You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/02/27 18:05:58 UTC
svn commit: r1450845 -
/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
Author: angela
Date: Wed Feb 27 17:05:57 2013
New Revision: 1450845
URL: http://svn.apache.org/r1450845
Log:
OAK-51 : Access Control Management (tests)
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1450845&r1=1450844&r2=1450845&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java Wed Feb 27 17:05:57 2013
@@ -23,6 +23,7 @@ import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import javax.annotation.Nonnull;
import javax.jcr.NamespaceRegistry;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
@@ -38,6 +39,7 @@ import javax.jcr.security.Privilege;
import com.google.common.collect.ImmutableMap;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.oak.TestNameMapper;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
@@ -47,8 +49,10 @@ import org.apache.jackrabbit.oak.namepat
import org.apache.jackrabbit.oak.plugins.name.Namespaces;
import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
+import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.oak.util.TreeUtil;
@@ -79,7 +83,6 @@ public class AccessControlManagerImplTes
private NamePathMapper npMapper;
private AccessControlManagerImpl acMgr;
- private PrivilegeManager privilegeManager;
private ValueFactory valueFactory;
@Override
@@ -92,7 +95,6 @@ public class AccessControlManagerImplTes
npMapper = new NamePathMapperImpl(nameMapper);
acMgr = getAccessControlManager(npMapper);
- privilegeManager = getSecurityProvider().getPrivilegeConfiguration().getPrivilegeManager(root, npMapper);
valueFactory = new ValueFactoryImpl(root.getBlobFactory(), npMapper);
NodeUtil rootNode = new NodeUtil(root.getTree("/"), npMapper);
@@ -134,6 +136,33 @@ public class AccessControlManagerImplTes
}
}
+ private ACL createPolicy(String path) {
+ final PrincipalManager pm = getPrincipalManager();
+ final RestrictionProvider rp = getRestrictionProvider();
+ return new ACL(path, getNamePathMapper()) {
+ @Override
+ PrincipalManager getPrincipalManager() {
+ return pm;
+ }
+
+ @Override
+ PrivilegeManager getPrivilegeManager() {
+ return AccessControlManagerImplTest.this.getPrivilegeManager();
+ }
+
+ @Override
+ PrivilegeBitsProvider getPrivilegeBitsProvider() {
+ return new PrivilegeBitsProvider(root);
+ }
+
+ @Nonnull
+ @Override
+ public RestrictionProvider getRestrictionProvider() {
+ return rp;
+ }
+ };
+ }
+
private void setupPolicy(String path) throws RepositoryException {
ACL policy = getApplicablePolicy(path);
if (path == null) {
@@ -148,9 +177,44 @@ public class AccessControlManagerImplTes
return ImmutableMap.of(REP_GLOB, valueFactory.createValue(value));
}
+ private List<String> getInvalidPaths() {
+ List<String> invalid = new ArrayList<String>();
+ invalid.add("");
+ invalid.add("../../jcr:testRoot");
+ invalid.add("jcr:testRoot");
+ invalid.add("jcr:test/Root");
+ invalid.add("./jcr:testRoot");
+ return invalid;
+ }
+
+ private List<String> getAcContentPaths() throws RepositoryException {
+ ACL policy = getApplicablePolicy(testPath);
+ policy.addEntry(testPrincipal, testPrivileges, true, getGlobRestriction("*"));
+ acMgr.setPolicy(testPath, policy);
+
+ String aclPath = testPath + '/' + REP_POLICY;
+ Tree acl = root.getTree(aclPath);
+ assertNotNull(acl);
+ Iterator<Tree> aces = acl.getChildren().iterator();
+ assertTrue(aces.hasNext());
+ Tree ace = aces.next();
+ assertNotNull(ace);
+
+ List<String> acContentPath = new ArrayList<String>();
+ acContentPath.add(aclPath);
+ acContentPath.add(ace.getPath());
+
