You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2017/05/02 14:50:18 UTC
svn commit: r1793516 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/
oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/
oak-core/src/test/java/org/ap...
Author: angela
Date: Tue May 2 14:50:17 2017
New Revision: 1793516
URL: http://svn.apache.org/viewvc?rev=1793516&view=rev
Log:
OAK-6151 : Minor bugs in AccessControlImporter
OAK-5882 : Improve coverage for oak.security code in oak-core (wip)
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterAbortTest.java (with props)
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBaseTest.java (with props)
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBesteffortTest.java (with props)
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterIgnoreTest.java (with props)
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterWorkspaceTest.java (with props)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporter.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterBaseTest.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ImportAbortTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporter.java?rev=1793516&r1=1793515&r2=1793516&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporter.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporter.java Tue May 2 14:50:17 2017
@@ -16,7 +16,6 @@
*/
package org.apache.jackrabbit.oak.security.authorization.accesscontrol;
-import java.security.AccessControlException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
@@ -30,6 +29,7 @@ import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.Privilege;
@@ -90,6 +90,9 @@ public class AccessControlImporter imple
if (initialized) {
throw new IllegalStateException("Already initialized");
}
+ if (!(session instanceof JackrabbitSession)) {
+ return false;
+ }
try {
AuthorizationConfiguration config = securityProvider.getConfiguration(AuthorizationConfiguration.class);
importBehavior = Util.getImportBehavior(config);
@@ -239,7 +242,7 @@ public class AccessControlImporter imple
private final boolean isAllow;
private Principal principal;
- private List<Privilege> privileges;
+ private List<Privilege> privileges = new ArrayList();
private Map<String, Value> restrictions = new HashMap<String, Value>();
private boolean ignore;
@@ -248,7 +251,7 @@ public class AccessControlImporter imple
this.isAllow = isAllow;
}
- private void setPrincipal(TextValue txtValue) {
+ private void setPrincipal(TextValue txtValue) throws AccessControlException {
String principalName = txtValue.getString();
principal = principalManager.getPrincipal(principalName);
if (principal == null) {
@@ -266,7 +269,6 @@ public class AccessControlImporter imple
}
private void setPrivilegeNames(List<? extends TextValue> txtValues) throws RepositoryException {
- privileges = new ArrayList<Privilege>();
for (TextValue value : txtValues) {
Value privilegeName = value.getValue(PropertyType.NAME);
privileges.add(acMgr.privilegeFromName(privilegeName.getString()));
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterAbortTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterAbortTest.java?rev=1793516&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterAbortTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterAbortTest.java Tue May 2 14:50:17 2017
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.accesscontrol;
+
+import javax.jcr.security.AccessControlException;
+
+import com.google.common.collect.ImmutableList;
+import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;
+import org.junit.Test;
+
+public class AccessControlImporterAbortTest extends AccessControlImporterBaseTest{
+
+ @Override
+ String getImportBehavior() {
+ return ImportBehavior.NAME_ABORT;
+ }
+
+ @Test(expected = AccessControlException.class)
+ public void testStartAceChildInfoUnknownPrincipal() throws Exception {
+ init();
+ importer.start(aclTree);
+ importer.startChildInfo(aceInfo, ImmutableList.of(unknownPrincipalInfo));
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterAbortTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBaseTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBaseTest.java?rev=1793516&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBaseTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBaseTest.java Tue May 2 14:50:17 2017
