Examples of javax.jcr.security.AccessControlManager

• javax.jcr.security.AccessControlManager

         * @throws RepositoryException if an error occurs
         */
        private void collectEntriesFromAcl(NodeImpl aclNode) throws RepositoryException {
            SessionImpl sImpl = (SessionImpl) aclNode.getSession();
            PrincipalManager principalMgr = sImpl.getPrincipalManager();
            AccessControlManager acMgr = sImpl.getAccessControlManager();

            NodeIterator itr = aclNode.getNodes();
            while (itr.hasNext()) {
                NodeImpl aceNode = (NodeImpl) itr.nextNode();
                String principalName = aceNode.getProperty(AccessControlConstants.P_PRINCIPAL_NAME).getString();
                // only process aceNode if 'principalName' is contained in the given set
                if (principalNames.contains(principalName)) {
                    Principal princ = principalMgr.getPrincipal(principalName);
                    if (princ == null) {
                        log.warn("Principal with name " + principalName + " unknown to PrincipalManager -> Ignored from AC evaluation.");
                        continue;
                    }

                    Value[] privValues = aceNode.getProperty(AccessControlConstants.P_PRIVILEGES).getValues();
                    Privilege[] privs = new Privilege[privValues.length];
                    for (int i = 0; i < privValues.length; i++) {
                        privs[i] = acMgr.privilegeFromName(privValues[i].getString());
                    }
                    // create a new ACEImpl (omitting validation check)
                    AccessControlEntry ace = new ACLTemplate.Entry(
                            princ,
                            privs,

                Map<String, Value> restrictions = new HashMap<String, Value>();
                restrictions.put(session.getJCRName(ACLTemplate.P_NODE_PATH), vf.createValue(root.getPath(), PropertyType.PATH));
                restrictions.put(session.getJCRName(ACLTemplate.P_GLOB), vf.createValue(GlobPattern.WILDCARD_ALL));

                PrincipalManager pMgr = session.getPrincipalManager();
                AccessControlManager acMgr = session.getAccessControlManager();

                // initial default permissions for the administrators group
                Principal administrators;
                String pName = SecurityConstants.ADMINISTRATORS_NAME;
                if (pMgr.hasPrincipal(pName)) {
                    administrators = pMgr.getPrincipal(pName);
                    installDefaultPermissions(administrators,
                        new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)},
                        restrictions, editor);
                } else {
                    log.warn("Administrators principal group is missing -> Not adding default permissions.");
                }

                // initialize default permissions for the everyone group
                installDefaultPermissions(pMgr.getEveryone(),
                        new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)},
                        restrictions, editor);

                session.save();
            } catch (RepositoryException e) {
                log.error("Failed to set-up minimal access control for root node of workspace " + session.getWorkspace().getName());

            // ok.
        }
    }

    public void testAccessControlRead() throws NotExecutableException, RepositoryException {
        AccessControlManager testAcMgr = getTestACManager();
        checkReadOnly(path);

        // re-grant READ in order to have an ACL-node
        Privilege[] privileges = privilegesFromName(Privilege.JCR_READ);
        JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path));
        // make sure the 'rep:policy' node has been created.
        assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));

        Session testSession = getTestSession();
        /*
         Testuser must still have READ-only access only and must not be
         allowed to view the acl-node that has been created.
        */
        assertFalse(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_READ_ACCESS_CONTROL)));
        assertFalse(testSession.itemExists(path + "/rep:policy"));

        Node n = testSession.getNode(tmpl.getPath());
        assertFalse(n.hasNode("rep:policy"));
        try {
            n.getNode("rep:policy");
            fail("Accessing the rep:policy node must throw PathNotFoundException.");
        } catch (PathNotFoundException e) {
            // ok.
        }

        /* Finally the test user must not be allowed to remove the policy. */
        try {
            testAcMgr.removePolicy(path, new AccessControlPolicy() {});
            fail("Test user must not be allowed to remove the access control policy.");
        } catch (AccessDeniedException e) {
            // success
        }
    }

