javax.jcr.security.Privilege Java Examples

The following examples show how to use javax.jcr.security.Privilege. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: TestAceOrder.java    From jackrabbit-filevault with Apache License 2.0 6 votes vote down vote up
@Override
public void setUp() throws Exception {
    super.setUp();
    uMgr = ((JackrabbitSession) admin).getUserManager();
    User testuser = uMgr.createUser(NAME_TEST_USER, null);
    admin.save();

    acMgr = admin.getAccessControlManager();

    Node tmp = admin.getRootNode().addNode("testroot").addNode("secured");
    JackrabbitAccessControlList list = AccessControlUtils.getAccessControlList(acMgr, tmp.getPath());
    Privilege[] writePrivilege = AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_WRITE);
    ValueFactory vf = admin.getValueFactory();
    Principal everyone = ((JackrabbitSession) admin).getPrincipalManager().getEveryone();
    list.addEntry(everyone, writePrivilege, true, ImmutableMap.of("rep:glob", vf.createValue("/foo")));
    list.addEntry(testuser.getPrincipal(), writePrivilege, false, ImmutableMap.of("rep:glob", vf.createValue("/foo")));
    list.addEntry(everyone, writePrivilege, true, ImmutableMap.of("rep:glob", vf.createValue("/bar")));
    acMgr.setPolicy(tmp.getPath(), list);

    expectedEntries = ImmutableList.copyOf(list.getAccessControlEntries());

    admin.refresh(false);
}
 
Example #2
Source File: PermissionActionHelper.java    From APM with Apache License 2.0 6 votes vote down vote up
public List<Privilege> createPrivileges(final AccessControlManager accessControlManager,
    final List<String> permissions) throws RepositoryException, PermissionException {
  final List<Privilege> privileges = new ArrayList<>();
  final List<String> unknownPermissions = new ArrayList<>();
  for (final String permission : permissions) {
    try {
      privileges.addAll(createPrivileges(accessControlManager, permission));
    } catch (PermissionException e) {
      unknownPermissions.add(permission);
    }
  }
  if (!unknownPermissions.isEmpty()) {
    throw new PermissionException(MessagingUtils.unknownPermissions(unknownPermissions));
  }

  return privileges;
}
 
Example #3
Source File: PermissionActionHelper.java    From APM with Apache License 2.0 5 votes vote down vote up
private void addEntry(boolean allow, final List<Privilege> privileges,
    final Principal principal,
    final JackrabbitAccessControlList jackrabbitAcl) throws RepositoryException {

  Map<String, Value> singleValueRestrictions = restrictions.getSingleValueRestrictions(valueFactory);
  Map<String, Value[]> multiValueRestrictions = restrictions.getMultiValueRestrictions(valueFactory);
  jackrabbitAcl.addEntry(principal, privileges.toArray(new Privilege[privileges.size()]), allow,
      singleValueRestrictions, multiValueRestrictions);
}
 
Example #4
Source File: TestNoRootAccessExport.java    From jackrabbit-filevault with Apache License 2.0 5 votes vote down vote up
@Test
@Ignore("JCRVLT-100")
public void exportNoRootAccess() throws RepositoryException, IOException, PackageException {
    // setup access control
    Node packageRoot = new JcrPackageManagerImpl(admin, new String[0]).getPackageRoot();
    AccessControlManager acMgr = admin.getAccessControlManager();
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
    acMgr.removePolicy(acl.getPath(), acl);

    AccessControlUtils.getAccessControlList(acMgr, packageRoot.getPath());
    AccessControlUtils.allow(packageRoot, org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal.NAME, Privilege.JCR_ALL);

    Node tmpNode = new JcrPackageManagerImpl(admin, new String[0]).getPackageRoot();
    AccessControlUtils.getAccessControlList(acMgr, tmpNode.getPath());
    AccessControlUtils.allow(tmpNode, org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal.NAME, Privilege.JCR_ALL);

    admin.save();

    // import existing package
    JcrPackage pack = packMgr.upload(getStream("/test-packages/tmp_foo_bar_test.zip"), false);
    PackageId id = pack.getDefinition().getId();
    assertNotNull(pack);
    pack.extract(getDefaultOptions());
    assertNodeExists("/tmp/foo/bar/test.txt");

