You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2008/08/27 17:12:07 UTC
svn commit: r689499 [10/11] - in /jackrabbit/trunk:
jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/
jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/retention/
jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/se...
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java Wed Aug 27 08:12:04 2008
@@ -16,169 +16,162 @@
*/
package org.apache.jackrabbit.core.security.authorization.acl;
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlEntry;
import org.apache.jackrabbit.api.jsr283.security.AccessControlException;
-import org.apache.jackrabbit.core.security.authorization.AbstractPolicyTemplateTest;
-import org.apache.jackrabbit.core.security.authorization.PolicyEntry;
-import org.apache.jackrabbit.core.security.authorization.PolicyTemplate;
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+import org.apache.jackrabbit.core.security.authorization.AbstractACLTemplateTest;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlEntry;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.test.NotExecutableException;
import javax.jcr.RepositoryException;
import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Collections;
/**
* <code>ACLTemplateTest</code>...
*/
-public class ACLTemplateTest extends AbstractPolicyTemplateTest {
-
- private static Logger log = LoggerFactory.getLogger(ACLTemplateTest.class);
+public class ACLTemplateTest extends AbstractACLTemplateTest {
protected String getTestPath() {
return "/ab/c/d";
}
- protected PolicyTemplate createEmptyTemplate(String path) {
- return new ACLTemplate(path);
- }
-
- public void testAddEntry() throws RepositoryException {
- PolicyTemplate pt = createEmptyTemplate(getTestPath());
- assertTrue(pt.setEntry(new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true)));
- }
-
- public void testAddEntryTwice() throws RepositoryException {
- PolicyTemplate pt = createEmptyTemplate(getTestPath());
- PolicyEntry pe = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
-
- pt.setEntry(pe);
- assertFalse(pt.setEntry(pe));
+ protected JackrabbitAccessControlList createEmptyTemplate(String path) throws RepositoryException {
+ SessionImpl sImpl = (SessionImpl) superuser;
+ PrincipalManager princicipalMgr = sImpl.getPrincipalManager();
+ PrivilegeRegistry privilegeRegistry = new PrivilegeRegistry(sImpl);
+ return new ACLTemplate(path, princicipalMgr, privilegeRegistry);
}
- public void testRevokeEffect() throws RepositoryException {
- PolicyTemplate pt = createEmptyTemplate(getTestPath());
- PolicyEntry pe = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
-
- pt.setEntry(pe);
-
- // same entry but with revers 'isAllow' flag
- pe = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, false);
- assertTrue(pt.setEntry(pe));
-
- // net-effect: only a single deny-read entry
- assertTrue(pt.size() == 1);
- assertEquals(pt.getEntries()[0], pe);
- }
-
- public void testEffect() throws RepositoryException {
- PolicyTemplate pt = createEmptyTemplate(getTestPath());
- PolicyEntry pe = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
-
- pt.setEntry(pe);
+ public void testMultipleEntryEffect() throws RepositoryException, NotExecutableException {
+ JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
+ Privilege[] privileges = privilegesFromName(Privilege.JCR_READ);
+ pt.addEntry(testPrincipal, privileges, true, Collections.EMPTY_MAP);
// new entry extends privs.
- pe = new ACEImpl(testPrincipal, PrivilegeRegistry.READ | PrivilegeRegistry.ADD_CHILD_NODES, true);
- assertTrue(pt.setEntry(pe));
+ privileges = privilegesFromNames(new String[] {
+ Privilege.JCR_READ,
+ Privilege.JCR_ADD_CHILD_NODES});
+ assertTrue(pt.addEntry(testPrincipal,
+ privileges,
+ true, Collections.EMPTY_MAP));
// net-effect: only a single allow-entry with both privileges
assertTrue(pt.size() == 1);
- assertEquals(pt.getEntries()[0], pe);
+ assertSamePrivileges(privileges, pt.getAccessControlEntries()[0].getPrivileges());
- // new entry revokes READ priv
- pe = new ACEImpl(testPrincipal, PrivilegeRegistry.ADD_CHILD_NODES, true);
- assertTrue(pt.setEntry(pe));
- // net-effect: only a single allow-entry with add_child_nodes priv
+ // adding just ADD_CHILD_NODES -> must not remove READ priv
+ Privilege[] achPrivs = privilegesFromName(Privilege.JCR_ADD_CHILD_NODES);
+ assertFalse(pt.addEntry(testPrincipal, achPrivs, true, Collections.EMPTY_MAP));
+ // net-effect: only a single allow-entry with add_child_nodes + read priv
assertTrue(pt.size() == 1);
- assertEquals(pt.getEntries()[0], pe);
- }
+ assertSamePrivileges(privileges, pt.getAccessControlEntries()[0].getPrivileges());
- public void testEffect2() throws RepositoryException {
- PolicyTemplate pt = createEmptyTemplate(getTestPath());
- PolicyEntry pe = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
- pt.setEntry(pe);
+ // revoke the 'READ' privilege
+ privileges = privilegesFromName(Privilege.JCR_READ);
+ assertTrue(pt.addEntry(testPrincipal, privileges, false, Collections.EMPTY_MAP));
+ // net-effect: 2 entries one allowing ADD_CHILD_NODES, the other denying READ
+ assertTrue(pt.size() == 2);
+ assertSamePrivileges(privilegesFromName(Privilege.JCR_ADD_CHILD_NODES),
+ pt.getAccessControlEntries()[0].getPrivileges());
+ assertSamePrivileges(privilegesFromName(Privilege.JCR_READ),
+ pt.getAccessControlEntries()[1].getPrivileges());
- // add deny entry for mod_props
- PolicyEntry pe2 = new ACEImpl(testPrincipal, PrivilegeRegistry.MODIFY_PROPERTIES, false);
- assertTrue(pt.setEntry(pe2));
+ // remove the deny-READ entry
+ pt.removeAccessControlEntry(pt.getAccessControlEntries()[1]);
+ assertTrue(pt.size() == 1);
+ assertSamePrivileges(privilegesFromName(Privilege.JCR_ADD_CHILD_NODES),
+ pt.getAccessControlEntries()[0].getPrivileges());
- // net-effect: 2 entries
- assertTrue(pt.size() == 2);
- assertEquals(pt.getEntries()[0], pe);
- assertEquals(pt.getEntries()[1], pe2);
+ // remove the allow-ADD_CHILD_NODES entry
+ pt.removeAccessControlEntry(pt.getAccessControlEntries()[0]);
+ assertTrue(pt.isEmpty());
}
- public void testEffect3() throws RepositoryException {
- PolicyTemplate pt = createEmptyTemplate(getTestPath());
- PolicyEntry pe = new ACEImpl(testPrincipal, PrivilegeRegistry.WRITE, true);
-
- pt.setEntry(pe);
+ public void testMultipleEntryEffect2() throws RepositoryException, NotExecutableException {
+ Privilege[] privileges = privilegesFromName(Privilege.JCR_WRITE);
+ JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
+ pt.addAccessControlEntry(testPrincipal, privileges);
// add deny entry for mod_props
- PolicyEntry pe2 = new ACEImpl(testPrincipal, PrivilegeRegistry.MODIFY_PROPERTIES, false);
- assertTrue(pt.setEntry(pe2));
+ privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
