Package javax.jcr.security

Examples of javax.jcr.security.AccessControlManager

805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
        givePrivileges(childNPath, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));
        assertFalse(testAcMgr.hasPrivileges(childNPath, privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES)));
    }

    public void testNewNodes() throws RepositoryException, NotExecutableException {
        AccessControlManager testAcMgr = getTestACManager();
        /*
         precondition:
         testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);

        /* create some new nodes below 'path' */
        Node n = superuser.getNode(path);
        for (int i = 0; i < 5; i++) {
            n = n.addNode(nodeName2, testNodeType);
        }
        superuser.save();

        /* make sure the same privileges/permissions are granted as at path. */
        String childPath = n.getPath();
        Privilege[] privs = testAcMgr.getPrivileges(childPath);
        assertEquals(PrivilegeRegistry.getBits(privilegesFromName(Privilege.JCR_READ)),
                PrivilegeRegistry.getBits(privs));
        getTestSession().checkPermission(childPath, javax.jcr.Session.ACTION_READ);
    }
View Full Code Here
931
932
933
934
935
936
937
938
939
940
941
        testUser = null;

        // try to retrieve the acl again
        Session s = getHelper().getSuperuserSession();
        try {
            AccessControlManager acMgr = getAccessControlManager(s);
            acMgr.getPolicies(acPath);
        } finally {
            s.logout();
        }
    }
View Full Code Here
954
955
956
957
958
959
960
961
962
963
964
965
966
967
        /* test permissions. expected result:
           - testSession cannot lock at 'path'
           - testSession doesn't have ALL privilege at path
         */
        Session testSession = getTestSession();
        AccessControlManager acMgr = testSession.getAccessControlManager();

        assertFalse(acMgr.hasPrivileges(path, allPrivileges));
        assertFalse(acMgr.hasPrivileges(path, lockPrivileges));

        List<Privilege> remainingprivs = new ArrayList<Privilege>(Arrays.asList(allPrivileges[0].getAggregatePrivileges()));
        remainingprivs.remove(lockPrivileges[0]);
        assertTrue(acMgr.hasPrivileges(path, remainingprivs.toArray(new Privilege[remainingprivs.size()])));
    }
View Full Code Here
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
        givePrivileges(path, testUser.getPrincipal(), allPriv, getRestrictions(superuser, path));
        /* grant ALL privilege for testUser at 'childNPath' */
        givePrivileges(childNPath, testUser.getPrincipal(), allPriv, getRestrictions(superuser, childNPath));

        Session testSession = getTestSession();
        AccessControlManager acMgr = testSession.getAccessControlManager();

        assertTrue(acMgr.hasPrivileges(path, allPriv));
        assertTrue(acMgr.hasPrivileges(childNPath, allPriv));

        assertTrue(testSession.hasPermission(childNPath, Session.ACTION_REMOVE));

        Node child = testSession.getNode(childNPath);
        child.remove();
View Full Code Here
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
     *
     * @throws Exception
     */
    public void testGlobRestriction() throws Exception {
        Session testSession = getTestSession();
        AccessControlManager testAcMgr = getTestACManager();
        ValueFactory vf = superuser.getValueFactory();
        /*
          precondition:
          testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);
        checkReadOnly(childNPath);

        Node child = superuser.getNode(childNPath).addNode(nodeName3);
        superuser.save();
        String childchildPath = child.getPath();

        Privilege[] write = privilegesFromName(PrivilegeRegistry.REP_WRITE);
        String writeActions = Session.ACTION_ADD_NODE +","+Session.ACTION_REMOVE +","+ Session.ACTION_SET_PROPERTY;


        // permissions defined @ path
        // restriction: grants write priv to all nodeName3 children
        Map<String, Value> restrictions = new HashMap<String, Value>(getRestrictions(superuser, path));
        restrictions.put(AccessControlConstants.P_GLOB.toString(), vf.createValue("/*"+nodeName3));
        givePrivileges(path, write, restrictions);

        assertFalse(testAcMgr.hasPrivileges(path, write));
        assertFalse(testSession.hasPermission(path, javax.jcr.Session.ACTION_SET_PROPERTY));

        assertFalse(testAcMgr.hasPrivileges(childNPath, write));
        assertFalse(testSession.hasPermission(childNPath, javax.jcr.Session.ACTION_SET_PROPERTY));

        assertTrue(testAcMgr.hasPrivileges(childNPath2, write));
        assertTrue(testSession.hasPermission(childNPath2, Session.ACTION_SET_PROPERTY));
        assertFalse(testSession.hasPermission(childNPath2, writeActions)); // removal req. rmchildnode privilege on parent.

