You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2011/03/17 12:57:13 UTC
svn commit: r1082450 - in /jackrabbit/trunk/jackrabbit-core/src:
main/java/org/apache/jackrabbit/core/security/authorization/
main/java/org/apache/jackrabbit/core/security/authorization/principalbased/
main/java/org/apache/jackrabbit/core/security/user...
Author: angela
Date: Thu Mar 17 11:57:12 2011
New Revision: 1082450
URL: http://svn.apache.org/viewvc?rev=1082450&view=rev
Log:
JCR-2887 : Split PrivilegeRegistry in a per-session manager instance and a repository level registry [work in progress]
Added:
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java (with props)
Modified:
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/CompiledPermissions.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImpl.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLProvider.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractACLTemplateTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java Thu Mar 17 11:57:12 2011
@@ -105,9 +105,9 @@ public abstract class AbstractAccessCont
return true;
}
public int getPrivileges(Path absPath) throws RepositoryException {
- return getPrivilegeManagerImpl().getBits(new Privilege[] {getAllPrivilege()});
+ return getPrivilegeManagerImpl().getBits(getAllPrivilege());
}
- public boolean hasPrivileges(Path absPath, Privilege[] privileges) {
+ public boolean hasPrivileges(Path absPath, Privilege... privileges) {
return true;
}
public Set<Privilege> getPrivilegeSet(Path absPath) throws RepositoryException {
@@ -150,10 +150,10 @@ public abstract class AbstractAccessCont
if (isAcItem(absPath)) {
return PrivilegeRegistry.NO_PRIVILEGE;
} else {
- return getPrivilegeManagerImpl().getBits(new Privilege[] {getReadPrivilege()});
+ return getPrivilegeManagerImpl().getBits(getReadPrivilege());
}
}
- public boolean hasPrivileges(Path absPath, Privilege[] privileges) throws RepositoryException {
+ public boolean hasPrivileges(Path absPath, Privilege... privileges) throws RepositoryException {
if (isAcItem(absPath)) {
return false;
} else {
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java Thu Mar 17 11:57:12 2011
@@ -20,7 +20,6 @@ import org.apache.commons.collections.ma
import org.apache.jackrabbit.spi.Path;
import javax.jcr.RepositoryException;
-import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
import java.util.Collection;
import java.util.Collections;
@@ -123,9 +122,9 @@ public abstract class AbstractCompiledPe
}
/**
- * @see CompiledPermissions#hasPrivileges(Path, Privilege[])
+ * @see CompiledPermissions#hasPrivileges(org.apache.jackrabbit.spi.Path,javax.jcr.security.Privilege...)
*/
- public boolean hasPrivileges(Path absPath, Privilege[] privileges) throws RepositoryException {
+ public boolean hasPrivileges(Path absPath, Privilege... privileges) throws RepositoryException {
Result result = getResult(absPath);
int builtin = getPrivilegeManagerImpl().getBits(privileges);
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/CompiledPermissions.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/CompiledPermissions.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/CompiledPermissions.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/CompiledPermissions.java Thu Mar 17 11:57:12 2011
@@ -74,7 +74,7 @@ public interface CompiledPermissions {
* specified <code>absPath</code>.
* @throws RepositoryException
*/
- boolean hasPrivileges(Path absPath, Privilege[] privileges) throws RepositoryException;
+ boolean hasPrivileges(Path absPath, Privilege... privileges) throws RepositoryException;
/**
* Returns the <code>Privilege</code>s granted by the underlying policy
@@ -135,7 +135,7 @@ public interface CompiledPermissions {
return PrivilegeRegistry.NO_PRIVILEGE;
}
- public boolean hasPrivileges(Path absPath, Privilege[] privileges) throws RepositoryException {
+ public boolean hasPrivileges(Path absPath, Privilege... privileges) throws RepositoryException {
return false;
}
public Set<Privilege> getPrivilegeSet(Path absPath) throws RepositoryException {
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImpl.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImpl.java Thu Mar 17 11:57:12 2011
@@ -187,7 +187,7 @@ public final class PrivilegeManagerImpl
* @throws AccessControlException If the specified array is null, empty
* or if it contains an unregistered privilege.
*/
- public int getBits(Privilege[] privileges) throws AccessControlException {
+ public int getBits(Privilege... privileges) throws AccessControlException {
if (privileges == null || privileges.length == 0) {
throw new AccessControlException("Privilege array is empty or null.");
}
@@ -197,7 +197,8 @@ public final class PrivilegeManagerImpl
if (priv instanceof PrivilegeImpl) {
defs[i] = ((PrivilegeImpl) priv).definition;
} else {
- throw new AccessControlException("Unknown privilege '" + priv.getName() + "'.");
+ String name = (priv == null) ? "null" : priv.getName();
+ throw new AccessControlException("Unknown privilege '" + name + "'.");
}
}
return registry.getBits(defs);
@@ -211,11 +212,11 @@ public final class PrivilegeManagerImpl
* <code>bits</code>. If <code>bits</code> does not match to any registered
* privilege an empty array will be returned.
*
- * @param bits Privilege bits as obtained from {@link #getBits(Privilege[])}.
+ * @param bits Privilege bits as obtained from {@link #getBits(Privilege...)}.
* @return Array of <code>Privilege</code>s that are presented by the given
* <code>bits</code> or an empty array if <code>bits</code> cannot be
* resolved to registered <code>Privilege</code>s.
- * @see #getBits(Privilege[])
+ * @see #getBits(Privilege...)
