You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2019/06/14 16:30:11 UTC
svn commit: r1861358 - in /jackrabbit/oak/trunk/oak-core: ./
src/test/java/org/apache/jackrabbit/oak/security/privilege/
Author: angela
Date: Fri Jun 14 16:30:11 2019
New Revision: 1861358
URL: http://svn.apache.org/viewvc?rev=1861358&view=rev
Log:
OAK-8403 : Improve tests for o.a.j.oak.security.privilege
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializerTest.java (with props)
Modified:
jackrabbit/oak/trunk/oak-core/pom.xml
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/JcrAllCommitHookTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriterTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorTest.java
Modified: jackrabbit/oak/trunk/oak-core/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/pom.xml?rev=1861358&r1=1861357&r2=1861358&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-core/pom.xml Fri Jun 14 16:30:11 2019
@@ -160,6 +160,7 @@
<include>org.apache.jackrabbit.oak.security.authentication.user</include>
<include>org.apache.jackrabbit.oak.security.user.whiteboard</include>
<include>org.apache.jackrabbit.oak.security.authorization</include>
+ <include>org.apache.jackrabbit.oak.security.privilege</include>
</includes>
<excludes>
<exclude>*Test</exclude>
@@ -199,7 +200,6 @@
<includes>
<include>org.apache.jackrabbit.oak.security.authentication</include>
<include>org.apache.jackrabbit.oak.security.user.query</include>
- <include>org.apache.jackrabbit.oak.security.privilege</include>
</includes>
<excludes>
<exclude>*Test</exclude>
@@ -208,7 +208,7 @@
<limit>
<counter>BRANCH</counter>
<value>COVEREDRATIO</value>
- <minimum>0.88</minimum>
+ <minimum>0.90</minimum>
</limit>
</limits>
</rule>
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/JcrAllCommitHookTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/JcrAllCommitHookTest.java?rev=1861358&r1=1861357&r2=1861358&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/JcrAllCommitHookTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/JcrAllCommitHookTest.java Fri Jun 14 16:30:11 2019
@@ -19,20 +19,42 @@ package org.apache.jackrabbit.oak.securi
import java.util.Set;
import javax.jcr.security.Privilege;
+import com.google.common.collect.ImmutableList;
import com.google.common.collect.Sets;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.plugins.memory.PropertyValues;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
+import org.apache.jackrabbit.oak.spi.state.NodeState;
+import org.apache.jackrabbit.oak.spi.state.NodeStateUtils;
+import org.junit.After;
+import org.junit.Before;
import org.junit.Test;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_ALL;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.PRIVILEGES_PATH;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_AGGREGATES;
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.when;
public class JcrAllCommitHookTest extends AbstractSecurityTest {
private PrivilegeManager privilegeManager;
private Privilege newPrivilege;
+ private final JcrAllCommitHook hook = new JcrAllCommitHook();
+
@Override
+ @Before
public void before() throws Exception {
super.before();
@@ -40,11 +62,72 @@ public class JcrAllCommitHookTest extend
newPrivilege = privilegeManager.registerPrivilege("abstractPrivilege", true, null);
}
+ @Override
+ @After
+ public void after() throws Exception {
+ try {
+ root.refresh();
+ } finally {
+ super.after();
+ }
+ }
+
@Test
public void testJcrAll() throws Exception {
- Privilege all = privilegeManager.getPrivilege(PrivilegeConstants.JCR_ALL);
+ Privilege all = privilegeManager.getPrivilege(JCR_ALL);
Set<Privilege> aggregates = Sets.newHashSet(all.getDeclaredAggregatePrivileges());
assertTrue(aggregates.contains(newPrivilege));
}
+
+ @Test
+ public void testToString() {
+ assertEquals("JcrAllCommitHook", hook.toString());
+ }
+
+ @Test
+ public void testJcrAllNodeAdded() {
+ root.getTree(PRIVILEGES_PATH).getChild(JCR_ALL).remove();