        assertTrue(testAcMgr.hasPrivileges(childchildPath, write));
    }
View Full Code Here
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
     *
     * @throws Exception
     */
    public void testGlobRestriction2() throws Exception {
        Session testSession = getTestSession();
        AccessControlManager testAcMgr = getTestACManager();
        ValueFactory vf = superuser.getValueFactory();
        /*
          precondition:
          testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);
        checkReadOnly(childNPath);

        Node child = superuser.getNode(childNPath).addNode(nodeName3);
        superuser.save();
        String childchildPath = child.getPath();

        Privilege[] write = privilegesFromName(PrivilegeRegistry.REP_WRITE);
        Privilege[] addNode = privilegesFromName(Privilege.JCR_ADD_CHILD_NODES);
        Privilege[] rmNode = privilegesFromName(Privilege.JCR_REMOVE_NODE);

        Map<String, Value> restrictions = new HashMap<String, Value>(getRestrictions(superuser, path));

        // permissions defined @ path
        // restriction: grants write-priv to nodeName3 grand-children but not direct nodeName3 children.
        restrictions.put(AccessControlConstants.P_GLOB.toString(), vf.createValue("/*/"+nodeName3));
        givePrivileges(path, write, restrictions);

        assertFalse(testAcMgr.hasPrivileges(path, write));
        assertFalse(testAcMgr.hasPrivileges(path, rmNode));

        assertFalse(testAcMgr.hasPrivileges(childNPath, addNode));

        assertFalse(testAcMgr.hasPrivileges(childNPath2, write));

        assertTrue(testAcMgr.hasPrivileges(childchildPath, write));
    }
View Full Code Here
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
     *
     * @throws Exception
     */
    public void testGlobRestriction3() throws Exception {
        Session testSession = getTestSession();
        AccessControlManager testAcMgr = getTestACManager();
        ValueFactory vf = superuser.getValueFactory();
        /*
          precondition:
          testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);
        checkReadOnly(childNPath);

        Node child = superuser.getNode(childNPath).addNode(nodeName3);
        superuser.save();
        String childchildPath = child.getPath();

        Privilege[] write = privilegesFromName(PrivilegeRegistry.REP_WRITE);
        Privilege[] addNode = privilegesFromName(Privilege.JCR_ADD_CHILD_NODES);
        String writeActions = Session.ACTION_ADD_NODE +","+Session.ACTION_REMOVE +","+ Session.ACTION_SET_PROPERTY;

        Map<String, Value> restrictions = new HashMap<String, Value>(getRestrictions(superuser, path));

        // permissions defined @ path
        // restriction: allows write to nodeName3 children
        restrictions.put(AccessControlConstants.P_GLOB.toString(), vf.createValue("/*/"+nodeName3));
        givePrivileges(path, write, restrictions);
        // and grant add-node only at path (no glob restriction)
        givePrivileges(path, addNode, getRestrictions(superuser, path));

        assertFalse(testAcMgr.hasPrivileges(path, write));
        assertTrue(testAcMgr.hasPrivileges(path, addNode));

        assertFalse(testAcMgr.hasPrivileges(childNPath, write));
        assertTrue(testAcMgr.hasPrivileges(childNPath, addNode));

        assertFalse(testAcMgr.hasPrivileges(childNPath2, write));
        assertTrue(testAcMgr.hasPrivileges(childchildPath, write));
    }
View Full Code Here
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
     *
     * @throws Exception
     */
    public void testGlobRestriction4() throws Exception {
        Session testSession = getTestSession();
        AccessControlManager testAcMgr = getTestACManager();
        ValueFactory vf = superuser.getValueFactory();
        /*
          precondition:
          testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);
        checkReadOnly(childNPath);

        Node child = superuser.getNode(childNPath).addNode(nodeName3);
        superuser.save();
        String childchildPath = child.getPath();

