You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2012/08/07 10:29:28 UTC
svn commit: r1370139 - in /jackrabbit/trunk/jackrabbit-core/src:
main/java/org/apache/jackrabbit/core/security/authorization/acl/
test/java/org/apache/jackrabbit/core/security/authorization/
test/java/org/apache/jackrabbit/core/security/authorization/acl/
Author: angela
Date: Tue Aug 7 08:29:28 2012
New Revision: 1370139
URL: http://svn.apache.org/viewvc?rev=1370139&view=rev
Log:
JCR-3395 : separate entries used for permission eval from ACEs exposed in JCR
Added:
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/Entry.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateEntryTest.java
Modified:
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/CompiledPermissionsImpl.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollector.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilter.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilterImpl.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollectorTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLProvider.java Tue Aug 7 08:29:28 2012
@@ -43,14 +43,12 @@ import javax.jcr.Session;
import javax.jcr.query.Query;
import javax.jcr.query.QueryManager;
import javax.jcr.query.QueryResult;
-import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.Privilege;
import java.security.Principal;
import java.util.ArrayList;
-import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
@@ -137,9 +135,7 @@ public class ACLProvider extends Abstrac
targetNode = (NodeImpl) session.getRootNode();
if (isRepoAccessControlled(targetNode)) {
if (permissions.grants(targetNode.getPrimaryPath(), Permission.READ_AC)) {
- // retrieve the entries for the access controlled node
- List<AccessControlEntry> entries = entryCollector.collectEntries(null, new EntryFilterImpl(null, (NodeId) null, session));
- acls.add(new UnmodifiableAccessControlList(entries));
+ acls.add(getACL(targetNode, N_REPO_POLICY, null));
} else {
throw new AccessDeniedException("Access denied at " + targetNode.getPath());
}
@@ -204,15 +200,13 @@ public class ACLProvider extends Abstrac
if (N_POLICY.equals(aclName) && isAccessControlled(accessControlledNode)) {
if (permissions.canRead(aclNode.getPrimaryPath(), aclNode.getNodeId())) {
- List<AccessControlEntry> aces = entryCollector.getEntries(accessControlledNode).getACEs();
- acls.add(new UnmodifiableAccessControlList(aces, accessControlledNode.getPath(), Collections.<String, Integer>emptyMap()));
+ acls.add(getACL(accessControlledNode, N_POLICY, accessControlledNode.getPath()));
} else {
throw new AccessDeniedException("Access denied at " + Text.getRelativeParent(aclNode.getPath(), 1));
}
} else if (N_REPO_POLICY.equals(aclName) && isRepoAccessControlled(accessControlledNode)) {
if (permissions.canRead(aclNode.getPrimaryPath(), aclNode.getNodeId())) {
- List<AccessControlEntry> aces = entryCollector.collectEntries(null, new EntryFilterImpl(null, (NodeId) null, session));
- acls.add(new UnmodifiableAccessControlList(aces));
+ acls.add(getACL(accessControlledNode, N_REPO_POLICY, null));
} else {
throw new AccessDeniedException("Access denied at " + Text.getRelativeParent(aclNode.getPath(), 1));
}
@@ -290,9 +284,7 @@ public class ACLProvider extends Abstrac
// it to the list
if (isAccessControlled(node)) {
if (permissions.grants(node.getPrimaryPath(), Permission.READ_AC)) {
- // retrieve the entries for the access controlled node
- List<AccessControlEntry> aces = entryCollector.getEntries(node).getACEs();
- acls.add(new UnmodifiableAccessControlList(aces, node.getPath(), Collections.<String, Integer>emptyMap()));
+ acls.add(getACL(node, N_POLICY, node.getPath()));
} else {
throw new AccessDeniedException("Access denied at " + node.getPath());
}
@@ -304,6 +296,14 @@ public class ACLProvider extends Abstrac
}
}
+ private AccessControlList getACL(NodeImpl accessControlledNode, Name policyName, String path) throws RepositoryException {
+ // collect the aces of that node.