+ assertTrue(pt.addEntry(testPrincipal, privileges, false, null));
// net-effect: 2 entries with the allow entry being adjusted
assertTrue(pt.size() == 2);
- PolicyEntry[] entries = pt.getEntries();
+ AccessControlEntry[] entries = pt.getAccessControlEntries();
for (int i = 0; i < entries.length; i++) {
- int privs = entries[i].getPrivilegeBits();
- if (entries[i].isAllow()) {
- assertTrue(privs == (PrivilegeRegistry.ADD_CHILD_NODES | PrivilegeRegistry.REMOVE_CHILD_NODES));
+ JackrabbitAccessControlEntry entry = (JackrabbitAccessControlEntry) entries[i];
+ int privs = entry.getPrivilegeBits();
+ if (entry.isAllow()) {
+ assertEquals(privs, (PrivilegeRegistry.ADD_CHILD_NODES | PrivilegeRegistry.REMOVE_CHILD_NODES));
} else {
- assertTrue(privs == PrivilegeRegistry.MODIFY_PROPERTIES);
+ assertEquals(privs, PrivilegeRegistry.MODIFY_PROPERTIES);
}
}
}
- public void testMultiplePrincipals() throws RepositoryException {
- Principal princ2 = new Principal() {
- public String getName() {
- return "AnotherPrincipal";
+ public void testMultiplePrincipals() throws RepositoryException, NotExecutableException {
+ PrincipalManager pMgr = ((JackrabbitSession) superuser).getPrincipalManager();
+ Principal everyone = pMgr.getEveryone();
+ Principal grPrincipal = null;
+ PrincipalIterator it = pMgr.findPrincipals("", PrincipalManager.SEARCH_TYPE_GROUP);
+ while (it.hasNext()) {
+ Group gr = (Group) it.nextPrincipal();
+ if (!everyone.equals(gr)) {
+ grPrincipal = gr;
}
- };
-
- PolicyTemplate pt = createEmptyTemplate(getTestPath());
- PolicyEntry pe = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
- pt.setEntry(pe);
-
- // add deny entry for mod_props
- pe = new ACEImpl(princ2, PrivilegeRegistry.READ, true);
- assertTrue(pt.setEntry(pe));
- assertTrue(pt.getEntries().length == 2);
- }
-
- public void testRemoveEntry() throws RepositoryException {
- PolicyTemplate pt = createEmptyTemplate(getTestPath());
- PolicyEntry pe = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
- pt.setEntry(pe);
-
- assertTrue(pt.removeEntry(pe));
- }
-
- public void testRemoveNonExisting() throws RepositoryException {
- PolicyTemplate pt = createEmptyTemplate(getTestPath());
- PolicyEntry pe = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
- pt.setEntry(pe);
- PolicyEntry pe2 = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, false);
- pt.setEntry(pe2);
-
- assertFalse(pt.removeEntry(pe));
- }
+ }
+ if (grPrincipal == null || grPrincipal.equals(everyone)) {
+ throw new NotExecutableException();
+ }
+ Privilege[] privs = privilegesFromName(Privilege.JCR_READ);
- public void testSetEntryForGroupPrincipal() throws RepositoryException {
- PolicyTemplate pt = createEmptyTemplate(getTestPath());
+ JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
+ pt.addAccessControlEntry(testPrincipal, privs);
+ assertFalse(pt.addAccessControlEntry(testPrincipal, privs));
+
+ // add same privs for another principal -> must modify as well.
+ assertTrue(pt.addAccessControlEntry(everyone, privs));
+ // .. 2 entries must be present.
+ assertTrue(pt.getAccessControlEntries().length == 2);
+ }
+
+ public void testSetEntryForGroupPrincipal() throws RepositoryException, NotExecutableException {
+ JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
+ Privilege[] privs = privilegesFromName(Privilege.JCR_READ);
+ Group grPrincipal = (Group) pMgr.getEveryone();
// adding allow-entry must succeed
- PolicyEntry pe = new ACEImpl(testGroup, PrivilegeRegistry.READ, true);
- assertTrue(pt.setEntry(pe));
+ assertTrue(pt.addAccessControlEntry(grPrincipal, privs));
// adding deny-entry must succeed
- pe = new ACEImpl(testGroup, PrivilegeRegistry.READ, false);
try {
- pt.setEntry(pe);
+ pt.addEntry(grPrincipal, privs, false, null);
fail("Adding DENY-ace for a group principal should fail.");
} catch (AccessControlException e) {
// success
}
}
+
+ public void testRevokeEffect() throws RepositoryException, NotExecutableException {
+ JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
+ Privilege[] privileges = privilegesFromName(Privilege.JCR_READ);
+
+ pt.addEntry(testPrincipal, privileges, true, Collections.EMPTY_MAP);
+
+ // same entry but with revers 'isAllow' flag
+ assertTrue(pt.addEntry(testPrincipal, privileges, false, Collections.EMPTY_MAP));
+
+ // net-effect: only a single deny-read entry
+ assertTrue(pt.size() == 1);
+ assertSamePrivileges(privileges, pt.getAccessControlEntries()[0].getPrivileges());
+ }
}
\ No newline at end of file
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java?rev=689499&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java Wed Aug 27 08:12:04 2008
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.acl;
+
+import org.apache.jackrabbit.api.jsr283.security.AccessControlException;
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
+import org.apache.jackrabbit.core.security.authorization.AbstractEntryTest;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlEntry;
+
+import java.security.Principal;
+
+/**
+ * <code>EntryTest</code>...
+ */
+public class EntryTest extends AbstractEntryTest {
+
+ protected JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow)
+ throws AccessControlException {
+ return new ACLTemplate.Entry(principal, privileges, isAllow);
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java Wed Aug 27 08:12:04 2008
@@ -16,19 +16,19 @@
*/
package org.apache.jackrabbit.core.security.authorization.acl;
-import org.apache.jackrabbit.api.jsr283.security.AccessControlEntry;
import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator;
import org.apache.jackrabbit.api.jsr283.security.Privilege;
import org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest;
-import org.apache.jackrabbit.core.security.authorization.PolicyEntry;
-import org.apache.jackrabbit.core.security.authorization.PolicyTemplate;
-import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.test.NotExecutableException;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
+import java.util.Collections;
+import java.util.Map;
import java.security.Principal;
/**
@@ -36,14 +36,11 @@
*/
public class EvaluationTest extends AbstractEvaluationTest {
- private String[] restrictions = new String[0];
-
protected void setUp() throws Exception {
super.setUp();
-
try {
- AccessControlPolicy rootPolicy = acMgr.getPolicy("/");
- if (!(rootPolicy instanceof ACLTemplate)) {
+ AccessControlPolicy[] rootPolicies = acMgr.getPolicies("/");
+ if (rootPolicies.length == 0 || !(rootPolicies[0] instanceof ACLTemplate)) {
throw new NotExecutableException();
}
} catch (RepositoryException e) {
@@ -52,10 +49,11 @@
}
protected void clearACInfo() {
- // nop
+ // nop since ac information is stored with nodes that get removed
+ // during the general tear-down.
