Examples of javax.jcr.security.AccessControlPolicy

• javax.jcr.security.AccessControlPolicy

        checkValidPolicy(nodePath, policy);

        NodeImpl acNode = getAcNode(nodePath);
        if (isAccessControlled(acNode)) {
            // build the template in order to have a return value
            AccessControlPolicy tmpl = createTemplate(acNode);
            if (tmpl.equals(policy)) {
                removeItem(acNode.getNode(N_POLICY));
                return;
            }
        }
        // node either not access-controlled or the passed policy didn't apply

     * @param nodePath
     */
    public AccessControlPolicy[] editAccessControlPolicies(String nodePath) throws AccessControlException, PathNotFoundException, RepositoryException {
        checkProtectsNode(nodePath);

        AccessControlPolicy acl = null;
        NodeImpl controlledNode = getNode(nodePath);
        NodeImpl aclNode = getAclNode(controlledNode);
        if (aclNode == null) {
            // create an empty acl unless the node is protected or cannot have
            // rep:AccessControllable mixin set (e.g. due to a lock)

        Node n = testRootNode.addNode(nodeName1, testNodeType);
        superuser.save();

        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(n.getPath());
        while (it.hasNext() && templ == null) {
            AccessControlPolicy p = it.nextAccessControlPolicy();
            if (p instanceof JackrabbitAccessControlList) {
                templ = (JackrabbitAccessControlList) p;
            }
        }
        if (templ == null) {

    static JackrabbitAccessControlList getPolicy(AccessControlManager acM, String path, Principal principal) throws RepositoryException,
            AccessDeniedException, NotExecutableException {
        // try applicable (new) acls first
        AccessControlPolicyIterator itr = acM.getApplicablePolicies(path);
        while (itr.hasNext()) {
            AccessControlPolicy policy = itr.nextAccessControlPolicy();
            if (policy instanceof ACLTemplate) {
                return (ACLTemplate) policy;
            }
        }
        // try if there is an acl that has been set before:
        AccessControlPolicy[] pcls = acM.getPolicies(path);
        for (int i = 0; i < pcls.length; i++) {
            AccessControlPolicy policy = pcls[i];
            if (policy instanceof ACLTemplate) {
                return (ACLTemplate) policy;
            }
        }
        // no applicable or existing ACLTemplate to edit -> not executable.

    protected JackrabbitAccessControlList getPolicy(AccessControlManager acM, String path, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException {
        // first try if there is a new applicable policy
        AccessControlPolicyIterator it = acM.getApplicablePolicies(path);
        while (it.hasNext()) {
            AccessControlPolicy acp = it.nextAccessControlPolicy();
            if (acp instanceof ACLTemplate) {
                return (ACLTemplate) acp;
            }
        }
        // try if there is an acl that has been set before:
        AccessControlPolicy[] pcls = acM.getPolicies(path);
        for (int i = 0; i < pcls.length; i++) {
            AccessControlPolicy policy = pcls[i];
            if (policy instanceof ACLTemplate) {
                return (ACLTemplate) policy;
            }
        }
        // no applicable or existing ACLTemplate to edit -> not executable.

            // ok.
        }

        /* Finally the test user must not be allowed to remove the policy. */
        try {
            testAcMgr.removePolicy(path, new AccessControlPolicy() {});
            fail("Test user must not be allowed to remove the access control policy.");
        } catch (AccessDeniedException e) {
            // success
        }
    }

            fail("test user must not have READ_AC privilege.");
        } catch (AccessDeniedException e) {
            // success
        }
        try {
            testAcMgr.removePolicy(tmpl.getPath(), new AccessControlPolicy() {});
            fail("test user must not have MODIFY_AC privilege.");
        } catch (AccessDeniedException e) {
            // success
        }
    }

        }
    }

    public void testSetInvalidPolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
        try {
            testAcMgr.setPolicy(path, new AccessControlPolicy() {
                public String getName() throws RepositoryException {
                    return getClass().getName();
                }
                public String getDescription() throws RepositoryException {
                    return "";

    protected void tearDown() throws Exception {
        try {
            for (Iterator it = addedPolicies.keySet().iterator(); it.hasNext();) {
                String path = it.next().toString();
                AccessControlPolicy policy = (AccessControlPolicy) addedPolicies.get(path);
                acMgr.removePolicy(path, policy);
            }
            superuser.save();
        } catch (Exception e) {
            log.error("Unexpected error while removing test policies.", e);

        // call must succeed without exception
        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
        Set acps = new HashSet();

        while (it.hasNext()) {
            AccessControlPolicy policy = it.nextAccessControlPolicy();
            if (!acps.add(policy)) {
                fail("The applicable policies present should be unique among the choices. Policy " + policy + " occured multiple times.");
            }
        }
    }