org.apache.jackrabbit.api.security.JackrabbitAccessControlList Java Examples
The following examples show how to use
org.apache.jackrabbit.api.security.JackrabbitAccessControlList.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: JackrabbitACLImporter.java From jackrabbit-filevault with Apache License 2.0 | 6 votes |
|
void convertRestrictions(JackrabbitAccessControlList acl, ValueFactory vf, Map<String, Value> svRestrictions, Map<String, Value[]> mvRestrictions) throws RepositoryException {
for (String restName : acl.getRestrictionNames()) {
DocViewProperty restriction = restrictions.get(restName);
if (restriction != null) {
Value[] values = new Value[restriction.values.length];
int type = acl.getRestrictionType(restName);
for (int i=0; i<values.length; i++) {
values[i] = vf.createValue(restriction.values[i], type);
}
if (restriction.isMulti) {
mvRestrictions.put(restName, values);
} else {
svRestrictions.put(restName, values[0]);
}
}
}
}
Example #2
| Source File: TestAceOrder.java From jackrabbit-filevault with Apache License 2.0 | 6 votes |
|
@Override
public void setUp() throws Exception {
super.setUp();
uMgr = ((JackrabbitSession) admin).getUserManager();
User testuser = uMgr.createUser(NAME_TEST_USER, null);
admin.save();
acMgr = admin.getAccessControlManager();
Node tmp = admin.getRootNode().addNode("testroot").addNode("secured");
JackrabbitAccessControlList list = AccessControlUtils.getAccessControlList(acMgr, tmp.getPath());
Privilege[] writePrivilege = AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_WRITE);
ValueFactory vf = admin.getValueFactory();
Principal everyone = ((JackrabbitSession) admin).getPrincipalManager().getEveryone();
list.addEntry(everyone, writePrivilege, true, ImmutableMap.of("rep:glob", vf.createValue("/foo")));
list.addEntry(testuser.getPrincipal(), writePrivilege, false, ImmutableMap.of("rep:glob", vf.createValue("/foo")));
list.addEntry(everyone, writePrivilege, true, ImmutableMap.of("rep:glob", vf.createValue("/bar")));
acMgr.setPolicy(tmp.getPath(), list);
expectedEntries = ImmutableList.copyOf(list.getAccessControlEntries());
admin.refresh(false);
}
Example #3
| Source File: JcrPackageManagerImplTest.java From jackrabbit-filevault with Apache License 2.0 | 6 votes |
|
@Test
public void testGetPackageRootNoRootAccess() throws Exception {
Node packageRoot = packMgr.getPackageRoot();
// TODO: maybe rather change the setup of the test-base to not assume that everyone has full read-access
AccessControlManager acMgr = admin.getAccessControlManager();
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
acMgr.removePolicy(acl.getPath(), acl);
AccessControlUtils.getAccessControlList(acMgr, "/etc/packages");
AccessControlUtils.allow(packageRoot, org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal.NAME, javax.jcr.security.Privilege.JCR_READ);
admin.save();
Session anonymous = repository.login(new GuestCredentials());
try {
assertFalse(anonymous.nodeExists("/"));
assertFalse(anonymous.nodeExists("/etc"));
assertTrue(anonymous.nodeExists("/etc/packages"));
JcrPackageManagerImpl jcrPackageManager = new JcrPackageManagerImpl(anonymous, new String[0]);
jcrPackageManager.getPackageRoot(false);
} finally {
anonymous.logout();
}
}
Example #4
| Source File: JackrabbitAccessControlListUtil.java From APM with Apache License 2.0 | 5 votes |
|
public static JackrabbitAccessControlList getModifiableAcl(final AccessControlManager accessManager,
final String path) throws RepositoryException {
final JackrabbitAccessControlList acl = getAccessControlList(accessManager, path);
if (null != acl) {
return acl;
}
final JackrabbitAccessControlList applicableAcl = getApplicableAccessControlList(accessManager, path);