+ NodeState before = getTreeProvider().asNodeState(root.getTree(PathUtils.ROOT_PATH));
+
+ Root r = adminSession.getLatestRoot();
+ NodeState after = getTreeProvider().asNodeState(r.getTree(PathUtils.ROOT_PATH));
+ hook.processCommit(before, after, null);
+ }
+
+ @Test
+ public void testJcrAllNodeWithoutAggregates() {
+ NodeState before = getTreeProvider().asNodeState(root.getTree(PathUtils.ROOT_PATH));
+
+ Root r = adminSession.getLatestRoot();
+ Tree t = r.getTree(PRIVILEGES_PATH);
+ Tree jcrAll = t.getChild(JCR_ALL);
+ jcrAll.removeProperty(REP_AGGREGATES);
+ t.addChild("newPriv");
+ NodeState after = getTreeProvider().asNodeState(r.getTree(PathUtils.ROOT_PATH));
+ hook.processCommit(before, after, null);
+ }
+
+ @Test
+ public void testJcrAllNodeAlreadyContainsNewName() {
+ NodeState before = getTreeProvider().asNodeState(root.getTree(PathUtils.ROOT_PATH));
+
+ Root r = adminSession.getLatestRoot();
+ Tree t = r.getTree(PRIVILEGES_PATH);
+ Tree jcrAll = t.getChild(JCR_ALL);
+ jcrAll.setProperty(REP_AGGREGATES, ImmutableList.of("newPriv"), Type.NAMES);
+ t.addChild("newPriv");
+ NodeState after = getTreeProvider().asNodeState(r.getTree(PathUtils.ROOT_PATH));
+ hook.processCommit(before, after, null);
+ }
+
+ @Test
+ public void testPrivilegesRootAdded() {
+ root.getTree(PRIVILEGES_PATH).remove();
+ NodeState before = getTreeProvider().asNodeState(root.getTree(PathUtils.ROOT_PATH));
+
+ Root r = adminSession.getLatestRoot();
+ NodeState after = getTreeProvider().asNodeState(r.getTree(PathUtils.ROOT_PATH));
+ hook.processCommit(before, after, null);
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderTest.java?rev=1861358&r1=1861357&r2=1861358&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderTest.java Fri Jun 14 16:30:11 2019
@@ -20,28 +20,53 @@ import org.apache.jackrabbit.oak.Abstrac
import org.apache.jackrabbit.oak.Oak;
import org.apache.jackrabbit.oak.api.ContentRepository;
import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.OpenSecurityProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.junit.Before;
import org.junit.Test;
+import static org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants.NT_OAK_UNSTRUCTURED;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
public class PrivilegeDefinitionReaderTest extends AbstractSecurityTest implements PrivilegeConstants {
+ private PrivilegeDefinitionReader reader;
+
+ @Before
+ public void before() throws Exception {
+ super.before();
+
+ Tree privilegeDefs = root.getTree(PRIVILEGES_PATH);
+ TreeUtil.addChild(privilegeDefs, "invalid", NT_OAK_UNSTRUCTURED);
+
+ reader = new PrivilegeDefinitionReader(root);
+ }
+
@Test
- public void testReadNonExisting() throws Exception {
- PrivilegeDefinitionReader reader = new PrivilegeDefinitionReader(root);
+ public void testReadInvalidDefinition() throws Exception {
+ assertNull(reader.readDefinition("invalid"));
+ }
+
+ @Test
+ public void testReadNonExisting() {
assertNull(reader.readDefinition("nonexisting"));
}
@Test
- public void testReadDefinition() throws Exception {
- PrivilegeDefinitionReader reader = new PrivilegeDefinitionReader(root);
+ public void testReadDefinition() {
assertNotNull(reader.readDefinition(JCR_READ));
}
@Test
+ public void testReadDefinitionsIgnoresInvalid() {
+ assertFalse(reader.readDefinitions().containsKey("invalid"));
+ }
+
+ @Test
public void testMissingPermissionRoot() throws Exception {
ContentRepository repo = new Oak().with(new OpenSecurityProvider()).createContentRepository();
Root tmpRoot = repo.login(null, null).getLatestRoot();
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriterTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriterTest.java?rev=1861358&r1=1861357&r2=1861358&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriterTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriterTest.java Fri Jun 14 16:30:11 2019
@@ -22,6 +22,7 @@ import org.apache.jackrabbit.oak.Abstrac
