You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2009/01/08 12:52:45 UTC
svn commit: r732693 [6/6] - in /jackrabbit/trunk:
jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/
jackrabbit-core/src/main/java/org/apache/jackrabbit/core/
jackrabbit-core/src/main/java/org/apache/jackrabbit/core/cluster/ jackra...
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/WriteTest.java?rev=732693&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/WriteTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/WriteTest.java Thu Jan 8 03:52:38 2009
@@ -0,0 +1,196 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.combined;
+
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.RepositoryException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * <code>EvaluationTest</code>...
+ */
+public class WriteTest extends org.apache.jackrabbit.core.security.authorization.acl.WriteTest {
+
+ private static Logger log = LoggerFactory.getLogger(WriteTest.class);
+
+ private List toClear = new ArrayList();
+
+ protected void setUp() throws Exception {
+ super.setUp();
+
+ // simple test to check if proper provider is present:
+ getPrincipalBasedPolicy(acMgr, path, getTestUser().getPrincipal());
+ }
+
+ protected void clearACInfo() {
+ for (Iterator it = toClear.iterator(); it.hasNext();) {
+ String path = it.next().toString();
+ try {
+ AccessControlPolicy[] policies = acMgr.getPolicies(path);
+ for (int i = 0; i < policies.length; i++) {
+ acMgr.removePolicy(path, policies[i]);
+ superuser.save();
+ }
+ } catch (RepositoryException e) {
+ // log error and ignore
+ log.error(e.getMessage());
+ }
+ }
+ }
+
+ private JackrabbitAccessControlList getPrincipalBasedPolicy(AccessControlManager acM, String path, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException {
+ if (acM instanceof JackrabbitAccessControlManager) {
+ AccessControlPolicy[] tmpls = ((JackrabbitAccessControlManager) acM).getApplicablePolicies(principal);
+ for (int i = 0; i < tmpls.length; i++) {
+ if (tmpls[i] instanceof JackrabbitAccessControlList) {
+ JackrabbitAccessControlList acl = (JackrabbitAccessControlList) tmpls[i];
+ toClear.add(acl.getPath());
+ return acl;
+ }
+ }
+ }
+ throw new NotExecutableException();
+ }
+
+ private JackrabbitAccessControlList givePrivileges(String nPath,
+ Principal principal,
+ Privilege[] privileges,
+ Map restrictions,
+ boolean nodeBased) throws NotExecutableException, RepositoryException {
+ if (nodeBased) {
+ return givePrivileges(nPath, principal, privileges, getRestrictions(superuser, nPath));
+ } else {
+ JackrabbitAccessControlList tmpl = getPrincipalBasedPolicy(acMgr, nPath, principal);
+ tmpl.addEntry(principal, privileges, true, restrictions);
+ acMgr.setPolicy(tmpl.getPath(), tmpl);
+ superuser.save();
+ // remember for teardown
+ toClear.add(tmpl.getPath());
+ return tmpl;
+ }
+ }
+
+ private JackrabbitAccessControlList withdrawPrivileges(String nPath,
+ Principal principal,
+ Privilege[] privileges,
+ Map restrictions,
+ boolean nodeBased) throws NotExecutableException, RepositoryException {
+ if (nodeBased) {
+ return withdrawPrivileges(nPath, principal, privileges, getRestrictions(superuser, nPath));
+ } else {
+ JackrabbitAccessControlList tmpl = getPrincipalBasedPolicy(acMgr, nPath, principal);
+ tmpl.addEntry(principal, privileges, false, restrictions);
+ acMgr.setPolicy(tmpl.getPath(), tmpl);
+ superuser.save();
+ // remember for teardown
+ toClear.add(tmpl.getPath());
+ return tmpl;
+ }
+ }
+
+ private Map getPrincipalBasedRestrictions(String path) throws RepositoryException, NotExecutableException {
+ if (superuser instanceof SessionImpl) {
+ Map restr = new HashMap();
+ restr.put("rep:nodePath", path);
+ return restr;
+ } else {
+ throw new NotExecutableException();
+ }
+ }
+
+ public void testCombinedPolicies() throws RepositoryException, NotExecutableException {
+ Group testGroup = getTestGroup();
+ SessionImpl testSession = getTestSession();
+ AccessControlManager testAcMgr = getTestACManager();
+
+ /*
+ precondition:
+ testuser must have READ-only permission on test-node and below
+ */
+ checkReadOnly(path);
+
+ Privilege[] readPrivs = privilegesFromName(Privilege.JCR_READ);
+ // nodebased: remove READ privilege for 'testUser' at 'path'
+ withdrawPrivileges(path, readPrivs, getRestrictions(superuser, path));
+ // principalbased: add READ privilege for 'testGroup'
+ givePrivileges(path, testGroup.getPrincipal(), readPrivs, getPrincipalBasedRestrictions(path), false);
+ /*
+ expected result:
+ - nodebased wins over principalbased -> READ is denied
+ */
+ assertFalse(testSession.itemExists(path));
+ assertFalse(testSession.hasPermission(path, org.apache.jackrabbit.api.jsr283.Session.ACTION_READ));
+ assertFalse(testAcMgr.hasPrivileges(path, readPrivs));
+
+ // remove the nodebased policy
+ JackrabbitAccessControlList policy = getPolicy(acMgr, path, getTestUser().getPrincipal());
+ acMgr.removePolicy(policy.getPath(), policy);
+ superuser.save();
+
+ /*
+ expected result:
+ - READ privilege is present again.
