Package org.apache.jackrabbit.api.security

Examples of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager

386
387
388
389
390
391
392
393
394
395
396
397
398
        if (principalbased) {
            // try to access policies
            List<AccessControlPolicy> policies = new ArrayList<AccessControlPolicy>();
            if (acMgr instanceof JackrabbitAccessControlManager) {
                JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) acMgr;
                policies.addAll(Arrays.asList(jacMgr.getPolicies(principal)));
                policies.addAll(Arrays.asList(jacMgr.getApplicablePolicies(principal)));
            }
            for (AccessControlPolicy policy : policies) {
                if (policy instanceof JackrabbitAccessControlList) {
                    JackrabbitAccessControlList acl = (JackrabbitAccessControlList) policy;
                    Map<String, Value> restr = new HashMap<String, Value>();
View Full Code Here
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
    }

    public void testPermissions() throws Exception {
        Session superuser2 = getHelper().getSuperuserSession();
        try {
            JackrabbitAccessControlManager acM = (JackrabbitAccessControlManager) acMgr;
            JackrabbitAccessControlManager acM2 = (JackrabbitAccessControlManager) superuser2.getAccessControlManager();
            Set<Principal> principals = Collections.singleton(testGroup.getPrincipal());

            // --- test1 : add an ACE at path ----------------------------------
            Privilege[] privs = privilegesFromName(Privilege.JCR_LOCK_MANAGEMENT);
            modifyPrivileges(path, testGroup.getPrincipal(), privs, true);

            assertTrue(acM.hasPrivileges(path, principals, privs));
            assertTrue(acM2.hasPrivileges(path, principals, privs));

            assertTrue(acM.hasPrivileges(childNPath, principals, privs));
            assertTrue(acM2.hasPrivileges(childNPath, principals, privs));

            // --- test2: modify the policy at 'path' ------------------------------
            modifyPrivileges(path, testGroup.getPrincipal(), privilegesFromName(Privilege.JCR_WRITE), true);

            privs = privilegesFromNames(new String[] {
                    Privilege.JCR_LOCK_MANAGEMENT,
                    Privilege.JCR_WRITE});
            assertTrue(acM.hasPrivileges(path, principals, privs));
            assertTrue(acM2.hasPrivileges(path, principals, privs));

            assertTrue(acM.hasPrivileges(childNPath, principals, privs));
            assertTrue(acM2.hasPrivileges(childNPath, principals, privs));

            // --- test3: add an policy at childNPath ------------------------------
            modifyPrivileges(childNPath, testGroup.getPrincipal(),
                    privilegesFromName(Privilege.JCR_ADD_CHILD_NODES), false);

            privs = privilegesFromNames(new String[] {
                    Privilege.JCR_LOCK_MANAGEMENT,
                    Privilege.JCR_WRITE});
            assertTrue(acM.hasPrivileges(path, principals, privs));
            assertTrue(acM2.hasPrivileges(path, principals, privs));

            privs = privilegesFromNames(new String[] {
                    Privilege.JCR_LOCK_MANAGEMENT,
                    Privilege.JCR_MODIFY_PROPERTIES,
                    Privilege.JCR_REMOVE_CHILD_NODES,
                    Privilege.JCR_REMOVE_NODE});
            assertTrue(acM.hasPrivileges(childNPath, principals, privs));
            assertTrue(acM2.hasPrivileges(childNPath, principals, privs));


            // --- test4: modify policy at childNPath --------------------------
            modifyPrivileges(childNPath, testGroup.getPrincipal(),
                    privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES), false);

            privs = privilegesFromNames(new String[] {
                    Privilege.JCR_LOCK_MANAGEMENT,
                    Privilege.JCR_WRITE});
            assertTrue(acM.hasPrivileges(path, principals, privs));
            assertTrue(acM2.hasPrivileges(path, principals, privs));

            privs = privilegesFromNames(new String[] {
                    Privilege.JCR_LOCK_MANAGEMENT,
                    Privilege.JCR_MODIFY_PROPERTIES,
                    Privilege.JCR_REMOVE_NODE});
            assertTrue(acM.hasPrivileges(childNPath, principals, privs));
            assertTrue(acM2.hasPrivileges(childNPath, principals, privs));

