javax.jcr.security.AccessControlManager Java Examples

The following examples show how to use javax.jcr.security.AccessControlManager. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: JcrPackageManagerImplTest.java    From jackrabbit-filevault with Apache License 2.0 6 votes vote down vote up 
@Test
public void testGetPackageRootNoRootAccess() throws Exception {
    Node packageRoot = packMgr.getPackageRoot();

    // TODO: maybe rather change the setup of the test-base to not assume that everyone has full read-access
    AccessControlManager acMgr = admin.getAccessControlManager();
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
    acMgr.removePolicy(acl.getPath(), acl);

    AccessControlUtils.getAccessControlList(acMgr, "/etc/packages");
    AccessControlUtils.allow(packageRoot, org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal.NAME, javax.jcr.security.Privilege.JCR_READ);

    admin.save();

    Session anonymous = repository.login(new GuestCredentials());
    try {
        assertFalse(anonymous.nodeExists("/"));
        assertFalse(anonymous.nodeExists("/etc"));
        assertTrue(anonymous.nodeExists("/etc/packages"));

        JcrPackageManagerImpl jcrPackageManager = new JcrPackageManagerImpl(anonymous, new String[0]);
        jcrPackageManager.getPackageRoot(false);
    } finally {
        anonymous.logout();
    }
}
Example #2
Source File: PermissionActionHelper.java    From APM with Apache License 2.0 6 votes vote down vote up 
public List<Privilege> createPrivileges(final AccessControlManager accessControlManager,
    final List<String> permissions) throws RepositoryException, PermissionException {
  final List<Privilege> privileges = new ArrayList<>();
  final List<String> unknownPermissions = new ArrayList<>();
  for (final String permission : permissions) {
    try {
      privileges.addAll(createPrivileges(accessControlManager, permission));
    } catch (PermissionException e) {
      unknownPermissions.add(permission);
    }
  }
  if (!unknownPermissions.isEmpty()) {
    throw new PermissionException(MessagingUtils.unknownPermissions(unknownPermissions));
  }

  return privileges;
}
Example #3
Source File: JcrPackageManagerImplTest.java    From jackrabbit-filevault with Apache License 2.0 5 votes vote down vote up 
@Test
public void testGetPackageRootNoCreateAccess() throws Exception {
    // TODO: maybe rather change the setup of the test-base to not assume that everyone has full read-access
    AccessControlManager acMgr = admin.getAccessControlManager();
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
    for (AccessControlEntry ace : acl.getAccessControlEntries()) {
        acl.removeAccessControlEntry(ace);
    }
    acl.addEntry(AccessControlUtils.getEveryonePrincipal(admin),
            AccessControlUtils.privilegesFromNames(admin, javax.jcr.security.Privilege.JCR_READ),
            true,
            Collections.singletonMap("rep:glob", admin.getValueFactory().createValue("etc/*")));
    admin.save();

    Session anonymous = repository.login(new GuestCredentials());
    try {
        JcrPackageManagerImpl jcrPackageManager = new JcrPackageManagerImpl(anonymous, new String[0]);
        assertNull(jcrPackageManager.getPackageRoot(true));

        try {
            jcrPackageManager.getPackageRoot(false);
            fail();
        } catch (AccessDeniedException | PathNotFoundException e) {
            // success
        }
    }  finally {
        anonymous.logout();
    }
}
Example #4
Source File: SessionWrapper.java    From sling-whiteboard with Apache License 2.0 5 votes vote down vote up 
@Override
public AccessControlManager getAccessControlManager() throws UnsupportedRepositoryOperationException, RepositoryException {
    AccessControlManager manager = this.wrappedSession.getAccessControlManager();
    return manager instanceof JackrabbitAccessControlManager ?
            new JackrabbitAccessControlManagerWrapper(this, (JackrabbitAccessControlManager) manager) :
            new AccessControlManagerWrapper<>(this, manager);
}
Example #5
Source File: TestNoRootAccessExport.java    From jackrabbit-filevault with Apache License 2.0 5 votes vote down vote up 
@Test
@Ignore("JCRVLT-100")
public void exportNoRootAccess() throws RepositoryException, IOException, PackageException {
    // setup access control
    Node packageRoot = new JcrPackageManagerImpl(admin, new String[0]).getPackageRoot();
    AccessControlManager acMgr = admin.getAccessControlManager();
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
    acMgr.removePolicy(acl.getPath(), acl);

