Examples of org.apache.jackrabbit.api.security.JackrabbitAccessControlList

Package org.apache.jackrabbit.api.security

Examples of org.apache.jackrabbit.api.security.JackrabbitAccessControlList

org.apache.jackrabbit.api.security.JackrabbitAccessControlList
JackrabbitAccessControlList is an extension of the AccessControlList. Similar to the latter any modifications made will not take effect, until it is {@link javax.jcr.security.AccessControlManager#setPolicy(String,AccessControlPolicy) written back} and {@link javax.jcr.Session#save() saved}.

        AccessControlManager testAcMgr = getTestACManager();
        checkReadOnly(path);


        // re-grant READ in order to have an ACL-node
        Privilege[] privileges = privilegesFromName(Privilege.JCR_READ);
        JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path));
        // make sure the 'rep:policy' node has been created.
        assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));


        Session testSession = getTestSession();
        /*
         Testuser must still have READ-only access only and must not be
         allowed to view the acl-node that has been created.
        */
        assertFalse(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_READ_ACCESS_CONTROL)));
        assertFalse(testSession.itemExists(path + "/rep:policy"));


        Node n = testSession.getNode(tmpl.getPath());
        assertFalse(n.hasNode("rep:policy"));
        try {
            n.getNode("rep:policy");
            fail("Accessing the rep:policy node must throw PathNotFoundException.");
        } catch (PathNotFoundException e) {

View Full Code Here

        Privilege[] privileges = privilegesFromNames(new String[] {
                Privilege.JCR_ADD_CHILD_NODES,
                Privilege.JCR_REMOVE_CHILD_NODES,
                Privilege.JCR_MODIFY_PROPERTIES
        });
        JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path));
        /*
         testuser must not have
         - permission to view AC items
         - permission to modify AC items
        */


        // make sure the 'rep:policy' node has been created.
        assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));
        // the policy node however must not be visible to the test-user
        assertFalse(testSession.itemExists(tmpl.getPath() + "/rep:policy"));
        try {
            testAcMgr.getPolicies(tmpl.getPath());
            fail("test user must not have READ_AC privilege.");
        } catch (AccessDeniedException e) {
            // success
        }
        try {
            testAcMgr.getEffectivePolicies(tmpl.getPath());
            fail("test user must not have READ_AC privilege.");
        } catch (AccessDeniedException e) {
            // success
        }
        try {
            testAcMgr.getEffectivePolicies(path);
            fail("test user must not have READ_AC privilege.");
        } catch (AccessDeniedException e) {
            // success
        }
        try {
            testAcMgr.removePolicy(tmpl.getPath(), new AccessControlPolicy() {});
            fail("test user must not have MODIFY_AC privilege.");
        } catch (AccessDeniedException e) {
            // success
        }
    }

View Full Code Here

    }


    public void testAclReferingToRemovedPrincipal() throws
            NotExecutableException, RepositoryException {


        JackrabbitAccessControlList acl = givePrivileges(path, privilegesFromName(PrivilegeRegistry.REP_WRITE), getRestrictions(superuser, path));
        String acPath = acl.getPath();


        // remove the test user
        testUser.remove();
        if (!getUserManager(superuser).isAutoSave() && superuser.hasPendingChanges()) {
            superuser.save();

View Full Code Here

        }
    }


    private static void changeReadPermission(Principal principal, Node n, boolean allowRead) throws RepositoryException, NotExecutableException {
        SessionImpl s = (SessionImpl) n.getSession();
        JackrabbitAccessControlList acl = null;
        AccessControlManager acMgr = s.getAccessControlManager();
        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(n.getPath());
        while (it.hasNext()) {
            AccessControlPolicy acp = it.nextAccessControlPolicy();
            if (acp instanceof JackrabbitAccessControlList) {
                acl = (JackrabbitAccessControlList) acp;
                break;
            }
        }
        if (acl == null) {
            AccessControlPolicy[] acps = acMgr.getPolicies(n.getPath());
            for (AccessControlPolicy acp : acps) {
                if (acp instanceof JackrabbitAccessControlList) {
                    acl = (JackrabbitAccessControlList) acp;
                    break;
                }
            }
        }


        if (acl != null) {
            acl.addEntry(principal, new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)}, allowRead);
            acMgr.setPolicy(n.getPath(), acl);
            s.save();
        } else {
            // no JackrabbitAccessControlList found.
            throw new NotExecutableException();

View Full Code Here

        // give 'testUser' READ_AC|MODIFY_AC privileges at 'path'
        Privilege[] privileges = privilegesFromNames(new String[] {
                Privilege.JCR_READ_ACCESS_CONTROL,
                Privilege.JCR_MODIFY_ACCESS_CONTROL
        });
        JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path));
        /*
         testuser must
         - still have the inherited READ permission.
         - must have permission to view AC items at 'path' (and below)
         - must have permission to modify AC items at 'path'


         testuser must not have
         - permission to view AC items outside of the tree defined by path.
        */


