Package org.apache.jackrabbit.api.security

Examples of org.apache.jackrabbit.api.security.JackrabbitAccessControlList


        Privilege[] privileges = privilegesFromNames(new String[] {
                Privilege.JCR_ADD_CHILD_NODES,
                Privilege.JCR_REMOVE_CHILD_NODES,
                Privilege.JCR_MODIFY_PROPERTIES
        });
        JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path));
        /*
         testuser must not have
         - permission to view AC items
         - permission to modify AC items
        */

        // make sure the 'rep:policy' node has been created.
        assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));
        // the policy node however must not be visible to the test-user
        assertFalse(testSession.itemExists(tmpl.getPath() + "/rep:policy"));
        try {
            testAcMgr.getPolicies(tmpl.getPath());
            fail("test user must not have READ_AC privilege.");
        } catch (AccessDeniedException e) {
            // success
        }
        try {
            testAcMgr.getEffectivePolicies(tmpl.getPath());
            fail("test user must not have READ_AC privilege.");
        } catch (AccessDeniedException e) {
            // success
        }
        try {
            testAcMgr.getEffectivePolicies(path);
            fail("test user must not have READ_AC privilege.");
        } catch (AccessDeniedException e) {
            // success
        }
        try {
            testAcMgr.removePolicy(tmpl.getPath(), new AccessControlPolicy() {});
            fail("test user must not have MODIFY_AC privilege.");
        } catch (AccessDeniedException e) {
            // success
        }
    }
View Full Code Here


        if (grPrincipal == null || grPrincipal.equals(everyone)) {
            throw new NotExecutableException();
        }
        Privilege[] privs = privilegesFromName(Privilege.JCR_READ);

        JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
        pt.addAccessControlEntry(testPrincipal, privs);
        assertFalse(pt.addAccessControlEntry(testPrincipal, privs));

        // add same privs for another principal -> must modify as well.
        assertTrue(pt.addAccessControlEntry(everyone, privs));
        // .. 2 entries must be present.
        assertTrue(pt.getAccessControlEntries().length == 2);
    }
View Full Code Here

        // .. 2 entries must be present.
        assertTrue(pt.getAccessControlEntries().length == 2);
    }

    public void testSetEntryForGroupPrincipal() throws RepositoryException, NotExecutableException {
        JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
        Privilege[] privs = privilegesFromName(Privilege.JCR_READ);
        Group grPrincipal = (Group) pMgr.getEveryone();

        // adding allow-entry must succeed
        assertTrue(pt.addAccessControlEntry(grPrincipal, privs));

        // adding deny-entry must succeed
        try {
            pt.addEntry(grPrincipal, privs, false, null);
            fail("Adding DENY-ace for a group principal should fail.");
        } catch (AccessControlException e) {
            // success
        }
    }
View Full Code Here

            // success
        }
    }

    public void testRevokeEffect() throws RepositoryException, NotExecutableException {
        JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
        Privilege[] privileges = privilegesFromName(Privilege.JCR_READ);

        pt.addEntry(testPrincipal, privileges, true, Collections.EMPTY_MAP);

        // same entry but with revers 'isAllow' flag
        assertTrue(pt.addEntry(testPrincipal, privileges, false, Collections.EMPTY_MAP));

        // net-effect: only a single deny-read entry
        assertTrue(pt.size() == 1);
        assertSamePrivileges(privileges, pt.getAccessControlEntries()[0].getPrivileges());
    }
View Full Code Here

    }

    public void testAclReferingToRemovedPrincipal() throws
            NotExecutableException, RepositoryException {

        JackrabbitAccessControlList acl = givePrivileges(path, privilegesFromName(PrivilegeRegistry.REP_WRITE), getRestrictions(superuser, path));
        String acPath = acl.getPath();

        // remove the test user
        testUser.remove();
        testUser = null;
View Full Code Here

        assertTrue(names.contains(resolver.getJCRName(ACLTemplate.P_NODE_PATH)));
        assertTrue(names.contains(resolver.getJCRName(ACLTemplate.P_GLOB)));
    }

    public void testGetRestrictionTypes() throws RepositoryException {
        JackrabbitAccessControlList acl = createEmptyTemplate(getTestPath());

        NameResolver resolver = (NameResolver) superuser;
        assertEquals(PropertyType.PATH, acl.getRestrictionType(resolver.getJCRName(ACLTemplate.P_NODE_PATH)));
        assertEquals(PropertyType.STRING, acl.getRestrictionType(resolver.getJCRName(ACLTemplate.P_GLOB)));
    }
View Full Code Here

    protected abstract JackrabbitAccessControlList createEmptyTemplate(String path) throws RepositoryException;

    protected abstract Principal getSecondPrincipal() throws Exception;

    public void testEmptyTemplate() throws RepositoryException {
        JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());

        assertNotNull(pt.getAccessControlEntries());
        assertTrue(pt.getAccessControlEntries().length == 0);
        assertTrue(pt.size() == pt.getAccessControlEntries().length);
        assertTrue(pt.isEmpty());
    }
View Full Code Here

        assertTrue(pt.size() == pt.getAccessControlEntries().length);
        assertTrue(pt.isEmpty());
    }

    public void testGetPath() throws RepositoryException {
        JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
        assertEquals(getTestPath(), pt.getPath());
    }
View Full Code Here

        if (!pMgr.hasPrincipal("an unknown principal")) {
            unknownPrincipal = new TestPrincipal("an unknown principal");
        } else {
            throw new NotExecutableException();
        }
        JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
        try {
            pt.addAccessControlEntry(unknownPrincipal, privilegesFromName(Privilege.JCR_READ));
            fail("Adding an ACE with an unknown principal should fail");
        } catch (AccessControlException e) {
            // success
        }
    }
View Full Code Here

            // success
        }
    }

    public void testAddInvalidEntry2() throws RepositoryException {
        JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
        try {
            pt.addAccessControlEntry(testPrincipal, new Privilege[0]);
            fail("Adding an ACE with invalid privileges should fail");
        } catch (AccessControlException e) {
            // success
        }
    }
View Full Code Here

TOP

Related Classes of org.apache.jackrabbit.api.security.JackrabbitAccessControlList

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.