            // success
        }
    }

    public void testAccessControlModification() throws RepositoryException, NotExecutableException {
        AccessControlManager testAcMgr = getTestACManager();
        /* precondition:
          testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);
        Session testSession = getTestSession();

        // give 'testUser' ADD_CHILD_NODES|MODIFY_PROPERTIES| REMOVE_CHILD_NODES privileges at 'path'
        Privilege[] privileges = privilegesFromNames(new String[] {
                Privilege.JCR_ADD_CHILD_NODES,
                Privilege.JCR_REMOVE_CHILD_NODES,
                Privilege.JCR_MODIFY_PROPERTIES
        });
        JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path));
        /*
         testuser must not have
         - permission to view AC items
         - permission to modify AC items
        */

        // make sure the 'rep:policy' node has been created.
        assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));
        // the policy node however must not be visible to the test-user
        assertFalse(testSession.itemExists(tmpl.getPath() + "/rep:policy"));
        try {
            testAcMgr.getPolicies(tmpl.getPath());
            fail("test user must not have READ_AC privilege.");
        } catch (AccessDeniedException e) {
            // success
        }
        try {
            testAcMgr.getEffectivePolicies(tmpl.getPath());
            fail("test user must not have READ_AC privilege.");
        } catch (AccessDeniedException e) {
            // success
        }
        try {
            testAcMgr.getEffectivePolicies(path);
            fail("test user must not have READ_AC privilege.");
        } catch (AccessDeniedException e) {
            // success
        }
        try {
            testAcMgr.removePolicy(tmpl.getPath(), new AccessControlPolicy() {});
            fail("test user must not have MODIFY_AC privilege.");
        } catch (AccessDeniedException e) {
            // success
        }
    }

        }
    }

    public void testInheritance() throws RepositoryException, NotExecutableException {
        Session testSession = getTestSession();
        AccessControlManager testAcMgr = getTestACManager();
        /* precondition:
          testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);
        checkReadOnly(childNPath);

        // give 'modify_properties' and 'remove_node' privilege on 'path'
        Privilege[] privileges = privilegesFromNames(new String[] {
                Privilege.JCR_REMOVE_NODE, Privilege.JCR_MODIFY_PROPERTIES});
        givePrivileges(path, privileges, getRestrictions(superuser, path));
        // give 'add-child-nodes', remove_child_nodes' on 'childNPath'
        privileges = privilegesFromNames(new String[] {
                Privilege.JCR_ADD_CHILD_NODES, Privilege.JCR_REMOVE_CHILD_NODES});
        givePrivileges(childNPath, privileges, getRestrictions(superuser, childNPath));

        /*
        since evaluation respects inheritance through the node
        hierarchy, the following privileges must now be given at 'childNPath':
        - jcr:read
        - jcr:modifyProperties
        - jcr:addChildNodes
        - jcr:removeChildNodes
        - jcr:removeNode
        */
        Privilege[] expectedPrivileges =  privilegesFromNames(new String[] {
                Privilege.JCR_READ,
                Privilege.JCR_ADD_CHILD_NODES,
                Privilege.JCR_REMOVE_CHILD_NODES,
                Privilege.JCR_REMOVE_NODE,
                Privilege.JCR_MODIFY_PROPERTIES
        });
        assertTrue(testAcMgr.hasPrivileges(childNPath, expectedPrivileges));

        /*
         ... permissions granted at childNPath:
         - read
         - set-property

         BUT NOT:
         - add-node
         - remove.
         */
        String aActions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;
        assertTrue(testSession.hasPermission(childNPath, aActions));
        String dActions = javax.jcr.Session.ACTION_REMOVE + "," + javax.jcr.Session.ACTION_ADD_NODE;
        assertFalse(testSession.hasPermission(childNPath, dActions));

        /*
        ... permissions granted at any child item of child-path:
        - read
        - set-property
        - add-node
        - remove
        */
        String nonExistingItemPath = childNPath + "/anyItem";
        assertTrue(testSession.hasPermission(nonExistingItemPath, aActions + "," + dActions));

