Examples of javax.jcr.security.AccessControlManager

javax.jcr.security.AccessControlManager

        }
    }


    public void testGroupPermissions() throws NotExecutableException, RepositoryException {
        Group testGroup = getTestGroup();
        AccessControlManager testAcMgr = getTestACManager();
        /*
         precondition:
         testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);


        /* add privileges for the Group the test-user is member of */
        Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        givePrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));


        /* testuser must get the permissions/privileges inherited from
           the group it is member of.
         */
        String actions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;


        assertTrue(getTestSession().hasPermission(path, actions));
        Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        assertTrue(testAcMgr.hasPrivileges(path, privs));
    }

View Full Code Here

        assertTrue(testAcMgr.hasPrivileges(path, privs));
    }


    public void testMixedUserGroupPermissions() throws NotExecutableException, RepositoryException {
        Group testGroup = getTestGroup();
        AccessControlManager testAcMgr = getTestACManager();
        /*
         precondition:
         testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);


        /* explicitly withdraw MODIFY_PROPERTIES for the user */
        Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        withdrawPrivileges(path, testUser.getPrincipal(), privileges, getRestrictions(superuser, path));
        /* give MODIFY_PROPERTIES privilege for a Group the test-user is member of */
        givePrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));
        /*
         since user-permissions overrule the group permissions, testuser must
         not have set_property action / modify_properties privilege.
         */
        String actions = javax.jcr.Session.ACTION_SET_PROPERTY;
        assertFalse(getTestSession().hasPermission(path, actions));
        assertFalse(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES)));
    }

View Full Code Here

        assertFalse(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES)));
    }
    
    public void testInheritanceAndMixedUserGroupPermissions() throws RepositoryException, NotExecutableException {
        Group testGroup = getTestGroup();
        AccessControlManager testAcMgr = getTestACManager();
        /*
         precondition:
         testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);


        Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);


        /* give MODIFY_PROPERTIES privilege for testGroup at 'path' */
        givePrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));


        /* withdraw MODIFY_PROPERTIES for the user at 'path' */
        withdrawPrivileges(path, testUser.getPrincipal(), privileges, getRestrictions(superuser, path));


        /*
         since user-permissions overrule the group permissions, testuser must
         not have set_property action / modify_properties privilege.
         */
        assertFalse(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES)));


        /*
         give MODIFY_PROPERTIES privilege for everyone at 'childNPath'
         -> user-privileges still overrule group privileges
         */
        givePrivileges(childNPath, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));
        assertFalse(testAcMgr.hasPrivileges(childNPath, privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES)));
    }

View Full Code Here

        givePrivileges(childNPath, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));
        assertFalse(testAcMgr.hasPrivileges(childNPath, privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES)));
    }


    public void testNewNodes() throws RepositoryException, NotExecutableException {
        AccessControlManager testAcMgr = getTestACManager();
        /*
         precondition:
         testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);


        /* create some new nodes below 'path' */
        Node n = superuser.getNode(path);
        for (int i = 0; i < 5; i++) {
            n = n.addNode(nodeName2, testNodeType);
        }
        superuser.save();


        /* make sure the same privileges/permissions are granted as at path. */
        String childPath = n.getPath();
        Privilege[] privs = testAcMgr.getPrivileges(childPath);
        assertEquals(PrivilegeRegistry.getBits(privilegesFromName(Privilege.JCR_READ)),
                PrivilegeRegistry.getBits(privs));
        getTestSession().checkPermission(childPath, javax.jcr.Session.ACTION_READ);
    }

View Full Code Here

        testUser = null;


        // try to retrieve the acl again
        Session s = getHelper().getSuperuserSession();
        try {
            AccessControlManager acMgr = getAccessControlManager(s);
            acMgr.getPolicies(acPath);
        } finally {
            s.logout();
        }
    }

View Full Code Here

        /* test permissions. expected result:
           - testSession cannot lock at 'path'
           - testSession doesn't have ALL privilege at path
         */
        Session testSession = getTestSession();
        AccessControlManager acMgr = testSession.getAccessControlManager();


        assertFalse(acMgr.hasPrivileges(path, allPrivileges));
        assertFalse(acMgr.hasPrivileges(path, lockPrivileges));


        List<Privilege> remainingprivs = new ArrayList<Privilege>(Arrays.asList(allPrivileges[0].getAggregatePrivileges()));
        remainingprivs.remove(lockPrivileges[0]);
        assertTrue(acMgr.hasPrivileges(path, remainingprivs.toArray(new Privilege[remainingprivs.size()])));
    }