+ NodeImpl aclNode = accessControlledNode.getNode(policyName);
+ AccessControlList acl = new ACLTemplate(aclNode, path);
+
+ return new UnmodifiableAccessControlList(acl);
+ }
+
/**
* Set-up minimal permissions for the workspace:
*
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java Tue Aug 7 08:29:28 2012
@@ -38,12 +38,10 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.SessionImpl;
-import org.apache.jackrabbit.core.id.NodeId;
import org.apache.jackrabbit.core.security.authorization.AbstractACLTemplate;
import org.apache.jackrabbit.core.security.authorization.AccessControlEntryImpl;
import org.apache.jackrabbit.core.security.authorization.PrivilegeBits;
import org.apache.jackrabbit.core.security.authorization.PrivilegeManagerImpl;
-import org.apache.jackrabbit.core.security.authorization.GlobPattern;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.core.security.principal.UnknownPrincipal;
import org.apache.jackrabbit.core.value.InternalValue;
@@ -87,15 +85,7 @@ class ACLTemplate extends AbstractACLTem
private final NameResolver resolver;
/**
- * The id of the access controlled node or <code>null</code> if this
- * ACLTemplate isn't created for an existing access controlled node.
- * Used for the Entry#isLocal(NodeId) call only in order to avoid calls
- * to {@link javax.jcr.Node#getPath()}.
- */
- private final NodeId id;
-
- /**
- *
+ * Namespace sensitive name of the REP_GLOB property in standard JCR form.
*/
private final String jcrRepGlob;
@@ -116,7 +106,6 @@ class ACLTemplate extends AbstractACLTem
this.principalMgr = principalMgr;
this.privilegeMgr = (PrivilegeManagerImpl) privilegeMgr;
this.resolver = resolver;
- this.id = null;
jcrRepGlob = resolver.getJCRName(P_GLOB);
}
@@ -126,17 +115,6 @@ class ACLTemplate extends AbstractACLTem
* node.
*
* @param aclNode node
- * @throws RepositoryException if an error occurs
- */
- ACLTemplate(NodeImpl aclNode) throws RepositoryException {
- this(aclNode, ((aclNode != null) ? aclNode.getParent().getPath() : null));
- }
-
- /**
- * Create a {@link ACLTemplate} that is used to edit an existing ACL
- * node.
- *
- * @param aclNode node
* @param path The path as exposed by "@link JackrabbitAccessControlList#getPath()}
* @throws RepositoryException if an error occurs
*/
@@ -150,7 +128,6 @@ class ACLTemplate extends AbstractACLTem
privilegeMgr = (PrivilegeManagerImpl) ((JackrabbitWorkspace) sImpl.getWorkspace()).getPrivilegeManager();
this.resolver = sImpl;
- this.id = aclNode.getParentId();
jcrRepGlob = sImpl.getJCRName(P_GLOB);
// load the entries:
@@ -422,61 +399,22 @@ class ACLTemplate extends AbstractACLTem
*/
class Entry extends AccessControlEntryImpl {
- private final GlobPattern pattern;
-
private Entry(Principal principal, PrivilegeBits privilegeBits, boolean allow, Map<String,Value> restrictions)
throws RepositoryException {
super(principal, privilegeBits, allow, restrictions);
- pattern = calculatePattern();
}
private Entry(Principal principal, Privilege[] privileges, boolean allow, Map<String,Value> restrictions)
throws RepositoryException {
super(principal, privileges, allow, restrictions);
- pattern = calculatePattern();
}
private Entry(Entry base, PrivilegeBits newPrivilegeBits, boolean isAllow) throws RepositoryException {
super(base, newPrivilegeBits, isAllow);
- pattern = calculatePattern();
}
private Entry(Entry base, Privilege[] newPrivileges, boolean isAllow) throws RepositoryException {
super(base, newPrivileges, isAllow);
- pattern = calculatePattern();
- }
-
- private GlobPattern calculatePattern() throws RepositoryException {
- if (path == null) {
- return null; // no pattern for repo-level aces.
- } else {
- GlobPattern p;
- Value glob = getRestrictions().get(P_GLOB);
- if (glob != null) {
- p = GlobPattern.create(path, glob.getString());
- } else {
- p = GlobPattern.create(path);
- }
- return p;
- }
- }
-
- /**
- * @param nodeId
- * @return <code>true</code> if this entry is defined on the node
- * at <code>nodeId</code>
- */
- boolean isLocal(NodeId nodeId) {
- return id != null && id.equals(nodeId);
- }
-
- /**
- *
- * @param jcrPath
- * @return
- */
- boolean matches(String jcrPath) {
- return pattern != null && pattern.matches(jcrPath);
}
@Override
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/CompiledPermissionsImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/CompiledPermissionsImpl.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/CompiledPermissionsImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/CompiledPermissionsImpl.java Tue Aug 7 08:29:28 2012
@@ -39,7 +39,6 @@ import org.apache.jackrabbit.util.Text;
import javax.jcr.ItemNotFoundException;
import javax.jcr.RepositoryException;
-import javax.jcr.security.AccessControlEntry;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
@@ -92,7 +91,7 @@ class CompiledPermissionsImpl extends Ab
// retrieve all ACEs at path or at the direct ancestor of path that
// apply for the principal names.