*/
public Set<Privilege> getPrivileges(int bits) {
Name[] names = registry.getNames(bits);
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java Thu Mar 17 11:57:12 2011
@@ -220,7 +220,7 @@ public final class PrivilegeRegistry {
* @throws AccessControlException If the specified array is null
* or if it contains an unregistered privilege.
* @see #getPrivileges(int)
- * @deprecated Use {@link PrivilegeManagerImpl#getBits(javax.jcr.security.Privilege[])} instead.
+ * @deprecated Use {@link PrivilegeManagerImpl#getBits(javax.jcr.security.Privilege...)} instead.
*/
public static int getBits(Privilege[] privileges) throws AccessControlException {
if (privileges == null || privileges.length == 0) {
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLProvider.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLProvider.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLProvider.java Thu Mar 17 11:57:12 2011
@@ -102,7 +102,7 @@ public class ACLProvider extends Abstrac
editor = new ACLEditor(session, resolver.getQPath(acRoot.getPath()));
entriesCache = new EntriesCache(session, editor, acRoot.getPath());
PrivilegeManagerImpl pm = getPrivilegeManagerImpl();
- readBits = pm.getBits(new Privilege[] {pm.getPrivilege(Privilege.JCR_READ)});
+ readBits = pm.getBits(pm.getPrivilege(Privilege.JCR_READ));
// TODO: replace by configurable default policy (see JCR-2331)
if (!configuration.containsKey(PARAM_OMIT_DEFAULT_PERMISSIONS)) {
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java Thu Mar 17 11:57:12 2011
@@ -379,7 +379,7 @@ public class UserAccessControlProvider e
private int getPrivilegeBits(String privName) throws RepositoryException {
PrivilegeManagerImpl impl = getPrivilegeManagerImpl();
- return impl.getBits(new Privilege[] {impl.getPrivilege(privName)});
+ return impl.getBits(impl.getPrivilege(privName));
}
//------------------------------------< AbstractCompiledPermissions >---
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractACLTemplateTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractACLTemplateTest.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractACLTemplateTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractACLTemplateTest.java Thu Mar 17 11:57:12 2011
@@ -120,7 +120,7 @@ public abstract class AbstractACLTemplat
return false;
}
public int getPrivilegeBits() throws RepositoryException {
- return privilegeMgr.getBits(new Privilege[] {privilegeMgr.getPrivilege(Privilege.JCR_READ)});
+ return privilegeMgr.getBits(privilegeMgr.getPrivilege(Privilege.JCR_READ));
}
public String[] getRestrictionNames() {
return new String[0];
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java?rev=1082450&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java Thu Mar 17 11:57:12 2011
@@ -0,0 +1,377 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization;
+
+import org.apache.jackrabbit.commons.privilege.PrivilegeDefinition;
+import org.apache.jackrabbit.commons.privilege.PrivilegeDefinitionWriter;
+import org.apache.jackrabbit.core.RepositoryImpl;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.fs.FileSystem;
+import org.apache.jackrabbit.core.fs.FileSystemException;
+import org.apache.jackrabbit.core.fs.FileSystemResource;
+import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.spi.commons.conversion.IllegalNameException;
+import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
+import org.apache.jackrabbit.spi.commons.name.NameConstants;
+import org.apache.jackrabbit.test.AbstractJCRTest;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.security.Privilege;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import java.io.Writer;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * <code>CustomPrivilegeTest</code>...
+ */
+public class CustomPrivilegeTest extends AbstractJCRTest {
+
+ private NameResolver resolver;
+
+ private FileSystem fs;
+ private PrivilegeRegistry privilegeRegistry;
+
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+ resolver = ((SessionImpl) superuser);
+
+ // setup the custom privilege file with cyclic references
+ fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+ FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml");
+ if (!resource.exists()) {
+ resource.makeParentDirs();
+ }
+
+ privilegeRegistry = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+ }
+
+ @Override
+ protected void tearDown() throws Exception {
+ try {
+ if (fs.exists("/privileges") && fs.isFolder("/privileges")) {
+ fs.deleteFolder("/privileges");
+ }
+ } finally {
+ super.tearDown();
+ }
+ }
+
+ private static void assertPrivilege(PrivilegeRegistry registry, NameResolver resolver, PrivilegeRegistry.Definition def) throws RepositoryException {
+ PrivilegeManagerImpl pmgr = new PrivilegeManagerImpl(registry, resolver);
+ Privilege p = pmgr.getPrivilege(resolver.getJCRName(def.getName()));
+
+ assertNotNull(p);
+
+ assertEquals(def.isCustom(), pmgr.isCustomPrivilege(p));
+ assertEquals(def.isAbstract(), p.isAbstract());
+ Name[] danames = def.getDeclaredAggregateNames();
+ assertEquals(danames.length > 0, p.isAggregate());
+ assertEquals(danames.length, p.getDeclaredAggregatePrivileges().length);
+ }
+
+ private static void assertBits(int expected, PrivilegeRegistry.Definition def, PrivilegeRegistry registry) {