    // login as guest an
    Session anonymous = repository.login(new GuestCredentials());
    JcrPackageManagerImpl jcrPackageManager = new JcrPackageManagerImpl(anonymous, new String[0]);
    pack = jcrPackageManager.open(id);
    jcrPackageManager.assemble(pack, null);
}
 
Example #5
Source File: IntegrationTestBase.java    From jackrabbit-filevault with Apache License 2.0 5 votes vote down vote up
public String dumpPermissions(String path) throws RepositoryException {
    StringBuilder ret = new StringBuilder();
    AccessControlPolicy[] ap = admin.getAccessControlManager().getPolicies(path);
    for (AccessControlPolicy p: ap) {
        if (p instanceof JackrabbitAccessControlList) {
            JackrabbitAccessControlList acl = (JackrabbitAccessControlList) p;
            for (AccessControlEntry ac: acl.getAccessControlEntries()) {
                if (ac instanceof JackrabbitAccessControlEntry) {
                    JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) ac;
                    ret.append(ace.isAllow() ? "\n- allow " : "deny ");
                    ret.append(ace.getPrincipal().getName());
                    char delim = '[';
                    for (Privilege priv: ace.getPrivileges()) {
                        ret.append(delim).append(priv.getName());
                        delim=',';
                    }
                    ret.append(']');
                    for (String restName: ace.getRestrictionNames()) {
                        Value[] values;
                        if ("rep:glob".equals(restName)) {
                            values = new Value[]{ace.getRestriction(restName)};
                        } else {
                            values = ace.getRestrictions(restName);
                        }
                        for (Value value : values) {
                            ret.append(" rest=").append(value.getString());
                        }
                    }
                }
            }
        }
    }
    return ret.toString();
}
 
Example #6
Source File: DocViewSaxFormatterTest.java    From jackrabbit-filevault with Apache License 2.0 5 votes vote down vote up
/**
 * Tests if an 'empty' node serialization includes the jcr namespace. see JCRVLT-266
 */
@Test
public void testFormatterIncludesJcrNamespace() throws Exception {
    // rep:itemNames restrictions are only supported in oak.
    Assume.assumeTrue(isOak());

    JcrUtils.getOrCreateByPath("/testroot", NodeType.NT_UNSTRUCTURED, admin);
    admin.save();

    // setup access control
    AccessControlManager acMgr = admin.getAccessControlManager();
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/testroot");

    Privilege[] privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_READ)};
    Map<String, Value[]> rest = new HashMap<>();
    rest.put("rep:itemNames", new Value[]{
            admin.getValueFactory().createValue("jcr:mixinTypes", PropertyType.NAME),
            admin.getValueFactory().createValue("jcr:primaryType", PropertyType.NAME)
    });
    acl.addEntry(EveryonePrincipal.getInstance(), privs, false, null, rest);
    acMgr.setPolicy("/testroot", acl);
    admin.save();

    Session guest = repository.login(new GuestCredentials());

    DefaultWorkspaceFilter filter = new DefaultWorkspaceFilter();
    filter.add(new PathFilterSet("/testroot"));
    RepositoryAddress addr = new RepositoryAddress("/" + admin.getWorkspace().getName() + "/");
    VaultFileSystem jcrfs = Mounter.mount(null, filter, addr, null, guest);
    Aggregate a = jcrfs.getAggregateManager().getRoot().getAggregate("testroot");
    DocViewSerializer s = new DocViewSerializer(a);

    ByteArrayOutputStream out = new ByteArrayOutputStream();
    s.writeContent(out);

    assertEquals("valid xml",
            "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
            "<jcr:root xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"/>\n", out.toString("utf-8"));
}
 
Example #7
Source File: PermissionActionHelper.java    From APM with Apache License 2.0 5 votes vote down vote up
private List<Privilege> createPrivileges(final AccessControlManager accessControlManager,
    final String permission) throws RepositoryException, PermissionException {
  try {
    Optional<PrivilegeGroup> privilegeGroup = PrivilegeGroup.getFromTitle(permission);
    if (privilegeGroup.isPresent()) {
      return privilegeGroup.get().toPrivileges(accessControlManager);
    } else {
      return Collections.singletonList(accessControlManager.privilegeFromName(permission));
    }
  } catch (AccessControlException e) {
    throw new PermissionException("Unknown permission " + permission, e);
  }
}
 