}
- protected PolicyTemplate getPolicyTemplate(AccessControlManager acM, String path) throws RepositoryException, AccessDeniedException, NotExecutableException {
+ protected JackrabbitAccessControlList getPolicy(AccessControlManager acM, String path, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException {
AccessControlPolicyIterator it = acM.getApplicablePolicies(path);
while (it.hasNext()) {
AccessControlPolicy acp = it.nextAccessControlPolicy();
@@ -66,12 +64,8 @@
throw new NotExecutableException("ACLTemplate expected.");
}
- protected PolicyEntry createEntry(Principal principal, int privileges, boolean isAllow, String[] restrictions) {
- return new ACEImpl(principal, privileges, isAllow);
- }
-
- protected String[] getRestrictions(String path) {
- return restrictions;
+ protected Map getRestrictions(String path) {
+ return Collections.EMPTY_MAP;
}
public void testAccessControlModification2() throws RepositoryException, NotExecutableException {
@@ -82,8 +76,11 @@
checkReadOnly(path);
// give 'testUser' READ_AC|MODIFY_AC privileges at 'path'
- PolicyTemplate tmpl = givePrivileges(path, PrivilegeRegistry.READ_AC |
- PrivilegeRegistry.MODIFY_AC, getRestrictions(path));
+ Privilege[] privileges = privilegesFromNames(new String[] {
+ Privilege.JCR_READ_ACCESS_CONTROL,
+ Privilege.JCR_MODIFY_ACCESS_CONTROL
+ });
+ JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(path));
/*
testuser must
- still have the inherited READ permission.
@@ -97,13 +94,19 @@
// make sure the 'rep:policy' node has been created.
assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));
+ AccessControlManager testAcMgr = getTestACManager();
// test: MODIFY_AC granted at 'path'
- assertTrue(testAcMgr.hasPrivileges(path, new Privilege[] {
- PrivilegeRegistry.MODIFY_AC_PRIVILEGE}));
+ assertTrue(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_MODIFY_ACCESS_CONTROL)));
+
+ // test if testuser can READ access control on the path and on the
+ // entire subtree that gets the policy inherited.
+ AccessControlPolicy[] policies = testAcMgr.getPolicies(path);
+ testAcMgr.getEffectivePolicies(path);
+ testAcMgr.getEffectivePolicies(childNPath);
// test: READ_AC privilege does not apply outside of the tree.
try {
- testAcMgr.getPolicy(siblingPath);
+ testAcMgr.getPolicies(siblingPath);
fail("READ_AC privilege must not apply outside of the tree it has applied to.");
} catch (AccessDeniedException e) {
// success
@@ -111,39 +114,31 @@
// test: MODIFY_AC privilege does not apply outside of the tree.
try {
- testAcMgr.addAccessControlEntry(siblingPath,
- testUser.getPrincipal(),
- new Privilege[] {PrivilegeRegistry.WRITE_PRIVILEGE});
+ testAcMgr.setPolicy(siblingPath, policies[0]);
fail("MODIFY_AC privilege must not apply outside of the tree it has applied to.");
} catch (AccessDeniedException e) {
// success
}
- // test if testuser can READ access control on the path and on the
- // entire subtree that gets the policy inherited.
- AccessControlPolicy policy = testAcMgr.getPolicy(path);
- AccessControlPolicy effPolicy = testAcMgr.getEffectivePolicy(path);
- AccessControlPolicy effPOnChild = testAcMgr.getEffectivePolicy(childNPath);
-
// test if testuser can modify AC-items
// 1) add an ac-entry
- AccessControlEntry entry = testAcMgr.addAccessControlEntry(path,
- testUser.getPrincipal(),
- new Privilege[] {PrivilegeRegistry.WRITE_PRIVILEGE});
- testSession.save();
+ ACLTemplate acl = (ACLTemplate) policies[0];
+ acl.addAccessControlEntry(getTestUser().getPrincipal(), privilegesFromName(Privilege.JCR_WRITE));
+ testAcMgr.setPolicy(path, acl);
+ getTestSession().save();
assertTrue(testAcMgr.hasPrivileges(path,
- new Privilege[] {PrivilegeRegistry.REMOVE_CHILD_NODES_PRIVILEGE}));
+ privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES)));
// 2) remove the policy
- testAcMgr.removePolicy(path);
- testSession.save();
+ testAcMgr.removePolicy(path, policies[0]);
+ getTestSession().save();
// Finally: testuser removed the policy that granted him permission
// to modify the AC content. Since testuser removed the policy, it's
// privileges must be gone again...
try {
- testAcMgr.getEffectivePolicy(childNPath);
+ testAcMgr.getEffectivePolicies(childNPath);
fail("READ_AC privilege has been revoked -> must throw again.");
} catch (AccessDeniedException e) {
// success
@@ -152,4 +147,30 @@
// READ must be gone.
checkReadOnly(path);
}
+
+ public void testRemovePermission9() throws NotExecutableException, RepositoryException {
+ SessionImpl testSession = getTestSession();
+ AccessControlManager testAcMgr = getTestACManager();
+ /*
+ precondition:
+ testuser must have READ-only permission on test-node and below
+ */
+ checkReadOnly(path);
+ checkReadOnly(childNPath);
+
+ Privilege[] rmChildNodes = privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES);
+ Privilege[] rmNode = privilegesFromName(Privilege.JCR_REMOVE_NODE);
+
+ // add 'remove_child_nodes' at 'path and allow 'remove_node' at childNPath
+ givePrivileges(path, rmChildNodes, getRestrictions(path));
+ givePrivileges(childNPath, rmNode, getRestrictions(childNPath));
+ /*
+ expected result:
+ - rep:policy node can still not be remove for it is access-control
+ content that requires jcr:modifyAccessControl privilege instead.
+ */
+ String policyPath = childNPath + "/rep:policy";
+ assertFalse(testSession.hasPermission(policyPath, SessionImpl.REMOVE_ACTION));
+ assertTrue(testAcMgr.hasPrivileges(policyPath, new Privilege[] {rmChildNodes[0], rmNode[0]}));
+ }
}
\ No newline at end of file
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java Wed Aug 27 08:12:04 2008
@@ -36,8 +36,7 @@
TestSuite suite = new TestSuite("security.authorization.acl tests");
suite.addTestSuite(ACLTemplateTest.class);
- suite.addTestSuite(ACLImplTest.class);
- suite.addTestSuite(ACEImplTest.class);
+ suite.addTestSuite(EntryTest.class);
suite.addTestSuite(EvaluationTest.class);
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/EvaluationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/EvaluationTest.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/EvaluationTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/EvaluationTest.java Wed Aug 27 08:12:04 2008
@@ -18,10 +18,11 @@
import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.security.JackrabbitAccessControlManager;
-import org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest;
-import org.apache.jackrabbit.core.security.authorization.PolicyEntry;
-import org.apache.jackrabbit.core.security.authorization.PolicyTemplate;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
import org.apache.jackrabbit.test.NotExecutableException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -29,67 +30,166 @@
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
/**
* <code>EvaluationTest</code>...