import org.apache.jackrabbit.oak.Oak;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.ContentRepository;
+import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.spi.security.OpenSecurityProvider;
@@ -37,7 +38,6 @@ import org.mockito.Mockito;
import static java.util.Arrays.asList;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
import static org.mockito.Mockito.doThrow;
public class PrivilegeDefinitionWriterTest extends AbstractSecurityTest implements PrivilegeConstants {
@@ -52,29 +52,19 @@ public class PrivilegeDefinitionWriterTe
}
}
- @Test
- public void testNameCollision() {
- try {
- PrivilegeDefinitionWriter writer = new PrivilegeDefinitionWriter(root);
- writer.writeDefinition(new ImmutablePrivilegeDefinition(JCR_READ, true, null));
- fail("name collision");
- } catch (RepositoryException e) {
- // success
- }
+ @Test(expected = RepositoryException.class)
+ public void testNameCollision() throws Exception {
+ PrivilegeDefinitionWriter writer = new PrivilegeDefinitionWriter(root);
+ writer.writeDefinition(new ImmutablePrivilegeDefinition(JCR_READ, true, null));
}
- @Test
+ @Test(expected = RepositoryException.class)
public void testMissingPrivilegeRoot() throws Exception {
ContentRepository repo = new Oak().with(new OpenSecurityProvider()).createContentRepository();
- Root tmpRoot = repo.login(null, null).getLatestRoot();
- try {
+ try (ContentSession cs = repo.login(null, null)) {
+ Root tmpRoot = cs.getLatestRoot();
PrivilegeDefinitionWriter writer = new PrivilegeDefinitionWriter(tmpRoot);
writer.writeDefinition(new ImmutablePrivilegeDefinition("newName", true, null));
- fail("missing privilege root");
- } catch (RepositoryException e) {
- // success
- } finally {
- tmpRoot.getContentSession().close();
}
}
@@ -99,7 +89,6 @@ public class PrivilegeDefinitionWriterTe
Root r = Mockito.spy(root);
doThrow(new CommitFailedException(CommitFailedException.OAK, 1, "msg")).when(r).commit();
-
PrivilegeDefinitionWriter writer = new PrivilegeDefinitionWriter(r);
writer.writeDefinition(new ImmutablePrivilegeDefinition(
"tmp", true, asList(JCR_READ_ACCESS_CONTROL, JCR_MODIFY_ACCESS_CONTROL)));
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeImplTest.java?rev=1861358&r1=1861357&r2=1861358&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeImplTest.java Fri Jun 14 16:30:11 2019
@@ -20,14 +20,17 @@ import java.util.Set;
import javax.jcr.security.Privilege;
import com.google.common.base.Function;
+import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.Sets;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
-import org.apache.jackrabbit.oak.util.NodeUtil;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.Test;
@@ -124,7 +127,7 @@ public class PrivilegeImplTest extends A
}
@Test
- public void testNotEquals() throws Exception {
+ public void testNotEquals() {
assertNotEquals(privilege, aggrPrivilege);
assertNotEquals(allPrivilege, privilege);
@@ -167,9 +170,9 @@ public class PrivilegeImplTest extends A
@Test
public void testInvalidDeclaredAggregate() throws Exception {
- NodeUtil privilegeDefs = new NodeUtil(root.getTree(PRIVILEGES_PATH));
- NodeUtil privDef = privilegeDefs.addChild("test", NT_REP_PRIVILEGE);
- privDef.setNames(REP_AGGREGATES, JCR_READ, "invalid");
+ Tree privilegeDefs = root.getTree(PRIVILEGES_PATH);
+ Tree privDef = TreeUtil.addChild(privilegeDefs, "test", NT_REP_PRIVILEGE);
+ privDef.setProperty(REP_AGGREGATES, ImmutableList.of(JCR_READ, "invalid"), Type.NAMES);
Privilege p = getPrivilegeManager(root).getPrivilege("test");
assertAggregation(p.getDeclaredAggregatePrivileges(), JCR_READ);
@@ -177,9 +180,9 @@ public class PrivilegeImplTest extends A
@Test
public void testCyclicDeclaredAggregate() throws Exception {
- NodeUtil privilegeDefs = new NodeUtil(root.getTree(PRIVILEGES_PATH));
- NodeUtil privDef = privilegeDefs.addChild("test", NT_REP_PRIVILEGE);
- privDef.setNames(REP_AGGREGATES, JCR_READ, "test");
