assertTrue(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_MODIFY_ACCESS_CONTROL)));
View Full Code Here


            assertTrue(testAcMgr.hasPrivileges(path, privs));

            // reorder the ACEs
            AccessControlEntry srcEntry = null;
            AccessControlEntry destEntry = null;
            JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acMgr.getPolicies(path)[0];
            for (AccessControlEntry entry : acl.getAccessControlEntries()) {
                Principal princ = entry.getPrincipal();
                if (testGroup.getPrincipal().equals(princ)) {
                    destEntry = entry;
                } else if (group2.getPrincipal().equals(princ)) {
                    srcEntry = entry;
                }

            }

            acl.orderBefore(srcEntry, destEntry);
            acMgr.setPolicy(path, acl);
            superuser.save();

            /* after reordering the permissions must be denied */
            assertFalse(getTestSession().hasPermission(path, actions));
View Full Code Here

              throws RepositoryException {
    if (order == null || order.length() == 0) {
      return; //nothing to do
    }
    if (acl instanceof JackrabbitAccessControlList) {
      JackrabbitAccessControlList jacl = (JackrabbitAccessControlList)acl;
     
      AccessControlEntry[] accessControlEntries = jacl.getAccessControlEntries();
      if (accessControlEntries.length <= 1) {
        return; //only one ACE, so nothing to reorder.
      }

      AccessControlEntry beforeEntry = null;
      if ("first".equals(order)) {
        beforeEntry = accessControlEntries[0];
      } else if ("last".equals(order)) {
        beforeEntry = null;
      } else if (order.startsWith("before ")) {
        String beforePrincipalName = order.substring(7);
       
        //find the index of the ACE of the 'before' principal
        for (int i=0; i < accessControlEntries.length; i++) {
          if (beforePrincipalName.equals(accessControlEntries[i].getPrincipal().getName())) {
            //found it!
            beforeEntry = accessControlEntries[i];
            break;
          }
        }
       
        if (beforeEntry == null) {
          //didn't find an ACE that matched the 'before' principal
          throw new IllegalArgumentException("No ACE was found for the specified principal: " + beforePrincipalName);
        }
      } else if (order.startsWith("after ")) {
        String afterPrincipalName = order.substring(6);
       
        //find the index of the ACE of the 'after' principal
        for (int i = accessControlEntries.length - 1; i >= 0; i--) {
          if (afterPrincipalName.equals(accessControlEntries[i].getPrincipal().getName())) {
            //found it!
           
            // the 'before' ACE is the next one after the 'after' ACE
            if (i >= accessControlEntries.length - 1) {
              //the after is the last one in the list
              beforeEntry = null;
            } else {
              beforeEntry = accessControlEntries[i + 1];
            }
            break;
          }
        }
       
        if (beforeEntry == null) {
          //didn't find an ACE that matched the 'after' principal
          throw new IllegalArgumentException("No ACE was found for the specified principal: " + afterPrincipalName);
        }
      } else {
        try {
          int index = Integer.parseInt(order);
          if (index > accessControlEntries.length) {
            //invalid index
            throw new IndexOutOfBoundsException("Index value is too large: " + index);
          }
         
          if (index == 0) {
            beforeEntry = accessControlEntries[0];
          } else {
            //the index value is the index of the principal.  A principal may have more
            // than one ACEs (deny + grant), so we need to compensate.
            Set<Principal> processedPrincipals = new HashSet<Principal>();
            for (int i = 0; i < accessControlEntries.length; i++) {
              Principal principal2 = accessControlEntries[i].getPrincipal();
              if (processedPrincipals.size() == index &&
                  !processedPrincipals.contains(principal2)) {
                //we are now at the correct position in the list
                beforeEntry = accessControlEntries[i];
                break;
              }

              processedPrincipals.add(principal2);
            }         
          }
        } catch (NumberFormatException nfe) {
          //not a number.
          throw new IllegalArgumentException("Illegal value for the order parameter: " + order);
        }
      }
     
      //now loop through the entries to move the affected ACEs to the specified
      // position.
      for (int i = accessControlEntries.length - 1; i >= 0; i--) {
        AccessControlEntry ace = accessControlEntries[i];
        if (principal.equals(ace.getPrincipal())) {
          //this ACE is for the specified principal.
          jacl.orderBefore(ace, beforeEntry);
        }
      }
    } else {
      throw new IllegalArgumentException("The acl must be an instance of JackrabbitAccessControlList");
    }
View Full Code Here

