You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2019/06/24 08:40:29 UTC
svn commit: r1861981 - in
/jackrabbit/oak/trunk/oak-authorization-principalbased/src:
main/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/
test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/
Author: angela
Date: Mon Jun 24 08:40:29 2019
New Revision: 1861981
URL: http://svn.apache.org/viewvc?rev=1861981&view=rev
Log:
OAK-8433 : Effective path must be an absolute path
Modified:
jackrabbit/oak/trunk/oak-authorization-principalbased/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PrincipalPolicyImpl.java
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PrincipalPolicyImplTest.java
Modified: jackrabbit/oak/trunk/oak-authorization-principalbased/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PrincipalPolicyImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-principalbased/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PrincipalPolicyImpl.java?rev=1861981&r1=1861980&r2=1861981&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-principalbased/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PrincipalPolicyImpl.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-principalbased/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PrincipalPolicyImpl.java Mon Jun 24 08:40:29 2019
@@ -23,6 +23,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlList;
@@ -108,6 +109,9 @@ class PrincipalPolicyImpl extends Abstra
@Override
public boolean addEntry(@Nullable String effectivePath, @NotNull Privilege[] privileges, @NotNull Map<String, Value> restrictions, @NotNull Map<String, Value[]> mvRestrictions) throws RepositoryException {
String oakPath = (effectivePath == null) ? null : getNamePathMapper().getOakPath(effectivePath);
+ if (oakPath != null && !PathUtils.isAbsolute(oakPath)) {
+ throw new AccessControlException("Absolute path expected. Instead was " + effectivePath);
+ }
Set<Restriction> rs = validateRestrictions(oakPath, restrictions, mvRestrictions);
PrivilegeBits privilegeBits = validatePrivileges(privileges);
Modified: jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PrincipalPolicyImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PrincipalPolicyImplTest.java?rev=1861981&r1=1861980&r2=1861981&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PrincipalPolicyImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PrincipalPolicyImplTest.java Mon Jun 24 08:40:29 2019
@@ -358,6 +358,16 @@ public class PrincipalPolicyImplTest ext
}
@Test(expected = AccessControlException.class)
+ public void testAddEntryWithRelativePath() throws Exception {
+ emptyPolicy.addEntry("relative/path", privilegesFromNames(PrivilegeConstants.JCR_ADD_CHILD_NODES));
+ }
+
+ @Test(expected = AccessControlException.class)
+ public void testAddEntryWithEmptyPath() throws Exception {
+ emptyPolicy.addEntry("", privilegesFromNames(PrivilegeConstants.JCR_REMOVE_NODE));
+ }
+
+ @Test(expected = AccessControlException.class)
public void testAddEntryEmptyPrivileges() throws Exception {
policy.addEntry(testJcrPath, new Privilege[0]);
}