+ Tree privilegeDefs = root.getTree(PRIVILEGES_PATH);
+ Tree privDef = TreeUtil.addChild(privilegeDefs, "test", NT_REP_PRIVILEGE);
+ privDef.setProperty(REP_AGGREGATES, ImmutableList.of(JCR_READ, "test"), Type.NAMES);
Privilege p = getPrivilegeManager(root).getPrivilege("test");
assertAggregation(p.getDeclaredAggregatePrivileges(), JCR_READ);
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializerTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializerTest.java?rev=1861358&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializerTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializerTest.java Fri Jun 14 16:30:11 2019
@@ -0,0 +1,90 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.privilege;
+
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.plugins.tree.RootProvider;
+import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
+import org.apache.jackrabbit.oak.spi.state.NodeState;
+import org.apache.jackrabbit.oak.spi.state.NodeStore;
+import org.junit.Before;
+import org.junit.Test;
+
+import javax.jcr.RepositoryException;
+
+import static org.apache.jackrabbit.JcrConstants.JCR_SYSTEM;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_PRIVILEGES;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.isNull;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+public class PrivilegeInitializerTest extends AbstractSecurityTest {
+
+ private PrivilegeInitializer initializer;
+
+ @Override
+ @Before
+ public void before() throws Exception {
+ super.before();
+ initializer = new PrivilegeInitializer(getRootProvider());
+ }
+
+ @Test(expected = IllegalStateException.class)
+ public void testMissingJcrSystem() {
+ initializer.initialize(mock(NodeBuilder.class));
+ }
+
+ @Test
+ public void testAlreadyInitialized() {
+ NodeBuilder nb = when(mock(NodeBuilder.class).hasChildNode(JCR_SYSTEM)).thenReturn(true).getMock();
+ when(nb.getChildNode(JCR_SYSTEM)).thenReturn(nb);
+ when(nb.hasChildNode(REP_PRIVILEGES)).thenReturn(true);
+
+ initializer.initialize(nb);
+
+ verify(nb, never()).child(anyString());
+ }
+
+ @Test(expected = RuntimeException.class)
+ public void testPrivilegeRegistrationFails() {
+ try {
+ NodeState ns = mock(NodeState.class);
+ NodeBuilder nb = when(mock(NodeBuilder.class).hasChildNode(JCR_SYSTEM)).thenReturn(true).getMock();
+ when(nb.getChildNode(anyString())).thenReturn(nb);
+ when(nb.child(anyString())).thenReturn(nb);
+ when(nb.getNodeState()).thenReturn(ns);
+
+ Tree t = when(mock(Tree.class).exists()).thenReturn(true).getMock();
+ when(t.hasChild(anyString())).thenReturn(true);
+
+ Root r = when(mock(Root.class).getTree(anyString())).thenReturn(t).getMock();
+ RootProvider rp = when(mock(RootProvider.class).createSystemRoot(any(NodeStore.class), isNull())).thenReturn(r).getMock();
+ PrivilegeInitializer pi = new PrivilegeInitializer(rp);
+ pi.initialize(nb);
+ } catch (RuntimeException e) {
+ assertTrue(e.getCause() instanceof RepositoryException);
+ throw e;
+ }
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializerTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorTest.java?rev=1861358&r1=1861357&r2=1861358&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorTest.java Fri Jun 14 16:30:11 2019
@@ -19,7 +19,6 @@ package org.apache.jackrabbit.oak.securi
import java.util.Collections;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
-import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.PropertyState;
@@ -29,6 +28,8 @@ import org.apache.jackrabbit.oak.api.Typ
import org.apache.jackrabbit.oak.plugins.memory.EmptyNodeState;
import org.apache.jackrabbit.oak.plugins.memory.MemoryNodeBuilder;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.plugins.tree.TreeProvider;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
@@ -36,19 +37,26 @@ import org.apache.jackrabbit.oak.spi.sta
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.spi.state.NodeStateUtils;
import org.jetbrains.annotations.NotNull;