*/
-public class EvaluationTest extends AbstractEvaluationTest {
+public class EvaluationTest extends org.apache.jackrabbit.core.security.authorization.acl.EvaluationTest {
private static Logger log = LoggerFactory.getLogger(EvaluationTest.class);
- private String testPolicyPath;
+ private List toClear = new ArrayList();
protected void setUp() throws Exception {
super.setUp();
- JackrabbitAccessControlManager jam;
- if (acMgr instanceof JackrabbitAccessControlManager) {
- jam = (JackrabbitAccessControlManager) acMgr;
- } else {
- throw new NotExecutableException();
- }
- try {
- AccessControlPolicy rootPolicy = acMgr.getPolicy("/");
- if (!(rootPolicy instanceof PolicyTemplateImpl)) {
- throw new NotExecutableException();
- }
- } catch (RepositoryException e) {
- throw new NotExecutableException();
- }
-
-
- StringBuffer b = new StringBuffer("/rep:accesscontrol");
- Principal principal = testUser.getPrincipal();
- testPolicyPath = jam.editPolicy(principal).getPath();
+ // simple test to check if proper provider is present:
+ getPrincipalBasedPolicy(acMgr, path, getTestUser().getPrincipal());
}
protected void clearACInfo() {
- try {
- acMgr.removePolicy(testPolicyPath);
- superuser.save();
- } catch (RepositoryException e) {
- // log error and ignore
- log.error(e.getMessage());
+ for (Iterator it = toClear.iterator(); it.hasNext();) {
+ String path = it.next().toString();
+ try {
+ AccessControlPolicy[] policies = acMgr.getPolicies(path);
+ for (int i = 0; i < policies.length; i++) {
+ acMgr.removePolicy(path, policies[i]);
+ superuser.save();
+ }
+ } catch (RepositoryException e) {
+ // log error and ignore
+ log.error(e.getMessage());
+ }
}
}
- protected PolicyTemplate getPolicyTemplate(AccessControlManager acM, String path) throws RepositoryException, AccessDeniedException, NotExecutableException {
+ private JackrabbitAccessControlList getPrincipalBasedPolicy(AccessControlManager acM, String path, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException {
if (acM instanceof JackrabbitAccessControlManager) {
- PolicyTemplate pt = ((JackrabbitAccessControlManager) acM).editPolicy(testPolicyPath);
- if (pt instanceof PolicyTemplateImpl) {
- return (PolicyTemplateImpl) pt;
+ AccessControlPolicy[] tmpls = ((JackrabbitAccessControlManager) acM).getApplicablePolicies(principal);
+ for (int i = 0; i < tmpls.length; i++) {
+ if (tmpls[i] instanceof JackrabbitAccessControlList) {
+ JackrabbitAccessControlList acl = (JackrabbitAccessControlList) tmpls[i];
+ toClear.add(acl.getPath());
+ return acl;
+ }
}
}
throw new NotExecutableException();
}
- protected PolicyEntry createEntry(Principal principal, int privileges, boolean isAllow, String[] restrictions) {
- String nodePath = restrictions[0];
- String glob = restrictions[1];
- return new PolicyEntryImpl(principal, privileges, isAllow, nodePath, glob);
+ private JackrabbitAccessControlList givePrivileges(String nPath,
+ Principal principal,
+ Privilege[] privileges,
+ Map restrictions,
+ boolean nodeBased) throws NotExecutableException, RepositoryException {
+ if (nodeBased) {
+ return givePrivileges(nPath, principal, privileges, getRestrictions(nPath));
+ } else {
+ JackrabbitAccessControlList tmpl = getPrincipalBasedPolicy(acMgr, nPath, principal);
+ tmpl.addEntry(principal, privileges, true, restrictions);
+ acMgr.setPolicy(tmpl.getPath(), tmpl);
+ superuser.save();
+ // remember for teardown
+ toClear.add(tmpl.getPath());
+ return tmpl;
+ }
+ }
+
+ private JackrabbitAccessControlList withdrawPrivileges(String nPath,
+ Principal principal,
+ Privilege[] privileges,
+ Map restrictions,
+ boolean nodeBased) throws NotExecutableException, RepositoryException {
+ if (nodeBased) {
+ return withdrawPrivileges(nPath, principal, privileges, getRestrictions(nPath));
+ } else {
+ JackrabbitAccessControlList tmpl = getPrincipalBasedPolicy(acMgr, nPath, principal);
+ tmpl.addEntry(principal, privileges, false, restrictions);
+ acMgr.setPolicy(tmpl.getPath(), tmpl);
+ superuser.save();
+ // remember for teardown
+ toClear.add(tmpl.getPath());
+ return tmpl;
+ }
+ }
+
+ private Map getPrincipalBasedRestrictions(String path) throws RepositoryException, NotExecutableException {
+ if (superuser instanceof SessionImpl) {
+ Map restr = new HashMap();
+ restr.put("rep:nodePath", path);
+ return restr;
+ } else {
+ throw new NotExecutableException();
+ }
}
- protected String[] getRestrictions(String path) {
- return new String[] {path, "*"};
+ public void testCombinedPolicies() throws RepositoryException, NotExecutableException {
+ Group testGroup = getTestGroup();
+ SessionImpl testSession = getTestSession();
+ AccessControlManager testAcMgr = getTestACManager();
+
+ /*
+ precondition:
+ testuser must have READ-only permission on test-node and below
+ */
+ checkReadOnly(path);
+
+ Privilege[] readPrivs = privilegesFromName(Privilege.JCR_READ);
+ // nodebased: remove READ privilege for 'testUser' at 'path'
+ withdrawPrivileges(path, readPrivs, getRestrictions(path));
+ // principalbased: add READ privilege for 'testGroup'
+ givePrivileges(path, testGroup.getPrincipal(), readPrivs, getPrincipalBasedRestrictions(path), false);
+ /*
+ expected result:
+ - nodebased wins over principalbased -> READ is denied
+ */
+ assertFalse(testSession.itemExists(path));
+ assertFalse(testSession.hasPermission(path, SessionImpl.READ_ACTION));
+ assertFalse(testAcMgr.hasPrivileges(path, readPrivs));
+
+ // remove the nodebased policy
+ JackrabbitAccessControlList policy = getPolicy(acMgr, path, getTestUser().getPrincipal());
+ acMgr.removePolicy(policy.getPath(), policy);
+ superuser.save();
+
+ /*
+ expected result:
+ - READ privilege is present again.