+ Tree rest = ace.getChild(REP_RESTRICTIONS);
+ if (rest != null) {
+ acContentPath.add(rest.getPath());
+ }
+ return acContentPath;
+ }
+
+ //---------------------------------------------< getSupportedPrivileges >---
@Test
public void testGetSupportedPrivileges() throws Exception {
- List<Privilege> allPrivileges = Arrays.asList(privilegeManager.getRegisteredPrivileges());
+ List<Privilege> allPrivileges = Arrays.asList(getPrivilegeManager().getRegisteredPrivileges());
List<String> testPaths = new ArrayList<String>();
testPaths.add(null);
@@ -168,14 +232,8 @@ public class AccessControlManagerImplTes
}
@Test
- public void testGetSupportedPrivilegesWithInvalidPath() throws Exception {
- List<String> invalid = new ArrayList<String>();
- invalid.add("");
- invalid.add("../../jcr:testRoot");
- invalid.add("jcr:testRoot");
- invalid.add("./jcr:testRoot");
-
- for (String path : invalid) {
+ public void testGetSupportedPrivilegesInvalidPath() throws Exception {
+ for (String path : getInvalidPaths()) {
try {
acMgr.getSupportedPrivileges(path);
fail("Expects valid node path, found: " + path);
@@ -186,7 +244,7 @@ public class AccessControlManagerImplTes
}
@Test
- public void testGetSupportedPrivilegesFromPropertyPath() throws Exception {
+ public void testGetSupportedPrivilegesPropertyPath() throws Exception {
try {
acMgr.getSupportedPrivileges("/jcr:primaryType");
fail("Property path -> PathNotFoundException expected.");
@@ -196,7 +254,7 @@ public class AccessControlManagerImplTes
}
@Test
- public void testGetSupportedPrivilegesWithNonExistingPath() throws Exception {
+ public void testGetSupportedPrivilegesNonExistingPath() throws Exception {
try {
acMgr.getSupportedPrivileges("/non/existing/node");
fail("Nonexisting node -> PathNotFoundException expected.");
@@ -207,7 +265,7 @@ public class AccessControlManagerImplTes
@Test
public void testGetSupportedPrivilegesIncludingPathConversion() throws Exception {
- List<Privilege> allPrivileges = Arrays.asList(privilegeManager.getRegisteredPrivileges());
+ List<Privilege> allPrivileges = Arrays.asList(getPrivilegeManager().getRegisteredPrivileges());
List<String> testPaths = new ArrayList<String>();
testPaths.add('/' + TestNameMapper.TEST_LOCAL_PREFIX + ":testRoot");
@@ -223,9 +281,10 @@ public class AccessControlManagerImplTes
}
}
+ //--------------------------------------------------< privilegeFromName >---
@Test
public void testPrivilegeFromName() throws Exception {
- List<Privilege> allPrivileges = Arrays.asList(privilegeManager.getRegisteredPrivileges());
+ List<Privilege> allPrivileges = Arrays.asList(getPrivilegeManager().getRegisteredPrivileges());
for (Privilege privilege : allPrivileges) {
Privilege p = acMgr.privilegeFromName(privilege.getName());
assertEquals(privilege, p);
@@ -234,8 +293,7 @@ public class AccessControlManagerImplTes
@Test
public void testPrivilegeFromExpandedName() throws Exception {
- Privilege readPriv = privilegeManager.getPrivilege(PrivilegeConstants.JCR_READ);
-
+ Privilege readPriv = getPrivilegeManager().getPrivilege(PrivilegeConstants.JCR_READ);
assertEquals(readPriv, acMgr.privilegeFromName(Privilege.JCR_READ));
}
@@ -272,16 +330,20 @@ public class AccessControlManagerImplTes
}
}
+ //------------------------------------------------------< hasPrivileges >---
@Test
public void testHasPrivileges() throws Exception {
// TODO
}
+ //------------------------------------------------------< getPrivileges >---
@Test
public void testGetPrivileges() throws Exception {
// TODO
}
+ //--------------------------------------< getApplicablePolicies(String) >---
+
@Test