if (null != applicableAcl) {
return applicableAcl;
}
throw new AccessControlException("No modifiable ACL at " + path);
}
Example #5
| Source File: JackrabbitAccessControlListUtil.java From APM with Apache License 2.0 | 5 votes |
|
public static JackrabbitAccessControlList getApplicableAccessControlList(
final AccessControlManager accessManager, final String path) throws RepositoryException {
// find policies which may be applied to node indicated by path (may be treated as policy factory)
final AccessControlPolicyIterator applicablePolicies = accessManager.getApplicablePolicies(path);
while (applicablePolicies.hasNext()) {
final AccessControlPolicy policy = applicablePolicies.nextAccessControlPolicy();
if (policy instanceof JackrabbitAccessControlList) {
return (JackrabbitAccessControlList) policy;
}
}
return null;
}
Example #6
| Source File: JackrabbitAccessControlListUtil.java From APM with Apache License 2.0 | 5 votes |
|
public static JackrabbitAccessControlList getAccessControlList(final AccessControlManager accessManager,
final String path) throws RepositoryException {
final AccessControlPolicy[] existing = accessManager.getPolicies(path);
for (final AccessControlPolicy policy : existing) {
if (policy instanceof JackrabbitAccessControlList) {
return (JackrabbitAccessControlList) policy;
}
}
return null;
}
Example #7
| Source File: PermissionActionHelper.java From APM with Apache License 2.0 | 5 votes |
|
private void updateAccessControlList(boolean allow,
final AccessControlManager accessControlManager,
final List<Privilege> privileges, final Principal principal) throws RepositoryException {
final JackrabbitAccessControlList jackrabbitAcl = JackrabbitAccessControlListUtil
.getModifiableAcl(accessControlManager, path);
addEntry(allow, privileges, principal, jackrabbitAcl);
accessControlManager.setPolicy(path, jackrabbitAcl);
}
Example #8
| Source File: PermissionActionHelper.java From APM with Apache License 2.0 | 5 votes |
|
private void addEntry(boolean allow, final List<Privilege> privileges,
final Principal principal,
final JackrabbitAccessControlList jackrabbitAcl) throws RepositoryException {
Map<String, Value> singleValueRestrictions = restrictions.getSingleValueRestrictions(valueFactory);
Map<String, Value[]> multiValueRestrictions = restrictions.getMultiValueRestrictions(valueFactory);
jackrabbitAcl.addEntry(principal, privileges.toArray(new Privilege[privileges.size()]), allow,
singleValueRestrictions, multiValueRestrictions);
}
Example #9
| Source File: RemoveAll.java From APM with Apache License 2.0 | 5 votes |
|
private void removeAll(final Context context, Authorizable authorizable) throws RepositoryException {
final AccessControlManager accessControlManager = context.getAccessControlManager();
final Principal principal = authorizable.getPrincipal();
final JackrabbitAccessControlList jackrabbitAcl = JackrabbitAccessControlListUtil
.getModifiableAcl(accessControlManager, path);
final AccessControlEntry[] accessControlEntries = jackrabbitAcl.getAccessControlEntries();
for (final AccessControlEntry accessControlEntry : accessControlEntries) {
if (accessControlEntry.getPrincipal().equals(principal)) {
jackrabbitAcl.removeAccessControlEntry(accessControlEntry);
}
}
accessControlManager.setPolicy(path, jackrabbitAcl);
}
Example #10
| Source File: DocViewSaxFormatterTest.java From jackrabbit-filevault with Apache License 2.0 | 5 votes |
|
/**
* Tests if an 'empty' node serialization includes the jcr namespace. see JCRVLT-266
*/
@Test
public void testFormatterIncludesJcrNamespace() throws Exception {
// rep:itemNames restrictions are only supported in oak.