NodeImpl n = ACLProvider.getNode(node, isAcItem);
- Iterator<AccessControlEntry> entries = entryCollector.collectEntries(n, filter).iterator();
+ Iterator<Entry> entries = entryCollector.collectEntries(n, filter).iterator();
/*
Calculate privileges and permissions:
@@ -112,7 +111,7 @@ class CompiledPermissionsImpl extends Ab
NodeId nodeId = (node == null) ? null : node.getNodeId();
while (entries.hasNext()) {
- ACLTemplate.Entry ace = (ACLTemplate.Entry) entries.next();
+ Entry ace = entries.next();
/*
Determine if the ACE also takes effect on the parent:
Some permissions (e.g. add-node or removal) must be determined
@@ -261,8 +260,7 @@ class CompiledPermissionsImpl extends Ab
(see special treatment of remove, create or ac-specific
permissions).
*/
- for (AccessControlEntry accessControlEntry : entryCollector.collectEntries(node, filter)) {
- ACLTemplate.Entry ace = (ACLTemplate.Entry) accessControlEntry;
+ for (Entry ace : entryCollector.collectEntries(node, filter)) {
if (ace.getPrivilegeBits().includesRead()) {
canRead = ace.isAllow();
break;
Added: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/Entry.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/Entry.java?rev=1370139&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/Entry.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/Entry.java Tue Aug 7 08:29:28 2012
@@ -0,0 +1,199 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.acl;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.ArrayList;
+import java.util.List;
+import javax.jcr.NodeIterator;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+
+import org.apache.jackrabbit.api.JackrabbitWorkspace;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.core.NodeImpl;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.id.NodeId;
+import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.core.security.authorization.GlobPattern;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeBits;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeManagerImpl;
+import org.apache.jackrabbit.core.value.InternalValue;
+import org.apache.jackrabbit.spi.Name;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Entry... TODO
+ */
+class Entry implements AccessControlConstants {
+
+ private static final Logger log = LoggerFactory.getLogger(ACLTemplate.class);
+
+ private final String principalName;
+ private final boolean isGroupEntry;
+ private final PrivilegeBits privilegeBits;
+ private final boolean isAllow;
+ private final NodeId id;
+ private final GlobPattern pattern;
+ private final boolean hasRestrictions;
+
+ private int hashCode;
+
+ private Entry(NodeId id, String principalName, boolean isGroupEntry,
+ PrivilegeBits privilegeBits, boolean allow, String path, Value globValue) throws RepositoryException {
+
+ this.principalName = principalName;
+ this.isGroupEntry = isGroupEntry;
+ this.privilegeBits = privilegeBits;
+ this.isAllow = allow;
+ this.id = id;
+ this.pattern = calculatePattern(path, globValue);
+ this.hasRestrictions = (globValue != null);
+ }
+
+ static List<Entry> readEntries(NodeImpl aclNode, String path) throws RepositoryException {
+ if (aclNode == null || !NT_REP_ACL.equals(aclNode.getPrimaryNodeTypeName())) {
+ throw new IllegalArgumentException("Node must be of type 'rep:ACL'");
+ }
+ SessionImpl sImpl = (SessionImpl) aclNode.getSession();
+ PrincipalManager principalMgr = sImpl.getPrincipalManager();
+ PrivilegeManagerImpl privilegeMgr = (PrivilegeManagerImpl) ((JackrabbitWorkspace) sImpl.getWorkspace()).getPrivilegeManager();
+
+ NodeId nodeId = aclNode.getParentId();
+
+ List<Entry> entries = new ArrayList<Entry>();
+ // load the entries:
+ NodeIterator itr = aclNode.getNodes();
+ while (itr.hasNext()) {
+ NodeImpl aceNode = (NodeImpl) itr.nextNode();
+ try {
+ String principalName = aceNode.getProperty(P_PRINCIPAL_NAME).getString();
+ boolean isGroupEntry = false;
+ Principal princ = principalMgr.getPrincipal(principalName);
+ if (princ != null) {
+ isGroupEntry = (princ instanceof Group);
+ }
+
+ InternalValue[] privValues = aceNode.getProperty(P_PRIVILEGES).internalGetValues();
+ Name[] privNames = new Name[privValues.length];
+ for (int i = 0; i < privValues.length; i++) {
+ privNames[i] = privValues[i].getName();
+ }
+
+ Value globValue = null;
+ if (aceNode.hasProperty(P_GLOB)) {
+ globValue = aceNode.getProperty(P_GLOB).getValue();
+ }
+
+ boolean isAllow = NT_REP_GRANT_ACE.equals(aceNode.getPrimaryNodeTypeName());
+ Entry ace = new Entry(nodeId, principalName, isGroupEntry, privilegeMgr.getBits(privNames), isAllow, path, globValue);
+ entries.add(ace);
+ } catch (RepositoryException e) {