public void testGetApplicablePolicies() throws Exception {
AccessControlPolicyIterator itr = acMgr.getApplicablePolicies(testPath);
@@ -350,13 +412,53 @@ public class AccessControlManagerImplTes
}
@Test
- public void testGetPoliciesNodeNotAccessControlled() throws Exception {
- AccessControlPolicy[] policies = acMgr.getPolicies(testPath);
- assertNotNull(policies);
- assertEquals(0, policies.length);
+ public void testGetApplicablePoliciesInvalidPath() throws Exception {
+ for (String invalid : getInvalidPaths()) {
+ try {
+ acMgr.getPolicies(invalid);
+ fail("Getting applicable policies for an invalid path should fail");
+ } catch (RepositoryException e) {
+ // success
+ }
+ }
}
@Test
+ public void testApplicablePoliciesForPropertyPath() throws Exception {
+ String propertyPath = "/jcr:primaryType";
+ try {
+ acMgr.getApplicablePolicies(propertyPath);
+ fail("Getting applicable policies for property should fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testGetApplicablePoliciesNonExistingNodePath() throws Exception {
+ String propertyPath = "/not/existing";
+ try {
+ acMgr.getApplicablePolicies(propertyPath);
+ fail("Getting applicable policies for node that doesn't exist should fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testGetApplicablePoliciesForAcContentPaths() throws Exception {
+ for (String path : getAcContentPaths()) {
+ try {
+ acMgr.getApplicablePolicies(path);
+ fail("Getting applicable policies for access control content should fail.");
+ } catch (AccessControlException e) {
+ // success
+ }
+ }
+ }
+
+ //------------------------------------------------< getPolicies(String) >---
+ @Test
public void testGetPolicies() throws Exception {
AccessControlPolicy policy = getApplicablePolicy(testPath);
acMgr.setPolicy(testPath, policy);
@@ -372,6 +474,13 @@ public class AccessControlManagerImplTes
}
@Test
+ public void testGetPoliciesNodeNotAccessControlled() throws Exception {
+ AccessControlPolicy[] policies = acMgr.getPolicies(testPath);
+ assertNotNull(policies);
+ assertEquals(0, policies.length);
+ }
+
+ @Test
public void testGetPoliciesAfterSet() throws Exception {
setupPolicy(testPath);
@@ -454,108 +563,104 @@ public class AccessControlManagerImplTes
}
@Test
- public void testAccessControlContentPaths() throws Exception {
- ACL policy = getApplicablePolicy(testPath);
- policy.addEntry(testPrincipal, testPrivileges, true, getGlobRestriction("*"));
- acMgr.setPolicy(testPath, policy);
-
- String aclPath = testPath + '/' + REP_POLICY;
- Tree acl = root.getTree(aclPath);
- assertNotNull(acl);
- Iterator<Tree> aces = acl.getChildren().iterator();
- assertTrue(aces.hasNext());
- Tree ace = aces.next();
- assertNotNull(ace);
-
- List<String> accessControlledPaths = new ArrayList<String>();
- accessControlledPaths.add(aclPath);
- accessControlledPaths.add(ace.getPath());
-
- Tree rest = ace.getChild(REP_RESTRICTIONS);
- if (rest != null) {
- accessControlledPaths.add(rest.getPath());
- }
-
- for (String path : accessControlledPaths) {
- try {
- acMgr.getApplicablePolicies(path);
- fail("Getting applicable policies for access control content should fail.");
- } catch (AccessControlException e) {
- // success
- }
-
- try {
- acMgr.getPolicies(path);
- fail("Getting policies for access control content should fail.");
- } catch (AccessControlException e) {
- // success
- }
-
+ public void testGetPoliciesInvalidPath() throws Exception {
+ for (String invalid : getInvalidPaths()) {
try {
- acMgr.getEffectivePolicies(path);
- fail("Getting effective policies for access control content should fail.");
- } catch (AccessControlException e) {