+ assertEquals(expected, registry.getBits(new PrivilegeRegistry.Definition[] {def}));
+ }
+
+ private static Set<Name> createNameSet(Name... names) {
+ Set<Name> set = new HashSet<Name>();
+ set.addAll(Arrays.asList(names));
+ return set;
+ }
+
+ public void testInvalidCustomDefinitions() throws RepositoryException, FileSystemException, IOException {
+ // setup the custom privilege file with cyclic references
+ FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+ FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml");
+ if (!resource.exists()) {
+ resource.makeParentDirs();
+ }
+ StringBuilder sb = new StringBuilder();
+ sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?><privileges><privilege isAbstract=\"false\" name=\"test\"><contains name=\"test2\"/></privilege></privileges>");
+
+ Writer writer = new OutputStreamWriter(resource.getOutputStream(), "utf-8");
+ writer.write(sb.toString());
+ writer.flush();
+ writer.close();
+
+ try {
+ new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+ fail("Invalid names must be detected upon registry startup.");
+ } catch (RepositoryException e) {
+ // success
+ } finally {
+ fs.deleteFolder("/privileges");
+ }
+ }
+
+ public void testCustomDefinitionsWithCyclicReferences() throws RepositoryException, FileSystemException, IOException {
+ // setup the custom privilege file with cyclic references
+ FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+ FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml");
+ if (!resource.exists()) {
+ resource.makeParentDirs();
+ }
+
+ OutputStream out = resource.getOutputStream();
+ try {
+ List<PrivilegeDefinition> defs = new ArrayList<PrivilegeDefinition>();
+ defs.add(new PrivilegeDefinition("test", false, new String[] {"test2"}));
+ defs.add(new PrivilegeDefinition("test4", true, new String[] {"test5"}));
+ defs.add(new PrivilegeDefinition("test5", false, new String[] {"test3"}));
+ defs.add(new PrivilegeDefinition("test3", false, new String[] {"test"}));
+ defs.add(new PrivilegeDefinition("test2", false, new String[] {"test4"}));
+ PrivilegeDefinitionWriter pdw = new PrivilegeDefinitionWriter("text/xml");
+ pdw.writeDefinitions(out, defs.toArray(new PrivilegeDefinition[defs.size()]), Collections.<String, String>emptyMap());
+
+ new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+ fail("Cyclic definitions must be detected upon registry startup.");
+ } catch (RepositoryException e) {
+ // success
+ } finally {
+ out.close();
+ fs.deleteFolder("/privileges");
+ }
+ }
+
+ public void testCustomEquivalentDefinitions() throws RepositoryException, FileSystemException, IOException {
+ // setup the custom privilege file with cyclic references
+ FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+ FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml");
+ if (!resource.exists()) {
+ resource.makeParentDirs();
+ }
+
+ OutputStream out = resource.getOutputStream();
+ try {
+ List<PrivilegeDefinition> defs = new ArrayList<PrivilegeDefinition>();
+ defs.add(new PrivilegeDefinition("test", false, new String[] {"test2","test3"}));
+ defs.add(new PrivilegeDefinition("test2", true, new String[] {"test4"}));
+ defs.add(new PrivilegeDefinition("test3", true, new String[] {"test5"}));
+ defs.add(new PrivilegeDefinition("test4", true, new String[0]));
+ defs.add(new PrivilegeDefinition("test5", true, new String[0]));
+
+ // the equivalent definition to 'test'
+ defs.add(new PrivilegeDefinition("test6", false, new String[] {"test2","test5"}));
+
+ PrivilegeDefinitionWriter pdw = new PrivilegeDefinitionWriter("text/xml");
+ pdw.writeDefinitions(out, defs.toArray(new PrivilegeDefinition[defs.size()]), Collections.<String, String>emptyMap());
+
+ new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+ fail("Equivalent definitions must be detected upon registry startup.");
+ } catch (RepositoryException e) {
+ // success
+ } finally {
+ out.close();
+ fs.deleteFolder("/privileges");
+ }
+ }
+
+ public void testRegisterBuiltInPrivilege() throws RepositoryException, IllegalNameException, FileSystemException {
+ Map<Name, Set<Name>> builtIns = new HashMap<Name, Set<Name>>();
+ builtIns.put(NameConstants.JCR_READ, Collections.<Name>emptySet());
+ builtIns.put(NameConstants.JCR_LIFECYCLE_MANAGEMENT, Collections.singleton(NameConstants.JCR_ADD_CHILD_NODES));
+ builtIns.put(PrivilegeRegistry.REP_WRITE_NAME, Collections.<Name>emptySet());
+ builtIns.put(NameConstants.JCR_ALL, Collections.<Name>emptySet());
+
+ for (Name builtInName : builtIns.keySet()) {
+ try {
+ privilegeRegistry.registerDefinition(builtInName, false, builtIns.get(builtInName));
+ fail("Privilege name already in use -> Exception expected");
+ } catch (RepositoryException e) {
+ // success
+ }
+ }
+ }
+
+ public void testRegisterInvalidNewAggregate() throws RepositoryException, IllegalNameException, FileSystemException {
+ Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
+ // same as jcr:read
+ newAggregates.put(resolver.getQName("jcr:newAggregate"), Collections.singleton(NameConstants.JCR_READ));
+ // aggregated combining built-in and an unknown privilege
+ newAggregates.put(resolver.getQName("jcr:newAggregate"), createNameSet(NameConstants.JCR_READ, resolver.getQName("unknownPrivilege")));