+ log.debug("Failed to build ACE from content.", e.getMessage());
+ }
+ }
+
+ return entries;
+ }
+
+ private static GlobPattern calculatePattern(String path, Value globValue) throws RepositoryException {
+ if (path == null) {
+ return null;
+ } else {
+ if (globValue == null) {
+ return GlobPattern.create(path);
+ } else {
+ return GlobPattern.create(path, globValue.getString());
+ }
+ }
+ }
+
+ /**
+ * @param nodeId
+ * @return <code>true</code> if this entry is defined on the node
+ * at <code>nodeId</code>
+ */
+ boolean isLocal(NodeId nodeId) {
+ return id != null && id.equals(nodeId);
+ }
+
+ /**
+ *
+ * @param jcrPath
+ * @return
+ */
+ boolean matches(String jcrPath) {
+ return pattern != null && pattern.matches(jcrPath);
+ }
+
+ PrivilegeBits getPrivilegeBits() {
+ return privilegeBits;
+ }
+
+ boolean isAllow() {
+ return isAllow;
+ }
+
+ String getPrincipalName() {
+ return principalName;
+ }
+
+ boolean isGroupEntry() {
+ return isGroupEntry;
+ }
+
+ boolean hasRestrictions() {
+ return hasRestrictions;
+ }
+
+ //-------------------------------------------------------------< Object >---
+ /**
+ * @see Object#hashCode()
+ */
+ @Override
+ public int hashCode() {
+ if (hashCode == -1) {
+ int h = 17;
+ h = 37 * h + principalName.hashCode();
+ h = 37 * h + privilegeBits.hashCode();
+ h = 37 * h + Boolean.valueOf(isAllow).hashCode();
+ h = 37 * h + pattern.hashCode();
+ hashCode = h;
+ }
+ return hashCode;
+ }
+
+ /**
+ * @see Object#equals(Object)
+ */
+ @Override
+ public boolean equals(Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (obj instanceof Entry) {
+ Entry other = (Entry) obj;
+ return principalName.equals(other.principalName) &&
+ privilegeBits.equals(other.privilegeBits) &&
+ isAllow == other.isAllow &&
+ pattern.equals(other.pattern);
+ }
+ return false;
+ }
+}
\ No newline at end of file
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollector.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollector.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollector.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollector.java Tue Aug 7 08:29:28 2012
@@ -36,7 +36,6 @@ import javax.jcr.observation.Event;
import javax.jcr.observation.EventIterator;
import javax.jcr.observation.EventListener;
import javax.jcr.observation.ObservationManager;
-import javax.jcr.security.AccessControlEntry;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
@@ -130,16 +129,16 @@ public class EntryCollector extends Acce
* @return
* @throws RepositoryException
*/
- protected List<AccessControlEntry> collectEntries(NodeImpl node, EntryFilter filter) throws RepositoryException {
- LinkedList<AccessControlEntry> userAces = new LinkedList<AccessControlEntry>();
- LinkedList<AccessControlEntry> groupAces = new LinkedList<AccessControlEntry>();
+ protected List<Entry> collectEntries(NodeImpl node, EntryFilter filter) throws RepositoryException {
+ LinkedList<Entry> userAces = new LinkedList<Entry>();
+ LinkedList<Entry> groupAces = new LinkedList<Entry>();
if (node == null) {
// repository level permissions
NodeImpl root = (NodeImpl) systemSession.getRootNode();
if (ACLProvider.isRepoAccessControlled(root)) {
NodeImpl aclNode = root.getNode(N_REPO_POLICY);
- filterEntries(filter, new ACLTemplate(aclNode, null).getEntries(), userAces, groupAces);
+ filterEntries(filter, Entry.readEntries(aclNode, null), userAces, groupAces);
}
} else {
filterEntries(filter, getEntries(node).getACEs(), userAces, groupAces);
@@ -151,7 +150,7 @@ public class EntryCollector extends Acce
}
}
- List<AccessControlEntry> entries = new ArrayList<AccessControlEntry>(userAces.size() + groupAces.size());
+ List<Entry> entries = new ArrayList<Entry>(userAces.size() + groupAces.size());
entries.addAll(userAces);
entries.addAll(groupAces);
@@ -167,9 +166,9 @@ public class EntryCollector extends Acce
* @param groupAces
*/
@SuppressWarnings("unchecked")
- private static void filterEntries(EntryFilter filter, List<AccessControlEntry> aces,
- LinkedList<AccessControlEntry> userAces,
- LinkedList<AccessControlEntry> groupAces) {
+ private static void filterEntries(EntryFilter filter, List<Entry> aces,
+ LinkedList<Entry> userAces,
+ LinkedList<Entry> groupAces) {
if (!aces.isEmpty() && filter != null) {
filter.filterEntries(aces, userAces, groupAces);
}
@@ -185,11 +184,11 @@ public class EntryCollector extends Acce
* @throws RepositoryException
*/
protected Entries getEntries(NodeImpl node) throws RepositoryException {
- List<AccessControlEntry> aces;
+ List<Entry> aces;
if (ACLProvider.isAccessControlled(node)) {
// collect the aces of that node.
