javax.jcr.security.AccessControlPolicy Java Examples

The following examples show how to use javax.jcr.security.AccessControlPolicy. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: JackrabbitAccessControlListUtil.java    From APM with Apache License 2.0 5 votes vote down vote up
public static JackrabbitAccessControlList getApplicableAccessControlList(
		final AccessControlManager accessManager, final String path) throws RepositoryException {
	// find policies which may be applied to node indicated by path (may be treated as policy factory)
	final AccessControlPolicyIterator applicablePolicies = accessManager.getApplicablePolicies(path);
	while (applicablePolicies.hasNext()) {
		final AccessControlPolicy policy = applicablePolicies.nextAccessControlPolicy();
		if (policy instanceof JackrabbitAccessControlList) {
			return (JackrabbitAccessControlList) policy;
		}
	}
	return null;
}
 
Example #2
Source File: JackrabbitAccessControlListUtil.java    From APM with Apache License 2.0 5 votes vote down vote up
public static JackrabbitAccessControlList getAccessControlList(final AccessControlManager accessManager,
		final String path) throws RepositoryException {
	final AccessControlPolicy[] existing = accessManager.getPolicies(path);
	for (final AccessControlPolicy policy : existing) {
		if (policy instanceof JackrabbitAccessControlList) {
			return (JackrabbitAccessControlList) policy;
		}
	}
	return null;
}
 
Example #3
Source File: JackrabbitACLImporter.java    From jackrabbit-filevault with Apache License 2.0 5 votes vote down vote up
T getPolicy(Class<T> clz) throws RepositoryException {
    for (AccessControlPolicy p : acMgr.getPolicies(accessControlledPath)) {
        if (clz.isAssignableFrom(p.getClass())) {
            return (T) p;
        }
    }
    return null;
}
 
Example #4
Source File: JackrabbitACLImporter.java    From jackrabbit-filevault with Apache License 2.0 5 votes vote down vote up
T getPolicy(Class<T> clz, Principal principal) throws RepositoryException {
    if (acMgr instanceof JackrabbitAccessControlManager) {
        for (AccessControlPolicy p : ((JackrabbitAccessControlManager) acMgr).getPolicies(principal)) {
            if (clz.isAssignableFrom(p.getClass())) {
                return (T) p;
            }
        }
    }
    return null;
}
 
Example #5
Source File: JackrabbitACLImporter.java    From jackrabbit-filevault with Apache License 2.0 5 votes vote down vote up
T getApplicablePolicy(Class<T> clz) throws RepositoryException {
    AccessControlPolicyIterator iter = acMgr.getApplicablePolicies(accessControlledPath);
    while (iter.hasNext()) {
        AccessControlPolicy p = iter.nextAccessControlPolicy();
        if (clz.isAssignableFrom(p.getClass())) {
            return (T) p;
        }
    }

    // no applicable policy
    throw new RepositoryException("no applicable AccessControlPolicy of type "+ clz + " on " +
            (accessControlledPath == null ? "'root'" : accessControlledPath));
}
 
Example #6
Source File: JackrabbitACLImporter.java    From jackrabbit-filevault with Apache License 2.0 5 votes vote down vote up
T getApplicablePolicy(Class<T> clz, Principal principal) throws RepositoryException {
    if (acMgr instanceof JackrabbitAccessControlManager) {
        for (AccessControlPolicy p : ((JackrabbitAccessControlManager) acMgr).getApplicablePolicies(principal)) {
            if (clz.isAssignableFrom(p.getClass())) {
                return (T) p;
            }
        }
    }

    // no applicable policy
    throw new AccessControlException("no applicable AccessControlPolicy of type "+ clz + " for " + principal.getName());
}
 
Example #7
Source File: PrincipalBasedTest.java    From jackrabbit-filevault with Apache License 2.0 5 votes vote down vote up
private void assertPolicy(@NotNull Principal principal, @NotNull AccessControlEntry... expectedEntries) throws RepositoryException {
    for (AccessControlPolicy policy : acMgr.getPolicies(principal)) {
        if (policy instanceof PrincipalAccessControlList) {
            PrincipalAccessControlList pacl = (PrincipalAccessControlList) policy;
            AccessControlEntry[] aces = pacl.getAccessControlEntries();
            assertEquals(expectedEntries.length, aces.length);

            for (int i = 0; i < expectedEntries.length; i++) {
                assertTrue(expectedEntries[i] instanceof PrincipalAccessControlList.Entry);
                assertTrue(aces[i] instanceof PrincipalAccessControlList.Entry);


                PrincipalAccessControlList.Entry entry = (PrincipalAccessControlList.Entry) aces[i];
                PrincipalAccessControlList.Entry expected = (PrincipalAccessControlList.Entry) expectedEntries[i];

                assertEquals(expected.getEffectivePath(), entry.getEffectivePath());
                assertEquals(ImmutableSet.copyOf(expected.getPrivileges()), ImmutableSet.copyOf(entry.getPrivileges()));
                assertEquals(ImmutableSet.copyOf(expected.getRestrictionNames()), ImmutableSet.copyOf(entry.getRestrictionNames()));
                for (String rName : expected.getRestrictionNames()) {
                    if (pacl.isMultiValueRestriction(rName)) {
                        assertArrayEquals(expected.getRestrictions(rName), entry.getRestrictions(rName));
                    } else {
                        assertEquals(expected.getRestriction(rName), entry.getRestriction(rName));
                    }
                }
            }
            return;
        }
    }
    fail("expected PrincipalAccessControlList for principal " + principal.getName());
}
 