+ */
+ assertTrue(testSession.itemExists(path));
+ assertTrue(testSession.hasPermission(path, org.apache.jackrabbit.api.jsr283.Session.ACTION_READ));
+ assertTrue(testAcMgr.hasPrivileges(path, readPrivs));
+
+ // nodebased: add WRITE privilege for 'testUser' at 'path'
+ Privilege[] wrtPrivileges = privilegesFromName(PrivilegeRegistry.REP_WRITE);
+ givePrivileges(path, wrtPrivileges, getRestrictions(superuser, path));
+ // userbased: deny MODIFY_PROPERTIES privileges for 'testUser'
+ Privilege[] modPropPrivs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
+ withdrawPrivileges(path, getTestUser().getPrincipal(), modPropPrivs, getPrincipalBasedRestrictions(path), false);
+ /*
+ expected result:
+ - MODIFY_PROPERTIES privilege still present
+ */
+ assertTrue(testSession.hasPermission(path+"/anyproperty", org.apache.jackrabbit.api.jsr283.Session.ACTION_SET_PROPERTY));
+ assertTrue(testAcMgr.hasPrivileges(path, wrtPrivileges));
+
+ // nodebased: deny MODIFY_PROPERTIES privileges for 'testUser'
+ // on a child node.
+ withdrawPrivileges(childNPath, getTestUser().getPrincipal(), modPropPrivs, getRestrictions(superuser, childNPath));
+ /*
+ expected result:
+ - MODIFY_PROPERTIES privilege still present at 'path'
+ - no-MODIFY_PROPERTIES privilege at 'childNPath'
+ */
+ assertTrue(testSession.hasPermission(path+"/anyproperty", org.apache.jackrabbit.api.jsr283.Session.ACTION_SET_PROPERTY));
+ assertTrue(testAcMgr.hasPrivileges(path, modPropPrivs));
+
+ assertFalse(testSession.hasPermission(childNPath+"/anyproperty", org.apache.jackrabbit.api.jsr283.Session.ACTION_SET_PROPERTY));
+ assertFalse(testAcMgr.hasPrivileges(childNPath, modPropPrivs));
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/WriteTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/WriteTest.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java?rev=732693&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java Thu Jan 8 03:52:38 2009
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import junit.framework.TestCase;
+import org.apache.jackrabbit.core.security.authorization.AbstractLockManagementTest;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.security.authorization.AbstractVersionManagementTest;
+import org.apache.jackrabbit.core.security.authorization.AbstractNodeTypeManagementTest;
+import org.apache.jackrabbit.core.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.AccessDeniedException;
+import java.security.Principal;
+import java.util.Map;
+import java.util.HashMap;
+
+/**
+ * <code>EvaluationTest</code>...
+ */
+class EvaluationUtil {
+
+ static JackrabbitAccessControlList getPolicy(AccessControlManager acM, String path, Principal principal) throws RepositoryException,
+ AccessDeniedException, NotExecutableException {
+ if (acM instanceof JackrabbitAccessControlManager) {
+ AccessControlPolicy[] policies = ((JackrabbitAccessControlManager) acM).getApplicablePolicies(principal);
+ for (int i = 0; i < policies.length; i++) {
+ if (policies[i] instanceof ACLTemplate) {
+ ACLTemplate acl = (ACLTemplate) policies[i];
+ return acl;
+ }
+ }
+ }
+ throw new NotExecutableException();
+ }
+
+ static Map getRestrictions(Session s, String path) throws RepositoryException, NotExecutableException {
+ if (s instanceof SessionImpl) {
+ Map restr = new HashMap();
+ restr.put(((SessionImpl) s).getJCRName(ACLTemplate.P_NODE_PATH), path);
+ return restr;
+ } else {
+ throw new NotExecutableException();
+ }
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/LockTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/LockTest.java?rev=732693&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/LockTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/LockTest.java Thu Jan 8 03:52:38 2009
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import org.apache.jackrabbit.core.security.authorization.AbstractLockManagementTest;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import java.security.Principal;
+import java.util.Map;
+
+/**
+ * <code>LockTest</code>...