+ // aggregate containing unknown privilege
+ newAggregates.put(resolver.getQName("newAggregate"), createNameSet(resolver.getQName("unknownPrivilege")));
+ // aggregated combining built-in and custom
+ newAggregates.put(resolver.getQName("newAggregate"), createNameSet(NameConstants.JCR_READ, resolver.getQName("unknownPrivilege")));
+ // custom aggregated contains itself
+ newAggregates.put(resolver.getQName("newAggregate"), createNameSet(resolver.getQName("newAggregate")));
+ // same as rep:write
+ newAggregates.put(resolver.getQName("repWriteAggregate"), createNameSet(NameConstants.JCR_MODIFY_PROPERTIES, NameConstants.JCR_ADD_CHILD_NODES, NameConstants.JCR_NODE_TYPE_MANAGEMENT, NameConstants.JCR_REMOVE_CHILD_NODES,NameConstants.JCR_REMOVE_NODE));
+ // aggregating built-in -> currently not supported
+ newAggregates.put(resolver.getQName("aggrBuiltIn"), createNameSet(NameConstants.JCR_MODIFY_PROPERTIES, NameConstants.JCR_READ));
+
+ for (Name name : newAggregates.keySet()) {
+ try {
+ privilegeRegistry.registerDefinition(name, true, newAggregates.get(name));
+ fail("New aggregate referring to unknown Privilege -> Exception expected");
+ } catch (RepositoryException e) {
+ // success
+ }
+ }
+ }
+
+ public void testRegisterInvalidNewAggregate2() throws RepositoryException, FileSystemException {
+ Map<Name, Set<Name>> newCustomPrivs = new LinkedHashMap<Name, Set<Name>>();
+ newCustomPrivs.put(resolver.getQName("new"), Collections.<Name>emptySet());
+ newCustomPrivs.put(resolver.getQName("new2"), Collections.<Name>singleton(resolver.getQName("new")));
+
+ for (Name name : newCustomPrivs.keySet()) {
+ boolean isAbstract = true;
+ Set<Name> aggrNames = newCustomPrivs.get(name);
+ privilegeRegistry.registerDefinition(name, isAbstract, aggrNames);
+ }
+
+ Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
+ // a new aggregate of custom and built-in privilege
+ newAggregates.put(resolver.getQName("newA1"), createNameSet(resolver.getQName("new"), NameConstants.JCR_READ));
+ // other illegal aggregates already represented by registered definition.
+ newAggregates.put(resolver.getQName("newA2"), Collections.<Name>singleton(resolver.getQName("new")));
+ newAggregates.put(resolver.getQName("newA3"), Collections.<Name>singleton(resolver.getQName("new2")));
+
+ for (Name name : newAggregates.keySet()) {
+ boolean isAbstract = false;
+ Set<Name> aggrNames = newAggregates.get(name);
+
+ try {
+ privilegeRegistry.registerDefinition(name, isAbstract, aggrNames);
+ fail("Invalid aggregation in definition '"+ name.toString()+"' : Exception expected");
+ } catch (RepositoryException e) {
+ // success
+ }
+ }
+ }
+
+ public void testRegisterCustomPrivileges() throws RepositoryException, FileSystemException {
+ Map<Name, Set<Name>> newCustomPrivs = new HashMap<Name, Set<Name>>();
+ newCustomPrivs.put(resolver.getQName("new"), Collections.<Name>emptySet());
+ newCustomPrivs.put(resolver.getQName("test:new"), Collections.<Name>emptySet());
+
+ for (Name name : newCustomPrivs.keySet()) {
+ boolean isAbstract = true;
+ Set<Name> aggrNames = newCustomPrivs.get(name);
+
+ privilegeRegistry.registerDefinition(name, isAbstract, aggrNames);
+
+ // validate definition
+ PrivilegeRegistry.Definition definition = privilegeRegistry.get(name);
+ assertNotNull(definition);
+ assertTrue(definition.isCustom());
+ assertEquals(name, definition.getName());
+ assertTrue(definition.isAbstract());
+ assertTrue(definition.declaredAggregateNames.isEmpty());
+ assertEquals(aggrNames.size(), definition.declaredAggregateNames.size());
+ for (Name n : aggrNames) {
+ assertTrue(definition.declaredAggregateNames.contains(n));
+ }
+ assertBits(PrivilegeRegistry.NO_PRIVILEGE, definition, privilegeRegistry);
+
+ List<Name> allAgg = Arrays.asList(privilegeRegistry.get(NameConstants.JCR_ALL).getDeclaredAggregateNames());
+ assertTrue(allAgg.contains(name));
+
+ // re-read the filesystem resource and check if definition is correct
+ PrivilegeRegistry registry = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+ PrivilegeRegistry.Definition def = registry.get(name);
+ assertEquals(isAbstract, def.isAbstract);
+ assertEquals(aggrNames.size(), def.declaredAggregateNames.size());
+ for (Name n : aggrNames) {
+ assertTrue(def.declaredAggregateNames.contains(n));
+ }
+
+ assertPrivilege(privilegeRegistry, (SessionImpl) superuser, definition);
+ }
+
+ Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
+ // a new aggregate of custom privileges
+ newAggregates.put(resolver.getQName("newA2"), createNameSet(resolver.getQName("test:new"), resolver.getQName("new")));
+
+ for (Name name : newAggregates.keySet()) {
+ boolean isAbstract = false;
+ Set<Name> aggrNames = newAggregates.get(name);
+ privilegeRegistry.registerDefinition(name, isAbstract, aggrNames);
+ PrivilegeRegistry.Definition definition = privilegeRegistry.get(name);
+
+ assertNotNull(definition);
+ assertTrue(definition.isCustom());
+ assertEquals(name, definition.getName());
+ assertFalse(definition.isAbstract());
+ assertFalse(definition.declaredAggregateNames.isEmpty());
+ assertEquals(aggrNames.size(), definition.declaredAggregateNames.size());
+ for (Name n : aggrNames) {