+ */
+ assertTrue(testSession.itemExists(path));
+ assertTrue(testSession.hasPermission(path, SessionImpl.READ_ACTION));
+ assertTrue(testAcMgr.hasPrivileges(path, readPrivs));
+
+ // nodebased: add WRITE privilege for 'testUser' at 'path'
+ Privilege[] wrtPrivileges = privilegesFromName(Privilege.JCR_WRITE);
+ givePrivileges(path, wrtPrivileges, getRestrictions(path));
+ // userbased: deny MODIFY_PROPERTIES privileges for 'testUser'
+ Privilege[] modPropPrivs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
+ withdrawPrivileges(path, getTestUser().getPrincipal(), modPropPrivs, getPrincipalBasedRestrictions(path), false);
+ /*
+ expected result:
+ - MODIFY_PROPERTIES privilege still present
+ */
+ assertTrue(testSession.hasPermission(path+"/anyproperty", SessionImpl.SET_PROPERTY_ACTION));
+ assertTrue(testAcMgr.hasPrivileges(path, wrtPrivileges));
+
+ // nodebased: deny MODIFY_PROPERTIES privileges for 'testUser'
+ // on a child node.
+ withdrawPrivileges(childNPath, getTestUser().getPrincipal(), modPropPrivs, getRestrictions(childNPath));
+ /*
+ expected result:
+ - MODIFY_PROPERTIES privilege still present at 'path'
+ - no-MODIFY_PROPERTIES privilege at 'childNPath'
+ */
+ assertTrue(testSession.hasPermission(path+"/anyproperty", SessionImpl.SET_PROPERTY_ACTION));
+ assertTrue(testAcMgr.hasPrivileges(path, modPropPrivs));
+
+ assertFalse(testSession.hasPermission(childNPath+"/anyproperty", SessionImpl.SET_PROPERTY_ACTION));
+ assertFalse(testAcMgr.hasPrivileges(childNPath, modPropPrivs));
}
}
\ No newline at end of file
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/TestAll.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/TestAll.java Wed Aug 27 08:12:04 2008
@@ -3,7 +3,6 @@
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
-
/**
* Test suite
*/
@@ -19,10 +18,6 @@
public static Test suite() {
TestSuite suite = new TestSuite("security.authorization.combined tests");
- suite.addTestSuite(PolicyTemplateImplTest.class);
- suite.addTestSuite(PolicyEntryImplTest.class);
- suite.addTestSuite(GlobPatternTest.class);
-
suite.addTestSuite(EvaluationTest.class);
return suite;
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplateTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplateTest.java?rev=689499&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplateTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplateTest.java Wed Aug 27 08:12:04 2008
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.authorization.AbstractACLTemplateTest;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * <code>ACLTemplateTest</code>...
+ */
+public class ACLTemplateTest extends AbstractACLTemplateTest {
+
+ private String testPath = "/rep:accessControl/users/test";
+
+ protected String getTestPath() {
+ return testPath;
+ }
+
+ protected JackrabbitAccessControlList createEmptyTemplate(String testPath)
+ throws RepositoryException {
+ return new ACLTemplate(testPrincipal, testPath, (SessionImpl) superuser);
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplateTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLTemplateTest.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java?rev=689499&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java Wed Aug 27 08:12:04 2008
@@ -0,0 +1,127 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import org.apache.jackrabbit.api.jsr283.security.AccessControlException;
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.authorization.AbstractEntryTest;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlEntry;
+import org.apache.jackrabbit.value.StringValue;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.PropertyType;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * <code>EntryTest</code>...
+ */
+public class EntryTest extends AbstractEntryTest {
+
+ private Map restrictions;
+ private ACLTemplate acl;
+
+ protected void setUp() throws Exception {
+ super.setUp();
+
+ restrictions = new HashMap(2);
+ restrictions.put("rep:nodePath", superuser.getValueFactory().createValue("/a/b/c/d", PropertyType.PATH));
+ restrictions.put("rep:glob", superuser.getValueFactory().createValue("*"));
+ acl = new ACLTemplate(testPrincipal, testPath, (SessionImpl) superuser);
+ }
+
+ protected JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow)
+ throws RepositoryException {
+ return acl.new Entry(principal, privileges, isAllow, restrictions);
+ }
+
+ private JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map restrictions)
+ throws RepositoryException {
+ return acl.new Entry(principal, privileges, isAllow, restrictions);
+ }
+
+ public void testNodePathMustNotBeNull() throws RepositoryException, NotExecutableException {
+ try {
+ Privilege[] privs = privilegesFromName(Privilege.JCR_ALL);
+ createEntry(testPrincipal, privs, true, Collections.EMPTY_MAP);
+ fail("NodePath cannot not be null");
+ } catch (AccessControlException e) {
+ // success
+ }
+ }
+
+ public void testGetNodePath() throws RepositoryException, NotExecutableException {
+ Privilege[] privs = privilegesFromName(Privilege.JCR_ALL);
+ JackrabbitAccessControlEntry pe = createEntry(testPrincipal, privs, true);
+ assertEquals(restrictions.get("rep:nodePath"), pe.getRestriction("rep:nodePath"));
+ }
+
+ public void testGetGlob() throws RepositoryException, NotExecutableException {
+ Privilege[] privs = privilegesFromName(Privilege.JCR_ALL);
+
+ JackrabbitAccessControlEntry pe = createEntry(testPrincipal, privs, true);
+ assertEquals(restrictions.get("rep:glob"), pe.getRestriction("rep:glob"));
+
+ Map restr = new HashMap();
+ restr.put("rep:nodePath", restrictions.get("rep:nodePath"));
+ pe = createEntry(testPrincipal, privs, true, restr);
+ assertNull(pe.getRestriction("rep:glob"));
+
+ restr = new HashMap();
+ restr.put("rep:nodePath", restrictions.get("rep:nodePath"));
+ restr.put("rep:glob", new StringValue(""));
+
+ pe = createEntry(testPrincipal, privs, true, restr);
+ assertEquals("", pe.getRestriction("rep:glob").getString());
+ }
+
+ public void testMatches() throws RepositoryException {
+ Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)};
+ ACLTemplate.Entry ace = (ACLTemplate.Entry) createEntry(testPrincipal, privs, true);
+
+ // TODO: review again
+ String nodePath = ((Value) restrictions.get("rep:nodePath")).getString();
+ List toMatch = new ArrayList();
+ toMatch.add(nodePath + "/any");
+ toMatch.add(nodePath + "/anyother");
+ toMatch.add(nodePath + "/f/g/h");
+ toMatch.add(nodePath);
+ for (Iterator it = toMatch.iterator(); it.hasNext();) {
+ String str = it.next().toString();
+ assertTrue("Restrictions should match " + str, ace.matches(str));
+ }
+
+ List notToMatch = new ArrayList();
+ notToMatch.add(null);
+ notToMatch.add("");
+ notToMatch.add("/");
+ notToMatch.add("/a/b/c/");
+ for (Iterator it = notToMatch.iterator(); it.hasNext();) {
+ Object obj = it.next();
+ String str = (obj == null) ? null : obj.toString();
+ assertFalse("Restrictions shouldn't match " + str, ace.matches(str));
+ }
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationTest.java?rev=689499&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationTest.java Wed Aug 27 08:12:04 2008
@@ -0,0 +1,92 @@
+/*
+ * $Id$
+ *
+ * Copyright 1997-2005 Day Management AG
+ * Barfuesserplatz 6, 4001 Basel, Switzerland
+ * All Rights Reserved.