    @CheckForNull
    private JackrabbitAccessControlList createACL(@Nullable String oakPath,
                                                  @Nonnull Tree accessControlledTree,
                                                  boolean isEffectivePolicy) throws RepositoryException {
        JackrabbitAccessControlList acl = null;
        String aclName = Util.getAclName(oakPath);
        if (accessControlledTree.exists() && Util.isAccessControlled(oakPath, accessControlledTree, ntMgr)) {
            Tree aclTree = accessControlledTree.getChild(aclName);
            if (aclTree.exists()) {
                List<ACE> entries = new ArrayList<ACE>();
View Full Code Here

    @CheckForNull
    private JackrabbitAccessControlList createACL(@Nullable String oakPath,
                                                  @Nonnull Tree accessControlledTree,
                                                  boolean isEffectivePolicy) throws RepositoryException {
        JackrabbitAccessControlList acl = null;
        String aclName = Util.getAclName(oakPath);
        if (accessControlledTree.exists() && Util.isAccessControlled(oakPath, accessControlledTree, ntMgr)) {
            Tree aclTree = accessControlledTree.getChild(aclName);
            if (aclTree.exists()) {
                List<ACE> entries = new ArrayList<ACE>();
View Full Code Here

    @CheckForNull
    private JackrabbitAccessControlList getACL(Tree tree) throws RepositoryException {
        String nodeName = tree.getName();

        JackrabbitAccessControlList acl = null;
        if (!tree.isRoot()) {
            Tree parent = tree.getParent();
            if (AccessControlConstants.REP_POLICY.equals(nodeName)
                    && ntMgr.isNodeType(tree, AccessControlConstants.NT_REP_ACL)) {
                acl = getACL(parent.getPath());
            } else if (AccessControlConstants.REP_REPO_POLICY.equals(nodeName)
                    && ntMgr.isNodeType(tree, AccessControlConstants.NT_REP_ACL)
                    && parent.isRoot()) {
                acl = getACL((String) null);
            }
        }

        if (acl != null) {
            // clear all existing entries
            for (AccessControlEntry ace: acl.getAccessControlEntries()) {
                acl.removeAccessControlEntry(ace);
            }
        }

        return acl;
    }
View Full Code Here

        return acl;
    }

    @CheckForNull
    private JackrabbitAccessControlList getACL(String path) throws RepositoryException {
        JackrabbitAccessControlList acl = null;
        for (AccessControlPolicy p : acMgr.getPolicies(path)) {
            if (p instanceof JackrabbitAccessControlList) {
                acl = (JackrabbitAccessControlList) p;
                break;
            }
View Full Code Here

            n3.addNode("n9");
            root.addNode("n2");

            Principal principal = getTestPrincipal(session);
            AccessControlManager acm = session.getAccessControlManager();
            JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acm, "/");
            acl.addEntry(principal, AccessControlUtils.privilegesFromNames(acm, PrivilegeConstants.JCR_READ), true);
            acm.setPolicy("/", acl);

            session.save();
        }
    }
View Full Code Here

    private void setupPermissions(int principalIndex, String path, boolean allow, String... privilegeNames) throws Exception {
        for (JackrabbitSession session : writeSessions) {
            Principal principal = getPrincipal(session, principalIndex);
            AccessControlManager acm = session.getAccessControlManager();
            JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acm, path);
            acl.addEntry(principal, AccessControlUtils.privilegesFromNames(acm, privilegeNames), allow);
            acm.setPolicy(path, acl);
            session.save();
        }
    }
View Full Code Here

        String testNodePath = "/home/users/geometrixx-outdoors/emily.andrews@mailinator.com/social/relationships/following/aaron.mcdonald@mailinator.com";
        Node testNode = JcrUtils.getOrCreateByPath(testNodePath, null, adminSession);
        testNode.setProperty("id", "aaron.mcdonald@mailinator.com");

        AccessControlManager acMgr = adminSession.getAccessControlManager();
        JackrabbitAccessControlList tmpl = AccessControlUtils.getAccessControlList(acMgr, "/home/users/geometrixx-outdoors");
        ValueFactory vf = adminSession.getValueFactory();
        Map<String, Value> restrictions = new HashMap<String, Value>();
        restrictions.put("rep:glob", vf.createValue("*/social/relationships/following/*"));
        tmpl.addEntry(EveryonePrincipal.getInstance(), new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_READ)}, true, restrictions);
        acMgr.setPolicy(tmpl.getPath(), tmpl);
        adminSession.save();

        Session anonymousSession = getRepository().login(new GuestCredentials());
        QueryManager qm = anonymousSession.getWorkspace().getQueryManager();
        Query q = qm.createQuery("/jcr:root/home//social/relationships/following//*[id='aaron.mcdonald@mailinator.com']", Query.XPATH);
View Full Code Here

TOP

Related Classes of org.apache.jackrabbit.api.security.JackrabbitAccessControlList

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.