javax.jcr.security.Privilege Java Examples
The following examples show how to use
javax.jcr.security.Privilege.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: TestAceOrder.java From jackrabbit-filevault with Apache License 2.0 | 6 votes |
|
@Override
public void setUp() throws Exception {
super.setUp();
uMgr = ((JackrabbitSession) admin).getUserManager();
User testuser = uMgr.createUser(NAME_TEST_USER, null);
admin.save();
acMgr = admin.getAccessControlManager();
Node tmp = admin.getRootNode().addNode("testroot").addNode("secured");
JackrabbitAccessControlList list = AccessControlUtils.getAccessControlList(acMgr, tmp.getPath());
Privilege[] writePrivilege = AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_WRITE);
ValueFactory vf = admin.getValueFactory();
Principal everyone = ((JackrabbitSession) admin).getPrincipalManager().getEveryone();
list.addEntry(everyone, writePrivilege, true, ImmutableMap.of("rep:glob", vf.createValue("/foo")));
list.addEntry(testuser.getPrincipal(), writePrivilege, false, ImmutableMap.of("rep:glob", vf.createValue("/foo")));
list.addEntry(everyone, writePrivilege, true, ImmutableMap.of("rep:glob", vf.createValue("/bar")));
acMgr.setPolicy(tmp.getPath(), list);
expectedEntries = ImmutableList.copyOf(list.getAccessControlEntries());
admin.refresh(false);
}
Example #2
| Source File: PermissionActionHelper.java From APM with Apache License 2.0 | 6 votes |
|
public List<Privilege> createPrivileges(final AccessControlManager accessControlManager,
final List<String> permissions) throws RepositoryException, PermissionException {
final List<Privilege> privileges = new ArrayList<>();
final List<String> unknownPermissions = new ArrayList<>();
for (final String permission : permissions) {
try {
privileges.addAll(createPrivileges(accessControlManager, permission));
} catch (PermissionException e) {
unknownPermissions.add(permission);
}
}
if (!unknownPermissions.isEmpty()) {
throw new PermissionException(MessagingUtils.unknownPermissions(unknownPermissions));
}
return privileges;
}
Example #3
| Source File: PermissionActionHelper.java From APM with Apache License 2.0 | 5 votes |
|
private void addEntry(boolean allow, final List<Privilege> privileges,
final Principal principal,
final JackrabbitAccessControlList jackrabbitAcl) throws RepositoryException {
Map<String, Value> singleValueRestrictions = restrictions.getSingleValueRestrictions(valueFactory);
Map<String, Value[]> multiValueRestrictions = restrictions.getMultiValueRestrictions(valueFactory);
jackrabbitAcl.addEntry(principal, privileges.toArray(new Privilege[privileges.size()]), allow,
singleValueRestrictions, multiValueRestrictions);
}
Example #4
| Source File: TestNoRootAccessExport.java From jackrabbit-filevault with Apache License 2.0 | 5 votes |
|
@Test
@Ignore("JCRVLT-100")
public void exportNoRootAccess() throws RepositoryException, IOException, PackageException {
// setup access control
Node packageRoot = new JcrPackageManagerImpl(admin, new String[0]).getPackageRoot();
AccessControlManager acMgr = admin.getAccessControlManager();
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
acMgr.removePolicy(acl.getPath(), acl);
AccessControlUtils.getAccessControlList(acMgr, packageRoot.getPath());
AccessControlUtils.allow(packageRoot, org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal.NAME, Privilege.JCR_ALL);
Node tmpNode = new JcrPackageManagerImpl(admin, new String[0]).getPackageRoot();
AccessControlUtils.getAccessControlList(acMgr, tmpNode.getPath());
AccessControlUtils.allow(tmpNode, org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal.NAME, Privilege.JCR_ALL);
admin.save();
// import existing package
JcrPackage pack = packMgr.upload(getStream("/test-packages/tmp_foo_bar_test.zip"), false);
PackageId id = pack.getDefinition().getId();
assertNotNull(pack);