+ *
+ * This software is the confidential and proprietary information of
+ * Day Management AG, ("Confidential Information"). You shall not
+ * disclose such Confidential Information and shall use it only in
+ * accordance with the terms of the license agreement you entered into
+ * with Day.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.AccessDeniedException;
+import java.security.Principal;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Iterator;
+
+/**
+ * <code>EvaluationTest</code>...
+ */
+public class EvaluationTest extends AbstractEvaluationTest {
+
+ private static Logger log = LoggerFactory.getLogger(org.apache.jackrabbit.core.security.authorization.principalbased.EvaluationTest.class);
+
+ private List toClear = new ArrayList();
+
+ protected void setUp() throws Exception {
+ super.setUp();
+
+ // simple test to check if proper provider is present:
+ getPolicy(acMgr, path, getTestUser().getPrincipal());
+ }
+
+ protected void clearACInfo() {
+ for (Iterator it = toClear.iterator(); it.hasNext();) {
+ String path = it.next().toString();
+ try {
+ AccessControlPolicy[] policies = acMgr.getPolicies(path);
+ for (int i = 0; i < policies.length; i++) {
+ acMgr.removePolicy(path, policies[i]);
+ superuser.save();
+ }
+ } catch (RepositoryException e) {
+ // log error and ignore
+ log.error(e.getMessage());
+ }
+ }
+ }
+
+ protected JackrabbitAccessControlList getPolicy(AccessControlManager acM, String path, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException {
+ if (acM instanceof JackrabbitAccessControlManager) {
+ AccessControlPolicy[] policies = ((JackrabbitAccessControlManager) acM).getApplicablePolicies(principal);
+ for (int i = 0; i < policies.length; i++) {
+ if (policies[i] instanceof ACLTemplate) {
+ ACLTemplate acl = (ACLTemplate) policies[i];
+ toClear.add(acl.getPath());
+ return acl;
+ }
+ }
+ }
+ throw new NotExecutableException();
+ }
+
+ protected Map getRestrictions(String path) throws RepositoryException, NotExecutableException {
+ if (superuser instanceof SessionImpl) {
+ Map restr = new HashMap();
+ restr.put(((SessionImpl) superuser).getJCRName(ACLTemplate.P_NODE_PATH), path);
+ return restr;
+ } else {
+ throw new NotExecutableException();
+ }
+ }
+
+ // TODO: add specific tests with other restrictions
+}
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationTest.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/GlobPatternTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/GlobPatternTest.java?rev=689499&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/GlobPatternTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/GlobPatternTest.java Wed Aug 27 08:12:04 2008
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import org.apache.jackrabbit.test.JUnitTest;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * <code>GlobPatternTest</code>...
+ */
+public class GlobPatternTest extends JUnitTest {
+
+ private static Logger log = LoggerFactory.getLogger(GlobPatternTest.class);
+
+ public void testMatches() {
+ // TODO
+ }
+
+ public void testMatchesItem() {
+ // TODO
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/GlobPatternTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/GlobPatternTest.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java?rev=689499&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java Wed Aug 27 08:12:04 2008
@@ -0,0 +1,43 @@
+/*
+ * $Id$
+ *
+ * Copyright 1997-2005 Day Management AG
+ * Barfuesserplatz 6, 4001 Basel, Switzerland
+ * All Rights Reserved.
+ *
+ * This software is the confidential and proprietary information of
+ * Day Management AG, ("Confidential Information"). You shall not
+ * disclose such Confidential Information and shall use it only in
+ * accordance with the terms of the license agreement you entered into
+ * with Day.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import junit.framework.TestCase;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+/**
+ * Test suite
+ */
+public class TestAll extends TestCase {
+
+ /**
+ * Returns a <code>Test</code> suite that executes all tests inside this
+ * package.
+ *
+ * @return a <code>Test</code> suite that executes all tests inside this
+ * package.
+ */
+ public static Test suite() {
+ TestSuite suite = new TestSuite("security.authorization.combined tests");
+
+ suite.addTestSuite(ACLTemplateTest.class);
+ suite.addTestSuite(EntryTest.class);
+ suite.addTestSuite(GlobPatternTest.class);
+
+ suite.addTestSuite(EvaluationTest.class);
+
+ return suite;
+ }
+}
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java Wed Aug 27 08:12:04 2008
@@ -22,8 +22,6 @@
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.core.security.user.UserManagerImpl;
import org.apache.jackrabbit.test.NotExecutableException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import javax.jcr.RepositoryException;
import java.security.Principal;
@@ -34,8 +32,6 @@
*/
public class DefaultPrincipalProviderTest extends AbstractUserTest {
- private static Logger log = LoggerFactory.getLogger(DefaultPrincipalProviderTest.class);
-
private PrincipalProvider principalProvider;
protected void setUp() throws Exception {
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/TestAll.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/TestAll.java Wed Aug 27 08:12:04 2008
@@ -17,7 +17,7 @@
* package.
*/
public static Test suite() {
- TestSuite suite = new TestSuite("security.principal tests");
+ TestSuite suite = new TestSuite("core.security.principal tests");
suite.addTestSuite(DefaultPrincipalProviderTest.class);
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AdministratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AdministratorTest.java?rev=689499&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AdministratorTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AdministratorTest.java Wed Aug 27 08:12:04 2008
@@ -0,0 +1,57 @@
+/*
+ * $Id$
+ *
+ * Copyright 1997-2005 Day Management AG
+ * Barfuesserplatz 6, 4001 Basel, Switzerland
+ * All Rights Reserved.
+ *
+ * This software is the confidential and proprietary information of
+ * Day Management AG, ("Confidential Information"). You shall not
+ * disclose such Confidential Information and shall use it only in
+ * accordance with the terms of the license agreement you entered into
+ * with Day.
+ */
+package org.apache.jackrabbit.core.security.user;
+
+import org.apache.jackrabbit.api.security.user.AbstractUserTest;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.api.security.user.Impersonation;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.util.Text;
+import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
+
+import javax.jcr.Session;
+import javax.jcr.Credentials;
+import javax.jcr.RepositoryException;
+import javax.jcr.AccessDeniedException;
+import java.security.Principal;
+import java.util.Iterator;
+
+/**
+ * <code>AdministratorTest</code>...