+ acMgr.getPolicies(invalid);
+ fail("Getting policies for an invalid path should fail");
+ } catch (RepositoryException e) {
// success
}
}
}
@Test
- public void testNonExistingNodePath() throws Exception {
- String propertyPath = "/not/existing";
-
+ public void testGetPoliciesPropertyPath() throws Exception {
+ String propertyPath = "/jcr:primaryType";
try {
- acMgr.getApplicablePolicies(propertyPath);
- fail("Getting applicable policies for node that doesn't exist should fail.");
+ acMgr.getPolicies(propertyPath);
+ fail("Getting policies for property should fail.");
} catch (PathNotFoundException e) {
// success
}
+ }
+
+ @Test
+ public void testGetPoliciesNonExistingNodePath() throws Exception {
+ String propertyPath = "/not/existing";
try {
acMgr.getPolicies(propertyPath);
fail("Getting policies for node that doesn't exist should fail.");
} catch (PathNotFoundException e) {
// success
}
+ }
- try {
- acMgr.getEffectivePolicies(propertyPath);
- fail("Getting policies for node that doesn't exist should fail.");
- } catch (PathNotFoundException e) {
- // success
+ @Test
+ public void testGetPoliciesAcContentPaths() throws Exception {
+ for (String path : getAcContentPaths()) {
+ try {
+ acMgr.getPolicies(path);
+ fail("Getting policies for access control content should fail.");
+ } catch (AccessControlException e) {
+ // success
+ }
}
}
+ //---------------------------------------< getEffectivePolicies(String) >---
@Test
- public void testPropertyPath() throws Exception {
- String propertyPath = "/jcr:primaryType";
+ public void testGetEffectivePolicies() throws Exception {
+ // TODO
+ }
- try {
- acMgr.getApplicablePolicies(propertyPath);
- fail("Getting applicable policies for property should fail.");
- } catch (PathNotFoundException e) {
- // success
+ @Test
+ public void testGetEffectivePoliciesInvalidPath() throws Exception {
+ for (String invalid : getInvalidPaths()) {
+ try {
+ acMgr.getEffectivePolicies(invalid);
+ fail("Getting policies for an invalid path should fail");
+ } catch (RepositoryException e) {
+ // success
+ }
}
+ }
+ @Test
+ public void testGetEffectivePoliciesForPropertyPath() throws Exception {
+ String propertyPath = "/jcr:primaryType";
try {
- acMgr.getPolicies(propertyPath);
+ acMgr.getEffectivePolicies(propertyPath);
fail("Getting policies for property should fail.");
} catch (PathNotFoundException e) {
// success
}
+ }
+ @Test
+ public void testGetEffectivePoliciesNonExistingNodePath() throws Exception {
+ String propertyPath = "/not/existing";
try {
acMgr.getEffectivePolicies(propertyPath);
- fail("Getting policies for property should fail.");
+ fail("Getting policies for node that doesn't exist should fail.");
} catch (PathNotFoundException e) {
// success
}
}
@Test
- public void testGetEffectivePolicies() throws Exception {
- // TODO
+ public void testGetEffectivePoliciesForAcContentPaths() throws Exception {
+ for (String path : getAcContentPaths()) {
+ try {
+ acMgr.getEffectivePolicies(path);
+ fail("Getting effective policies for access control content should fail.");
+ } catch (AccessControlException e) {
+ // success
+ }
+ }
}
+ //-----------------------------< setPolicy(String, AccessControlPolicy) >---
@Test
public void testSetPolicy() throws Exception {
ACL acl = getApplicablePolicy(testPath);
@@ -567,11 +672,8 @@ public class AccessControlManagerImplTes
Root root2 = adminSession.getLatestRoot();
AccessControlPolicy[] policies = getAccessControlManager(root2).getPolicies(testPath);
- assertNotNull(policies);
assertEquals(1, policies.length);
-
- ACL acl2 = (ACL) policies[0];