pack.extract(getDefaultOptions());
assertNodeExists("/tmp/foo/bar/test.txt");
// login as guest an
Session anonymous = repository.login(new GuestCredentials());
JcrPackageManagerImpl jcrPackageManager = new JcrPackageManagerImpl(anonymous, new String[0]);
pack = jcrPackageManager.open(id);
jcrPackageManager.assemble(pack, null);
}
Example #5
| Source File: IntegrationTestBase.java From jackrabbit-filevault with Apache License 2.0 | 5 votes |
|
public String dumpPermissions(String path) throws RepositoryException {
StringBuilder ret = new StringBuilder();
AccessControlPolicy[] ap = admin.getAccessControlManager().getPolicies(path);
for (AccessControlPolicy p: ap) {
if (p instanceof JackrabbitAccessControlList) {
JackrabbitAccessControlList acl = (JackrabbitAccessControlList) p;
for (AccessControlEntry ac: acl.getAccessControlEntries()) {
if (ac instanceof JackrabbitAccessControlEntry) {
JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) ac;
ret.append(ace.isAllow() ? "\n- allow " : "deny ");
ret.append(ace.getPrincipal().getName());
char delim = '[';
for (Privilege priv: ace.getPrivileges()) {
ret.append(delim).append(priv.getName());
delim=',';
}
ret.append(']');
for (String restName: ace.getRestrictionNames()) {
Value[] values;
if ("rep:glob".equals(restName)) {
values = new Value[]{ace.getRestriction(restName)};
} else {
values = ace.getRestrictions(restName);
}
for (Value value : values) {
ret.append(" rest=").append(value.getString());
}
}
}
}
}
}
return ret.toString();
}
Example #6
| Source File: DocViewSaxFormatterTest.java From jackrabbit-filevault with Apache License 2.0 | 5 votes |
|
/**
* Tests if an 'empty' node serialization includes the jcr namespace. see JCRVLT-266
*/
@Test
public void testFormatterIncludesJcrNamespace() throws Exception {
// rep:itemNames restrictions are only supported in oak.
Assume.assumeTrue(isOak());
JcrUtils.getOrCreateByPath("/testroot", NodeType.NT_UNSTRUCTURED, admin);
admin.save();
// setup access control
AccessControlManager acMgr = admin.getAccessControlManager();
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/testroot");
Privilege[] privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_READ)};
Map<String, Value[]> rest = new HashMap<>();
rest.put("rep:itemNames", new Value[]{
admin.getValueFactory().createValue("jcr:mixinTypes", PropertyType.NAME),
admin.getValueFactory().createValue("jcr:primaryType", PropertyType.NAME)
});
acl.addEntry(EveryonePrincipal.getInstance(), privs, false, null, rest);
acMgr.setPolicy("/testroot", acl);
admin.save();
Session guest = repository.login(new GuestCredentials());
DefaultWorkspaceFilter filter = new DefaultWorkspaceFilter();
filter.add(new PathFilterSet("/testroot"));
RepositoryAddress addr = new RepositoryAddress("/" + admin.getWorkspace().getName() + "/");
VaultFileSystem jcrfs = Mounter.mount(null, filter, addr, null, guest);
Aggregate a = jcrfs.getAggregateManager().getRoot().getAggregate("testroot");
DocViewSerializer s = new DocViewSerializer(a);
ByteArrayOutputStream out = new ByteArrayOutputStream();
s.writeContent(out);
assertEquals("valid xml",
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
"<jcr:root xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"/>\n", out.toString("utf-8"));
}
Example #7
| Source File: PermissionActionHelper.java From APM with Apache License 2.0 | 5 votes |
|
private List<Privilege> createPrivileges(final AccessControlManager accessControlManager,
final String permission) throws RepositoryException, PermissionException {
try {
Optional<PrivilegeGroup> privilegeGroup = PrivilegeGroup.getFromTitle(permission);
if (privilegeGroup.isPresent()) {
return privilegeGroup.get().toPrivileges(accessControlManager);
} else {
return Collections.singletonList(accessControlManager.privilegeFromName(permission));
}
} catch (AccessControlException e) {