NodeImpl aclNode = node.getNode(N_POLICY);
- aces = new ACLTemplate(aclNode, node.getPath()).getEntries();
+ aces = Entry.readEntries(aclNode, node.getPath());
} else {
// not access controlled
aces = Collections.emptyList();
@@ -438,15 +437,15 @@ public class EntryCollector extends Acce
*/
static class Entries {
- private final List<AccessControlEntry> aces;
+ private final List<Entry> aces;
private NodeId nextId;
- Entries(List<AccessControlEntry> aces, NodeId nextId) {
+ Entries(List<Entry> aces, NodeId nextId) {
this.aces = aces;
this.nextId = nextId;
}
- List<AccessControlEntry> getACEs() {
+ List<Entry> getACEs() {
return aces;
}
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilter.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilter.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilter.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilter.java Tue Aug 7 08:29:28 2012
@@ -16,7 +16,6 @@
*/
package org.apache.jackrabbit.core.security.authorization.acl;
-import javax.jcr.security.AccessControlEntry;
import java.util.List;
/**
@@ -24,6 +23,6 @@ import java.util.List;
*/
public interface EntryFilter {
- void filterEntries(List<AccessControlEntry> entries, List<AccessControlEntry>... resultLists);
+ void filterEntries(List<Entry> entries, List<Entry>... resultLists);
}
\ No newline at end of file
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilterImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilterImpl.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilterImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/EntryFilterImpl.java Tue Aug 7 08:29:28 2012
@@ -24,8 +24,6 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.jcr.RepositoryException;
-import javax.jcr.security.AccessControlEntry;
-import java.security.acl.Group;
import java.util.Collection;
import java.util.List;
@@ -71,16 +69,16 @@ class EntryFilterImpl implements EntryFi
* @param resultLists
* @see EntryFilter#filterEntries(java.util.List, java.util.List[])
*/
- public void filterEntries(List<AccessControlEntry> entries, List<AccessControlEntry>... resultLists) {
+ public void filterEntries(List<Entry> entries, List<Entry>... resultLists) {
if (resultLists.length == 2) {
- List<AccessControlEntry> userAces = resultLists[0];
- List<AccessControlEntry> groupAces = resultLists[1];
+ List<Entry> userAces = resultLists[0];
+ List<Entry> groupAces = resultLists[1];
int uInsertIndex = userAces.size();
int gInsertIndex = groupAces.size();
// first collect aces present on the given aclNode.
- for (AccessControlEntry ace : entries) {
+ for (Entry ace : entries) {
// only process ace if 'principalName' is contained in the given set
if (matches(ace)) {
// add it to the proper list (e.g. separated by principals)
@@ -88,7 +86,7 @@ class EntryFilterImpl implements EntryFi
* NOTE: access control entries must be collected in reverse
* order in order to assert proper evaluation.
*/
- if (ace.getPrincipal() instanceof Group) {
+ if (ace.isGroupEntry()) {
groupAces.add(gInsertIndex, ace);
} else {
userAces.add(uInsertIndex, ace);
@@ -100,9 +98,8 @@ class EntryFilterImpl implements EntryFi
}
}
- private boolean matches(AccessControlEntry ace) {
- if (principalNames == null || principalNames.contains(ace.getPrincipal().getName())) {
- ACLTemplate.Entry entry = (ACLTemplate.Entry) ace;
+ private boolean matches(Entry entry) {
+ if (principalNames == null || principalNames.contains(entry.getPrincipalName())) {
if (!entry.hasRestrictions()) {
// short cut: there is no glob-restriction -> the entry matches
// because it is either defined on the node or inherited.