+import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import static com.google.common.base.Preconditions.checkNotNull;
+import static org.apache.jackrabbit.JcrConstants.JCR_PRIMARYTYPE;
+import static org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants.NT_OAK_UNSTRUCTURED;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
public class PrivilegeValidatorTest extends AbstractSecurityTest implements PrivilegeConstants {
- PrivilegeBitsProvider bitsProvider;
- Tree privilegesTree;
+ private PrivilegeBitsProvider bitsProvider;
+ private Tree privilegesTree;
@Before
public void before() throws Exception {
@@ -57,9 +65,19 @@ public class PrivilegeValidatorTest exte
privilegesTree = checkNotNull(bitsProvider.getPrivilegesTree());
}
+ @After
+ public void after() throws Exception {
+ try {
+ root.refresh();
+ } finally {
+ super.after();
+ }
+ }
+
+ @NotNull
private Tree createPrivilegeTree(@NotNull String privName, @NotNull String... aggr) {
Tree privTree = privilegesTree.addChild(privName);
- privTree.setProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_PRIVILEGE, Type.NAME);
+ privTree.setProperty(JCR_PRIMARYTYPE, NT_REP_PRIVILEGE, Type.NAME);
privTree.setProperty(REP_AGGREGATES, ImmutableSet.copyOf(aggr), Type.NAMES);
return privTree;
}
@@ -68,47 +86,45 @@ public class PrivilegeValidatorTest exte
getPrivilegeManager(root).registerPrivilege(privName, false, aggr);
}
- private static void setPrivilegeBits(Tree tree, String name, long value) {
+ private static void setPrivilegeBits(@NotNull Tree tree, @NotNull String name, long value) {
tree.setProperty(PropertyStates.createProperty(name, Collections.singleton(value), Type.LONGS));
}
+ @NotNull
private PrivilegeValidator createPrivilegeValidator() {
Root immutable = getRootProvider().createReadOnlyRoot(root);
return new PrivilegeValidator(immutable, immutable, getTreeProvider());
}
- @Test
- public void testMissingPrivilegeBits() {
+ private static CommitFailedException assertCommitFailed(@NotNull CommitFailedException e, int code) {
+ assertTrue(e.isConstraintViolation());
+ assertEquals(code, e.getCode());
+ return e;
+ }
+
+ @Test(expected = CommitFailedException.class)
+ public void testMissingPrivilegeBits() throws Exception {
try {
createPrivilegeTree("test");
root.commit();
- fail("Missing privilege bits property must be detected.");
} catch (CommitFailedException e) {
- // success
- assertTrue(e.isConstraintViolation());
- } finally {
- root.refresh();
+ throw assertCommitFailed(e, 21);
}
}
- @Test
- public void testBitsConflict() {
+ @Test(expected = CommitFailedException.class)
+ public void testBitsConflict() throws Exception {
try {
Tree privTree = createPrivilegeTree("test");
bitsProvider.getBits(JCR_READ).writeTo(privTree);
root.commit();
- fail("Conflicting privilege bits property must be detected.");
} catch (CommitFailedException e) {
- // success
- assertTrue(e.isConstraintViolation());
- assertEquals(49, e.getCode());
- } finally {
- root.refresh();
+ throw assertCommitFailed(e, 49);
}
}
- @Test
- public void testBitsConflictWithAggregation() {
+ @Test(expected = CommitFailedException.class)
+ public void testBitsConflictWithAggregation() throws Exception {
try {
Tree privTree = createPrivilegeTree("test");
privTree.setProperty(PropertyStates.createProperty(REP_AGGREGATES,
@@ -116,52 +132,35 @@ public class PrivilegeValidatorTest exte
setPrivilegeBits(privTree, REP_BITS, 340);
root.commit();
- fail("Privilege bits don't match the aggregation.");
} catch (CommitFailedException e) {
- // success
- assertTrue(e.isConstraintViolation());
- assertEquals(53, e.getCode());
- } finally {
- root.refresh();
+ throw assertCommitFailed(e, 53);
}
-
-
}
- @Test
- public void testNextNotUpdated() {
+ @Test(expected = CommitFailedException.class)
+ public void testNextNotUpdated() throws Exception{
try {
Tree privTree = createPrivilegeTree("test");
PrivilegeBits.getInstance(privilegesTree).writeTo(privTree);