        // make sure the 'rep:policy' node has been created.
        assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));


        Session testSession = getTestSession();
        AccessControlManager testAcMgr = getTestACManager();
        // test: MODIFY_AC granted at 'path'
        assertTrue(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_MODIFY_ACCESS_CONTROL)));

View Full Code Here

            assertTrue(testAcMgr.hasPrivileges(path, privs));


            // reorder the ACEs
            AccessControlEntry srcEntry = null;
            AccessControlEntry destEntry = null;
            JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acMgr.getPolicies(path)[0];
            for (AccessControlEntry entry : acl.getAccessControlEntries()) {
                Principal princ = entry.getPrincipal();
                if (testGroup.getPrincipal().equals(princ)) {
                    destEntry = entry;
                } else if (group2.getPrincipal().equals(princ)) {
                    srcEntry = entry;
                }


            }


            acl.orderBefore(srcEntry, destEntry);
            acMgr.setPolicy(path, acl);
            superuser.save();


            /* after reordering the permissions must be denied */
            assertFalse(getTestSession().hasPermission(path, actions));

View Full Code Here

    @Test
    public void testAclPropagation() throws Exception {
        Tree node = root1.getTree("/").addChild("testNode");
        node.setProperty("jcr:primaryType", "nt:unstructured");
        User user1 = userManager1.createUser("testUser", "testUser");
        JackrabbitAccessControlList acl1 = AccessControlUtils.getAccessControlList(aclMgr1, "/testNode");
        acl1.addEntry(user1.getPrincipal(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:all"), true);
        aclMgr1.setPolicy("/testNode", acl1);
        root1.commit();


        Thread.sleep(100);
        root2.refresh();
        JackrabbitAccessControlList acl2 = AccessControlUtils.getAccessControlList(aclMgr2, "/testNode");
        AccessControlEntry[] aces = acl2.getAccessControlEntries();
        assertEquals(1, aces.length);
    }

View Full Code Here


        // create 2 users
        User user1 = userManager1.createUser("testUser1", "testUser1");
        User user2 = userManager1.createUser("testUser2", "testUser2");


        JackrabbitAccessControlList acl1 = AccessControlUtils.getAccessControlList(aclMgr1, "/testNode");


        // deny jcr:all for everyone on /testNode
        acl1.addEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:all"), false);


        // allow jcr:read for testUser1 on /testNode
        acl1.addEntry(user1.getPrincipal(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:read"), true);
        aclMgr1.setPolicy("/testNode", acl1);
        root1.commit();


        Thread.sleep(100);
        root2.refresh();


        // login with testUser1 and testUser2 (on cluster node 2)
        ContentSession session1 = contentRepository2.login(new SimpleCredentials("testUser1", "testUser1".toCharArray()), null);
        ContentSession session2 = contentRepository2.login(new SimpleCredentials("testUser2", "testUser2".toCharArray()), null);


        // testUser1 can read /testNode
        assertTrue(session1.getLatestRoot().getTree("/testNode").exists());


        // testUser2 cannot read /testNode
        assertFalse(session2.getLatestRoot().getTree("/testNode").exists());


        // now, allow jcr:read also for 'everyone' (on cluster node 1)
        acl1 = AccessControlUtils.getAccessControlList(aclMgr1, "/testNode");
        acl1.addEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:read"), true);
        aclMgr1.setPolicy("/testNode", acl1);
        root1.commit();


        Thread.sleep(100);
        root2.refresh();

View Full Code Here

        String childPath = child.getTree().getPath();


        Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
        setupPolicy(testPath, privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));


        JackrabbitAccessControlList acl = getApplicablePolicy(childPath);
        acl.addEntry(EveryonePrincipal.getInstance(), privs, true);
        acMgr.setPolicy(childPath, acl);


        root.commit();


        Root testRoot = getTestRoot();

View Full Code Here

        String childPath = child.getTree().getPath();


        Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL);


        // create policy on testPath -> but deny access to test session
        JackrabbitAccessControlList acl = getApplicablePolicy(testPath);
        acl.addEntry(getTestPrincipal(), privs, false);
        acMgr.setPolicy(testPath, acl);


        // grant access at childpath
        setupPolicy(childPath, privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
        root.commit();

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.apache.jackrabbit.api.security.JackrabbitAccessControlList

org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils

org.apache.jackrabbit.core.NodeImplTest

org.apache.jackrabbit.core.query.SkipDeniedNodesTest

org.apache.jackrabbit.core.security.authorization.AbstractACLTemplateTest

org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest

org.apache.jackrabbit.core.security.authorization.AbstractVersionManagementTest

org.apache.jackrabbit.core.security.authorization.AbstractWriteTest

org.apache.jackrabbit.core.security.authorization.acl.ACLTemplateTest

org.apache.jackrabbit.core.security.authorization.acl.AcReadWriteTest

org.apache.jackrabbit.core.security.authorization.acl.EntryCollectorTest

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.