View Full Code Here

    }


    private static void changeReadPermission(Principal principal, Node n, boolean allowRead) throws RepositoryException, NotExecutableException {
        SessionImpl s = (SessionImpl) n.getSession();
        JackrabbitAccessControlList acl = null;
        AccessControlManager acMgr = s.getAccessControlManager();
        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(n.getPath());
        while (it.hasNext()) {
            AccessControlPolicy acp = it.nextAccessControlPolicy();
            if (acp instanceof JackrabbitAccessControlList) {
                acl = (JackrabbitAccessControlList) acp;
                break;
            }
        }
        if (acl == null) {
            AccessControlPolicy[] acps = acMgr.getPolicies(n.getPath());
            for (AccessControlPolicy acp : acps) {
                if (acp instanceof JackrabbitAccessControlList) {
                    acl = (JackrabbitAccessControlList) acp;
                    break;
                }
            }
        }


        if (acl != null) {
            acl.addEntry(principal, new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)}, allowRead);
            acMgr.setPolicy(n.getPath(), acl);
            s.save();
        } else {
            // no JackrabbitAccessControlList found.
            throw new NotExecutableException();
        }

View Full Code Here

            new ParsingContentHandler(ih).parse(in);


            assertTrue(target.hasNode("test"));
            String path = target.getNode("test").getPath();    


            AccessControlManager acMgr = sImpl.getAccessControlManager();
            AccessControlPolicy[] policies = acMgr.getPolicies(path);


            assertEquals(1, policies.length);
            assertTrue(policies[0] instanceof JackrabbitAccessControlList);


            AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
            assertEquals(1, entries.length);


            AccessControlEntry entry = entries[0];
            assertEquals("everyone", entry.getPrincipal().getName());
            assertEquals(1, entry.getPrivileges().length);
            assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);


            if(entry instanceof JackrabbitAccessControlEntry) {
                assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());                
            }

View Full Code Here

            ImportHandler ih = new ImportHandler(importer, sImpl);
            new ParsingContentHandler(ih).parse(in);


            String path = target.getPath();


            AccessControlManager acMgr = sImpl.getAccessControlManager();
            AccessControlPolicy[] policies = acMgr.getPolicies(path);


            assertEquals(1, policies.length);
            assertTrue(policies[0] instanceof JackrabbitAccessControlList);


            AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
            assertEquals(2, entries.length);


            AccessControlEntry entry = entries[0];
            assertEquals("everyone", entry.getPrincipal().getName());
            assertEquals(1, entry.getPrivileges().length);
            assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);


            entry = entries[1];
            assertEquals("admin", entry.getPrincipal().getName());
            assertEquals(1, entry.getPrivileges().length);
            assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);


            if(entry instanceof JackrabbitAccessControlEntry) {
                assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
            }
        } finally {

View Full Code Here

            ih = new ImportHandler(importer, sImpl);
            new ParsingContentHandler(ih).parse(in);


            String path = target.getPath();


            AccessControlManager acMgr = sImpl.getAccessControlManager();
            AccessControlPolicy[] policies = acMgr.getPolicies(path);


            assertEquals(1, policies.length);
            assertTrue(policies[0] instanceof JackrabbitAccessControlList);


            AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
            assertEquals(1, entries.length);


            AccessControlEntry entry = entries[0];
            assertEquals("admin", entry.getPrincipal().getName());
            assertEquals(1, entry.getPrivileges().length);
            assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);


            if(entry instanceof JackrabbitAccessControlEntry) {
                assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
            }
        } finally {

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of javax.jcr.security.AccessControlManager

org.apache.camel.component.jcr.JcrAuthTestBase

org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils

org.apache.jackrabbit.core.NodeImplTest

org.apache.jackrabbit.core.security.authorization.AbstractRepositoryOperationTest

org.apache.jackrabbit.core.security.authorization.AbstractWriteTest

org.apache.jackrabbit.core.security.authorization.acl.ACLProvider

org.apache.jackrabbit.core.security.authorization.acl.ACLProvider$Entries

org.apache.jackrabbit.core.security.authorization.acl.ACLTemplate

org.apache.jackrabbit.core.security.authorization.acl.AcReadWriteTest

org.apache.jackrabbit.core.security.authorization.acl.EffectivePolicyTest

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.