Examples of org.apache.jackrabbit.api.security.JackrabbitAccessControlList

Package org.apache.jackrabbit.api.security

Examples of org.apache.jackrabbit.api.security.JackrabbitAccessControlList

org.apache.jackrabbit.api.security.JackrabbitAccessControlList
JackrabbitAccessControlList is an extension of the AccessControlList. Similar to the latter any modifications made will not take effect, until it is {@link javax.jcr.security.AccessControlManager#setPolicy(String,AccessControlPolicy) written back} and {@link javax.jcr.Session#save() saved}.

        assertTrue(acl.isEmpty());
    }


    @Test
    public void testRemoveEntries() throws Exception {
        JackrabbitAccessControlList acl = createACL(getTestPath(), createTestEntries(), namePathMapper);
        for (AccessControlEntry ace : acl.getAccessControlEntries()) {
            acl.removeAccessControlEntry(ace);
        }
        assertTrue(acl.isEmpty());
    }

View Full Code Here


    @Test
    public void testUnsupportedRestrictions2() throws Exception {
        RestrictionProvider rp = new TestRestrictionProvider("restr", Type.NAME, false);


        JackrabbitAccessControlList acl = createACL(getTestPath(), new ArrayList(), namePathMapper, rp);
        try {
            acl.addEntry(testPrincipal, testPrivileges, false, Collections.<String, Value>singletonMap("unsupported", getValueFactory().createValue("value")));
            fail("Unsupported restriction must be detected.");
        } catch (AccessControlException e) {
            // mandatory restriction missing -> success
        }
    }

View Full Code Here


    @Test
    public void testInvalidRestrictionType() throws Exception {
        RestrictionProvider rp = new TestRestrictionProvider("restr", Type.NAME, false);


        JackrabbitAccessControlList acl = createACL(getTestPath(), new ArrayList(), namePathMapper, rp);
        try {
            acl.addEntry(testPrincipal, testPrivileges, false, Collections.<String, Value>singletonMap("restr", getValueFactory().createValue(true)));
            fail("Invalid restriction type.");
        } catch (AccessControlException e) {
            // mandatory restriction missing -> success
        }
    }

View Full Code Here


    @Test
    public void testMandatoryRestrictions() throws Exception {
        RestrictionProvider rp = new TestRestrictionProvider("mandatory", Type.NAME, true);


        JackrabbitAccessControlList acl = createACL(getTestPath(), new ArrayList(), namePathMapper, rp);
        try {
            acl.addEntry(testPrincipal, testPrivileges, false, Collections.<String, Value>emptyMap());
            fail("Mandatory restriction must be enforced.");
        } catch (AccessControlException e) {
            // mandatory restriction missing -> success
        }
    }

View Full Code Here

        // give 'testUser' READ_AC|MODIFY_AC privileges at 'path'
        Privilege[] privileges = privilegesFromNames(new String[] {
                Privilege.JCR_READ_ACCESS_CONTROL,
                Privilege.JCR_MODIFY_ACCESS_CONTROL
        });
        JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path));
        /*
         testuser must
         - still have the inherited READ permission.
         - must have permission to view AC items at 'path' (and below)
         - must have permission to modify AC items at 'path'


         testuser must not have
         - permission to view AC items outside of the tree defined by path.
        */


        // make sure the 'rep:policy' node has been created.
        assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));


        Session testSession = getTestSession();
        AccessControlManager testAcMgr = getTestACManager();
        // test: MODIFY_AC granted at 'path'
        assertTrue(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_MODIFY_ACCESS_CONTROL)));

View Full Code Here

        String testNodePath = "/home/users/geometrixx-outdoors/emily.andrews@mailinator.com/social/relationships/following/aaron.mcdonald@mailinator.com";
        Node testNode = JcrUtils.getOrCreateByPath(testNodePath, null, adminSession);
        testNode.setProperty("id", "aaron.mcdonald@mailinator.com");


        AccessControlManager acMgr = adminSession.getAccessControlManager();
        JackrabbitAccessControlList tmpl = AccessControlUtils.getAccessControlList(acMgr, "/home/users/geometrixx-outdoors");
        ValueFactory vf = adminSession.getValueFactory();
        Map<String, Value> restrictions = new HashMap<String, Value>();
        restrictions.put("rep:glob", vf.createValue("*/social/relationships/following/*"));
        tmpl.addEntry(EveryonePrincipal.getInstance(), new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_READ)}, true, restrictions);
        acMgr.setPolicy(tmpl.getPath(), tmpl);
        adminSession.save();