+ assertTrue(definition.declaredAggregateNames.contains(n));
+ }
+
+ assertBits(PrivilegeRegistry.NO_PRIVILEGE, definition, privilegeRegistry);
+
+ List<Name> allAgg = Arrays.asList(privilegeRegistry.get(NameConstants.JCR_ALL).getDeclaredAggregateNames());
+ assertTrue(allAgg.contains(name));
+
+ // re-read the filesystem resource and check if definition is correct
+ PrivilegeRegistry registry = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+ PrivilegeRegistry.Definition def = registry.get(name);
+ assertEquals(isAbstract, def.isAbstract);
+ assertEquals(isAbstract, def.isAbstract);
+ assertEquals(aggrNames.size(), def.declaredAggregateNames.size());
+ for (Name n : aggrNames) {
+ assertTrue(def.declaredAggregateNames.contains(n));
+ }
+
+ assertPrivilege(registry, (SessionImpl) superuser, def);
+ }
+ }
+
+ public void testCustomPrivilege() throws RepositoryException, FileSystemException {
+ boolean isAbstract = false;
+ Name name = ((SessionImpl) superuser).getQName("test");
+ privilegeRegistry.registerDefinition(name, isAbstract, Collections.<Name>emptySet());
+
+ PrivilegeManagerImpl pm = new PrivilegeManagerImpl(privilegeRegistry, resolver);
+ String privName = resolver.getJCRName(name);
+
+ Privilege priv = pm.getPrivilege(privName);
+ assertEquals(privName, priv.getName());
+ assertEquals(isAbstract, priv.isAbstract());
+ assertFalse(priv.isAggregate());
+ assertEquals(PrivilegeRegistry.NO_PRIVILEGE, pm.getBits(priv));
+
+ Privilege jcrWrite = pm.getPrivilege(Privilege.JCR_WRITE);
+ assertEquals(pm.getBits(jcrWrite), pm.getBits(priv, jcrWrite));
+
+ }
+
+ public void testRegister100CustomPrivileges() throws RepositoryException, FileSystemException {
+ for (int i = 0; i < 100; i++) {
+ boolean isAbstract = true;
+ Name name = ((SessionImpl) superuser).getQName("test"+i);
+ privilegeRegistry.registerDefinition(name, isAbstract, Collections.<Name>emptySet());
+ PrivilegeRegistry.Definition definition = privilegeRegistry.get(name);
+
+ assertNotNull(definition);
+ assertEquals(name, definition.getName());
+ }
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision Rev URL
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java Thu Mar 17 11:57:12 2011
@@ -28,10 +28,8 @@ import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
-import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
-import java.util.List;
import java.util.Set;
/**
@@ -119,14 +117,14 @@ public class PrivilegeManagerImplTest ex
int bits = getPrivilegeManagerImpl().getBits(privs);
assertTrue(bits > PrivilegeRegistry.NO_PRIVILEGE);
- assertTrue(bits == (getPrivilegeManagerImpl().getBits(new Privilege[] {p1}) |
- getPrivilegeManagerImpl().getBits(new Privilege[] {p2})));
+ assertTrue(bits == (getPrivilegeManagerImpl().getBits(p1) |
+ getPrivilegeManagerImpl().getBits(p2)));
}
public void testGetBitsFromCustomPrivilege() throws AccessControlException {
Privilege p = buildCustomPrivilege(Privilege.JCR_READ, null);
try {
- getPrivilegeManagerImpl().getBits(new Privilege[] {p});
+ getPrivilegeManagerImpl().getBits(p);
fail("Retrieving bits from unknown privilege should fail.");
} catch (AccessControlException e) {
// ok
@@ -136,7 +134,7 @@ public class PrivilegeManagerImplTest ex
public void testGetBitsFromCustomAggregatePrivilege() throws RepositoryException {
Privilege p = buildCustomPrivilege("anyName", privilegeMgr.getPrivilege(Privilege.JCR_WRITE));
try {
- getPrivilegeManagerImpl().getBits(new Privilege[] {p});
+ getPrivilegeManagerImpl().getBits(p);
fail("Retrieving bits from unknown privilege should fail.");
} catch (AccessControlException e) {
// ok
@@ -145,7 +143,14 @@ public class PrivilegeManagerImplTest ex
public void testGetBitsFromNull() {
try {
- getPrivilegeManagerImpl().getBits(null);
+ getPrivilegeManagerImpl().getBits((Privilege) null);
+ fail("Should throw AccessControlException");
+ } catch (AccessControlException e) {
+ // ok
+ }
+
+ try {
+ getPrivilegeManagerImpl().getBits((Privilege[]) null);
fail("Should throw AccessControlException");
} catch (AccessControlException e) {
// ok
@@ -161,10 +166,19 @@ public class PrivilegeManagerImplTest ex
}
}
+ public void testGetBitsFromArrayContainingNull() throws RepositoryException {
+ try {
+ getPrivilegeManagerImpl().getBits(privilegeMgr.getPrivilege(Privilege.JCR_READ), null);
+ fail("Should throw AccessControlException");
+ } catch (AccessControlException e) {
+ // ok
+ }
+ }
+
public void testGetBitsWithInvalidPrivilege() {
Privilege p = buildCustomPrivilege("anyName", null);
try {
- getPrivilegeManagerImpl().getBits(new Privilege[] {p});
+ getPrivilegeManagerImpl().getBits(p);
fail();
} catch (AccessControlException e) {
// ok
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java Thu Mar 17 11:57:12 2011
@@ -16,36 +16,19 @@
*/
package org.apache.jackrabbit.core.security.authorization;
-import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
-import org.apache.jackrabbit.commons.privilege.PrivilegeDefinition;
-import org.apache.jackrabbit.commons.privilege.PrivilegeDefinitionWriter;
-import org.apache.jackrabbit.core.RepositoryImpl;
import org.apache.jackrabbit.core.SessionImpl;
-import org.apache.jackrabbit.core.fs.FileSystem;
-import org.apache.jackrabbit.core.fs.FileSystemException;