throw new PermissionException("Unknown permission " + permission, e);
}
}
Example #8
| Source File: PermissionActionHelper.java From APM with Apache License 2.0 | 5 votes |
|
private void updateAccessControlList(boolean allow,
final AccessControlManager accessControlManager,
final List<Privilege> privileges, final Principal principal) throws RepositoryException {
final JackrabbitAccessControlList jackrabbitAcl = JackrabbitAccessControlListUtil
.getModifiableAcl(accessControlManager, path);
addEntry(allow, privileges, principal, jackrabbitAcl);
accessControlManager.setPolicy(path, jackrabbitAcl);
}
Example #9
| Source File: AccessControlManagerWrapper.java From sling-whiteboard with Apache License 2.0 | 4 votes |
|
@Override
public Privilege[] getPrivileges(String absPath) throws PathNotFoundException, RepositoryException {
return delegate.getPrivileges(absPath);
}
Example #10
| Source File: PermissionActionHelper.java From APM with Apache License 2.0 | 4 votes |
|
public void applyPermissions(AccessControlManager accessControlManager, Principal principal,
boolean allow) throws RepositoryException, PermissionException {
final List<Privilege> privileges = createPrivileges(accessControlManager, permissions);
updateAccessControlList(allow, accessControlManager, privileges, principal);
}
Example #11
| Source File: AccessControlManagerWrapper.java From sling-whiteboard with Apache License 2.0 | 4 votes |
|
@Override
public boolean hasPrivileges(String absPath, Privilege[] privileges) throws PathNotFoundException, RepositoryException {
return delegate.hasPrivileges(absPath, privileges);
}
Example #12
| Source File: JackrabbitAccessControlManagerWrapper.java From sling-whiteboard with Apache License 2.0 | 4 votes |
|
@Override
public boolean hasPrivileges(String absPath, Set<Principal> principals, Privilege[] privileges) throws PathNotFoundException, AccessDeniedException, RepositoryException {
return delegate.hasPrivileges(absPath, principals, privileges);
}
Example #13
| Source File: AccessControlManagerWrapper.java From sling-whiteboard with Apache License 2.0 | 4 votes |
|
@Override
public Privilege privilegeFromName(String privilegeName) throws AccessControlException, RepositoryException {
return delegate.privilegeFromName(privilegeName);
}
Example #14
| Source File: AccessControlManagerWrapper.java From sling-whiteboard with Apache License 2.0 | 4 votes |
|
@Override
public Privilege[] getSupportedPrivileges(String absPath) throws PathNotFoundException, RepositoryException {
return delegate.getSupportedPrivileges(absPath);
}
Example #15
| Source File: JackrabbitPrivilegeInstaller.java From jackrabbit-filevault with Apache License 2.0 | 4 votes |
|
/**
* {@inheritDoc}
*/
public Collection<Privilege> install(ProgressTracker tracker, PrivilegeDefinitions defs)
throws IOException, RepositoryException {
Workspace wsp = session.getWorkspace();
if (!(wsp instanceof JackrabbitWorkspace)) {
throw new RepositoryException("Unable to register privileges. No JackrabbitWorkspace.");
}
PrivilegeManager mgr = ((JackrabbitWorkspace) wsp).getPrivilegeManager();
ProgressTrackerListener.Mode mode = null;
if (tracker != null) {
mode = tracker.setMode(ProgressTrackerListener.Mode.TEXT);
}
JcrNamespaceHelper nsHelper = new JcrNamespaceHelper(session, tracker);
// register namespaces
nsHelper.registerNamespaces(defs.getNamespaceMapping().getPrefixToURIMapping());
// register node types
List<Privilege> registeredPrivs = new LinkedList<Privilege>();
for (PrivilegeDefinition def: defs.getDefinitions()) {
String name = getJCRName(def.getName());
Privilege priv = null;
try {
priv = mgr.getPrivilege(name);
} catch (RepositoryException e) {
// ignore, already registered
}
if (priv == null) {
String[] aggregateNames = new String[def.getDeclaredAggregateNames().size()];
int i=0;