Assume.assumeTrue(isOak());
JcrUtils.getOrCreateByPath("/testroot", NodeType.NT_UNSTRUCTURED, admin);
admin.save();
// setup access control
AccessControlManager acMgr = admin.getAccessControlManager();
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/testroot");
Privilege[] privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_READ)};
Map<String, Value[]> rest = new HashMap<>();
rest.put("rep:itemNames", new Value[]{
admin.getValueFactory().createValue("jcr:mixinTypes", PropertyType.NAME),
admin.getValueFactory().createValue("jcr:primaryType", PropertyType.NAME)
});
acl.addEntry(EveryonePrincipal.getInstance(), privs, false, null, rest);
acMgr.setPolicy("/testroot", acl);
admin.save();
Session guest = repository.login(new GuestCredentials());
DefaultWorkspaceFilter filter = new DefaultWorkspaceFilter();
filter.add(new PathFilterSet("/testroot"));
RepositoryAddress addr = new RepositoryAddress("/" + admin.getWorkspace().getName() + "/");
VaultFileSystem jcrfs = Mounter.mount(null, filter, addr, null, guest);
Aggregate a = jcrfs.getAggregateManager().getRoot().getAggregate("testroot");
DocViewSerializer s = new DocViewSerializer(a);
ByteArrayOutputStream out = new ByteArrayOutputStream();
s.writeContent(out);
assertEquals("valid xml",
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
"<jcr:root xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"/>\n", out.toString("utf-8"));
}
Example #11
| Source File: IntegrationTestBase.java From jackrabbit-filevault with Apache License 2.0 | 5 votes |
|
public String dumpPermissions(String path) throws RepositoryException {
StringBuilder ret = new StringBuilder();
AccessControlPolicy[] ap = admin.getAccessControlManager().getPolicies(path);
for (AccessControlPolicy p: ap) {
if (p instanceof JackrabbitAccessControlList) {
JackrabbitAccessControlList acl = (JackrabbitAccessControlList) p;
for (AccessControlEntry ac: acl.getAccessControlEntries()) {
if (ac instanceof JackrabbitAccessControlEntry) {
JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) ac;
ret.append(ace.isAllow() ? "\n- allow " : "deny ");
ret.append(ace.getPrincipal().getName());
char delim = '[';
for (Privilege priv: ace.getPrivileges()) {
ret.append(delim).append(priv.getName());
delim=',';
}
ret.append(']');
for (String restName: ace.getRestrictionNames()) {
Value[] values;
if ("rep:glob".equals(restName)) {
values = new Value[]{ace.getRestriction(restName)};
} else {
values = ace.getRestrictions(restName);
}
for (Value value : values) {
ret.append(" rest=").append(value.getString());
}
}
}
}
}
}
return ret.toString();
}
Example #12
| Source File: IntegrationTestBase.java From jackrabbit-filevault with Apache License 2.0 | 5 votes |
|
public void removeRepoACL() throws RepositoryException {
AccessControlPolicy[] ap = admin.getAccessControlManager().getPolicies(null);
for (AccessControlPolicy p: ap) {
if (p instanceof JackrabbitAccessControlList) {
JackrabbitAccessControlList acl = (JackrabbitAccessControlList) p;
for (AccessControlEntry ac: acl.getAccessControlEntries()) {
if (ac instanceof JackrabbitAccessControlEntry) {
acl.removeAccessControlEntry(ac);
}
}
}
}
admin.save();
}
Example #13
| Source File: TestNoRootAccessExport.java From jackrabbit-filevault with Apache License 2.0 | 5 votes |
|
@Test
@Ignore("JCRVLT-100")
public void exportNoRootAccess() throws RepositoryException, IOException, PackageException {
// setup access control
Node packageRoot = new JcrPackageManagerImpl(admin, new String[0]).getPackageRoot();
AccessControlManager acMgr = admin.getAccessControlManager();
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
acMgr.removePolicy(acl.getPath(), acl);
AccessControlUtils.getAccessControlList(acMgr, packageRoot.getPath());
AccessControlUtils.allow(packageRoot, org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal.NAME, Privilege.JCR_ALL);
Node tmpNode = new JcrPackageManagerImpl(admin, new String[0]).getPackageRoot();
AccessControlUtils.getAccessControlList(acMgr, tmpNode.getPath());