-import org.apache.jackrabbit.core.fs.FileSystemResource;
import org.apache.jackrabbit.spi.Name;
-import org.apache.jackrabbit.spi.commons.conversion.IllegalNameException;
import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
import org.apache.jackrabbit.spi.commons.name.NameConstants;
import org.apache.jackrabbit.test.AbstractJCRTest;
import javax.jcr.RepositoryException;
-import javax.jcr.Session;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import java.io.Writer;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
import java.util.HashSet;
-import java.util.LinkedHashMap;
import java.util.List;
-import java.util.Map;
import java.util.Set;
/**
@@ -283,8 +266,8 @@ public class PrivilegeRegistryTest exten
PrivilegeRegistry.getBits(new Privilege[] {p2})));
}
- public void testGetBitsFromCustomPrivilege() throws AccessControlException {
- Privilege p = buildCustomPrivilege(Privilege.JCR_READ, null);
+ public void testGetBitsFromInvalidPrivilege() throws AccessControlException {
+ Privilege p = buildUnregisteredPrivilege(Privilege.JCR_READ, null);
try {
PrivilegeRegistry.getBits(new Privilege[] {p});
fail("Retrieving bits from unknown privilege should fail.");
@@ -293,8 +276,8 @@ public class PrivilegeRegistryTest exten
}
}
- public void testGetBitsFromCustomAggregatePrivilege() throws RepositoryException {
- Privilege p = buildCustomPrivilege("anyName", privilegeRegistry.getPrivilege(Privilege.JCR_WRITE));
+ public void testGetBitsFromInvalidAggregatePrivilege() throws RepositoryException {
+ Privilege p = buildUnregisteredPrivilege("anyName", privilegeRegistry.getPrivilege(Privilege.JCR_WRITE));
try {
PrivilegeRegistry.getBits(new Privilege[] {p});
fail("Retrieving bits from unknown privilege should fail.");
@@ -322,7 +305,7 @@ public class PrivilegeRegistryTest exten
}
public void testGetBitsWithInvalidPrivilege() {
- Privilege p = buildCustomPrivilege("anyName", null);
+ Privilege p = buildUnregisteredPrivilege("anyName", null);
try {
PrivilegeRegistry.getBits(new Privilege[] {p});
fail();
@@ -437,314 +420,7 @@ public class PrivilegeRegistryTest exten
}
}
- public void testInvalidCustomDefinitions() throws RepositoryException, FileSystemException, IOException {
- // setup the custom privilege file with cyclic references
- FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
- FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml");
- if (!resource.exists()) {
- resource.makeParentDirs();
- }
- StringBuilder sb = new StringBuilder();
- sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?><privileges><privilege isAbstract=\"false\" name=\"test\"><contains name=\"test2\"/></privilege></privileges>");
-
- Writer writer = new OutputStreamWriter(resource.getOutputStream(), "utf-8");
- writer.write(sb.toString());
- writer.flush();
- writer.close();
-
- try {
- new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
- fail("Invalid names must be detected upon registry startup.");
- } catch (RepositoryException e) {
- // success
- } finally {
- fs.deleteFolder("/privileges");
- }
- }
-
- public void testCustomDefinitionsWithCyclicReferences() throws RepositoryException, FileSystemException, IOException {
- // setup the custom privilege file with cyclic references
- FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
- FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml");
- if (!resource.exists()) {
- resource.makeParentDirs();
- }
-
- OutputStream out = resource.getOutputStream();
- try {
- List<PrivilegeDefinition> defs = new ArrayList<PrivilegeDefinition>();
- defs.add(new PrivilegeDefinition("test", false, new String[] {"test2"}));
- defs.add(new PrivilegeDefinition("test4", true, new String[] {"test5"}));
- defs.add(new PrivilegeDefinition("test5", false, new String[] {"test3"}));
- defs.add(new PrivilegeDefinition("test3", false, new String[] {"test"}));
- defs.add(new PrivilegeDefinition("test2", false, new String[] {"test4"}));
- PrivilegeDefinitionWriter pdw = new PrivilegeDefinitionWriter("text/xml");
- pdw.writeDefinitions(out, defs.toArray(new PrivilegeDefinition[defs.size()]), Collections.<String, String>emptyMap());
-
- new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
- fail("Cyclic definitions must be detected upon registry startup.");
- } catch (RepositoryException e) {
- // success
- } finally {
- out.close();
- fs.deleteFolder("/privileges");
- }
- }
-
- public void testRegisterBuiltInPrivilege() throws RepositoryException, IllegalNameException, FileSystemException {
- FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
- try {
- PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
-
- Map<Name, Set<Name>> builtIns = new HashMap<Name, Set<Name>>();
- builtIns.put(NameConstants.JCR_READ, Collections.<Name>emptySet());
- builtIns.put(NameConstants.JCR_LIFECYCLE_MANAGEMENT, Collections.singleton(NameConstants.JCR_ADD_CHILD_NODES));
- builtIns.put(PrivilegeRegistry.REP_WRITE_NAME, Collections.<Name>emptySet());
- builtIns.put(NameConstants.JCR_ALL, Collections.<Name>emptySet());
-
- for (Name builtInName : builtIns.keySet()) {
- try {
- pr.registerDefinition(builtInName, false, builtIns.get(builtInName));
- fail("Privilege name already in use -> Exception expected");