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java Tue Aug 7 08:29:28 2012
@@ -457,9 +457,10 @@ public abstract class AbstractRepository
assertNotNull(aces);
assertEquals(2, aces.length);
- // change the policy
+ // change the policy: removing the second entry in the access control list
acl = (AccessControlList) acMgr.getPolicies(null)[0];
- acl.removeAccessControlEntry(aces[0]);
+ AccessControlEntry toRemove = acl.getAccessControlEntries()[1];
+ acl.removeAccessControlEntry(toRemove);
acMgr.setPolicy(null, acl);
superuser.save();
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateEntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateEntryTest.java?rev=1370139&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateEntryTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateEntryTest.java Tue Aug 7 08:29:28 2012
@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.acl;
+
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.jcr.security.Privilege;
+
+import org.apache.jackrabbit.api.JackrabbitWorkspace;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
+import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.authorization.AbstractEntryTest;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+/**
+ * <code>EntryTest</code>...
+ */
+public class ACLTemplateEntryTest extends AbstractEntryTest {
+
+ private ACLTemplate acl;
+
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+
+ SessionImpl s = (SessionImpl) superuser;
+ PrivilegeManager privMgr = ((JackrabbitWorkspace) superuser.getWorkspace()).getPrivilegeManager();
+
+ acl = new ACLTemplate(testPath, s.getPrincipalManager(), privMgr, s.getValueFactory(), s);
+ }
+
+ @Override
+ protected JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow)
+ throws RepositoryException {
+ return acl.createEntry(principal, privileges, isAllow, Collections.<String, Value>emptyMap());
+ }
+
+ @Override
+ protected JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions) throws RepositoryException {
+ return acl.createEntry(principal, privileges, isAllow, restrictions);
+ }
+
+ @Override
+ protected JackrabbitAccessControlEntry createEntryFromBase(JackrabbitAccessControlEntry base, Privilege[] privileges, boolean isAllow) throws RepositoryException, NotExecutableException {
+ if (base instanceof ACLTemplate.Entry) {
+ return acl.createEntry((ACLTemplate.Entry) base, privileges, isAllow);
+ } else {
+ throw new NotExecutableException();
+ }
+ }
+
+ @Override
+ protected Map<String, Value> getTestRestrictions() throws RepositoryException {
+ String restrName = ((SessionImpl) superuser).getJCRName(ACLTemplate.P_GLOB);
+ return Collections.singletonMap(restrName, superuser.getValueFactory().createValue("/.*"));
+ }
+
+ public void testRestrictions() throws RepositoryException {
+ // test if restrictions with expanded name are properly resolved
+ Map<String, Value> restrictions = new HashMap<String,Value>();
+ restrictions.put(ACLTemplate.P_GLOB.toString(), superuser.getValueFactory().createValue("*/test"));
+
+ Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)};
+ ACLTemplate.Entry ace = acl.createEntry(testPrincipal, privs, true, restrictions);
+
+ Value v = ace.getRestriction(ACLTemplate.P_GLOB.toString());
+ Value v2 = ace.getRestriction(((SessionImpl) superuser).getJCRName(ACLTemplate.P_GLOB));
+ assertEquals(v, v2);
+ }
+}
\ No newline at end of file
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollectorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollectorTest.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollectorTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryCollectorTest.java Tue Aug 7 08:29:28 2012
@@ -28,7 +28,6 @@ import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
-import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
@@ -239,48 +238,6 @@ public class EntryCollectorTest extends
return names;
}
- public void testEntriesAreCached() throws Exception {
- modifyPrivileges(path, testGroup.getPrincipal(), privilegesFromName(Privilege.JCR_READ), true);
- AccessControlPolicy[] plcs = acMgr.getEffectivePolicies(path);
- AccessControlPolicy[] plcs2 = acMgr.getEffectivePolicies(childNPath);
-
- // ACEs must be the same on path and childPath as the entries are
- // obtained from the cache
- assertTrue(Arrays.equals(plcs, plcs2));
- assertEquals(plcs.length, plcs2.length);
- for (int i = 0; i < plcs.length; i++) {
- if (plcs[i] instanceof AccessControlList) {
- assertTrue(plcs2[i] instanceof AccessControlList);
-
- AccessControlEntry[] aces = ((AccessControlList) plcs[0]).getAccessControlEntries();
- AccessControlEntry[] aces2 = ((AccessControlList) plcs2[0]).getAccessControlEntries();
- for (int j = 0; j < aces.length; j++) {
- assertTrue(aces[j] == aces2[j]);
- }
- } else {
- assertEquals(plcs[i].getClass(), plcs2[i].getClass());
- }
- }
-
-
- // retrieve effective policies for path again
- // -> test if aces are retrieved from the cache and thus refer to the same objects.