- assertArrayEquals(acl.getAccessControlEntries(), acl2.getAccessControlEntries());
+ assertArrayEquals(acl.getAccessControlEntries(), ((ACL) policies[0]).getAccessControlEntries());
}
@Test
@@ -656,21 +758,62 @@ public class AccessControlManagerImplTes
}
@Test
- public void testSetPolicyWithInvalidPath() throws Exception {
+ public void testSetRepoPolicy() throws Exception {
// TODO
}
@Test
- public void testSetPolicyOnAclNode() throws Exception {
- // TODO
+ public void testSetPolicyInvalidPath() throws Exception {
+ for (String invalid : getInvalidPaths()) {
+ try {
+ AccessControlPolicy acl = createPolicy(invalid);
+ acMgr.setPolicy(invalid, acl);
+ fail("Setting access control policy with invalid path should fail");
+ } catch (RepositoryException e) {
+ // success
+ }
+ }
}
@Test
- public void testSetRepoPolicy() throws Exception {
- // TODO
+ public void testSetPolicyPropertyPath() throws Exception {
+ try {
+ String path = "/jcr:primaryType";
+ AccessControlPolicy acl = createPolicy(path);
+ acMgr.setPolicy(path, acl);
+ fail("Setting access control policy at property path should fail");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testSetPolicyNonExistingNodePath() throws Exception {
+ try {
+ String path = "/non/existing";
+ AccessControlPolicy acl = createPolicy(path);
+ acMgr.setPolicy(path, acl);
+ fail("Setting access control policy for non-existing node path should fail");
+ } catch (PathNotFoundException e) {
+ // success
+ }
}
@Test
+ public void testSetPolicyAcContent() throws Exception {
+ for (String acPath : getAcContentPaths()) {
+ try {
+ AccessControlPolicy acl = createPolicy(acPath);
+ acMgr.setPolicy(acPath, acl);
+ fail("Setting access control policy to access control content should fail");
+ } catch (AccessControlException e) {
+ // success
+ }
+ }
+ }
+
+ //--------------------------< removePolicy(String, AccessControlPolicy) >---
+ @Test
public void testRemovePolicy() throws Exception {
// TODO
}
@@ -681,17 +824,57 @@ public class AccessControlManagerImplTes
}
@Test
- public void testRemovePolicyWithInvalidPath() throws Exception {
+ public void testRemoveRepoPolicy() throws Exception {
// TODO
}
@Test
- public void testRemovePolicyOnAclNode() throws Exception {
- // TODO
+ public void testRemovePolicyInvalidPath() throws Exception {
+ for (String invalid : getInvalidPaths()) {
+ try {
+ AccessControlPolicy acl = createPolicy(invalid);
+ acMgr.removePolicy(invalid, acl);
+ fail("Removing access control policy with invalid path should fail");
+ } catch (RepositoryException e) {
+ // success
+ }
+ }
}
@Test
- public void testRemoveRepoPolicy() throws Exception {
- // TODO
+ public void testRemovePolicyPropertyPath() throws Exception {
+ try {
+ String path = "/jcr:primaryType";
+ AccessControlPolicy acl = createPolicy(path);
+ acMgr.removePolicy(path, acl);
+ fail("Removing access control policy at property path should fail");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testRemovePolicyNonExistingNodePath() throws Exception {
+ try {
+ String path = "/non/existing";
+ AccessControlPolicy acl = createPolicy(path);
+ acMgr.removePolicy(path, acl);
+ fail("Removing access control policy for non-existing node path should fail");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testRemovePolicyAcContent() throws Exception {
+ for (String acPath : getAcContentPaths()) {
+ try {
+ AccessControlPolicy acl = createPolicy(acPath);
+ acMgr.removePolicy(acPath, acl);
+ fail("Removing access control policy to access control content should fail");
+ } catch (AccessControlException e) {
+ // success
+ }
+ }
}
}