- } catch (RepositoryException e) {
- // success
- }
- }
- } finally {
- fs.deleteFolder("/privileges");
- }
- }
-
- public void testRegisterInvalidNewAggregate() throws RepositoryException, IllegalNameException, FileSystemException {
- FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
- try {
- PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
-
- Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
- // same as jcr:read
- newAggregates.put(resolver.getQName("jcr:newAggregate"), Collections.singleton(NameConstants.JCR_READ));
- // aggregated combining built-in and an unknown privilege
- newAggregates.put(resolver.getQName("jcr:newAggregate"), createNameSet(NameConstants.JCR_READ, resolver.getQName("unknownPrivilege")));
- // aggregate containing unknown privilege
- newAggregates.put(resolver.getQName("newAggregate"), createNameSet(resolver.getQName("unknownPrivilege")));
- // aggregated combining built-in and custom
- newAggregates.put(resolver.getQName("newAggregate"), createNameSet(NameConstants.JCR_READ, resolver.getQName("unknownPrivilege")));
- // custom aggregated contains itself
- newAggregates.put(resolver.getQName("newAggregate"), createNameSet(resolver.getQName("newAggregate")));
- // same as rep:write
- newAggregates.put(resolver.getQName("repWriteAggregate"), createNameSet(NameConstants.JCR_MODIFY_PROPERTIES, NameConstants.JCR_ADD_CHILD_NODES, NameConstants.JCR_NODE_TYPE_MANAGEMENT, NameConstants.JCR_REMOVE_CHILD_NODES,NameConstants.JCR_REMOVE_NODE));
- // aggregating built-in -> currently not supported
- newAggregates.put(resolver.getQName("aggrBuiltIn"), createNameSet(NameConstants.JCR_MODIFY_PROPERTIES, NameConstants.JCR_READ));
-
- for (Name name : newAggregates.keySet()) {
- try {
- pr.registerDefinition(name, true, newAggregates.get(name));
- fail("New aggregate referring to unknown Privilege -> Exception expected");
- } catch (RepositoryException e) {
- // success
- }
- }
- } finally {
- fs.deleteFolder("/privileges");
- }
- }
-
- public void testRegisterInvalidNewAggregate2() throws RepositoryException, FileSystemException {
- FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
- try {
- PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
-
- Map<Name, Set<Name>> newCustomPrivs = new LinkedHashMap<Name, Set<Name>>();
- newCustomPrivs.put(resolver.getQName("new"), Collections.<Name>emptySet());
- newCustomPrivs.put(resolver.getQName("new2"), Collections.<Name>singleton(resolver.getQName("new")));
-
- for (Name name : newCustomPrivs.keySet()) {
- boolean isAbstract = true;
- Set<Name> aggrNames = newCustomPrivs.get(name);
- pr.registerDefinition(name, isAbstract, aggrNames);
- }
-
- Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
- // a new aggregate of custom and built-in privilege
- newAggregates.put(resolver.getQName("newA1"), createNameSet(resolver.getQName("new"), NameConstants.JCR_READ));
- // other illegal aggregates already represented by registered definition.
- newAggregates.put(resolver.getQName("newA2"), Collections.<Name>singleton(resolver.getQName("new")));
- newAggregates.put(resolver.getQName("newA3"), Collections.<Name>singleton(resolver.getQName("new2")));
-
- for (Name name : newAggregates.keySet()) {
- boolean isAbstract = false;
- Set<Name> aggrNames = newAggregates.get(name);
-
- try {
- pr.registerDefinition(name, isAbstract, aggrNames);
- fail("Invalid aggregation in definition '"+ name.toString()+"' : Exception expected");
- } catch (RepositoryException e) {
- // success
- }
- }
- } finally {
- fs.deleteFolder("/privileges");
- }
- }
-
- public void testRegisterCustomPrivileges() throws RepositoryException, FileSystemException {
- FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
- try {
- PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
-
- Map<Name, Set<Name>> newCustomPrivs = new HashMap<Name, Set<Name>>();
- newCustomPrivs.put(resolver.getQName("new"), Collections.<Name>emptySet());
- newCustomPrivs.put(resolver.getQName("test:new"), Collections.<Name>emptySet());
-
- for (Name name : newCustomPrivs.keySet()) {
- boolean isAbstract = true;
- Set<Name> aggrNames = newCustomPrivs.get(name);
-
- pr.registerDefinition(name, isAbstract, aggrNames);
-
- // validate definition
- PrivilegeRegistry.Definition definition = pr.get(name);
- assertNotNull(definition);
- assertTrue(definition.isCustom());
- assertEquals(name, definition.getName());
- assertTrue(definition.isAbstract());
- assertTrue(definition.declaredAggregateNames.isEmpty());
- assertEquals(aggrNames.size(), definition.declaredAggregateNames.size());
- for (Name n : aggrNames) {
- assertTrue(definition.declaredAggregateNames.contains(n));
- }
- assertEquals(PrivilegeRegistry.NO_PRIVILEGE, getBits(definition));
-
- List<Name> allAgg = Arrays.asList(pr.get(NameConstants.JCR_ALL).getDeclaredAggregateNames());
- assertTrue(allAgg.contains(name));
-
- // re-read the filesystem resource and check if definition is correct
- PrivilegeRegistry registry = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
- PrivilegeRegistry.Definition def = registry.get(name);
- assertEquals(isAbstract, def.isAbstract);
- assertEquals(aggrNames.size(), def.declaredAggregateNames.size());
- for (Name n : aggrNames) {