        Session anonymousSession = getRepository().login(new GuestCredentials());
        QueryManager qm = anonymousSession.getWorkspace().getQueryManager();
        Query q = qm.createQuery("/jcr:root/home//social/relationships/following//*[@id='aaron.mcdonald@mailinator.com']", Query.XPATH);

View Full Code Here

    @Test
    public void testAclPropagation() throws Exception {
        Tree node = root1.getTree("/").addChild("testNode");
        node.setProperty("jcr:primaryType", "nt:unstructured");
        User user1 = userManager1.createUser("testUser", "testUser");
        JackrabbitAccessControlList acl1 = AccessControlUtils.getAccessControlList(aclMgr1, "/testNode");
        acl1.addEntry(user1.getPrincipal(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:all"), true);
        aclMgr1.setPolicy("/testNode", acl1);
        root1.commit();


        Thread.sleep(100);
        root2.refresh();
        JackrabbitAccessControlList acl2 = AccessControlUtils.getAccessControlList(aclMgr2, "/testNode");
        AccessControlEntry[] aces = acl2.getAccessControlEntries();
        assertEquals(1, aces.length);
    }

View Full Code Here


        // create 2 users
        User user1 = userManager1.createUser("testUser1", "testUser1");
        User user2 = userManager1.createUser("testUser2", "testUser2");


        JackrabbitAccessControlList acl1 = AccessControlUtils.getAccessControlList(aclMgr1, "/testNode");


        // deny jcr:all for everyone on /testNode
        acl1.addEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:all"), false);


        // allow jcr:read for testUser1 on /testNode
        acl1.addEntry(user1.getPrincipal(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:read"), true);
        aclMgr1.setPolicy("/testNode", acl1);
        root1.commit();


        Thread.sleep(100);
        root2.refresh();


        // login with testUser1 and testUser2 (on cluster node 2)
        ContentSession session1 = contentRepository2.login(new SimpleCredentials("testUser1", "testUser1".toCharArray()), null);
        ContentSession session2 = contentRepository2.login(new SimpleCredentials("testUser2", "testUser2".toCharArray()), null);


        // testUser1 can read /testNode
        assertTrue(session1.getLatestRoot().getTree("/testNode").exists());


        // testUser2 cannot read /testNode
        assertFalse(session2.getLatestRoot().getTree("/testNode").exists());


        // now, allow jcr:read also for 'everyone' (on cluster node 1)
        acl1 = AccessControlUtils.getAccessControlList(aclMgr1, "/testNode");
        acl1.addEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:read"), true);
        aclMgr1.setPolicy("/testNode", acl1);
        root1.commit();


        Thread.sleep(100);
        root2.refresh();

View Full Code Here


    @CheckForNull
    private JackrabbitAccessControlList getACL(Tree tree) throws RepositoryException {
        String nodeName = tree.getName();


        JackrabbitAccessControlList acl = null;
        if (!tree.isRoot()) {
            Tree parent = tree.getParent();
            if (AccessControlConstants.REP_POLICY.equals(nodeName)
                    && ntMgr.isNodeType(tree, AccessControlConstants.NT_REP_ACL)) {
                acl = getACL(parent.getPath());
            } else if (AccessControlConstants.REP_REPO_POLICY.equals(nodeName)
                    && ntMgr.isNodeType(tree, AccessControlConstants.NT_REP_ACL)
                    && parent.isRoot()) {
                acl = getACL((String) null);
            }
        }


        if (acl != null) {
            // clear all existing entries
            for (AccessControlEntry ace: acl.getAccessControlEntries()) {
                acl.removeAccessControlEntry(ace);
            }
        }


        return acl;
    }

View Full Code Here

        return acl;
    }


    @CheckForNull
    private JackrabbitAccessControlList getACL(String path) throws RepositoryException {
        JackrabbitAccessControlList acl = null;
        for (AccessControlPolicy p : acMgr.getPolicies(path)) {
            if (p instanceof JackrabbitAccessControlList) {
                acl = (JackrabbitAccessControlList) p;
                break;
            }

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.apache.jackrabbit.api.security.JackrabbitAccessControlList

org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils

org.apache.jackrabbit.core.NodeImplTest

org.apache.jackrabbit.core.query.SkipDeniedNodesTest

org.apache.jackrabbit.core.security.authorization.AbstractACLTemplateTest

org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest

org.apache.jackrabbit.core.security.authorization.AbstractVersionManagementTest

org.apache.jackrabbit.core.security.authorization.AbstractWriteTest

org.apache.jackrabbit.core.security.authorization.acl.ACLTemplateTest

org.apache.jackrabbit.core.security.authorization.acl.AcReadWriteTest

org.apache.jackrabbit.core.security.authorization.acl.EntryCollectorTest

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.