+ */
+public class AdministratorTest extends AbstractUserTest {
+
+ public void testGetPrincipal() throws RepositoryException {
+ Authorizable authr = userMgr.getAuthorizable(superuser.getUserID());
+ assertNotNull(authr);
+ assertFalse(authr.isGroup());
+ assertTrue(authr.getPrincipal() instanceof AdminPrincipal);
+ }
+
+ public void testRemoveSelf() throws RepositoryException, NotExecutableException {
+ Authorizable authr = userMgr.getAuthorizable(superuser.getUserID());
+ if (authr == null) {
+ throw new NotExecutableException();
+ }
+ try {
+ authr.remove();
+ fail("The Administrator should not be allowed to remove the own authorizable.");
+ } catch (RepositoryException e) {
+ // success
+ }
+ }
+}
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AdministratorTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AdministratorTest.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java Wed Aug 27 08:12:04 2008
@@ -24,8 +24,6 @@
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.util.Text;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import javax.jcr.AccessDeniedException;
import javax.jcr.Credentials;
@@ -39,8 +37,6 @@
*/
public class GroupAdministratorTest extends AbstractUserTest {
- private static Logger log = LoggerFactory.getLogger(GroupAdministratorTest.class);
-
// group-admin
private String uID;
private String uPath;
@@ -48,8 +44,10 @@
private String parentUID;
private String childUID;
+ private String grID;
+
- private String groupID;
+ private Group groupAdmin;
protected void setUp() throws Exception {
super.setUp();
@@ -63,22 +61,18 @@
p = getTestPrincipal();
String pw = buildPassword(p);
Credentials creds = buildCredentials(p.getName(), pw);
- User u = userMgr.createUser(p.getName(), pw, p, pUser.getNode().getPath());
- uID = u.getID();
- uPath = ((UserImpl) u).getNode().getPath();
-
- // create a third child user below
- p = getTestPrincipal();
- childUID = userMgr.createUser(p.getName(), buildPassword(p), p, uPath).getID();
+ User user = userMgr.createUser(p.getName(), pw, p, pUser.getNode().getPath());
+ uID = user.getID();
+ uPath = ((UserImpl) user).getNode().getPath();
// make other user a group-administrator:
- Authorizable groupAdmin = userMgr.getAuthorizable(UserConstants.GROUP_ADMIN_GROUP_NAME);
- if (groupAdmin == null || !groupAdmin.isGroup()) {
+ Authorizable grAdmin = userMgr.getAuthorizable(UserConstants.GROUP_ADMIN_GROUP_NAME);
+ if (grAdmin == null || !grAdmin.isGroup()) {
throw new NotExecutableException("Cannot execute test. Group-Admin name has been changed by config.");
}
- Group grAdministrators = (Group) groupAdmin;
- grAdministrators.addMember(u);
- groupID = grAdministrators.getID();
+ groupAdmin = (Group) grAdmin;
+ groupAdmin.addMember(user);
+ grID = groupAdmin.getID();
// create a session for the grou-admin user.
uSession = helper.getRepository().login(creds);
@@ -91,8 +85,7 @@
}
} finally {
// remove group member ship
- Group grAdministrators = (Group) userMgr.getAuthorizable(UserConstants.GROUP_ADMIN_GROUP_NAME);
- grAdministrators.removeMember(userMgr.getAuthorizable(uID));
+ groupAdmin.removeMember(userMgr.getAuthorizable(uID));
// remove all users that have been created
Authorizable a = userMgr.getAuthorizable(parentUID);
@@ -104,9 +97,18 @@
super.tearDown();
}
+ private String getChildID() throws RepositoryException {
+ if (childUID == null) {
+ // create a third child user below
+ Principal p = getTestPrincipal();
+ childUID = userMgr.createUser(p.getName(), buildPassword(p), p, uPath).getID();
+ }
+ return childUID;
+ }
+
public void testIsGroupAdmin() throws RepositoryException, NotExecutableException {
UserManager umgr = getUserManager(uSession);
- Group gr = (Group) umgr.getAuthorizable(groupID);
+ Group gr = (Group) umgr.getAuthorizable(grID);
assertTrue(gr.isMember(umgr.getAuthorizable(uID)));
}
@@ -165,8 +167,8 @@
public void testAddChildToGroup() throws RepositoryException, NotExecutableException {
UserManager umgr = getUserManager(uSession);
- Authorizable cU = umgr.getAuthorizable(childUID);
- Group gr = (Group) umgr.getAuthorizable(groupID);
+ Authorizable cU = umgr.getAuthorizable(getChildID());
+ Group gr = (Group) umgr.getAuthorizable(grID);
// adding and removing the child-user as member of a group not
// succeed as long editing session is not user-admin.
@@ -181,7 +183,7 @@
public void testAddChildToGroup2() throws RepositoryException, NotExecutableException {
UserManager umgr = getUserManager(uSession);
- Authorizable cU = umgr.getAuthorizable(childUID);
+ Authorizable cU = umgr.getAuthorizable(getChildID());
Authorizable auth = umgr.getAuthorizable(UserConstants.USER_ADMIN_GROUP_NAME);
if (auth == null || !auth.isGroup()) {
@@ -192,7 +194,7 @@
try {
assertTrue(userAdmin.addMember(self));
- Group gr = (Group) umgr.getAuthorizable(groupID);
+ Group gr = (Group) umgr.getAuthorizable(groupAdmin.getID());
assertTrue(gr.addMember(cU));
assertTrue(gr.removeMember(cU));
} finally {
@@ -221,7 +223,7 @@
assertTrue(userAdmin.isMember(self));
// add child-user to test group
- Authorizable testUser = umgr.getAuthorizable(childUID);
+ Authorizable testUser = umgr.getAuthorizable(getChildID());
assertFalse(testGroup.isMember(testUser));
assertTrue(testGroup.addMember(testUser));
} finally {
@@ -239,7 +241,7 @@
try {
// let superuser create child user below the user with uID.
UserManager umgr = getUserManager(uSession);
- Authorizable cU = umgr.getAuthorizable(childUID);
+ Authorizable cU = umgr.getAuthorizable(getChildID());
Group uadminGr = (Group) umgr.getAuthorizable(UserConstants.USER_ADMIN_GROUP_NAME);
if (uadminGr.isMember(cU)) {
throw new RepositoryException("Test user is already member -> cannot execute.");
@@ -259,7 +261,7 @@
UserManager umgr = getUserManager(uSession);
Authorizable pU = umgr.getAuthorizable(parentUID);
- Group gr = (Group) umgr.getAuthorizable(groupID);
+ Group gr = (Group) umgr.getAuthorizable(groupAdmin.getID());
// adding and removing the parent-user as member of a group must
// never succeed.
@@ -300,7 +302,7 @@
UserManager umgr = getUserManager(uSession);
Authorizable user = umgr.getAuthorizable(uID);
- Group gr = (Group) umgr.getAuthorizable(groupID);
+ Group gr = (Group) umgr.getAuthorizable(groupAdmin.getID());
// user is already group-admin -> adding must return false.
// but should not throw exception.
@@ -311,7 +313,7 @@
UserManager umgr = getUserManager(uSession);
Authorizable user = umgr.getAuthorizable(uID);
- Group gr = (Group) umgr.getAuthorizable(groupID);
+ Group gr = (Group) umgr.getAuthorizable(groupAdmin.getID());
// removing himself from group. should succeed.
assertTrue(gr.removeMember(user));
@@ -392,7 +394,7 @@
Authorizable auth = (Authorizable) it.next();
String msg = "GroupAdmin cannot remove members of groups unless he/she is UserAdmin.";
- assertFalse(gr.removeMember(auth));
+ assertFalse(msg, gr.removeMember(auth));
}
} catch (AccessDeniedException e) {
// fine as well.