Example #8
Source File: IntegrationTestBase.java    From jackrabbit-filevault with Apache License 2.0 5 votes vote down vote up
public String dumpPermissions(String path) throws RepositoryException {
    StringBuilder ret = new StringBuilder();
    AccessControlPolicy[] ap = admin.getAccessControlManager().getPolicies(path);
    for (AccessControlPolicy p: ap) {
        if (p instanceof JackrabbitAccessControlList) {
            JackrabbitAccessControlList acl = (JackrabbitAccessControlList) p;
            for (AccessControlEntry ac: acl.getAccessControlEntries()) {
                if (ac instanceof JackrabbitAccessControlEntry) {
                    JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) ac;
                    ret.append(ace.isAllow() ? "\n- allow " : "deny ");
                    ret.append(ace.getPrincipal().getName());
                    char delim = '[';
                    for (Privilege priv: ace.getPrivileges()) {
                        ret.append(delim).append(priv.getName());
                        delim=',';
                    }
                    ret.append(']');
                    for (String restName: ace.getRestrictionNames()) {
                        Value[] values;
                        if ("rep:glob".equals(restName)) {
                            values = new Value[]{ace.getRestriction(restName)};
                        } else {
                            values = ace.getRestrictions(restName);
                        }
                        for (Value value : values) {
                            ret.append(" rest=").append(value.getString());
                        }
                    }
                }
            }
        }
    }
    return ret.toString();
}
 
Example #9
Source File: IntegrationTestBase.java    From jackrabbit-filevault with Apache License 2.0 5 votes vote down vote up
public void removeRepoACL() throws RepositoryException {
    AccessControlPolicy[] ap = admin.getAccessControlManager().getPolicies(null);
    for (AccessControlPolicy p: ap) {
        if (p instanceof JackrabbitAccessControlList) {
            JackrabbitAccessControlList acl = (JackrabbitAccessControlList) p;
            for (AccessControlEntry ac: acl.getAccessControlEntries()) {
                if (ac instanceof JackrabbitAccessControlEntry) {
                    acl.removeAccessControlEntry(ac);
                }
            }
        }
    }
    admin.save();
}
 
Example #10
Source File: JackrabbitAccessControlManagerWrapper.java    From sling-whiteboard with Apache License 2.0 4 votes vote down vote up
@Override
public AccessControlPolicy[] getEffectivePolicies(Set<Principal> principals) throws AccessDeniedException, AccessControlException, UnsupportedRepositoryOperationException, RepositoryException {
    return delegate.getEffectivePolicies(principals);
}
 
Example #11
Source File: AccessControlManagerWrapper.java    From sling-whiteboard with Apache License 2.0 4 votes vote down vote up
@Override
public AccessControlPolicy[] getPolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException {
    return delegate.getPolicies(absPath);
}
 
Example #12
Source File: AccessControlManagerWrapper.java    From sling-whiteboard with Apache License 2.0 4 votes vote down vote up
@Override
public AccessControlPolicy[] getEffectivePolicies(String absPath) throws PathNotFoundException, AccessDeniedException, RepositoryException {
    return delegate.getEffectivePolicies(absPath);
}
 
Example #13
Source File: AccessControlManagerWrapper.java    From sling-whiteboard with Apache License 2.0 4 votes vote down vote up
@Override
public void setPolicy(String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException, LockException, VersionException, RepositoryException {
    delegate.setPolicy(absPath, policy);
}
 
Example #14
Source File: AccessControlManagerWrapper.java    From sling-whiteboard with Apache License 2.0 4 votes vote down vote up
@Override
public void removePolicy(String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException, LockException, VersionException, RepositoryException {
    delegate.removePolicy(absPath, policy);
}
 
Example #15
Source File: IntegrationTestBase.java    From jackrabbit-filevault with Apache License 2.0 4 votes vote down vote up
public int hasPermission(String path, boolean allow, String[] privs, String name, Map<String, String[]> restrictions)
        throws RepositoryException {
    AccessControlPolicy[] ap = admin.getAccessControlManager().getPolicies(path);
    int idx = 0;
    for (AccessControlPolicy p: ap) {
        if (p instanceof JackrabbitAccessControlList) {
            JackrabbitAccessControlList acl = (JackrabbitAccessControlList) p;
            for (AccessControlEntry ac: acl.getAccessControlEntries()) {
                if (ac instanceof JackrabbitAccessControlEntry) {
                    idx++;
                    JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) ac;
                    if (ace.isAllow() != allow) {
                        continue;
                    }
                    if (!ace.getPrincipal().getName().equals(name)) {
                        continue;
                    }
                    Set<String> expectedPrivs = new HashSet<String>(Arrays.asList(privs));
                    for (Privilege priv: ace.getPrivileges()) {
                        if (!expectedPrivs.remove(priv.getName())) {
                            expectedPrivs.add("dummy");
                            break;
                        }
                    }
                    if (!expectedPrivs.isEmpty()) {
                        continue;
                    }
                    Map<String, String[]> rests = new HashMap<String, String[]>(restrictions);
                    boolean restrictionExpected = true;
                    for (String restName: ace.getRestrictionNames()) {
                        String[] expected = rests.remove(restName);
                        if (expected == null) {
                            continue;
                        }
                        Value[] values;
                        if ("rep:glob".equals(restName)) {
                            values = new Value[]{ace.getRestriction(restName)};
                        } else {
                            values = ace.getRestrictions(restName);
                        }
                        String[] actual = new String[values.length];
                        for (int i=0; i<actual.length; i++) {
                            actual[i] = values[i].getString();
                        }
                        Arrays.sort(expected);
                        Arrays.sort(actual);
                        if (!Arrays.equals(expected, actual)) {
                            restrictionExpected = false;
                            break;
                        }
                    }
                    if (!restrictionExpected || !rests.isEmpty()) {
                        continue;
                    }
                    return idx-1;
                }
            }
        }
    }
    return -1;
}