@@ -0,0 +1,354 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.accesscontrol;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.annotation.Nonnull;
+import javax.jcr.ImportUUIDBehavior;
+import javax.jcr.PropertyType;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.Value;
+import javax.jcr.nodetype.ConstraintViolationException;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.AccessControlManager;
+
+import com.google.common.collect.ImmutableList;
+import org.apache.jackrabbit.JcrConstants;
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.spi.xml.NodeInfo;
+import org.apache.jackrabbit.oak.spi.xml.PropInfo;
+import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
+import org.apache.jackrabbit.oak.spi.xml.ReferenceChangeTracker;
+import org.apache.jackrabbit.oak.spi.xml.TextValue;
+import org.apache.jackrabbit.oak.util.TreeUtil;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.when;
+
+public abstract class AccessControlImporterBaseTest extends AbstractSecurityTest implements AccessControlConstants {
+
+ final NodeInfo aceInfo = new NodeInfo("anyAceName", NT_REP_GRANT_ACE, ImmutableList.of(), null);
+ final NodeInfo restrInfo = new NodeInfo("anyRestrName", NT_REP_RESTRICTIONS, ImmutableList.of(), null);
+ final PropInfo unknownPrincipalInfo = new PropInfo(REP_PRINCIPAL_NAME, PropertyType.STRING, createTextValue("unknownPrincipal"));
+
+ Tree accessControlledTree;
+ Tree aclTree;
+
+ AccessControlImporter importer;
+
+ @Override
+ public void before() throws Exception {
+ super.before();
+
+
+ Tree t = root.getTree(PathUtils.ROOT_PATH).addChild("testNode");
+ t.setProperty(JcrConstants.JCR_PRIMARYTYPE, NodeTypeConstants.NT_OAK_UNSTRUCTURED, Type.NAME);
+
+ AccessControlManager acMgr = getAccessControlManager(root);
+ JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, t.getPath());
+ acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privilegesFromNames(PrivilegeConstants.JCR_READ));
+ acMgr.setPolicy(t.getPath(), acl);
+ root.commit();
+
+ accessControlledTree = root.getTree("/testNode");
+ aclTree = accessControlledTree.getChild(REP_POLICY);
+
+ importer = new AccessControlImporter();
+ }
+
+ @Override
+ public void after() throws Exception {
+ try {
+ root.refresh();
+ Tree t = root.getTree("/testNode");
+ if (t.exists()) {
+ t.remove();
+ root.commit();
+ }
+ } finally {
+ super.after();
+ }
+ }
+
+ @Override
+ protected ConfigurationParameters getSecurityConfigParameters() {
+ ConfigurationParameters params = ConfigurationParameters.of(ProtectedItemImporter.PARAM_IMPORT_BEHAVIOR, getImportBehavior());
+ return ConfigurationParameters.of(AuthorizationConfiguration.NAME, params);
+ }
+
+ abstract String getImportBehavior();
+
+ Session mockJackrabbitSession() throws Exception {
+ JackrabbitSession s = Mockito.mock(JackrabbitSession.class);
+ when(s.getPrincipalManager()).thenReturn(getPrincipalManager(root));
+ when(s.getAccessControlManager()).thenReturn(getAccessControlManager(root));
+ return s;
+ }
+
+ boolean isWorkspaceImport() {
+ return false;
+ }
+
+ boolean init() throws Exception {
+ return importer.init(mockJackrabbitSession(), root, getNamePathMapper(), isWorkspaceImport(), ImportUUIDBehavior.IMPORT_UUID_COLLISION_REMOVE_EXISTING, new ReferenceChangeTracker(), getSecurityProvider());
+ }
+
+ TextValue createTextValue(@Nonnull String val) {
+ return new TextValue() {
+ @Override
+ public String getString() {
+ return val;
+ }
+
+ @Override
+ public Value getValue(int targetType) throws RepositoryException {
+ return getValueFactory(root).createValue(val, targetType);
+ }
+
+ @Override
+ public void dispose() {
+ //nop
+
+ }
+ };
+ }
+
+ List<TextValue> createTextValues(@Nonnull String... values) {
+ List<TextValue> l = new ArrayList();
+ for (String v : values) {
+ l.add(createTextValue(v));
+ }
+ return l;
+ }
+
+ //---------------------------------------------------------------< init >---
+ @Test
+ public void testInitNoJackrabbitSession() throws Exception {
+ Session s = Mockito.mock(Session.class);
+ assertFalse(importer.init(s, root, getNamePathMapper(), false, ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW, new ReferenceChangeTracker(), getSecurityProvider()));