- assertTrue(def.declaredAggregateNames.contains(n));
- }
-
- assertPrivilege(pr, (SessionImpl) superuser, definition);
- }
-
- Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
- // a new aggregate of custom privileges
- newAggregates.put(resolver.getQName("newA2"), createNameSet(resolver.getQName("test:new"), resolver.getQName("new")));
-
- for (Name name : newAggregates.keySet()) {
- boolean isAbstract = false;
- Set<Name> aggrNames = newAggregates.get(name);
- pr.registerDefinition(name, isAbstract, aggrNames);
- PrivilegeRegistry.Definition definition = pr.get(name);
-
- assertNotNull(definition);
- assertTrue(definition.isCustom());
- assertEquals(name, definition.getName());
- assertFalse(definition.isAbstract());
- assertFalse(definition.declaredAggregateNames.isEmpty());
- assertEquals(aggrNames.size(), definition.declaredAggregateNames.size());
- for (Name n : aggrNames) {
- assertTrue(definition.declaredAggregateNames.contains(n));
- }
-
- assertEquals(PrivilegeRegistry.NO_PRIVILEGE, getBits(definition));
-
- List<Name> allAgg = Arrays.asList(pr.get(NameConstants.JCR_ALL).getDeclaredAggregateNames());
- assertTrue(allAgg.contains(name));
-
- // re-read the filesystem resource and check if definition is correct
- PrivilegeRegistry registry = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
- PrivilegeRegistry.Definition def = registry.get(name);
- assertEquals(isAbstract, def.isAbstract);
- assertEquals(isAbstract, def.isAbstract);
- assertEquals(aggrNames.size(), def.declaredAggregateNames.size());
- for (Name n : aggrNames) {
- assertTrue(def.declaredAggregateNames.contains(n));
- }
-
- assertPrivilege(registry, (SessionImpl) superuser, def);
- }
- } finally {
- fs.deleteFolder("/privileges");
- }
- }
-
- private static void assertPrivilege(PrivilegeRegistry registry, SessionImpl session, PrivilegeRegistry.Definition def) throws RepositoryException {
-
- PrivilegeManagerImpl pmgr = new PrivilegeManagerImpl(registry, session);
- Privilege p = pmgr.getPrivilege(session.getJCRName(def.getName()));
-
- assertNotNull(p);
-
- assertEquals(def.isCustom(), pmgr.isCustomPrivilege(p));
- assertEquals(def.isAbstract(), p.isAbstract());
- Name[] danames = def.getDeclaredAggregateNames();
- assertEquals(danames.length > 0, p.isAggregate());
- assertEquals(danames.length, p.getDeclaredAggregatePrivileges().length);
- }
-
- public void testCustomEquivalentDefinitions() throws RepositoryException, FileSystemException, IOException {
- // setup the custom privilege file with cyclic references
- FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
- FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml");
- if (!resource.exists()) {
- resource.makeParentDirs();
- }
-
- OutputStream out = resource.getOutputStream();
- try {
- List<PrivilegeDefinition> defs = new ArrayList<PrivilegeDefinition>();
- defs.add(new PrivilegeDefinition("test", false, new String[] {"test2","test3"}));
- defs.add(new PrivilegeDefinition("test2", true, new String[] {"test4"}));
- defs.add(new PrivilegeDefinition("test3", true, new String[] {"test5"}));
- defs.add(new PrivilegeDefinition("test4", true, new String[0]));
- defs.add(new PrivilegeDefinition("test5", true, new String[0]));
-
- // the equivalent definition to 'test'
- defs.add(new PrivilegeDefinition("test6", false, new String[] {"test2","test5"}));
-
- PrivilegeDefinitionWriter pdw = new PrivilegeDefinitionWriter("text/xml");
- pdw.writeDefinitions(out, defs.toArray(new PrivilegeDefinition[defs.size()]), Collections.<String, String>emptyMap());
-
- new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
- fail("Equivalent definitions must be detected upon registry startup.");
- } catch (RepositoryException e) {
- // success
- } finally {
- out.close();
- fs.deleteFolder("/privileges");
- }
- }
-
- public void testRegister100CustomPrivileges() throws RepositoryException, FileSystemException {
- FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
- try {
- PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
-
- for (int i = 0; i < 100; i++) {
- boolean isAbstract = true;
- Name name = ((SessionImpl) superuser).getQName("test"+i);
- pr.registerDefinition(name, isAbstract, Collections.<Name>emptySet());
- PrivilegeRegistry.Definition definition = pr.get(name);
-
- assertNotNull(definition);
- assertEquals(name, definition.getName());
- }
- } finally {
- fs.deleteFolder("/privileges");
- }
- }
-
- private static Set<Name> createNameSet(Name... names) {
- Set<Name> set = new HashSet<Name>();
- set.addAll(Arrays.asList(names));
- return set;
- }
-
- private Privilege buildCustomPrivilege(final String name, final Privilege declaredAggr) {
+ private Privilege buildUnregisteredPrivilege(final String name, final Privilege declaredAggr) {
return new Privilege() {
public String getName() {
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java Thu Mar 17 11:57:12 2011
@@ -37,6 +37,7 @@ public class TestAll extends TestCase {
suite.addTestSuite(PrivilegeRegistryTest.class);
suite.addTestSuite(PrivilegeManagerImplTest.class);
+ suite.addTestSuite(CustomPrivilegeTest.class);
suite.addTestSuite(JackrabbitAccessControlListTest.class);
suite.addTestSuite(GlobPatternTest.class);
suite.addTestSuite(PermissionTest.class);