You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/04/19 16:28:55 UTC
svn commit: r1469845 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/security/authorization/
test/java/org/apache/jackrabbit/oak/security/authorization/
Author: angela
Date: Fri Apr 19 14:28:55 2013
New Revision: 1469845
URL: http://svn.apache.org/r1469845
Log:
OAK-51 : Access Control Management (tests, minor improvement)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlInitializer.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlInitializer.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlInitializer.java?rev=1469845&r1=1469844&r2=1469845&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlInitializer.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlInitializer.java Fri Apr 19 14:28:55 2013
@@ -37,12 +37,13 @@ public class AccessControlInitializer im
@Override
public NodeState initialize(NodeState workspaceRoot, String workspaceName, QueryIndexProvider indexProvider, CommitHook commitHook) {
NodeBuilder root = workspaceRoot.builder();
+
// property index for rep:principalName stored in ACEs
NodeBuilder index = IndexUtils.getOrCreateOakIndex(root);
if (!index.hasChildNode("acPrincipalName")) {
IndexUtils.createIndexDefinition(index, "acPrincipalName", true, false,
ImmutableList.<String>of(REP_PRINCIPAL_NAME),
- ImmutableList.<String>of(NT_REP_DENY_ACE, NT_REP_GRANT_ACE));
+ ImmutableList.<String>of(NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_ACE));
}
return root.getNodeState();
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1469845&r1=1469844&r2=1469845&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java Fri Apr 19 14:28:55 2013
@@ -25,6 +25,7 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
import javax.jcr.AccessDeniedException;
import javax.jcr.NamespaceRegistry;
import javax.jcr.PathNotFoundException;
@@ -55,6 +56,7 @@ import org.apache.jackrabbit.oak.plugins
import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
+import org.apache.jackrabbit.oak.spi.security.authorization.TestACL;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.util.NodeUtil;
@@ -150,7 +152,7 @@ public class AccessControlManagerImplTes
return new NamePathMapperImpl(remapped);
}
- private ACL getApplicablePolicy(String path) throws RepositoryException {
+ private ACL getApplicablePolicy(@Nullable String path) throws RepositoryException {
AccessControlPolicyIterator itr = acMgr.getApplicablePolicies(path);
if (itr.hasNext()) {
return (ACL) itr.nextAccessControlPolicy();
@@ -159,7 +161,7 @@ public class AccessControlManagerImplTes
}
}
- private ACL createPolicy(String path) {
+ private ACL createPolicy(@Nullable String path) {
final PrincipalManager pm = getPrincipalManager();
final RestrictionProvider rp = getRestrictionProvider();
return new ACL(path, getNamePathMapper()) {
@@ -186,7 +188,8 @@ public class AccessControlManagerImplTes
};
}
- private void setupPolicy(String path) throws RepositoryException {
+ @Nonnull
+ private ACL setupPolicy(@Nullable String path) throws RepositoryException {
ACL policy = getApplicablePolicy(path);
if (path == null) {
policy.addAccessControlEntry(testPrincipal, testPrivileges);
@@ -194,9 +197,10 @@ public class AccessControlManagerImplTes
policy.addEntry(testPrincipal, testPrivileges, true, getGlobRestriction("*"));
}
acMgr.setPolicy(path, policy);
+ return policy;
}
- private Map<String, Value> getGlobRestriction(String value) {
+ private Map<String, Value> getGlobRestriction(@Nonnull String value) {
return ImmutableMap.of(REP_GLOB, valueFactory.createValue(value));
}
@@ -1050,6 +1054,20 @@ public class AccessControlManagerImplTes
}
@Test
+ public void testSetRepoPolicy() throws Exception {
+ ACL acl = getApplicablePolicy(null);
+ acl.addAccessControlEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_NAMESPACE_MANAGEMENT));
+
+ acMgr.setPolicy(null, acl);
+ root.commit();
+
+ Root root2 = adminSession.getLatestRoot();
+ AccessControlPolicy[] policies = getAccessControlManager(root2).getPolicies((String) null);
+ assertEquals(1, policies.length);
+ assertArrayEquals(acl.getAccessControlEntries(), ((ACL) policies[0]).getAccessControlEntries());
+ }
+
+ @Test
public void testSetPolicyWritesAcContent() throws Exception {
ACL acl = getApplicablePolicy(testPath);
acl.addAccessControlEntry(testPrincipal, testPrivileges);
@@ -1127,12 +1145,35 @@ public class AccessControlManagerImplTes
@Test
public void testSetInvalidPolicy() throws Exception {
- // TODO
- }
+ try {
+ acMgr.setPolicy(testPath, new TestACL(testPath, getRestrictionProvider()));
+ fail("Setting invalid policy must fail");
+ } catch (AccessControlException e) {
+ // success
+ }
- @Test
- public void testSetRepoPolicy() throws Exception {
- // TODO
+ ACL acl = setupPolicy(testPath);
+ try {
+ acMgr.setPolicy(testPath, new TestACL(testPath, getRestrictionProvider()));
+ fail("Setting invalid policy must fail");