@@ -408,7 +410,7 @@
UserManager umgr = getUserManager(uSession);
Principal selfPrinc = umgr.getAuthorizable(uID).getPrincipal();
- User child = (User) umgr.getAuthorizable(childUID);
+ User child = (User) umgr.getAuthorizable(getChildID());
Impersonation impers = child.getImpersonation();
assertFalse(impers.allows(buildSubject(selfPrinc)));
try {
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NodeResolverTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NodeResolverTest.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NodeResolverTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NodeResolverTest.java Wed Aug 27 08:12:04 2008
@@ -17,6 +17,8 @@
package org.apache.jackrabbit.core.security.user;
import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.commons.name.NameConstants;
@@ -30,7 +32,6 @@
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
-import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.Value;
import java.util.Iterator;
@@ -52,13 +53,19 @@
throw new NotExecutableException();
}
try {
- UserManagerImpl uMgr = (UserManagerImpl) ((JackrabbitSession) session).getUserManager();
- return uMgr.getCurrentUser();
- } catch (UnsupportedRepositoryOperationException e) {
- throw new NotExecutableException(e.getMessage());
- } catch (UnsupportedOperationException e) {
- throw new NotExecutableException(e.getMessage());
+ UserManager uMgr = ((JackrabbitSession) session).getUserManager();
+ String uid = session.getUserID();
+ if (uid != null) {
+ Authorizable auth = uMgr.getAuthorizable(session.getUserID());
+ if (auth != null && auth instanceof UserImpl) {
+ return (UserImpl) auth;
+ }
+ }
+ } catch (RepositoryException e) {
+ // ignore
}
+ // unable to retrieve current user
+ throw new NotExecutableException();
}
protected abstract NodeResolver createNodeResolver(Session session) throws RepositoryException, NotExecutableException;
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java Wed Aug 27 08:12:04 2008
@@ -24,23 +24,19 @@
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.test.NotExecutableException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.apache.jackrabbit.core.security.SecurityConstants;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import java.security.Principal;
-import java.util.Iterator;
/**
* <code>NotUserAdministratorTest</code>...
*/
public class NotUserAdministratorTest extends AbstractUserTest {
- private static Logger log = LoggerFactory.getLogger(NotUserAdministratorTest.class);
-
// test user that is NOT user admin
private String uID;
private String uPath;
@@ -203,14 +199,14 @@
}
public void testAddToGroup() throws NotExecutableException, RepositoryException {
- Iterator it = ((UserManagerImpl) uMgr).findGroups("");
- if (!it.hasNext()) {
- throw new NotExecutableException("Couldn't find any group");
+ Authorizable auth = userMgr.getAuthorizable(SecurityConstants.ADMINISTRATORS_NAME);
+ if (auth == null || !auth.isGroup()) {
+ throw new NotExecutableException("Couldn't find 'administrators' group");
}
- Group gr = (Group) it.next();
+ Group gr = (Group) auth;
try {
- Authorizable auth = uMgr.getAuthorizable(uID);
+ auth = uMgr.getAuthorizable(uID);
gr.addMember(auth);
fail("a common user should not be allowed to modify any groups.");
gr.removeMember(auth);
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java Wed Aug 27 08:12:04 2008
@@ -28,7 +28,7 @@
* @return a <code>Test</code> suite that executes all test in this package.
*/
public static Test suite() {
- TestSuite suite = new TestSuite("o.a.j.security.user tests");
+ TestSuite suite = new TestSuite("core.security.user tests");
suite.addTestSuite(UserManagerImplTest.class);
suite.addTestSuite(AuthorizableImplTest.class);
@@ -38,6 +38,7 @@
suite.addTestSuite(UserAdministratorTest.class);
suite.addTestSuite(NotUserAdministratorTest.class);
suite.addTestSuite(GroupAdministratorTest.class);
+ suite.addTestSuite(AdministratorTest.class);
suite.addTestSuite(IndexNodeResolverTest.class);
suite.addTestSuite(TraversingNodeResolverTest.class);
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java?rev=689499&r1=689498&r2=689499&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java Wed Aug 27 08:12:04 2008
@@ -103,6 +103,14 @@
super.tearDown();
}
+ private Group getGroupAdminGroup(UserManager uMgr) throws RepositoryException, NotExecutableException {
+ Authorizable auth = uMgr.getAuthorizable(UserConstants.GROUP_ADMIN_GROUP_NAME);
+ if (auth == null || !auth.isGroup()) {
+ throw new NotExecutableException();
+ }
+ return (Group) auth;
+ }
+
public void testUserIsUserAdmin() throws RepositoryException, NotExecutableException {
Set principals = getPrincipalSetFromSession(otherSession);
boolean isAdmin = false;
@@ -216,13 +224,11 @@
UserManager umgr = getUserManager(otherSession);
User userHimSelf = (User) umgr.getAuthorizable(otherUID);
- for (Iterator it = ((UserManagerImpl) umgr).findGroups(""); it.hasNext();) {
- Group gr = (Group) it.next();
- try {
- assertFalse(gr.addMember(userHimSelf));
- } catch (RepositoryException e) {
- // success
- }
+ Group gr = getGroupAdminGroup(umgr);
+ try {
+ assertFalse(gr.addMember(userHimSelf));
+ } catch (RepositoryException e) {
+ // success as well.
}
}
@@ -233,13 +239,11 @@
if (parentUser == null) {
throw new NotExecutableException();
} else {
- for (Iterator it = ((UserManagerImpl) umgr).findGroups(""); it.hasNext();) {
- Group gr = (Group) it.next();
- try {
- assertFalse(gr.addMember(parentUser));
- } catch (RepositoryException e) {
- // success
- }
+ Group gr = getGroupAdminGroup(umgr);
+ try {
+ assertFalse(gr.addMember(parentUser));
+ } catch (RepositoryException e) {
+ // success
}
}
}
@@ -250,13 +254,11 @@
User childU = null;
try {
childU = umgr.createUser(cp.getName(), buildPassword(cp));
- for (Iterator it = ((UserManagerImpl) umgr).findGroups(""); it.hasNext();) {
- Group gr = (Group) it.next();
- try {
- assertFalse(gr.addMember(childU));
- } catch (RepositoryException e) {
- // success
- }
+ Group gr = getGroupAdminGroup(umgr);
+ try {
+ assertFalse(gr.addMember(childU));
+ } catch (RepositoryException e) {
+ // success
}
} finally {
if (childU != null) {
@@ -289,12 +291,8 @@
public void testAddToGroup() throws NotExecutableException, RepositoryException {
UserManager umgr = getUserManager(otherSession);
- Iterator it = ((UserManagerImpl) umgr).findGroups("");
- if (!it.hasNext()) {
- throw new NotExecutableException("Couldn't find any group");
- }
+ Group gr = getGroupAdminGroup(umgr);
- Group gr = (Group) it.next();
Authorizable auth = umgr.getAuthorizable(uID);
try {
assertFalse(gr.addMember(auth));