root.commit();
- fail("Outdated rep:next property must be detected.");
} catch (CommitFailedException e) {
- // success
- assertTrue(e.isConstraintViolation());
- assertEquals(43, e.getCode());
- } finally {
- root.refresh();
+ throw assertCommitFailed(e, 43);
}
}
- @Test
- public void testChangeNext() {
+ @Test(expected = CommitFailedException.class)
+ public void testChangeNext() throws Exception {
try {
setPrivilegeBits(bitsProvider.getPrivilegesTree(), REP_NEXT, 1);
root.commit();
- fail("Outdated rep:next property must be detected.");
} catch (CommitFailedException e) {
- // success
- assertTrue(e.isConstraintViolation());
- assertEquals(43, e.getCode());
- } finally {
- root.refresh();
+ throw assertCommitFailed(e, 43);
}
}
- @Test
- public void testSingularAggregation() {
+ @Test(expected = CommitFailedException.class)
+ public void testSingularAggregation() throws Exception {
try {
Tree privTree = createPrivilegeTree("test");
privTree.setProperty(PropertyStates.createProperty(REP_AGGREGATES, Collections.singletonList(JCR_READ), Type.NAMES));
@@ -170,21 +169,17 @@ public class PrivilegeValidatorTest exte
root.commit();
fail("Aggregation of a single privilege is invalid.");
} catch (CommitFailedException e) {
- // success
- assertTrue(e.isConstraintViolation());
- assertEquals(50, e.getCode());
- } finally {
- root.refresh();
+ throw assertCommitFailed(e, 50);
}
}
/**
* @see <a href="https://issues.apache.org/jira/browse/OAK-2413">OAK-2413</a>
*/
- @Test
+ @Test(expected = CommitFailedException.class)
public void testChildNodeChangedWithChanges() throws CommitFailedException {
NodeBuilder nb = EmptyNodeState.EMPTY_NODE.builder();
- nb.setProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_PRIVILEGE, Type.NAME);
+ nb.setProperty(JCR_PRIMARYTYPE, NT_REP_PRIVILEGE, Type.NAME);
NodeState privilegeDefinition = nb.getNodeState();
assertTrue(NT_REP_PRIVILEGE.equals(NodeStateUtils.getPrimaryTypeName(privilegeDefinition)));
@@ -193,8 +188,7 @@ public class PrivilegeValidatorTest exte
try {
pv.childNodeChanged("test", privilegeDefinition, EmptyNodeState.EMPTY_NODE);
} catch (CommitFailedException e) {
- assertTrue(e.isConstraintViolation());
- assertEquals(41, e.getCode());
+ throw assertCommitFailed(e, 41);
}
}
/**
@@ -203,16 +197,16 @@ public class PrivilegeValidatorTest exte
@Test
public void testChildNodeChangedWithoutChanges() throws CommitFailedException {
NodeBuilder nb = EmptyNodeState.EMPTY_NODE.builder();
- nb.setProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_PRIVILEGE, Type.NAME);
+ nb.setProperty(JCR_PRIMARYTYPE, NT_REP_PRIVILEGE, Type.NAME);
NodeState privilegeDefinition = nb.getNodeState();
- assertTrue(NT_REP_PRIVILEGE.equals(NodeStateUtils.getPrimaryTypeName(privilegeDefinition)));
+ assertEquals(NT_REP_PRIVILEGE, NodeStateUtils.getPrimaryTypeName(privilegeDefinition));
PrivilegeValidator pv = new PrivilegeValidator(root, root, getTreeProvider());
assertNull(pv.childNodeChanged("test", privilegeDefinition, privilegeDefinition));
}
- @Test
+ @Test(expected = CommitFailedException.class)
public void testAggregatesIncludesJcrAll() throws Exception {
try {
Tree privTree = createPrivilegeTree("test");
@@ -220,17 +214,25 @@ public class PrivilegeValidatorTest exte
PrivilegeBits.getInstance(bitsProvider.getBits(JCR_ALL, JCR_READ, JCR_WRITE)).writeTo(privTree);
root.commit();
- fail("Aggregation containing jcr:all is invalid.");
} catch (CommitFailedException e) {
- // success
- assertTrue(e.isConstraintViolation());
- assertEquals(53, e.getCode());
- } finally {
- root.refresh();
+ throw assertCommitFailed(e, 53);
}
}
- @Test
+ @Test(expected = CommitFailedException.class)
+ public void testAggregatesMatchesExisting() throws Exception {
+ try {
+ Tree privTree = createPrivilegeTree("test");
+ privTree.setProperty(PropertyStates.createProperty(REP_AGGREGATES, ImmutableList.of(REP_READ_NODES, REP_READ_PROPERTIES), Type.NAMES));