AccessControlUtils.allow(tmpNode, org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal.NAME, Privilege.JCR_ALL);
admin.save();
// import existing package
JcrPackage pack = packMgr.upload(getStream("/test-packages/tmp_foo_bar_test.zip"), false);
PackageId id = pack.getDefinition().getId();
assertNotNull(pack);
pack.extract(getDefaultOptions());
assertNodeExists("/tmp/foo/bar/test.txt");
// login as guest an
Session anonymous = repository.login(new GuestCredentials());
JcrPackageManagerImpl jcrPackageManager = new JcrPackageManagerImpl(anonymous, new String[0]);
pack = jcrPackageManager.open(id);
jcrPackageManager.assemble(pack, null);
}
Example #14
| Source File: JcrPackageManagerImplTest.java From jackrabbit-filevault with Apache License 2.0 | 5 votes |
|
@Test
public void testGetPackageRootNoCreateAccess() throws Exception {
// TODO: maybe rather change the setup of the test-base to not assume that everyone has full read-access
AccessControlManager acMgr = admin.getAccessControlManager();
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
for (AccessControlEntry ace : acl.getAccessControlEntries()) {
acl.removeAccessControlEntry(ace);
}
acl.addEntry(AccessControlUtils.getEveryonePrincipal(admin),
AccessControlUtils.privilegesFromNames(admin, javax.jcr.security.Privilege.JCR_READ),
true,
Collections.singletonMap("rep:glob", admin.getValueFactory().createValue("etc/*")));
admin.save();
Session anonymous = repository.login(new GuestCredentials());
try {
JcrPackageManagerImpl jcrPackageManager = new JcrPackageManagerImpl(anonymous, new String[0]);
assertNull(jcrPackageManager.getPackageRoot(true));
try {
jcrPackageManager.getPackageRoot(false);
fail();
} catch (AccessDeniedException | PathNotFoundException e) {
// success
}
} finally {
anonymous.logout();
}
}
Example #15
| Source File: IntegrationTestBase.java From jackrabbit-filevault with Apache License 2.0 | 4 votes |
|
public int hasPermission(String path, boolean allow, String[] privs, String name, Map<String, String[]> restrictions)
throws RepositoryException {
AccessControlPolicy[] ap = admin.getAccessControlManager().getPolicies(path);
int idx = 0;
for (AccessControlPolicy p: ap) {
if (p instanceof JackrabbitAccessControlList) {
JackrabbitAccessControlList acl = (JackrabbitAccessControlList) p;
for (AccessControlEntry ac: acl.getAccessControlEntries()) {
if (ac instanceof JackrabbitAccessControlEntry) {
idx++;
JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) ac;
if (ace.isAllow() != allow) {
continue;
}
if (!ace.getPrincipal().getName().equals(name)) {
continue;
}
Set<String> expectedPrivs = new HashSet<String>(Arrays.asList(privs));
for (Privilege priv: ace.getPrivileges()) {
if (!expectedPrivs.remove(priv.getName())) {
expectedPrivs.add("dummy");
break;
}
}
if (!expectedPrivs.isEmpty()) {
continue;
}
Map<String, String[]> rests = new HashMap<String, String[]>(restrictions);
boolean restrictionExpected = true;
for (String restName: ace.getRestrictionNames()) {
String[] expected = rests.remove(restName);
if (expected == null) {
continue;
}
Value[] values;
if ("rep:glob".equals(restName)) {
values = new Value[]{ace.getRestriction(restName)};
} else {
values = ace.getRestrictions(restName);
}
String[] actual = new String[values.length];
for (int i=0; i<actual.length; i++) {
actual[i] = values[i].getString();
}
Arrays.sort(expected);
Arrays.sort(actual);
if (!Arrays.equals(expected, actual)) {
restrictionExpected = false;
break;
}
}
if (!restrictionExpected || !rests.isEmpty()) {
continue;
}
return idx-1;
}
}
}
}
return -1;
}
Example #16
| Source File: TestAceOrder.java From jackrabbit-filevault with Apache License 2.0 | 4 votes |
|
private void assertACEs(@NotNull String path) throws Exception {
JackrabbitAccessControlList list = AccessControlUtils.getAccessControlList(acMgr, path);
AccessControlEntry[] entries = list.getAccessControlEntries();
assertEquals(expectedEntries, ImmutableList.copyOf(entries));
}