+ */
+public class LockTest extends AbstractLockManagementTest {
+ protected JackrabbitAccessControlList getPolicy(AccessControlManager acMgr, String path, Principal princ) throws
+ RepositoryException, NotExecutableException {
+ return EvaluationUtil.getPolicy(acMgr, path, princ);
+ }
+ protected Map getRestrictions(Session s, String path) throws RepositoryException, NotExecutableException {
+ return EvaluationUtil.getRestrictions(s, path);
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/LockTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/LockTest.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/NodeTypeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/NodeTypeTest.java?rev=732693&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/NodeTypeTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/NodeTypeTest.java Thu Jan 8 03:52:38 2009
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import org.apache.jackrabbit.core.security.authorization.AbstractNodeTypeManagementTest;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import java.security.Principal;
+import java.util.Map;
+
+/**
+ * <code>NodeTypeTest</code>...
+ */
+public class NodeTypeTest extends AbstractNodeTypeManagementTest {
+ protected JackrabbitAccessControlList getPolicy(AccessControlManager acMgr, String path, Principal princ) throws
+ RepositoryException, NotExecutableException {
+ return EvaluationUtil.getPolicy(acMgr, path, princ);
+ }
+ protected Map getRestrictions(Session s, String path) throws RepositoryException, NotExecutableException {
+ return EvaluationUtil.getRestrictions(s, path);
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/NodeTypeTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/NodeTypeTest.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java?rev=732693&r1=732692&r2=732693&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java Thu Jan 8 03:52:38 2009
@@ -13,8 +13,8 @@
*/
package org.apache.jackrabbit.core.security.authorization.principalbased;
-import junit.framework.TestCase;
import junit.framework.Test;
+import junit.framework.TestCase;
import junit.framework.TestSuite;
/**
@@ -30,13 +30,16 @@
* package.
*/
public static Test suite() {
- TestSuite suite = new TestSuite("security.authorization.combined tests");
+ TestSuite suite = new TestSuite("security.authorization.principalbased tests");
suite.addTestSuite(ACLTemplateTest.class);
suite.addTestSuite(EntryTest.class);
suite.addTestSuite(GlobPatternTest.class);
- suite.addTestSuite(EvaluationTest.class);
+ suite.addTestSuite(WriteTest.class);
+ suite.addTestSuite(LockTest.class);
+ suite.addTestSuite(VersionTest.class);
+ suite.addTestSuite(NodeTypeTest.class);
return suite;
}
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/VersionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/VersionTest.java?rev=732693&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/VersionTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/VersionTest.java Thu Jan 8 03:52:38 2009
@@ -0,0 +1,110 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.security.authorization.AbstractVersionManagementTest;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.Node;
+import javax.jcr.AccessDeniedException;
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.Property;
+import javax.jcr.version.Version;
+import java.security.Principal;
+import java.util.Map;
+
+/**
+ * <code>VersionTest</code>...