+ }
+
+ @Test(expected = IllegalStateException.class)
+ public void testInitAlreadyInitialized() throws Exception {
+ init();
+ importer.init(mockJackrabbitSession(), root, getNamePathMapper(), isWorkspaceImport(), ImportUUIDBehavior.IMPORT_UUID_COLLISION_REMOVE_EXISTING, new ReferenceChangeTracker(), getSecurityProvider());
+ }
+
+ @Test
+ public void testInitImportUUIDBehaviorRemove() throws Exception {
+ assertTrue(importer.init(mockJackrabbitSession(), root, getNamePathMapper(), isWorkspaceImport(), ImportUUIDBehavior.IMPORT_UUID_COLLISION_REMOVE_EXISTING, new ReferenceChangeTracker(), getSecurityProvider()));
+ }
+
+
+ @Test
+ public void testInitImportUUIDBehaviorReplace() throws Exception {
+ assertTrue(importer.init(mockJackrabbitSession(), root, getNamePathMapper(), isWorkspaceImport(), ImportUUIDBehavior.IMPORT_UUID_COLLISION_REPLACE_EXISTING, new ReferenceChangeTracker(), getSecurityProvider()));
+ }
+
+ @Test
+ public void testInitImportUUIDBehaviorThrow() throws Exception {
+ assertTrue(importer.init(mockJackrabbitSession(), root, getNamePathMapper(), isWorkspaceImport(), ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW, new ReferenceChangeTracker(), getSecurityProvider()));
+ }
+
+ @Test
+ public void testInitImportUUIDBehaviourCreateNew() throws Exception {
+ assertTrue(importer.init(mockJackrabbitSession(), root, getNamePathMapper(), isWorkspaceImport(), ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW, new ReferenceChangeTracker(), getSecurityProvider()));
+ }
+
+ //--------------------------------------------------------------< start >---
+ @Test(expected = IllegalStateException.class)
+ public void testStartNotInitialized() throws Exception {
+ importer.start(Mockito.mock(Tree.class));
+ }
+
+ @Test
+ public void testStartRootTree() throws Exception {
+ init();
+ assertFalse(importer.start(root.getTree(PathUtils.ROOT_PATH)));
+ }
+
+ @Test
+ public void testStartAccessControlledTree() throws Exception {
+ init();
+ assertFalse(importer.start(accessControlledTree));
+ }
+
+ @Test
+ public void testStartAclTree() throws Exception {
+ init();
+ assertTrue(importer.start(aclTree));
+ assertFalse(root.hasPendingChanges());
+ }
+
+ @Test
+ public void testStartAclTreeMissingMixin() throws Exception {
+ init();
+ accessControlledTree.removeProperty(JcrConstants.JCR_MIXINTYPES);
+ assertFalse(importer.start(aclTree));
+ }
+
+ @Test
+ public void testStartRepoPolicyTree() throws Exception {
+ init();
+
+ AccessControlManager acMgr = getAccessControlManager(root);
+ JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, null);
+ acMgr.setPolicy(null, acl);
+
+ Tree repoPolicy = root.getTree("/"+REP_REPO_POLICY);
+ assertTrue(repoPolicy.exists());
+
+ assertTrue(importer.start(repoPolicy));
+ }
+
+ @Test
+ public void testStartRepoPolicyTreeMissingMixin() throws Exception {
+ init();
+
+ Tree rootTree = root.getTree(PathUtils.ROOT_PATH);
+ Tree repoPolicy = accessControlledTree.addChild(REP_REPO_POLICY);
+ repoPolicy.setProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_ACL, Type.NAME);
+
+ assertFalse(importer.start(repoPolicy));
+ }
+
+ @Test
+ public void testStartMisplacedRepoPolicyTree() throws Exception {
+ init();
+
+ TreeUtil.addMixin(accessControlledTree, MIX_REP_REPO_ACCESS_CONTROLLABLE, root.getTree(NodeTypeConstants.NODE_TYPES_PATH), null);
+ Tree repoPolicy = accessControlledTree.addChild(REP_REPO_POLICY);
+ repoPolicy.setProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_ACL, Type.NAME);
+
+ assertFalse(importer.start(repoPolicy));
+ }
+
+ //--------------------------------------------------< processReferences >---
+
+ @Test
+ public void testProcessReferencesIsNoOp() throws Exception {
+ importer.processReferences();
+ assertFalse(root.hasPendingChanges());
+ }
+
+ //-----------------------------------------------------< startChildInfo >---
+
+ @Test(expected = IllegalStateException.class)
+ public void testStartChildInfoNotInitialized() throws Exception {
+ importer.startChildInfo(Mockito.mock(NodeInfo.class), ImmutableList.of());
+ }
+
+ @Test(expected = ConstraintViolationException.class)