- AccessControlPolicy[] plcs3 = acMgr.getEffectivePolicies(path);
- for (int i = 0; i < plcs.length; i++) {
- if (plcs[i] instanceof AccessControlList) {
- assertTrue(plcs3[i] instanceof AccessControlList);
-
- AccessControlEntry[] aces = ((AccessControlList) plcs[0]).getAccessControlEntries();
- AccessControlEntry[] aces3 = ((AccessControlList) plcs3[0]).getAccessControlEntries();
- for (int j = 0; j < aces.length; j++) {
- assertTrue(aces[j] == aces3[j]);
- }
- } else {
- assertEquals(plcs[i].getClass(), plcs2[i].getClass());
- }
- }
- }
-
public void testPermissions() throws Exception {
Session superuser2 = getHelper().getSuperuserSession();
try {
@@ -403,14 +360,6 @@ public class EntryCollectorTest extends
});
}
- public void testEntriesAreCachedUnderLoad() throws Exception {
- runTestUnderLoad(new TestInvokation() {
- public void runTest() throws Exception {
- testEntriesAreCached();
- }
- });
- }
-
public void testPermissionsUnderLoad() throws Exception {
runTestUnderLoad(new TestInvokation() {
public void runTest() throws Exception {
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java Tue Aug 7 08:29:28 2012
@@ -16,113 +16,87 @@
*/
package org.apache.jackrabbit.core.security.authorization.acl;
-import org.apache.jackrabbit.api.JackrabbitWorkspace;
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
-import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
-import org.apache.jackrabbit.core.NodeImpl;
-import org.apache.jackrabbit.core.SessionImpl;
-import org.apache.jackrabbit.core.id.NodeId;
-import org.apache.jackrabbit.core.security.authorization.AbstractEntryTest;
-import org.apache.jackrabbit.test.NotExecutableException;
-
-import javax.jcr.RepositoryException;
-import javax.jcr.Value;
-import javax.jcr.security.AccessControlPolicy;
-import javax.jcr.security.AccessControlPolicyIterator;
-import javax.jcr.security.Privilege;
import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
+import javax.jcr.AccessDeniedException;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.Value;
+import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.Privilege;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.NodeImpl;
+import org.apache.jackrabbit.core.id.NodeId;
+import org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest;
+import org.apache.jackrabbit.test.NotExecutableException;
/**
* <code>EntryTest</code>...
*/
-public class EntryTest extends AbstractEntryTest {
+public class EntryTest extends AbstractEvaluationTest {
- private ACLTemplate acl;
+ private String testPath;
+ private JackrabbitAccessControlList acl;
- @Override
protected void setUp() throws Exception {
super.setUp();
-
- SessionImpl s = (SessionImpl) superuser;
- PrivilegeManager privMgr = ((JackrabbitWorkspace) superuser.getWorkspace()).getPrivilegeManager();
-
- acl = new ACLTemplate(testPath, s.getPrincipalManager(), privMgr, s.getValueFactory(), s);
+ testPath = testRootNode.getPath();
}
@Override
- protected JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow)
- throws RepositoryException {
- return acl.createEntry(principal, privileges, isAllow, Collections.<String, Value>emptyMap());
+ protected void tearDown() throws Exception {
+ try {
+ acMgr.removePolicy(testPath, acl);
+ superuser.save();
+ } finally {
+ super.tearDown();
+ }
}
@Override
- protected JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions) throws RepositoryException {
- return acl.createEntry(principal, privileges, isAllow, restrictions);
+ protected boolean isExecutable() {
+ return EvaluationUtil.isExecutable(acMgr);
}
@Override
- protected JackrabbitAccessControlEntry createEntryFromBase(JackrabbitAccessControlEntry base, Privilege[] privileges, boolean isAllow) throws RepositoryException, NotExecutableException {
- if (base instanceof ACLTemplate.Entry) {
- return acl.createEntry((ACLTemplate.Entry) base, privileges, isAllow);
- } else {
- throw new NotExecutableException();
- }
+ protected JackrabbitAccessControlList getPolicy(AccessControlManager acM, String path, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException {
+ return EvaluationUtil.getPolicy(acM, path, principal);
}
@Override
- protected Map<String, Value> getTestRestrictions() throws RepositoryException {
- String restrName = ((SessionImpl) superuser).getJCRName(ACLTemplate.P_GLOB);
- return Collections.singletonMap(restrName, superuser.getValueFactory().createValue("/.*"));
+ protected Map<String, Value> getRestrictions(Session s, String path) {
+ return Collections.emptyMap();
}
public void testIsLocal() throws NotExecutableException, RepositoryException {
- ACLTemplate.Entry entry = (ACLTemplate.Entry) createEntry(new String[] {Privilege.JCR_READ}, true);
-
- // false since acl has been created from path only -> no id
- assertFalse(entry.isLocal(((NodeImpl) testRootNode).getNodeId()));
- // false since internal id is null -> will never match.