            // --- test4: remove policy at childNPath --------------------------
            acMgr.removePolicy(childNPath, acMgr.getPolicies(childNPath)[0]);
            superuser.save();

            privs = privilegesFromNames(new String[] {
                    Privilege.JCR_LOCK_MANAGEMENT,
                    Privilege.JCR_WRITE});
           
            assertTrue(acM.hasPrivileges(path, principals, privs));
            assertTrue(acM2.hasPrivileges(path, principals, privs));

            assertTrue(acM.hasPrivileges(childNPath, principals, privs));
            assertTrue(acM2.hasPrivileges(childNPath, principals, privs));
           
        } finally {
            superuser2.logout();
        }
       
View Full Code Here
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
    public void testGetEffectivePoliciesByPrincipal() throws Exception {
        if (!(acMgr instanceof JackrabbitAccessControlManager)) {
            throw new NotExecutableException();
        }
        JackrabbitAccessControlManager jAcMgr = (JackrabbitAccessControlManager) acMgr;
        Set<Principal> principalSet = Collections.singleton(testUser.getPrincipal());

        try {
            // initial state: no repo level policy
            AccessControlPolicy[] policies = acMgr.getPolicies(null);
            assertNotNull(policies);
            assertEquals(0, policies.length);

            AccessControlPolicy[] effective = jAcMgr.getEffectivePolicies(principalSet);
            assertNotNull(effective);
            assertEquals(0, effective.length);

            AccessControlPolicyIterator it = acMgr.getApplicablePolicies(null);
            assertTrue(it.hasNext());

            // modify the repo level policy
            modifyPrivileges(null, NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(), false);
            modifyPrivileges(null, NameConstants.JCR_NAMESPACE_MANAGEMENT.toString(), true);

            // verify that the effective policies for the given principal set
            // is properly calculated.
            AccessControlPolicy[] eff = jAcMgr.getEffectivePolicies(principalSet);
            assertNotNull(eff);
            assertEquals(1, eff.length);
            assertTrue(eff[0] instanceof AccessControlList);

            AccessControlList acl = (AccessControlList) eff[0];
View Full Code Here
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
                superuser.save();
            }

            Principal p = u.getPrincipal();

            JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) getAccessControlManager(superuser);
            JackrabbitAccessControlPolicy[] acls = acMgr.getApplicablePolicies(p);

            assertEquals(1, acls.length);
            assertTrue(acls[0] instanceof ACLTemplate);

            // access again
            acls = acMgr.getApplicablePolicies(p);

            assertEquals(1, acls.length);           
            assertEquals(1, acMgr.getApplicablePolicies(acls[0].getPath()).getSize());

            assertEquals(0, acMgr.getPolicies(p).length);
            assertEquals(0, acMgr.getPolicies(acls[0].getPath()).length);

            acMgr.setPolicy(acls[0].getPath(), acls[0]);

            assertEquals(0, acMgr.getApplicablePolicies(p).length);
            assertEquals(1, acMgr.getPolicies(p).length);
            assertEquals(1, acMgr.getPolicies(acls[0].getPath()).length);
        } finally {
            superuser.refresh(false);
            if (u != null) {
                u.remove();
                if (!uMgr.isAutoSave()) {
View Full Code Here
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
            Principal p2 = u2.getPrincipal();

            if (p instanceof ItemBasedPrincipal && p2 instanceof ItemBasedPrincipal &&
                    Text.isDescendant(((ItemBasedPrincipal) p).getPath(), ((ItemBasedPrincipal) p2).getPath())) {

                JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) getAccessControlManager(superuser);

                JackrabbitAccessControlPolicy[] acls = acMgr.getApplicablePolicies(p2);
                acMgr.setPolicy(acls[0].getPath(), acls[0]);

                acls = acMgr.getApplicablePolicies(p);
                String path = acls[0].getPath();

                Node n = superuser.getNode(path);
                assertEquals("rep:PrincipalAccessControl", n.getPrimaryNodeType().getName());
            } else {
View Full Code Here
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
    public void testGetEffectivePoliciesByPrincipal() throws Exception {
        Privilege[] privileges = privilegesFromNames(new String[] {
                Privilege.JCR_READ_ACCESS_CONTROL,
        });

        JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) acMgr;

        Principal everyone = ((SessionImpl) superuser).getPrincipalManager().getEveryone();
        AccessControlPolicy[] acp = jacMgr.getEffectivePolicies(Collections.singleton(everyone));
        assertNotNull(acp);
        assertEquals(1, acp.length);
        assertTrue(acp[0] instanceof JackrabbitAccessControlPolicy);