        /* try adding a new child node -> must succeed. */
        Node childN = testSession.getNode(childNPath);
        String testPath = childN.addNode(nodeName2).getPath();

        /* test privileges on the 'new' child node */
        assertTrue(testAcMgr.hasPrivileges(testPath, expectedPrivileges));

        /* repeat test after save. */
        testSession.save();
        assertTrue(testAcMgr.hasPrivileges(testPath, expectedPrivileges));
    }

        assertFalse(testSession.hasPermission(path, javax.jcr.Session.ACTION_REMOVE));
        assertFalse(testSession.hasPermission(childNPath, javax.jcr.Session.ACTION_REMOVE));
    }

    public void testRemovePermission3() throws NotExecutableException, RepositoryException {
        AccessControlManager testAcMgr = getTestACManager();
        /*
          precondition:
          testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);
        checkReadOnly(childNPath);
        Session testSession = getTestSession();

        Privilege[] privs = privilegesFromNames(new String[] {
                Privilege.JCR_REMOVE_CHILD_NODES, Privilege.JCR_REMOVE_NODE
        });
        // add 'remove_node' and 'remove_child_nodes' privilege at 'path'
        givePrivileges(path, privs, getRestrictions(superuser, path));
        /*
         expected result:
         - missing remove permission at path since REMOVE_CHILD_NODES present
           at path only applies for nodes below. REMOVE_CHILD_NODES must
           be present at the parent instead (which isn't)
         - remove permission is however granted at childNPath.
         - privileges: both at path and at childNPath 'remove_node' and
           'remove_child_nodes' are present.
        */
        assertFalse(testSession.hasPermission(path, javax.jcr.Session.ACTION_REMOVE));
        assertTrue(testSession.hasPermission(childNPath, javax.jcr.Session.ACTION_REMOVE));

        assertTrue(testAcMgr.hasPrivileges(path, privs));
        assertTrue(testAcMgr.hasPrivileges(childNPath, privs));
    }

        assertTrue(testAcMgr.hasPrivileges(childNPath, privs));
    }

    public void testRemovePermission4() throws NotExecutableException, RepositoryException {
        Session testSession = getTestSession();
        AccessControlManager testAcMgr = getTestACManager();
        /*
          precondition:
          testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);
        checkReadOnly(childNPath);

        Privilege[] rmChildNodes = privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES);
        Privilege[] rmNode = privilegesFromName(Privilege.JCR_REMOVE_NODE);

        // add 'remove_child_nodes' privilege at 'path'...
        givePrivileges(path, rmChildNodes, getRestrictions(superuser, path));
        // ... and add 'remove_node' privilege at 'childNPath'
        givePrivileges(childNPath, rmNode, getRestrictions(superuser, childNPath));
        /*
         expected result:
         - remove not allowed for node at path
         - remove-permission present for node at childNPath
         - both remove_node and remove_childNodes privilege present at childNPath
         */
        assertFalse(testSession.hasPermission(path, javax.jcr.Session.ACTION_REMOVE));
        assertTrue(testSession.hasPermission(childNPath, javax.jcr.Session.ACTION_REMOVE));
        assertTrue(testAcMgr.hasPrivileges(childNPath, new Privilege[] {rmChildNodes[0], rmNode[0]}));
    }

        assertFalse(getTestSession().hasPermission(childNPath, javax.jcr.Session.ACTION_REMOVE));
    }

    public void testRemovePermission6() throws NotExecutableException, RepositoryException {
        Session testSession = getTestSession();
        AccessControlManager testAcMgr = getTestACManager();
        /*
          precondition:
          testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);
        checkReadOnly(childNPath);

        Privilege[] privs = privilegesFromNames(new String[] {
                Privilege.JCR_REMOVE_CHILD_NODES, Privilege.JCR_REMOVE_NODE
        });
        Privilege[] rmNode = privilegesFromName(Privilege.JCR_REMOVE_NODE);