+ public void testStartChildInfoUnknownType() throws Exception {
+ NodeInfo invalidChildInfo = new NodeInfo("anyName", NodeTypeConstants.NT_OAK_UNSTRUCTURED, ImmutableList.of(), null);
+ init();
+ importer.start(aclTree);
+ importer.startChildInfo(invalidChildInfo, ImmutableList.of());
+ }
+
+ @Test(expected = ConstraintViolationException.class)
+ public void testStartNestedAceChildInfo() throws Exception {
+ init();
+ importer.start(aclTree);
+ importer.startChildInfo(aceInfo, ImmutableList.of());
+ importer.startChildInfo(aceInfo, ImmutableList.of());
+ }
+
+ @Test(expected = ConstraintViolationException.class)
+ public void testStartRestrictionChildInfoWithoutAce() throws Exception {
+ init();
+ importer.start(aclTree);
+ importer.startChildInfo(restrInfo, ImmutableList.of());
+ }
+
+ public void testStartAceAndRestrictionChildInfo() throws Exception {
+ init();
+ importer.start(aclTree);
+ importer.startChildInfo(aceInfo, ImmutableList.of());
+ importer.startChildInfo(restrInfo, ImmutableList.of());
+ }
+
+ @Test(expected = AccessControlException.class)
+ public void testStartAceChildInfoInvalidPrivilege() throws Exception {
+ init();
+ importer.start(aclTree);
+ PropInfo invalidPrivInfo = new PropInfo(REP_PRIVILEGES, PropertyType.NAME, createTextValues("jcr:invalidPrivilege"), PropInfo.MultipleStatus.MULTIPLE);
+ importer.startChildInfo(aceInfo, ImmutableList.of(invalidPrivInfo));
+ }
+
+ //-------------------------------------------------------< endChildInfo >---
+
+ @Test(expected = IllegalStateException.class)
+ public void testEndChildInfoNotInitialized() throws Exception {
+ importer.endChildInfo();
+ }
+
+ @Test(expected = ConstraintViolationException.class)
+ public void testEndChildInfoWithoutStart() throws Exception {
+ init();
+ importer.start(aclTree);
+ importer.endChildInfo();
+ }
+
+ @Test(expected = AccessControlException.class)
+ public void testEndChildInfoIncompleteAce() throws Exception {
+ init();
+ importer.start(aclTree);
+ importer.startChildInfo(aceInfo, ImmutableList.of());
+ importer.endChildInfo();
+ }
+
+ //----------------------------------------------------------------< end >---
+ @Test(expected = IllegalStateException.class)
+ public void testEndWithoutStart() throws Exception {
+ importer.end(aclTree);
+ }
+
+ @Test(expected = IllegalStateException.class)
+ public void testEndWithoutAcl() throws Exception {
+ assertFalse(importer.start(accessControlledTree));
+ importer.end(accessControlledTree);
+ }
+
+ @Test
+ public void testEndWithoutChildInfo() throws Exception {
+ init();
+ importer.start(aclTree);
+ importer.end(aclTree);
+
+ assertTrue(root.hasPendingChanges());
+ assertFalse(aclTree.getChildren().iterator().hasNext());
+ }
+
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBaseTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBesteffortTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBesteffortTest.java?rev=1793516&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBesteffortTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBesteffortTest.java Tue May 2 14:50:17 2017
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.accesscontrol;
+
+import javax.jcr.PropertyType;
+
+import com.google.common.collect.ImmutableList;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;
+import org.apache.jackrabbit.oak.spi.xml.PropInfo;
+import org.apache.jackrabbit.oak.util.TreeUtil;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+
+public class AccessControlImporterBesteffortTest extends AccessControlImporterBaseTest{
+
+ @Override
+ String getImportBehavior() {
+ return ImportBehavior.NAME_BESTEFFORT;
+ }
+
+ @Test
+ public void testStartAceChildInfoUnknownPrincipal() throws Exception {
+ init();
+ importer.start(aclTree);
+ importer.startChildInfo(aceInfo, ImmutableList.of(unknownPrincipalInfo));
+ }
+
+ @Test
+ public void testImportWithUnknownPrincipal() throws Exception {
+ init();
+ importer.start(aclTree);
+
+ PropInfo privs = new PropInfo(REP_PRIVILEGES, PropertyType.NAME, createTextValues(PrivilegeConstants.JCR_READ));
+ importer.startChildInfo(aceInfo, ImmutableList.of(unknownPrincipalInfo, privs));
+ importer.endChildInfo();
+
+ importer.end(aclTree);
+
+ Tree aceTree = aclTree.getChildren().iterator().next();