- assertFalse(entry.isLocal(NodeId.randomId()));
- }
+ acl = getPolicy(acMgr, testPath, testUser.getPrincipal());
+ modifyPrivileges(testPath, Privilege.JCR_READ, true);
- public void testIsLocal2() throws NotExecutableException, RepositoryException {
- String path = testRootNode.getPath();
- AccessControlPolicy[] acls = acMgr.getPolicies(path);
- if (acls.length == 0) {
- AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
- if (!it.hasNext()) {
- throw new NotExecutableException();
- }
- acMgr.setPolicy(path, it.nextAccessControlPolicy());
- acls = acMgr.getPolicies(path);
- }
-
- assertTrue(acls[0] instanceof ACLTemplate);
-
- ACLTemplate acl = (ACLTemplate) acls[0];
- assertEquals(path, acl.getPath());
-
- ACLTemplate.Entry entry = acl.createEntry(testPrincipal, new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)}, true, Collections.<String,Value>emptyMap());
+ NodeImpl aclNode = (NodeImpl) superuser.getNode(acl.getPath() + "/rep:policy");
+ List<Entry> entries = Entry.readEntries(aclNode, testRootNode.getPath());
+ assertTrue(!entries.isEmpty());
+ assertEquals(1, entries.size());
- // node is must be present + must match to testrootnodes id.
+ Entry entry = entries.iterator().next();
+ // false since acl has been created from path only -> no id
assertTrue(entry.isLocal(((NodeImpl) testRootNode).getNodeId()));
- // but not to a random id.
+ // false since internal id is null -> will never match.
assertFalse(entry.isLocal(NodeId.randomId()));
}
- public void testRestrictions() throws RepositoryException {
+ public void testRestrictions() throws RepositoryException, NotExecutableException {
// test if restrictions with expanded name are properly resolved
Map<String, Value> restrictions = new HashMap<String,Value>();
restrictions.put(ACLTemplate.P_GLOB.toString(), superuser.getValueFactory().createValue("*/test"));
- Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)};
- ACLTemplate.Entry ace = acl.createEntry(testPrincipal, privs, true, restrictions);
-
- Value v = ace.getRestriction(ACLTemplate.P_GLOB.toString());
- Value v2 = ace.getRestriction(((SessionImpl) superuser).getJCRName(ACLTemplate.P_GLOB));
- assertEquals(v, v2);
+ acl = getPolicy(acMgr, testPath, testUser.getPrincipal());
+ acl.addEntry(testUser.getPrincipal(), new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)}, true, restrictions);
+ acMgr.setPolicy(testPath, acl);
+ superuser.save();
Map<String, Boolean> toMatch = new HashMap<String, Boolean>();
toMatch.put(acl.getPath(), false);
@@ -132,8 +106,14 @@ public class EntryTest extends AbstractE
toMatch.put(acl.getPath() + "/something/test", true);
toMatch.put(acl.getPath() + "de/test", true);
+ NodeImpl aclNode = (NodeImpl) superuser.getNode(acl.getPath() + "/rep:policy");
+ List<Entry> entries = Entry.readEntries(aclNode, testRootNode.getPath());
+ assertTrue(!entries.isEmpty());
+ assertEquals(1, entries.size());
+
+ Entry entry = entries.iterator().next();
for (String str : toMatch.keySet()) {
- assertEquals("Path to match : " + str, toMatch.get(str).booleanValue(), ace.matches(str));
+ assertEquals("Path to match : " + str, toMatch.get(str).booleanValue(), entry.matches(str));
}
}
}
\ No newline at end of file
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java?rev=1370139&r1=1370138&r2=1370139&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java Tue Aug 7 08:29:28 2012
@@ -38,6 +38,7 @@ public class TestAll extends TestCase {
TestSuite suite = new ConcurrentTestSuite("security.authorization.acl tests");
suite.addTestSuite(ACLTemplateTest.class);
+ suite.addTestSuite(ACLTemplateEntryTest.class);
suite.addTestSuite(EntryTest.class);
suite.addTestSuite(EntryCollectorTest.class);