You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by tr...@apache.org on 2014/02/26 00:42:37 UTC
svn commit: r1571867 - in /jackrabbit/commons/filevault/trunk/vault-core/src:
main/java/org/apache/jackrabbit/vault/fs/impl/io/
test/java/org/apache/jackrabbit/vault/packaging/integration/
test/resources/org/apache/jackrabbit/vault/packaging/integratio...
Author: tripod
Date: Tue Feb 25 23:42:37 2014
New Revision: 1571867
URL: http://svn.apache.org/r1571867
Log:
JCRVLT-39 Regression: installing a package with repository ACL fails
Added:
jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_no_policy.zip
jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_policy.zip
Modified:
jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java
jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java
jackrabbit/commons/filevault/trunk/vault-core/src/test/java/org/apache/jackrabbit/vault/packaging/integration/TestACLAndMerge.java
Modified: jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java?rev=1571867&r1=1571866&r2=1571867&view=diff
==============================================================================
--- jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java (original)
+++ jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java Tue Feb 25 23:42:37 2014
@@ -618,9 +618,19 @@ public class DocViewSAXImporter extends
log.info("Adding ACL element to non ACL parent - adding mixin: {}", node.getPath());
}
stack = stack.push();
- stack.adapter = new JackrabbitACLImporter(node, aclHandling);
- stack.adapter.startNode(ni);
- importInfo.onCreated(node.getPath() + "/" + ni.name);
+ if ("rep:repoPolicy".equals(name)) {
+ if (node.getDepth() == 0) {
+ stack.adapter = new JackrabbitACLImporter(session, aclHandling);
+ stack.adapter.startNode(ni);
+ importInfo.onCreated(node.getPath() + "/" + ni.name);
+ } else {
+ log.info("ignoring invalid location for repository level ACL: {}", node.getPath());
+ }
+ } else {
+ stack.adapter = new JackrabbitACLImporter(node, aclHandling);
+ stack.adapter.startNode(ni);
+ importInfo.onCreated(node.getPath() + "/" + ni.name);
+ }
} else {
stack = stack.push();
}
Modified: jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java?rev=1571867&r1=1571866&r2=1571867&view=diff
==============================================================================
--- jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java (original)
+++ jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java Tue Feb 25 23:42:37 2014
@@ -28,6 +28,7 @@ import java.util.Stack;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
+import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import javax.jcr.security.AccessControlEntry;
@@ -56,7 +57,7 @@ public class JackrabbitACLImporter imple
*/
private static final Logger log = DocViewSAXImporter.log;
- private final Node accessControlledNode;
+ private final JackrabbitSession session;
private final AccessControlHandling aclHandling;
@@ -80,19 +81,30 @@ public class JackrabbitACLImporter imple
private final Stack<State> states = new Stack<State>();
- public JackrabbitACLImporter(Node accessControlledNode, AccessControlHandling aclHandling) throws RepositoryException {
+ public JackrabbitACLImporter(Node accessControlledNode, AccessControlHandling aclHandling)
+ throws RepositoryException {
+ this(accessControlledNode.getSession(), accessControlledNode.getPath(), aclHandling);
+ }
+
+ public JackrabbitACLImporter(Session session, AccessControlHandling aclHandling)
+ throws RepositoryException {
+ this(session, null, aclHandling);
+ }
+
+ private JackrabbitACLImporter(Session session, String path, AccessControlHandling aclHandling)
+ throws RepositoryException {
if (aclHandling == AccessControlHandling.CLEAR || aclHandling == AccessControlHandling.IGNORE) {
throw new RepositoryException("Error while reading access control content: unsupported AccessControlHandling: " + aclHandling);
}
- this.accessControlledNode = accessControlledNode;
- this.accessControlledPath = accessControlledNode.getPath();
- final JackrabbitSession session = ((JackrabbitSession) accessControlledNode.getSession());
- this.acMgr = session.getAccessControlManager();
- this.pMgr = session.getPrincipalManager();
+ this.accessControlledPath = path;
+ this.session = (JackrabbitSession) session;
+ this.acMgr = this.session.getAccessControlManager();