        // add 'remove_child_nodes' and 'remove_node' privilege at 'path'
        givePrivileges(path, privs, getRestrictions(superuser, path));
        // ... but deny 'remove_node' at childNPath
        withdrawPrivileges(childNPath, rmNode, getRestrictions(superuser, childNPath));
        /*
         expected result:
         - neither node at path nor at childNPath could be removed.
         - no remove_node privilege at childNPath
         - read, remove_child_nodes privilege at childNPath
         */
        assertFalse(testSession.hasPermission(path, javax.jcr.Session.ACTION_REMOVE));
        assertFalse(testSession.hasPermission(childNPath, javax.jcr.Session.ACTION_REMOVE));
        assertTrue(testAcMgr.hasPrivileges(childNPath, privilegesFromNames(new String[] {Privilege.JCR_READ, Privilege.JCR_REMOVE_CHILD_NODES})));
        assertFalse(testAcMgr.hasPrivileges(childNPath, privilegesFromName(Privilege.JCR_REMOVE_NODE)));
    }

        assertFalse(testAcMgr.hasPrivileges(childNPath, privilegesFromName(Privilege.JCR_REMOVE_NODE)));
    }

    public void testRemovePermission7() throws NotExecutableException, RepositoryException {
        Session testSession = getTestSession();
        AccessControlManager testAcMgr = getTestACManager();
        /*
          precondition:
          testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);
        checkReadOnly(childNPath);

        Privilege[] rmChildNodes = privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES);
        Privilege[] rmNode = privilegesFromName(Privilege.JCR_REMOVE_NODE);

        // deny 'remove_child_nodes' at 'path'
        withdrawPrivileges(path, rmChildNodes, getRestrictions(superuser, path));
        // ... but allow 'remove_node' at childNPath
        givePrivileges(childNPath, rmNode, getRestrictions(superuser, childNPath));
        /*
         expected result:
         - node at childNPath can't be removed.
         */
        assertFalse(testSession.hasPermission(childNPath, javax.jcr.Session.ACTION_REMOVE));

        // additionally add remove_child_nodes privilege at 'childNPath'
        givePrivileges(childNPath, rmChildNodes, getRestrictions(superuser, childNPath));
        /*
         expected result:
         - node at childNPath still can't be removed.
         - but both privileges (remove_node, remove_child_nodes) are present.
         */
        assertFalse(testSession.hasPermission(childNPath, javax.jcr.Session.ACTION_REMOVE));
        assertTrue(testAcMgr.hasPrivileges(childNPath, new Privilege[] {rmChildNodes[0], rmNode[0]}));
    }

        assertFalse(testSession.hasPermission(childNPath, javax.jcr.Session.ACTION_REMOVE));
        assertTrue(testAcMgr.hasPrivileges(childNPath, new Privilege[] {rmChildNodes[0], rmNode[0]}));
    }

    public void testRemovePermission8() throws NotExecutableException, RepositoryException {
        AccessControlManager testAcMgr = getTestACManager();
        /*
          precondition:
          testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);
        checkReadOnly(childNPath);

        Privilege[] rmChildNodes = privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES);
        Privilege[] rmNode = privilegesFromName(Privilege.JCR_REMOVE_NODE);

        // add 'remove_child_nodes' at 'path
        givePrivileges(path, rmChildNodes, getRestrictions(superuser, path));
        // deny 'remove_node' at 'path'
        withdrawPrivileges(path, rmNode, getRestrictions(superuser, path));
        // and allow 'remove_node' at childNPath
        givePrivileges(childNPath, rmNode, getRestrictions(superuser, childNPath));
        /*
         expected result:
         - remove permission must be granted at childNPath
         */
        assertTrue(getTestSession().hasPermission(childNPath, javax.jcr.Session.ACTION_REMOVE));
        assertTrue(testAcMgr.hasPrivileges(childNPath, new Privilege[] {rmChildNodes[0], rmNode[0]}));
    }