Example #8
Source File: PermissionActionHelper.java    From APM with Apache License 2.0 5 votes vote down vote up
private void updateAccessControlList(boolean allow,
    final AccessControlManager accessControlManager,
    final List<Privilege> privileges, final Principal principal) throws RepositoryException {
  final JackrabbitAccessControlList jackrabbitAcl = JackrabbitAccessControlListUtil
      .getModifiableAcl(accessControlManager, path);

  addEntry(allow, privileges, principal, jackrabbitAcl);
  accessControlManager.setPolicy(path, jackrabbitAcl);
}
 
Example #9
Source File: AccessControlManagerWrapper.java    From sling-whiteboard with Apache License 2.0 4 votes vote down vote up
@Override
public Privilege[] getPrivileges(String absPath) throws PathNotFoundException, RepositoryException {
    return delegate.getPrivileges(absPath);
}
 
Example #10
Source File: PermissionActionHelper.java    From APM with Apache License 2.0 4 votes vote down vote up
public void applyPermissions(AccessControlManager accessControlManager, Principal principal,
    boolean allow) throws RepositoryException, PermissionException {
  final List<Privilege> privileges = createPrivileges(accessControlManager, permissions);
  updateAccessControlList(allow, accessControlManager, privileges, principal);
}
 
Example #11
Source File: AccessControlManagerWrapper.java    From sling-whiteboard with Apache License 2.0 4 votes vote down vote up
@Override
public boolean hasPrivileges(String absPath, Privilege[] privileges) throws PathNotFoundException, RepositoryException {
    return delegate.hasPrivileges(absPath, privileges);
}
 
Example #12
Source File: JackrabbitAccessControlManagerWrapper.java    From sling-whiteboard with Apache License 2.0 4 votes vote down vote up
@Override
public boolean hasPrivileges(String absPath, Set<Principal> principals, Privilege[] privileges) throws PathNotFoundException, AccessDeniedException, RepositoryException {
    return delegate.hasPrivileges(absPath, principals, privileges);
}
 
Example #13
Source File: AccessControlManagerWrapper.java    From sling-whiteboard with Apache License 2.0 4 votes vote down vote up
@Override
public Privilege privilegeFromName(String privilegeName) throws AccessControlException, RepositoryException {
    return delegate.privilegeFromName(privilegeName);
}
 
Example #14
Source File: AccessControlManagerWrapper.java    From sling-whiteboard with Apache License 2.0 4 votes vote down vote up
@Override
public Privilege[] getSupportedPrivileges(String absPath) throws PathNotFoundException, RepositoryException {
    return delegate.getSupportedPrivileges(absPath);
}
 
Example #15
Source File: JackrabbitPrivilegeInstaller.java    From jackrabbit-filevault with Apache License 2.0 4 votes vote down vote up
/**
 * {@inheritDoc}
 */
public Collection<Privilege> install(ProgressTracker tracker, PrivilegeDefinitions defs)
        throws IOException, RepositoryException {

    Workspace wsp = session.getWorkspace();
    if (!(wsp instanceof JackrabbitWorkspace)) {
        throw new RepositoryException("Unable to register privileges. No JackrabbitWorkspace.");
    }
    PrivilegeManager mgr = ((JackrabbitWorkspace) wsp).getPrivilegeManager();

    ProgressTrackerListener.Mode mode = null;
    if (tracker != null) {
        mode = tracker.setMode(ProgressTrackerListener.Mode.TEXT);
    }

    JcrNamespaceHelper nsHelper = new JcrNamespaceHelper(session, tracker);

    // register namespaces
    nsHelper.registerNamespaces(defs.getNamespaceMapping().getPrefixToURIMapping());

    // register node types
    List<Privilege> registeredPrivs = new LinkedList<Privilege>();
    for (PrivilegeDefinition def: defs.getDefinitions()) {
        String name = getJCRName(def.getName());
        Privilege priv = null;
        try {
            priv = mgr.getPrivilege(name);
        } catch (RepositoryException e) {
            // ignore, already registered
        }
        if (priv == null) {
            String[] aggregateNames = new String[def.getDeclaredAggregateNames().size()];
            int i=0;
            for (Name n: def.getDeclaredAggregateNames()) {
                aggregateNames[i++] = getJCRName(n);
            }
            registeredPrivs.add(mgr.registerPrivilege(name, def.isAbstract(), aggregateNames));
            track(tracker, "A", name);
        } else {
            track(tracker, "-", name);
        }
    }

    if (tracker != null) {
        tracker.setMode(mode);
    }
    return registeredPrivs;
}
 