+ assertEquals(unknownPrincipalInfo.getValue(PropertyType.STRING).getString(), TreeUtil.getString(aceTree, REP_PRINCIPAL_NAME));
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBesteffortTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterIgnoreTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterIgnoreTest.java?rev=1793516&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterIgnoreTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterIgnoreTest.java Tue May 2 14:50:17 2017
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.accesscontrol;
+
+import javax.jcr.PropertyType;
+
+import com.google.common.collect.ImmutableList;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;
+import org.apache.jackrabbit.oak.spi.xml.PropInfo;
+import org.junit.Test;
+
+import static org.junit.Assert.assertFalse;
+
+public class AccessControlImporterIgnoreTest extends AccessControlImporterBaseTest{
+
+ @Override
+ String getImportBehavior() {
+ return ImportBehavior.NAME_IGNORE;
+ }
+
+ @Test
+ public void testStartAceChildInfoUnknownPrincipal() throws Exception {
+ init();
+ importer.start(aclTree);
+ importer.startChildInfo(aceInfo, ImmutableList.of(unknownPrincipalInfo));
+ }
+
+ @Test
+ public void testImportWithUnknownPrincipal() throws Exception {
+ init();
+ importer.start(aclTree);
+
+ PropInfo privs = new PropInfo(REP_PRIVILEGES, PropertyType.NAME, createTextValues(PrivilegeConstants.JCR_READ));
+ importer.startChildInfo(aceInfo, ImmutableList.of(unknownPrincipalInfo, privs));
+ importer.endChildInfo();
+
+ importer.end(aclTree);
+
+ // ace with invalid principal is ignored with this behaviour => ace tree not imported
+ assertFalse(aclTree.getChildren().iterator().hasNext());
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterIgnoreTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterWorkspaceTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterWorkspaceTest.java?rev=1793516&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterWorkspaceTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterWorkspaceTest.java Tue May 2 14:50:17 2017
@@ -0,0 +1,25 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.accesscontrol;
+
+public class AccessControlImporterWorkspaceTest extends AccessControlImporterAbortTest{
+
+ @Override
+ boolean isWorkspaceImport() {
+ return true;
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterWorkspaceTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterBaseTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterBaseTest.java?rev=1793516&r1=1793515&r2=1793516&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterBaseTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterBaseTest.java Tue May 2 14:50:17 2017
@@ -59,9 +59,6 @@ import org.mockito.Mockito;
import static org.junit.Assert.assertEquals;
import static org.mockito.Mockito.when;
-/**
- * UserImporterBaseTest... TODO
- */
public abstract class UserImporterBaseTest extends AbstractSecurityTest implements UserConstants {
static final String TEST_USER_ID = "uid";
@@ -127,7 +124,6 @@ public abstract class UserImporterBaseTe
return false;
}
-
boolean init() throws Exception {
return init(false);
}
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ImportAbortTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ImportAbortTest.java?rev=1793516&r1=1793515&r2=1793516&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ImportAbortTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ImportAbortTest.java Tue May 2 14:50:17 2017
@@ -16,26 +16,20 @@
*/
package org.apache.jackrabbit.oak.jcr.security.authorization;
-import java.security.AccessControlException;
+
+import javax.jcr.security.AccessControlException;
import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;
import org.junit.Test;
-import static org.junit.Assert.fail;
-
public class ImportAbortTest extends ImportIgnoreTest {
protected String getImportBehavior() {
return ImportBehavior.NAME_ABORT;
}
- @Test
+ @Test(expected = AccessControlException.class)
public void testImportUnknownPrincipal() throws Exception {
- try {
- runImport();
- fail("Import with unknown principal must fail.");
- } catch (AccessControlException e) {
- // success
- }
+ runImport();
}
}