        JackrabbitAccessControlPolicy jacp = (JackrabbitAccessControlPolicy) acp[0];

        assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(testUser.getPrincipal()), privileges));
        assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(everyone), privileges));


        acp = jacMgr.getApplicablePolicies(testUser.getPrincipal());
        if (acp.length == 0) {
            acp = jacMgr.getPolicies(testUser.getPrincipal());
        }

        assertNotNull(acp);
        assertEquals(1, acp.length);
        assertTrue(acp[0] instanceof JackrabbitAccessControlList);

        // let testuser read the ACL defined for 'testUser' principal.
        JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acp[0];
        acl.addEntry(testUser.getPrincipal(), privileges, true, getRestrictions(superuser, acl.getPath()));
        jacMgr.setPolicy(acl.getPath(), acl);
        superuser.save();

        Session testSession = getTestSession();
        AccessControlManager testAcMgr = getTestACManager();
View Full Code Here
361
362
363
364
365
366
367
368
369
370
371
372
373
        if (principalbased) {
            // try to access policies
            List<AccessControlPolicy> policies = new ArrayList<AccessControlPolicy>();
            if (acMgr instanceof JackrabbitAccessControlManager) {
                JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) acMgr;
                policies.addAll(Arrays.asList(jacMgr.getPolicies(principal)));
                policies.addAll(Arrays.asList(jacMgr.getApplicablePolicies(principal)));
            }
            for (AccessControlPolicy policy : policies) {
                if (policy instanceof JackrabbitAccessControlList) {
                    JackrabbitAccessControlList acl = (JackrabbitAccessControlList) policy;
                    Map<String, Value> restr = new HashMap<String, Value>();
View Full Code Here
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
        setupPolicy(childPath, privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
        root.commit();

        Root testRoot = getTestRoot();
        testRoot.refresh();
        JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();

        Set<Principal> principals = ImmutableSet.of(getTestPrincipal(), EveryonePrincipal.getInstance());
        AccessControlPolicy[] policies = testAcMgr.getEffectivePolicies(principals);
        assertNotNull(policies);
        assertEquals(1, policies.length);
    }
View Full Code Here
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
        setupPolicy(testPath);
        root.commit();

        Root testRoot = getTestRoot();
        testRoot.refresh();
        JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
        List<Principal> principals = ImmutableList.of(testPrincipal, EveryonePrincipal.getInstance());
        for (Principal principal : principals) {
            // testRoot can't read access control content -> doesn't see
            // the existing policies and creates a new applicable policy.
            AccessControlPolicy[] applicable = testAcMgr.getApplicablePolicies(principal);
            assertNotNull(applicable);
            assertEquals(1, applicable.length);
            assertTrue(applicable[0] instanceof ACL);
        }
    }
View Full Code Here
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
        setupPolicy(testPath);
        root.commit();

        Root testRoot = getTestRoot();
        testRoot.refresh();
        JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
        PrincipalManager testPrincipalMgr = getPrincipalManager(testRoot);

        List<Principal> principals = ImmutableList.of(testPrincipal, EveryonePrincipal.getInstance());
        for (Principal principal : principals) {
            if (testPrincipalMgr.hasPrincipal(principal.getName())) {
                // testRoot can't read access control content -> doesn't see
                // the existing policies and creates a new applicable policy.
                AccessControlPolicy[] policies = testAcMgr.getPolicies(principal);
                assertNotNull(policies);
                assertEquals(0, policies.length);
            } else {
                // testRoot can't read principal -> no policies for that principal
                assertEquals(0, testAcMgr.getPolicies(principal).length);
            }
        }
    }
View Full Code Here
TOP

Related Classes of org.apache.jackrabbit.api.security.JackrabbitAccessControlManager

  • org.apache.jackrabbit.core.security.authorization.AbstractRepositoryOperationTest
  • org.apache.jackrabbit.core.security.authorization.acl.EntryCollectorTest
  • org.apache.jackrabbit.core.security.authorization.principalbased.EffectivePolicyTest
  • org.apache.jackrabbit.core.security.authorization.principalbased.WriteTest
  • org.apache.jackrabbit.core.xml.AccessControlImporter
  • org.apache.jackrabbit.core.xml.AccessControlImporterTest
  • org.apache.jackrabbit.oak.jcr.security.privilege.PrivilegeRegistrationTest
  • org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlManagerImplTest
  • org.apache.jackrabbit.oak.security.authorization.AccessControlManagerImplTest
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.