Example #16
Source File: PrivilegeInstaller.java    From jackrabbit-filevault with Apache License 2.0 4 votes vote down vote up
Collection<Privilege> install(ProgressTracker tracker, PrivilegeDefinitions defs)
throws IOException, RepositoryException;
 
Example #17
Source File: JackrabbitACLImporter.java    From jackrabbit-filevault with Apache License 2.0 4 votes vote down vote up
Privilege[] getPrivileges(AccessControlManager acMgr) throws RepositoryException {
    return AccessControlUtils.privilegesFromNames(acMgr, privileges);
}
 
Example #18
Source File: PrivilegeManagerWrapper.java    From sling-whiteboard with Apache License 2.0 4 votes vote down vote up
@Override
public Privilege registerPrivilege(String privilegeName, boolean isAbstract, String[] declaredAggregateNames) throws AccessDeniedException, NamespaceException, RepositoryException {
    return delegate.registerPrivilege(privilegeName, isAbstract, declaredAggregateNames);
}
 
Example #19
Source File: PrivilegeManagerWrapper.java    From sling-whiteboard with Apache License 2.0 4 votes vote down vote up
@Override
public Privilege getPrivilege(String privilegeName) throws AccessControlException, RepositoryException {
    return delegate.getPrivilege(privilegeName);
}
 
Example #20
Source File: IntegrationTestBase.java    From jackrabbit-filevault with Apache License 2.0 4 votes vote down vote up
public int hasPermission(String path, boolean allow, String[] privs, String name, Map<String, String[]> restrictions)
        throws RepositoryException {
    AccessControlPolicy[] ap = admin.getAccessControlManager().getPolicies(path);
    int idx = 0;
    for (AccessControlPolicy p: ap) {
        if (p instanceof JackrabbitAccessControlList) {
            JackrabbitAccessControlList acl = (JackrabbitAccessControlList) p;
            for (AccessControlEntry ac: acl.getAccessControlEntries()) {
                if (ac instanceof JackrabbitAccessControlEntry) {
                    idx++;
                    JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) ac;
                    if (ace.isAllow() != allow) {
                        continue;
                    }
                    if (!ace.getPrincipal().getName().equals(name)) {
                        continue;
                    }
                    Set<String> expectedPrivs = new HashSet<String>(Arrays.asList(privs));
                    for (Privilege priv: ace.getPrivileges()) {
                        if (!expectedPrivs.remove(priv.getName())) {
                            expectedPrivs.add("dummy");
                            break;
                        }
                    }
                    if (!expectedPrivs.isEmpty()) {
                        continue;
                    }
                    Map<String, String[]> rests = new HashMap<String, String[]>(restrictions);
                    boolean restrictionExpected = true;
                    for (String restName: ace.getRestrictionNames()) {
                        String[] expected = rests.remove(restName);
                        if (expected == null) {
                            continue;
                        }
                        Value[] values;
                        if ("rep:glob".equals(restName)) {
                            values = new Value[]{ace.getRestriction(restName)};
                        } else {
                            values = ace.getRestrictions(restName);
                        }
                        String[] actual = new String[values.length];
                        for (int i=0; i<actual.length; i++) {
                            actual[i] = values[i].getString();
                        }
                        Arrays.sort(expected);
                        Arrays.sort(actual);
                        if (!Arrays.equals(expected, actual)) {
                            restrictionExpected = false;
                            break;
                        }
                    }
                    if (!restrictionExpected || !rests.isEmpty()) {
                        continue;
                    }
                    return idx-1;
                }
            }
        }
    }
    return -1;
}
 
Example #21
Source File: PrivilegeManagerWrapper.java    From sling-whiteboard with Apache License 2.0 4 votes vote down vote up
@Override
public Privilege[] getRegisteredPrivileges() throws RepositoryException {
    return delegate.getRegisteredPrivileges();
}
 
Example #22
Source File: JackrabbitAccessControlManagerWrapper.java    From sling-whiteboard with Apache License 2.0 4 votes vote down vote up
@Override
public Privilege[] getPrivileges(String absPath, Set<Principal> principals) throws PathNotFoundException, AccessDeniedException, RepositoryException {
    return delegate.getPrivileges(absPath, principals);
}