+ this.pMgr = this.session.getPrincipalManager();
this.aclHandling = aclHandling;
this.states.push(State.INITIAL);
}
+
public void startNode(DocViewNode node) throws SAXException {
State state = states.peek();
switch (state) {
@@ -158,7 +170,7 @@ public class JackrabbitACLImporter imple
}
private void apply() throws RepositoryException {
- final ValueFactory valueFactory = accessControlledNode.getSession().getValueFactory();
+ final ValueFactory valueFactory = session.getValueFactory();
// find principals of existing ACL
JackrabbitAccessControlList acl = null;
@@ -189,7 +201,8 @@ public class JackrabbitACLImporter imple
}
}
if (acl == null) {
- throw new RepositoryException("not JackrabbitAccessControlList applicable on " + accessControlledPath);
+ throw new RepositoryException("not JackrabbitAccessControlList applicable on " +
+ (accessControlledPath == null ? "'root'" : accessControlledPath));
}
// apply ACEs of package
Modified: jackrabbit/commons/filevault/trunk/vault-core/src/test/java/org/apache/jackrabbit/vault/packaging/integration/TestACLAndMerge.java
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/test/java/org/apache/jackrabbit/vault/packaging/integration/TestACLAndMerge.java?rev=1571867&r1=1571866&r2=1571867&view=diff
==============================================================================
--- jackrabbit/commons/filevault/trunk/vault-core/src/test/java/org/apache/jackrabbit/vault/packaging/integration/TestACLAndMerge.java (original)
+++ jackrabbit/commons/filevault/trunk/vault-core/src/test/java/org/apache/jackrabbit/vault/packaging/integration/TestACLAndMerge.java Tue Feb 25 23:42:37 2014
@@ -29,6 +29,7 @@ import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlPolicy;
+import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitSession;
@@ -36,6 +37,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.vault.fs.io.AccessControlHandling;
import org.apache.jackrabbit.vault.fs.io.ImportOptions;
import org.apache.jackrabbit.vault.packaging.JcrPackage;
@@ -337,6 +339,82 @@ public class TestACLAndMerge extends Int
assertPermission("/testroot/secured", true, new String[]{"jcr:all"}, "missinguser", null);
}
+
+ /**
+ * Installs a package with repository level acl and then installs another that removes them again.
+ */
+ @Test
+ public void testRepoACL() throws RepositoryException, IOException, PackageException {
+ removeRepoACL();
+
+ JcrPackage pack = packMgr.upload(getStream("testpackages/repo_policy.zip"), false);
+ assertNotNull(pack);
+ ImportOptions opts = getDefaultOptions();
+ opts.setAccessControlHandling(AccessControlHandling.OVERWRITE);
+ pack.install(opts);
+
+ // test if nodes and ACLs of first package exist
+ assertPermission(null, false, new String[]{"jcr:all"}, "everyone", null);
+ assertPermission(null, false, new String[]{"jcr:all"}, "testuser", null);
+
+ pack = packMgr.upload(getStream("testpackages/repo_no_policy.zip"), true);
+ assertNotNull(pack);
+ opts = getDefaultOptions();
+ opts.setAccessControlHandling(AccessControlHandling.OVERWRITE);
+ pack.install(opts);
+
+ assertPermissionMissing(null, false, new String[]{"jcr:all"}, "everyone", null);
+ assertPermissionMissing(null, false, new String[]{"jcr:all"}, "testuser", null);
+
+ }
+
+ /**
+ * Installs a package with repository level acl and then installs another that removes them again.
+ */
+ @Test
+ public void testRepoACLMerge() throws RepositoryException, IOException, PackageException {
+ removeRepoACL();
+ addACL(null, true, new String[]{"jcr:all"}, "testuser");
+ assertPermission(null, true, new String[]{"jcr:all"}, "testuser", null);
+ addACL(null, true, new String[]{"jcr:all"}, "testuser1");
+ assertPermission(null, true, new String[]{"jcr:all"}, "testuser1", null);
+
+ JcrPackage pack = packMgr.upload(getStream("testpackages/repo_policy.zip"), false);
+ assertNotNull(pack);
+ ImportOptions opts = getDefaultOptions();
+ opts.setAccessControlHandling(AccessControlHandling.MERGE);
+ pack.install(opts);
+
+ // test if nodes and ACLs of first package exist
+ assertPermission(null, false, new String[]{"jcr:all"}, "everyone", null);
+ assertPermission(null, false, new String[]{"jcr:all"}, "testuser", null);
+ assertPermission(null, true, new String[]{"jcr:all"}, "testuser1", null);
+ }
+
+ /**
+ * Installs a package with repository level acl and then installs another that removes them again.