    AccessControlUtils.getAccessControlList(acMgr, packageRoot.getPath());
    AccessControlUtils.allow(packageRoot, org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal.NAME, Privilege.JCR_ALL);

    Node tmpNode = new JcrPackageManagerImpl(admin, new String[0]).getPackageRoot();
    AccessControlUtils.getAccessControlList(acMgr, tmpNode.getPath());
    AccessControlUtils.allow(tmpNode, org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal.NAME, Privilege.JCR_ALL);

    admin.save();

    // import existing package
    JcrPackage pack = packMgr.upload(getStream("/test-packages/tmp_foo_bar_test.zip"), false);
    PackageId id = pack.getDefinition().getId();
    assertNotNull(pack);
    pack.extract(getDefaultOptions());
    assertNodeExists("/tmp/foo/bar/test.txt");

    // login as guest an
    Session anonymous = repository.login(new GuestCredentials());
    JcrPackageManagerImpl jcrPackageManager = new JcrPackageManagerImpl(anonymous, new String[0]);
    pack = jcrPackageManager.open(id);
    jcrPackageManager.assemble(pack, null);
}
Example #6
Source File: DocViewSaxFormatterTest.java    From jackrabbit-filevault with Apache License 2.0 5 votes vote down vote up 
/**
 * Tests if an 'empty' node serialization includes the jcr namespace. see JCRVLT-266
 */
@Test
public void testFormatterIncludesJcrNamespace() throws Exception {
    // rep:itemNames restrictions are only supported in oak.
    Assume.assumeTrue(isOak());

    JcrUtils.getOrCreateByPath("/testroot", NodeType.NT_UNSTRUCTURED, admin);
    admin.save();

    // setup access control
    AccessControlManager acMgr = admin.getAccessControlManager();
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/testroot");

    Privilege[] privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_READ)};
    Map<String, Value[]> rest = new HashMap<>();
    rest.put("rep:itemNames", new Value[]{
            admin.getValueFactory().createValue("jcr:mixinTypes", PropertyType.NAME),
            admin.getValueFactory().createValue("jcr:primaryType", PropertyType.NAME)
    });
    acl.addEntry(EveryonePrincipal.getInstance(), privs, false, null, rest);
    acMgr.setPolicy("/testroot", acl);
    admin.save();

    Session guest = repository.login(new GuestCredentials());

    DefaultWorkspaceFilter filter = new DefaultWorkspaceFilter();
    filter.add(new PathFilterSet("/testroot"));
    RepositoryAddress addr = new RepositoryAddress("/" + admin.getWorkspace().getName() + "/");
    VaultFileSystem jcrfs = Mounter.mount(null, filter, addr, null, guest);
    Aggregate a = jcrfs.getAggregateManager().getRoot().getAggregate("testroot");
    DocViewSerializer s = new DocViewSerializer(a);

    ByteArrayOutputStream out = new ByteArrayOutputStream();
    s.writeContent(out);

    assertEquals("valid xml",
            "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
            "<jcr:root xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"/>\n", out.toString("utf-8"));
}
Example #7
Source File: RemoveAll.java    From APM with Apache License 2.0 5 votes vote down vote up 
private void removeAll(final Context context, Authorizable authorizable) throws RepositoryException {
  final AccessControlManager accessControlManager = context.getAccessControlManager();
  final Principal principal = authorizable.getPrincipal();