+ PrivilegeBits.getInstance(bitsProvider.getBits(REP_READ_NODES, REP_READ_PROPERTIES)).writeTo(privTree);
+
+ root.commit();
+ } catch (CommitFailedException e) {
+ throw assertCommitFailed(e, 53);
+ }
+ }
+
+ @Test(expected = CommitFailedException.class)
public void testPropertyChanged() throws Exception {
try {
PropertyState before = PropertyStates.createProperty(REP_AGGREGATES, ImmutableList.of(REP_READ_NODES, REP_READ_PROPERTIES), Type.NAMES);
@@ -238,114 +240,167 @@ public class PrivilegeValidatorTest exte
PrivilegeValidator validator = new PrivilegeValidator(root, root, getTreeProvider());
validator.propertyChanged(before, after);
- fail("modifying property in privilege store must fail.");
} catch (CommitFailedException e) {
- // success
- assertTrue(e.isConstraintViolation());
- assertEquals(45, e.getCode());
+ throw assertCommitFailed(e, 45);
}
}
- @Test
+ @Test(expected = CommitFailedException.class)
public void testPropertyDeleted() throws Exception {
try {
PropertyState before = PropertyStates.createProperty(REP_AGGREGATES, ImmutableList.of(REP_READ_NODES, REP_READ_PROPERTIES), Type.NAMES);
PrivilegeValidator validator = new PrivilegeValidator(root, root, getTreeProvider());
validator.propertyDeleted(before);
- fail("removing property from privilege store must fail.");
} catch (CommitFailedException e) {
- // success
- assertTrue(e.isConstraintViolation());
- assertEquals(46, e.getCode());
+ throw assertCommitFailed(e, 46);
}
}
- @Test
- public void testChildNodeDeleted() {
+ @Test(expected = CommitFailedException.class)
+ public void testChildNodeDeleted() throws Exception {
try {
root.getTree(PRIVILEGES_PATH).getChild(JCR_READ).remove();
root.commit();
- fail("removing privilege from privilege store must fail.");
} catch (CommitFailedException e) {
- // success
- assertTrue(e.isConstraintViolation());
- assertEquals(42, e.getCode());
+ throw assertCommitFailed(e, 42);
}
}
- @Test
- public void testPrivBitsMissing() {
+ @Test(expected = CommitFailedException.class)
+ public void testPrivBitsMissing() throws Exception{
try {
NodeState newDef = new MemoryNodeBuilder(EmptyNodeState.EMPTY_NODE)
- .setProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_PRIVILEGE)
+ .setProperty(JCR_PRIMARYTYPE, NT_REP_PRIVILEGE)
.getNodeState();
PrivilegeValidator validator = createPrivilegeValidator();
validator.childNodeAdded("test", newDef);
- fail("missing priv bits must be detected.");
} catch (CommitFailedException e) {
- assertTrue(e.isConstraintViolation());
- assertEquals(48, e.getCode());
+ throw assertCommitFailed(e, 48);
}
}
- @Test
- public void testUnknownAggregate() {
+ @Test(expected = CommitFailedException.class)
+ public void testUnknownAggregate() throws Exception {
try {
NodeState newDef = new MemoryNodeBuilder(EmptyNodeState.EMPTY_NODE)
- .setProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_PRIVILEGE)
+ .setProperty(JCR_PRIMARYTYPE, NT_REP_PRIVILEGE)
.setProperty(REP_BITS, 8)
.setProperty(REP_AGGREGATES, ImmutableList.of("unknown", JCR_READ), Type.NAMES)
.getNodeState();
PrivilegeValidator validator = createPrivilegeValidator();
validator.childNodeAdded("test", newDef);
- fail("unknown aggregate must be detected.");
} catch (CommitFailedException e) {
- assertTrue(e.isConstraintViolation());
- assertEquals(51, e.getCode());
+ throw assertCommitFailed(e, 51);
}
}
- @Test
+ @Test(expected = CommitFailedException.class)
public void testCircularAggregate() throws Exception {
try {
register("test");
NodeState newDef = new MemoryNodeBuilder(EmptyNodeState.EMPTY_NODE)
- .setProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_PRIVILEGE)
+ .setProperty(JCR_PRIMARYTYPE, NT_REP_PRIVILEGE)
.setProperty(REP_BITS, 8)
.setProperty(REP_AGGREGATES, ImmutableList.of("test", JCR_READ), Type.NAMES)
.getNodeState();
PrivilegeValidator validator = createPrivilegeValidator();
validator.childNodeAdded("test", newDef);
- fail("circular aggregate must be detected.");
