You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2018/04/05 13:51:04 UTC
svn commit: r1828434 -
/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L7_PermissionContentTest.java
Author: angela
Date: Thu Apr 5 13:51:03 2018
New Revision: 1828434
URL: http://svn.apache.org/viewvc?rev=1828434&view=rev
Log:
OAK-3008 : Training material for Oak security (wip)
Modified:
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L7_PermissionContentTest.java
Modified: jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L7_PermissionContentTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L7_PermissionContentTest.java?rev=1828434&r1=1828433&r2=1828434&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L7_PermissionContentTest.java (original)
+++ jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L7_PermissionContentTest.java Thu Apr 5 13:51:03 2018
@@ -16,9 +16,17 @@
*/
package org.apache.jackrabbit.oak.exercise.security.authorization.permission;
+import javax.jcr.GuestCredentials;
+
import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
import org.junit.Test;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
/**
* <pre>
* Module: Authorization (Permission Evaluation)
@@ -62,20 +70,41 @@ import org.junit.Test;
* Question: Can you explain why the permission store is read-only?
* Question: Can you identify the class(es) responsible for enforcing the read-only nature?
*
- * - {@link #TODO}
- *
* </pre>
*/
public class L7_PermissionContentTest extends AbstractSecurityTest {
- @Test
- public void testReadOnly() {
- // TODO
- }
+ String permissionStorePath = null; // EXERCISE: specify the path to the permission store root node
@Test
public void testAdministrativeAccessOnly() {
- // TODO
+ Root root = adminSession.getLatestRoot();
+ Tree permissionStoreTree = root.getTree(permissionStorePath);
+ assertTrue(permissionStoreTree.exists());
+
+ // EXERCISE : explain the content structure of the permission store
+ Tree wspTree = permissionStoreTree.getChild(adminSession.getWorkspaceName());
+ for (Tree t : wspTree.getChildren()) {
+ System.out.println(t.getName());
+ }
+
+ // EXERCISE : pick one child tree above and inspect the subtree
+ // - what does the name of the child stand for?
+ // - explain the structure
+ String name = null; // EXERCISE
+ Tree child = wspTree.getChild(name);
+
+ // EXERCISE: walk through the tree structure and look at the properties
}
+ @Test
+ public void testReadOnly() throws Exception {
+ ContentSession guestSession = login(new GuestCredentials());
+
+ Root root = guestSession.getLatestRoot();
+ Tree permissionStoreTree = root.getTree(permissionStorePath);
+
+ // EXERCISE: explain the fact that the tree does not exist
+ assertFalse(permissionStoreTree.exists());
+ }
}
\ No newline at end of file