+ */
+public class VersionTest extends AbstractVersionManagementTest {
+
+ private static Logger log = LoggerFactory.getLogger(VersionTest.class);
+
+ private static String VERSION_STORAGE_PATH = "/jcr:system/jcr:versionStorage";
+
+ protected JackrabbitAccessControlList getPolicy(AccessControlManager acMgr, String path, Principal princ) throws
+ RepositoryException, NotExecutableException {
+ return EvaluationUtil.getPolicy(acMgr, path, princ);
+ }
+ protected Map getRestrictions(Session s, String path) throws RepositoryException, NotExecutableException {
+ return EvaluationUtil.getRestrictions(s, path);
+ }
+
+ public void testReadVersionInfo() throws RepositoryException, NotExecutableException {
+ Node n = createVersionableNode(testRootNode);
+ modifyPrivileges(VERSION_STORAGE_PATH, Privilege.JCR_READ, false);
+
+ Node n2 = (Node) getTestSession().getItem(n.getPath());
+ try {
+ n2.getVersionHistory();
+ fail();
+ } catch (AccessDeniedException e) {
+ // success
+ } catch (ItemNotFoundException e) {
+ // success as well
+ }
+ try {
+ n2.getBaseVersion();
+ fail();
+ } catch (AccessDeniedException e) {
+ // success
+ } catch (ItemNotFoundException e) {
+ // success as well
+ }
+ }
+
+ public void testReadVersionInfo2() throws RepositoryException, NotExecutableException {
+ Node n = createVersionableNode(testRootNode);
+ modifyPrivileges(VERSION_STORAGE_PATH, Privilege.JCR_READ, true);
+
+ Node n2 = (Node) getTestSession().getItem(n.getPath());
+ n2.getVersionHistory();
+ n2.getBaseVersion();
+ }
+
+ public void testReadVersionInfo3() throws RepositoryException, NotExecutableException {
+ Node trn = getTestNode();
+ modifyPrivileges(trn.getPath(), PrivilegeRegistry.REP_WRITE, true);
+ modifyPrivileges(trn.getPath(), Privilege.JCR_NODE_TYPE_MANAGEMENT, true);
+ modifyPrivileges(trn.getPath(), Privilege.JCR_VERSION_MANAGEMENT, true);
+ modifyPrivileges(VERSION_STORAGE_PATH, Privilege.JCR_READ, false);
+
+ Node n = createVersionableNode(trn);
+ assertTrue(n.isNodeType(mixVersionable));
+ assertFalse(n.isModified());
+
+ try {
+ n.getVersionHistory();
+ n.getBaseVersion();
+ fail("No READ permission in the version storage");
+ } catch (AccessDeniedException e) {
+ // success
+ log.debug(e.getMessage());
+ } catch (ItemNotFoundException e) {
+ // success
+ log.debug(e.getMessage());
+ }
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/VersionTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/VersionTest.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java?rev=732693&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java Thu Jan 8 03:52:38 2009
@@ -0,0 +1,93 @@
+/*
+ * $Id$
+ *
+ * Copyright 1997-2005 Day Management AG
+ * Barfuesserplatz 6, 4001 Basel, Switzerland
+ * All Rights Reserved.
+ *
+ * This software is the confidential and proprietary information of
+ * Day Management AG, ("Confidential Information"). You shall not
+ * disclose such Confidential Information and shall use it only in
+ * accordance with the terms of the license agreement you entered into
+ * with Day.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import org.apache.jackrabbit.core.security.authorization.AbstractWriteTest;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Session;
+import java.security.Principal;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Iterator;
+
+/**
+ * <code>EvaluationTest</code>...
+ */
+public class WriteTest extends AbstractWriteTest {
+
+ private static Logger log = LoggerFactory.getLogger(WriteTest.class);
+
+ private List toClear = new ArrayList();
+
+ protected void setUp() throws Exception {
+ super.setUp();
+
+ // simple test to check if proper provider is present:
+ getPolicy(acMgr, path, getTestUser().getPrincipal());
+ }
+
+ protected void clearACInfo() {
+ for (Iterator it = toClear.iterator(); it.hasNext();) {
+ String path = it.next().toString();
+ try {
+ AccessControlPolicy[] policies = acMgr.getPolicies(path);
+ for (int i = 0; i < policies.length; i++) {
+ acMgr.removePolicy(path, policies[i]);
+ superuser.save();
+ }
+ } catch (RepositoryException e) {
+ // log error and ignore
+ log.error(e.getMessage());
+ }
+ }
+ }
+
+ protected JackrabbitAccessControlList getPolicy(AccessControlManager acM, String path, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException {
+ if (acM instanceof JackrabbitAccessControlManager) {
+ AccessControlPolicy[] policies = ((JackrabbitAccessControlManager) acM).getApplicablePolicies(principal);
+ for (int i = 0; i < policies.length; i++) {
+ if (policies[i] instanceof ACLTemplate) {
+ ACLTemplate acl = (ACLTemplate) policies[i];
+ toClear.add(acl.getPath());
+ return acl;
+ }
+ }
+ }
+ throw new NotExecutableException();
+ }
+
+ protected Map getRestrictions(Session s, String path) throws RepositoryException, NotExecutableException {
+ if (s instanceof SessionImpl) {
+ Map restr = new HashMap();
+ restr.put(((SessionImpl) s).getJCRName(ACLTemplate.P_NODE_PATH), path);
+ return restr;
+ } else {
+ throw new NotExecutableException();
+ }
+ }
+
+ // TODO: add specific tests with other restrictions
+}
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url