} catch (CommitFailedException e) {
- assertTrue(e.isConstraintViolation());
- assertEquals(52, e.getCode());
+ throw assertCommitFailed(e, 52);
}
}
- @Test
+ @Test(expected = CommitFailedException.class)
public void testCircularAggregate2() throws Exception {
try {
register("test");
register("test2", "test", PrivilegeConstants.JCR_READ);
NodeState newDef = new MemoryNodeBuilder(EmptyNodeState.EMPTY_NODE)
- .setProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_PRIVILEGE)
+ .setProperty(JCR_PRIMARYTYPE, NT_REP_PRIVILEGE)
.setProperty(REP_BITS, 8)
.setProperty(REP_AGGREGATES, ImmutableList.of("test2", JCR_READ), Type.NAMES)
.getNodeState();
PrivilegeValidator validator = createPrivilegeValidator();
validator.childNodeAdded("test", newDef);
- fail("circular aggregate must be detected.");
} catch (CommitFailedException e) {
- assertTrue(e.isConstraintViolation());
- assertEquals(52, e.getCode());
+ throw assertCommitFailed(e, 52);
}
}
+
+ @Test(expected = CommitFailedException.class)
+ public void testInvalidAggregation() throws Exception {
+ Root before = adminSession.getLatestRoot();
+ Tree defsBefore = before.getTree(PRIVILEGES_PATH);
+ defsBefore.getChild(REP_READ_NODES).remove();
+
+ Tree privDefs = root.getTree(PRIVILEGES_PATH);
+ Tree newPriv = TreeUtil.addChild(privDefs, "newPriv", NT_REP_PRIVILEGE);
+ PrivilegeBits.getInstance(PrivilegeBits.BUILT_IN.get(JCR_READ), PrivilegeBits.BUILT_IN.get(JCR_ADD_CHILD_NODES)).writeTo(newPriv);
+ newPriv.setProperty(REP_AGGREGATES, ImmutableList.of(JCR_READ, JCR_ADD_CHILD_NODES), Type.NAMES);
+
+ TreeProvider tp = mock(TreeProvider.class);
+ when(tp.createReadOnlyTree(any(Tree.class), anyString(), any(NodeState.class))).thenReturn(newPriv);
+ try {
+ PrivilegeValidator validator = new PrivilegeValidator(before, root, tp);
+ validator.childNodeAdded("newPriv", getTreeProvider().asNodeState(newPriv));
+ } catch (CommitFailedException e) {
+ throw assertCommitFailed(e, 47);
+ }
+ }
+
+ @Test
+ public void testOtherNodeAdded() throws Exception {
+ NodeState ns = mock(NodeState.class);
+ PrivilegeValidator validator = createPrivilegeValidator();
+ assertNull(validator.childNodeAdded("test", ns));
+
+ when(ns.getProperty(JCR_PRIMARYTYPE)).thenReturn(PropertyStates.createProperty(JCR_PRIMARYTYPE, NT_OAK_UNSTRUCTURED, Type.NAME));
+ assertNull(validator.childNodeAdded("test", ns));
+ }
+
+ @Test
+ public void testOtherNodeChanged() throws Exception {
+ NodeState ns = mock(NodeState.class);
+ PrivilegeValidator validator = createPrivilegeValidator();
+ assertNull(validator.childNodeChanged("test", ns, ns));
+
+ when(ns.getProperty(JCR_PRIMARYTYPE)).thenReturn(PropertyStates.createProperty(JCR_PRIMARYTYPE, NT_OAK_UNSTRUCTURED, Type.NAME));
+ assertNull(validator.childNodeChanged("test", ns, ns));
+ }
+
+ @Test
+ public void testOtherNodeDeleted() throws Exception {
+ NodeState ns = mock(NodeState.class);
+ PrivilegeValidator validator = createPrivilegeValidator();
+ assertNull(validator.childNodeDeleted("test", ns));
+
+ when(ns.getProperty(JCR_PRIMARYTYPE)).thenReturn(PropertyStates.createProperty(JCR_PRIMARYTYPE, NT_OAK_UNSTRUCTURED, Type.NAME));
+ assertNull(validator.childNodeDeleted("test", ns));
+ }
+
+ @Test(expected = CommitFailedException.class)
+ public void testNonExistingPrivilegeRoot() throws Exception {
+ Tree t = when(mock(Tree.class).exists()).thenReturn(false).getMock();
+ Root r = when(mock(Root.class).getTree(PRIVILEGES_PATH)).thenReturn(t).getMock();
+ PrivilegeValidator validator = new PrivilegeValidator(r, r, getTreeProvider());
+ try {
+ PropertyState ps = PropertyStates.createProperty(REP_NEXT, "any");
+ validator.propertyChanged(ps, ps);
+ } catch (CommitFailedException e) {
+ throw assertCommitFailed(e, 44);
+ }
+ }
+
+ @Test
+ public void testPropertyAdded() {
+ PrivilegeValidator validator = createPrivilegeValidator();
+ validator.propertyAdded(mock(PropertyState.class));
+ }
}