for (Name n: def.getDeclaredAggregateNames()) {
aggregateNames[i++] = getJCRName(n);
}
registeredPrivs.add(mgr.registerPrivilege(name, def.isAbstract(), aggregateNames));
track(tracker, "A", name);
} else {
track(tracker, "-", name);
}
}
if (tracker != null) {
tracker.setMode(mode);
}
return registeredPrivs;
}
Example #16
| Source File: PrivilegeInstaller.java From jackrabbit-filevault with Apache License 2.0 | 4 votes |
|
Collection<Privilege> install(ProgressTracker tracker, PrivilegeDefinitions defs) throws IOException, RepositoryException;
Example #17
| Source File: JackrabbitACLImporter.java From jackrabbit-filevault with Apache License 2.0 | 4 votes |
|
Privilege[] getPrivileges(AccessControlManager acMgr) throws RepositoryException {
return AccessControlUtils.privilegesFromNames(acMgr, privileges);
}
Example #18
| Source File: PrivilegeManagerWrapper.java From sling-whiteboard with Apache License 2.0 | 4 votes |
|
@Override
public Privilege registerPrivilege(String privilegeName, boolean isAbstract, String[] declaredAggregateNames) throws AccessDeniedException, NamespaceException, RepositoryException {
return delegate.registerPrivilege(privilegeName, isAbstract, declaredAggregateNames);
}
Example #19
| Source File: PrivilegeManagerWrapper.java From sling-whiteboard with Apache License 2.0 | 4 votes |
|
@Override
public Privilege getPrivilege(String privilegeName) throws AccessControlException, RepositoryException {
return delegate.getPrivilege(privilegeName);
}
Example #20
| Source File: IntegrationTestBase.java From jackrabbit-filevault with Apache License 2.0 | 4 votes |
|
public int hasPermission(String path, boolean allow, String[] privs, String name, Map<String, String[]> restrictions)
throws RepositoryException {
AccessControlPolicy[] ap = admin.getAccessControlManager().getPolicies(path);
int idx = 0;
for (AccessControlPolicy p: ap) {
if (p instanceof JackrabbitAccessControlList) {
JackrabbitAccessControlList acl = (JackrabbitAccessControlList) p;
for (AccessControlEntry ac: acl.getAccessControlEntries()) {
if (ac instanceof JackrabbitAccessControlEntry) {
idx++;
JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) ac;
if (ace.isAllow() != allow) {
continue;
}
if (!ace.getPrincipal().getName().equals(name)) {
continue;
}
Set<String> expectedPrivs = new HashSet<String>(Arrays.asList(privs));
for (Privilege priv: ace.getPrivileges()) {
if (!expectedPrivs.remove(priv.getName())) {
expectedPrivs.add("dummy");
break;
}
}
if (!expectedPrivs.isEmpty()) {
continue;
}
Map<String, String[]> rests = new HashMap<String, String[]>(restrictions);
boolean restrictionExpected = true;
for (String restName: ace.getRestrictionNames()) {
String[] expected = rests.remove(restName);
if (expected == null) {
continue;
}
Value[] values;
if ("rep:glob".equals(restName)) {
values = new Value[]{ace.getRestriction(restName)};
} else {
values = ace.getRestrictions(restName);
}
String[] actual = new String[values.length];
for (int i=0; i<actual.length; i++) {
actual[i] = values[i].getString();
}
Arrays.sort(expected);
Arrays.sort(actual);
if (!Arrays.equals(expected, actual)) {
restrictionExpected = false;
break;
}
}
if (!restrictionExpected || !rests.isEmpty()) {
continue;
}
return idx-1;
}
}
}
}
return -1;
}
Example #21
| Source File: PrivilegeManagerWrapper.java From sling-whiteboard with Apache License 2.0 | 4 votes |
|
@Override
public Privilege[] getRegisteredPrivileges() throws RepositoryException {
return delegate.getRegisteredPrivileges();
}
Example #22
| Source File: JackrabbitAccessControlManagerWrapper.java From sling-whiteboard with Apache License 2.0 | 4 votes |
|
@Override
public Privilege[] getPrivileges(String absPath, Set<Principal> principals) throws PathNotFoundException, AccessDeniedException, RepositoryException {
return delegate.getPrivileges(absPath, principals);
}
