Examples of org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction

Package org.apache.jackrabbit.oak.spi.security.user.action

Examples of org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction

org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction

The {@code AccessControlAction} allows to setup permissions upon creationof a new authorizable; namely the privileges the new authorizable should be granted on it's own 'home directory' being represented by the new node associated with that new authorizable.

The following to configuration parameters are available with this implementation:

groupPrivilegeNames: the value is expected to be a comma separated list of privileges that will be granted to the new group on the group node
userPrivilegeNames: the value is expected to be a comma separated list of privileges that will be granted to the new user on the user node.

Example configuration:

 groupPrivilegeNames : "jcr:read" userPrivilegeNames  : "jcr:read, rep:write"

This configuration could for example lead to the following content structure upon user or group creation. Note however that the resulting structure depends on the actual access control management being in place:

 UserManager umgr = ((JackrabbitSession) session).getUserManager(); User user = umgr.createUser("testUser", "t"); + t                           rep:AuthorizableFolder + te                        rep:AuthorizableFolder + testUser                rep:User, mix:AccessControllable + rep:policy            rep:ACL + allow               rep:GrantACE - rep:principalName = "testUser" - rep:privileges    = ["jcr:read","rep:write"] - rep:password - rep:principalName     = "testUser"

 UserManager umgr = ((JackrabbitSession) session).getUserManager(); Group group = umgr.createGroup("testGroup"); + t                           rep:AuthorizableFolder + te                        rep:AuthorizableFolder + testGroup               rep:Group, mix:AccessControllable + rep:policy            rep:ACL + allow               rep:GrantACE - rep:principalName = "testGroup" - rep:privileges    = ["jcr:read"] - rep:principalName     = "testGroup"

        assertEquals("tPrincipal", aces[0].getPrincipal().getName());
    }


    @Test
    public void testAccessControlActionExecutionForUser2() throws Exception {
        AccessControlAction a1 = new AccessControlAction();
        a1.init(securityProvider, ConfigurationParameters.of(Collections.singletonMap(AccessControlAction.USER_PRIVILEGE_NAMES, new String[] {Privilege.JCR_ALL})));
        setAuthorizableActions(a1);


        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
                "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
                "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" +

View Full Code Here

        assertEquals("tPrincipal", aces[0].getPrincipal().getName());
    }


    @Test
    public void testAccessControlActionExecutionForGroup() throws Exception {
        AccessControlAction a1 = new AccessControlAction();
        a1.init(securityProvider, ConfigurationParameters.of(Collections.singletonMap(AccessControlAction.GROUP_PRIVILEGE_NAMES, new String[] {Privilege.JCR_READ})));
        setAuthorizableActions(a1);


        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
                "<sv:node sv:name=\"g\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
                "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Group</sv:value></sv:property>" +

View Full Code Here

            jrSession.refresh(false);
        }
    }


    public void testAccessControlActionExecutionForUser() throws Exception {
        AccessControlAction a1 = new AccessControlAction();
        a1.setUserPrivilegeNames(Privilege.JCR_ALL);


        setAuthorizableActions(a1);


        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
                "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +

View Full Code Here

            jrSession.refresh(false);
        }
    }


    public void testAccessControlActionExecutionForUser2() throws Exception {
        AccessControlAction a1 = new AccessControlAction();
        a1.setUserPrivilegeNames(Privilege.JCR_ALL);


        setAuthorizableActions(a1);


        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
                "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +

View Full Code Here

            jrSession.refresh(false);
        }
    }


    public void testAccessControlActionExecutionForGroup() throws Exception {
        AccessControlAction a1 = new AccessControlAction();
        a1.setGroupPrivilegeNames(Privilege.JCR_READ);


        setAuthorizableActions(a1);


        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
                "<sv:node sv:name=\"g\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +

View Full Code Here

0 1

TOP

Related Classes of org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction

org.apache.jackrabbit.api.security.JackrabbitAccessControlList

org.apache.jackrabbit.oak.jcr.security.user.UserImportWithActionsTest

org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration

org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration

org.apache.jackrabbit.oak.spi.security.ConfigurationParameters

javax.jcr.Node

javax.jcr.security.AccessControlPolicy

javax.jcr.security.AccessControlManager

java.security.Principal

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.