  final JackrabbitAccessControlList jackrabbitAcl = JackrabbitAccessControlListUtil
      .getModifiableAcl(accessControlManager, path);
  final AccessControlEntry[] accessControlEntries = jackrabbitAcl.getAccessControlEntries();
  for (final AccessControlEntry accessControlEntry : accessControlEntries) {
    if (accessControlEntry.getPrincipal().equals(principal)) {
      jackrabbitAcl.removeAccessControlEntry(accessControlEntry);
    }
  }
  accessControlManager.setPolicy(path, jackrabbitAcl);
}
Example #8
Source File: PermissionActionHelper.java    From APM with Apache License 2.0 5 votes vote down vote up 
private List<Privilege> createPrivileges(final AccessControlManager accessControlManager,
    final String permission) throws RepositoryException, PermissionException {
  try {
    Optional<PrivilegeGroup> privilegeGroup = PrivilegeGroup.getFromTitle(permission);
    if (privilegeGroup.isPresent()) {
      return privilegeGroup.get().toPrivileges(accessControlManager);
    } else {
      return Collections.singletonList(accessControlManager.privilegeFromName(permission));
    }
  } catch (AccessControlException e) {
    throw new PermissionException("Unknown permission " + permission, e);
  }
}
Example #9
Source File: PermissionActionHelper.java    From APM with Apache License 2.0 5 votes vote down vote up 
private void updateAccessControlList(boolean allow,
    final AccessControlManager accessControlManager,
    final List<Privilege> privileges, final Principal principal) throws RepositoryException {
  final JackrabbitAccessControlList jackrabbitAcl = JackrabbitAccessControlListUtil
      .getModifiableAcl(accessControlManager, path);

  addEntry(allow, privileges, principal, jackrabbitAcl);
  accessControlManager.setPolicy(path, jackrabbitAcl);
}
Example #10
Source File: JackrabbitAccessControlListUtil.java    From APM with Apache License 2.0 5 votes vote down vote up 
public static JackrabbitAccessControlList getAccessControlList(final AccessControlManager accessManager,
		final String path) throws RepositoryException {
	final AccessControlPolicy[] existing = accessManager.getPolicies(path);
	for (final AccessControlPolicy policy : existing) {
		if (policy instanceof JackrabbitAccessControlList) {
			return (JackrabbitAccessControlList) policy;
		}
	}
	return null;
}
Example #11
Source File: JackrabbitAccessControlListUtil.java    From APM with Apache License 2.0 5 votes vote down vote up 
public static JackrabbitAccessControlList getApplicableAccessControlList(
		final AccessControlManager accessManager, final String path) throws RepositoryException {
	// find policies which may be applied to node indicated by path (may be treated as policy factory)
	final AccessControlPolicyIterator applicablePolicies = accessManager.getApplicablePolicies(path);
	while (applicablePolicies.hasNext()) {
		final AccessControlPolicy policy = applicablePolicies.nextAccessControlPolicy();
		if (policy instanceof JackrabbitAccessControlList) {
			return (JackrabbitAccessControlList) policy;
		}
	}
	return null;
}
Example #12
Source File: JackrabbitAccessControlListUtil.java    From APM with Apache License 2.0 5 votes vote down vote up 
public static JackrabbitAccessControlList getModifiableAcl(final AccessControlManager accessManager,
		final String path) throws RepositoryException {
	final JackrabbitAccessControlList acl = getAccessControlList(accessManager, path);
	if (null != acl) {
		return acl;
	}

	final JackrabbitAccessControlList applicableAcl = getApplicableAccessControlList(accessManager, path);
	if (null != applicableAcl) {
		return applicableAcl;
	}

	throw new AccessControlException("No modifiable ACL at " + path);
}
Example #13
Source File: PermissionActionHelper.java    From APM with Apache License 2.0 4 votes vote down vote up 
public void applyPermissions(AccessControlManager accessControlManager, Principal principal,
    boolean allow) throws RepositoryException, PermissionException {
  final List<Privilege> privileges = createPrivileges(accessControlManager, permissions);
  updateAccessControlList(allow, accessControlManager, privileges, principal);
}
Example #14
Source File: PermissionActionHelper.java    From APM with Apache License 2.0 4 votes vote down vote up 
public void checkPermissions(AccessControlManager accessControlManager)
    throws RepositoryException, PermissionException {
  createPrivileges(accessControlManager, permissions);
}
Example #15
Source File: SessionImpl.java    From jackalope with Apache License 2.0 4 votes vote down vote up 
@Override
public AccessControlManager getAccessControlManager() throws UnsupportedRepositoryOperationException, RepositoryException {
    throw new UnsupportedRepositoryOperationException();
}
Example #16
Source File: JackrabbitACLImporter.java    From jackrabbit-filevault with Apache License 2.0 4 votes vote down vote up 
Privilege[] getPrivileges(AccessControlManager acMgr) throws RepositoryException {
    return AccessControlUtils.privilegesFromNames(acMgr, privileges);
}
Example #17
Source File: Context.java    From APM with Apache License 2.0 votes vote down vote up 
AccessControlManager getAccessControlManager();