        Privilege[] write = privilegesFromName(PrivilegeRegistry.REP_WRITE);
        Privilege[] addNode = privilegesFromName(Privilege.JCR_ADD_CHILD_NODES);

        Map<String, Value> restrictions = new HashMap<String, Value>(getRestrictions(superuser, path));
        restrictions.put(AccessControlConstants.P_GLOB.toString(), vf.createValue("/*"+nodeName3));
        givePrivileges(path, write, restrictions);

        withdrawPrivileges(childNPath2, addNode, getRestrictions(superuser, childNPath2));

        assertFalse(testAcMgr.hasPrivileges(path, write));
        assertFalse(testSession.hasPermission(path, javax.jcr.Session.ACTION_REMOVE));

        assertFalse(testAcMgr.hasPrivileges(childNPath, write));
        assertFalse(testSession.hasPermission(childNPath, javax.jcr.Session.ACTION_REMOVE));

        assertFalse(testAcMgr.hasPrivileges(childNPath2, write));

        assertTrue(testAcMgr.hasPrivileges(childchildPath, write));
    }
View Full Code Here
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
     *
     * @throws Exception
     */
    public void testCancelInheritanceRestriction() throws Exception {
        Session testSession = getTestSession();
        AccessControlManager testAcMgr = getTestACManager();
        ValueFactory vf = superuser.getValueFactory();
        /*
          precondition:
          testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);
        checkReadOnly(childNPath);

        Privilege[] write = privilegesFromName(PrivilegeRegistry.REP_WRITE);
        Privilege[] addNode = privilegesFromName(Privilege.JCR_ADD_CHILD_NODES);

        Map<String, Value> restrictions = new HashMap<String, Value>(getRestrictions(superuser, path));
        restrictions.put(AccessControlConstants.P_GLOB.toString(), vf.createValue(""));
        givePrivileges(path, write, restrictions);

        assertTrue(testAcMgr.hasPrivileges(path, write));
        assertTrue(testSession.hasPermission(path, Session.ACTION_SET_PROPERTY));

        assertFalse(testAcMgr.hasPrivileges(childNPath, write));
        assertFalse(testSession.hasPermission(childNPath, Session.ACTION_SET_PROPERTY));

        assertFalse(testAcMgr.hasPrivileges(childNPath2, write));
        assertFalse(testSession.hasPermission(childNPath2, Session.ACTION_SET_PROPERTY));
    }
View Full Code Here
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
    admin = loginWriter();
    userManager = ((JackrabbitSession) admin).getUserManager();
    Principal userPrincipal = userManager.createUser(TEST_USER_ID, TEST_USER_ID).getPrincipal();

    AccessControlManager acm = admin.getAccessControlManager();
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acm, "/");
    acl.addEntry(userPrincipal, AccessControlUtils.privilegesFromNames(acm, PrivilegeConstants.JCR_READ), true);
    acm.setPolicy("/", acl);

    Node a = admin.getRootNode().addNode("a");
    for (int i = 1; i < 10000; i++) {
      a.addNode("node" + i);
      acl = AccessControlUtils.getAccessControlList(acm, "/a/node"+i);
      acl.addEntry(userPrincipal, AccessControlUtils.privilegesFromNames(acm, PrivilegeConstants.JCR_READ), true);
      acm.setPolicy("/a/node"+i, acl);
    }

    admin.save();
    reader = login(new SimpleCredentials(TEST_USER_ID, TEST_USER_ID.toCharArray()));
View Full Code Here
TOP

Related Classes of javax.jcr.security.AccessControlManager

  • org.apache.camel.component.jcr.JcrAuthTestBase
  • org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils
  • org.apache.jackrabbit.core.NodeImplTest
  • org.apache.jackrabbit.core.security.authorization.AbstractRepositoryOperationTest
  • org.apache.jackrabbit.core.security.authorization.AbstractWriteTest
  • org.apache.jackrabbit.core.security.authorization.acl.ACLProvider
  • org.apache.jackrabbit.core.security.authorization.acl.ACLProvider$Entries
  • org.apache.jackrabbit.core.security.authorization.acl.ACLTemplate
  • org.apache.jackrabbit.core.security.authorization.acl.AcReadWriteTest
  • org.apache.jackrabbit.core.security.authorization.acl.EffectivePolicyTest
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.