+ } catch (AccessControlException e) {
+ // success
+ }
+
+ ACL repoAcl = setupPolicy(null);
+ try {
+ acMgr.setPolicy(testPath, repoAcl);
+ fail("Setting invalid policy must fail");
+ } catch (AccessControlException e) {
+ // success
+ }
+
+ try {
+ acMgr.setPolicy(null, acl);
+ fail("Setting invalid policy must fail");
+ } catch (AccessControlException e) {
+ // success
+ }
}
@Test
@@ -1185,20 +1226,62 @@ public class AccessControlManagerImplTes
}
}
+ @Test
+ public void testSetPolicyAtDifferentPath() throws Exception {
+ try {
+ ACL acl = getApplicablePolicy(testPath);
+ acMgr.setPolicy("/", acl);
+ fail("Setting access control policy at a different node path must fail");
+ } catch (AccessControlException e) {
+ // success
+ }
+ }
+
//--------------------------< removePolicy(String, AccessControlPolicy) >---
@Test
public void testRemovePolicy() throws Exception {
- // TODO
+ ACL acl = setupPolicy(testPath);
+
+ acMgr.removePolicy(testPath, acl);
+
+ assertEquals(0, acMgr.getPolicies(testPath).length);
+ assertTrue(acMgr.getApplicablePolicies(testPath).hasNext());
}
@Test
- public void testRemoveInvalidPolicy() throws Exception {
- // TODO
+ public void testRemoveRepoPolicy() throws Exception {
+ ACL acl = setupPolicy(null);
+
+ acMgr.removePolicy(null, acl);
+
+ assertEquals(0, acMgr.getPolicies((String) null).length);
+ assertTrue(acMgr.getApplicablePolicies((String) null).hasNext());
}
@Test
- public void testRemoveRepoPolicy() throws Exception {
- // TODO
+ public void testRemoveInvalidPolicy() throws Exception {
+ ACL acl = setupPolicy(testPath);
+ try {
+ acMgr.removePolicy(testPath, new TestACL(testPath, getRestrictionProvider()));
+ fail("Invalid policy -> removal must fail");
+ } catch (AccessControlException e) {
+ // success
+ }
+
+ ACL repoAcl = setupPolicy(null);
+ try {
+ acMgr.removePolicy(testPath, repoAcl);
+ fail("Setting invalid policy must fail");
+ } catch (AccessControlException e) {
+ // success
+ }
+
+ try {
+ acMgr.removePolicy(null, acl);
+ fail("Setting invalid policy must fail");
+ } catch (AccessControlException e) {
+ // success
+ }
}
@Test
@@ -1251,6 +1334,18 @@ public class AccessControlManagerImplTes
}
}
+ @Test
+ public void testRemovePolicyAtDifferentPath() throws Exception {
+ try {
+ setupPolicy(testPath);
+ ACL acl = getApplicablePolicy("/");
+ acMgr.removePolicy(testPath, acl);
+ fail("Removing access control policy at a different node path must fail");
+ } catch (AccessControlException e) {
+ // success
+ }
+ }
+
//-----------------------------------< getApplicablePolicies(Principal) >---
// TODO
@@ -1259,4 +1354,10 @@ public class AccessControlManagerImplTes
//------------------------------------< getEffectivePolicies(Principal) >---
// TODO
+
+ //-----------------------------------------------< setPrincipalPolicy() >---
+ // TODO
+
+ //--------------------------------------------< removePrincipalPolicy() >---
+ // TODO
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java?rev=1469845&r1=1469844&r2=1469845&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java Fri Apr 19 14:28:55 2013
@@ -22,7 +22,6 @@ import org.apache.jackrabbit.JcrConstant
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Tree;
-import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
import org.apache.jackrabbit.oak.util.NodeUtil;
@@ -34,9 +33,6 @@ import static org.junit.Assert.assertEqu
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-/**
- * AccessControlValidatorTest... TODO
- */
public class AccessControlValidatorTest extends AbstractAccessControlTest implements AccessControlConstants {
private final String testName = "testRoot";
@@ -44,7 +40,6 @@ public class AccessControlValidatorTest
private final String aceName = "validAce";
private Principal testPrincipal;
- private Principal testPrincipal2;
@Before
public void before() throws Exception {
@@ -55,9 +50,7 @@ public class AccessControlValidatorTest
root.commit();
- // TODO
- testPrincipal = new PrincipalImpl("testPrincipal");
- testPrincipal2 = new PrincipalImpl("anotherPrincipal");
+ testPrincipal = getTestPrincipal();
}
@After
@@ -282,7 +275,7 @@ public class AccessControlValidatorTest
NodeUtil acl = createAcl();
String privName = "invalidPrivilegeName";
- createACE(acl, "invalid", NT_REP_GRANT_ACE, testPrincipal2.getName(), privName);
+ createACE(acl, "invalid", NT_REP_GRANT_ACE, testPrincipal.getName(), privName);
try {
root.commit();
fail("Creating an ACE with invalid privilege should fail.");
@@ -298,7 +291,7 @@ public class AccessControlValidatorTest
pMgr.registerPrivilege("abstractPrivilege", true, new String[0]);
NodeUtil acl = createAcl();
- createACE(acl, "invalid", NT_REP_GRANT_ACE, testPrincipal2.getName(), "abstractPrivilege");
+ createACE(acl, "invalid", NT_REP_GRANT_ACE, testPrincipal.getName(), "abstractPrivilege");
try {
root.commit();
fail("Creating an ACE with an abstract privilege should fail.");