+ */
+ @Test
+ public void testRepoACLMergePreserve() throws RepositoryException, IOException, PackageException {
+ removeRepoACL();
+ addACL(null, true, new String[]{"jcr:all"}, "testuser");
+ assertPermission(null, true, new String[]{"jcr:all"}, "testuser", null);
+ addACL(null, true, new String[]{"jcr:all"}, "testuser1");
+ assertPermission(null, true, new String[]{"jcr:all"}, "testuser1", null);
+
+ JcrPackage pack = packMgr.upload(getStream("testpackages/repo_policy.zip"), false);
+ assertNotNull(pack);
+ ImportOptions opts = getDefaultOptions();
+ opts.setAccessControlHandling(AccessControlHandling.MERGE_PRESERVE);
+ pack.install(opts);
+
+ // test if nodes and ACLs of first package exist
+ assertPermission(null, false, new String[]{"jcr:all"}, "everyone", null);
+ assertPermission(null, true, new String[]{"jcr:all"}, "testuser", null);
+ assertPermission(null, true, new String[]{"jcr:all"}, "testuser1", null);
+ }
+
+
protected void assertPermissionMissing(String path, boolean allow, String[] privs, String name, String globRest)
throws RepositoryException {
Map<String, String[]> restrictions = new HashMap<String, String[]>();
@@ -420,4 +498,48 @@ public class TestACLAndMerge extends Int
}
return -1;
}
+
+ protected void removeRepoACL() throws RepositoryException {
+ AccessControlPolicy[] ap = admin.getAccessControlManager().getPolicies(null);
+ for (AccessControlPolicy p: ap) {
+ if (p instanceof JackrabbitAccessControlList) {
+ JackrabbitAccessControlList acl = (JackrabbitAccessControlList) p;
+ for (AccessControlEntry ac: acl.getAccessControlEntries()) {
+ if (ac instanceof JackrabbitAccessControlEntry) {
+ acl.removeAccessControlEntry(ac);
+ }
+ }
+ }
+ }
+ admin.save();
+ }
+
+ protected void addACL(String path, boolean allow, String[] privs, String principal) throws RepositoryException {
+ JackrabbitAccessControlList acl = null;
+ for (AccessControlPolicy p: admin.getAccessControlManager().getPolicies(path)) {
+ if (p instanceof JackrabbitAccessControlList) {
+ acl = (JackrabbitAccessControlList) p;
+ break;
+ }
+ }
+ if (acl == null) {
+ AccessControlPolicyIterator iter = admin.getAccessControlManager().getApplicablePolicies(path);
+ while (iter.hasNext()) {
+ AccessControlPolicy p = iter.nextAccessControlPolicy();
+ if (p instanceof JackrabbitAccessControlList) {
+ acl = (JackrabbitAccessControlList) p;
+ break;
+ }
+ }
+ }
+ assertNotNull(acl);
+
+ Privilege[] ps = new Privilege[privs.length];
+ for (int i=0; i<privs.length; i++) {
+ ps[i] = admin.getAccessControlManager().privilegeFromName(privs[i]);
+ }
+ acl.addEntry(new PrincipalImpl(principal), ps, allow);
+ admin.getAccessControlManager().setPolicy(path, acl);
+ admin.save();
+ }
}
\ No newline at end of file
Added: jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_no_policy.zip
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_no_policy.zip?rev=1571867&view=auto
==============================================================================
Files jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_no_policy.zip (added) and jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_no_policy.zip Tue Feb 25 23:42:37 2014 differ
Added: jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_policy.zip
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_policy.zip?rev=1571867&view=auto
==============================================================================
Files jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_policy.zip (added) and jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_policy.zip Tue Feb 25 23:42:37 2014 differ