You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2017/05/03 13:39:46 UTC
svn commit: r1793645 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/
test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/
Author: angela
Date: Wed May 3 13:39:46 2017
New Revision: 1793645
URL: http://svn.apache.org/viewvc?rev=1793645&view=rev
Log:
OAK-6155 : AccessControlManagerImpl: removing entries through principal-set-acl fails
OAK-6158 : AccessControlManagerImpl: adding mv-restrictions with principal-based-entry fails
OAK-6160 : PrincipalAcl.equals doesn't include principal
OAK-5882 : Improve coverage for oak.security code in oak-core (wip)
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/PolicyOwnerImplTest.java (with props)
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/PrincipalACLTest.java (with props)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AbstractAccessControlTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ReadPolicyTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/UtilTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java?rev=1793645&r1=1793644&r2=1793645&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java Wed May 3 13:39:46 2017
@@ -51,6 +51,7 @@ import com.google.common.base.Predicate;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import com.google.common.primitives.Ints;
import org.apache.jackrabbit.JcrConstants;
@@ -243,13 +244,22 @@ public class AccessControlManagerImpl ex
acl = new NodeACL(path);
}
- Map<String, Value> restrictions = new HashMap<String, Value>();
- for (String name : ace.getRestrictionNames()) {
- if (!REP_NODE_PATH.equals(name)) {
+ // calculate single and mv restriction and drop the rep:nodePath restriction
+ // present with the principal-based-entries.
+ Map<String, Value> restrictions = new HashMap();
+ Map<String, Value[]> mvRestrictions = new HashMap();
+ for (Restriction r : ace.getRestrictions()) {
+ String name = r.getDefinition().getName();
+ if (REP_NODE_PATH.equals(name)) {
+ continue;
+ }
+ if (r.getDefinition().getRequiredType().isArray()) {
+ mvRestrictions.put(name, ace.getRestrictions(name));
+ } else {
restrictions.put(name, ace.getRestriction(name));
}
}
- acl.addEntry(ace.getPrincipal(), ace.getPrivileges(), ace.isAllow(), restrictions);
+ acl.addEntry(ace.getPrincipal(), ace.getPrivileges(), ace.isAllow(), restrictions, mvRestrictions);
setNodeBasedAcl(path, tree, acl);
}
@@ -260,7 +270,18 @@ public class AccessControlManagerImpl ex
ACL acl = (ACL) createACL(path, tree, false);
if (acl != null) {
- acl.removeAccessControlEntry(ace);
+ // remove rep:nodePath restriction before removing the entry from
+ // the node-based policy (see above for adding entries without
+ // this special restriction).
+ Set<Restriction> rstr = Sets.newHashSet(ace.getRestrictions());
+ Iterator<Restriction> it = rstr.iterator();
+ while (it.hasNext()) {
+ Restriction r = it.next();
+ if (REP_NODE_PATH.equals(r.getDefinition().getName())) {
+ it.remove();
+ }
+ }
+ acl.removeAccessControlEntry(new Entry(ace.getPrincipal(), ace.getPrivilegeBits(), ace.isAllow(), rstr, getNamePathMapper()));
setNodeBasedAcl(path, tree, acl);
} else {
log.debug("Missing ACL at {}; cannot remove entry {}", path, ace);
@@ -720,7 +741,8 @@ public class AccessControlManagerImpl ex
}
if (obj instanceof PrincipalACL) {
PrincipalACL other = (PrincipalACL) obj;
- return Objects.equal(getOakPath(), other.getOakPath())
+ return principal.equals(other.principal)
+ && Objects.equal(getOakPath(), other.getOakPath())
&& getEntries().equals(other.getEntries());
}
return false;
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AbstractAccessControlTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AbstractAccessControlTest.java?rev=1793645&r1=1793644&r2=1793645&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AbstractAccessControlTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AbstractAccessControlTest.java Wed May 3 13:39:46 2017
@@ -34,6 +34,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
@@ -74,6 +75,20 @@ public abstract class AbstractAccessCont
acl = createEmptyACL();
}
+ @Override
+ public void after() throws Exception {
+ try {
+ root.refresh();
+ Tree t = root.getTree(TEST_PATH);
+ if (t.exists()) {
+ t.remove();
+ root.commit();
+ }
+ } finally {
+ super.after();
+ }
+ }
+
RestrictionProvider getRestrictionProvider() {
return getConfig(AuthorizationConfiguration.class).getRestrictionProvider();
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java?rev=1793645&r1=1793644&r2=1793645&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java Wed May 3 13:39:46 2017
@@ -1579,6 +1579,19 @@ public class AccessControlManagerImplTes
assertArrayEquals(new String[]{"allow", "allow1", "deny2", "deny3"}, aceNodeNames);
}
+ @Test
+ public void testSetPolicyWithExistingMixins() throws Exception {
+ TreeUtil.addMixin(root.getTree(testPath), JcrConstants.MIX_LOCKABLE, root.getTree(NodeTypeConstants.NODE_TYPES_PATH), null);
+
+ ACL acl = getApplicablePolicy(testPath);
+ assertTrue(acl.addAccessControlEntry(testPrincipal, testPrivileges));
+ acMgr.setPolicy(testPath, acl);
+ root.commit();
+
+ assertEquals(ImmutableSet.of(JcrConstants.MIX_LOCKABLE, MIX_REP_ACCESS_CONTROLLABLE),
+ ImmutableSet.copyOf(TreeUtil.getNames(root.getTree(testPath), JcrConstants.JCR_MIXINTYPES)));
+ }
+
//--------------------------< removePolicy(String, AccessControlPolicy) >---
@Test
public void testRemovePolicy() throws Exception {
@@ -1676,16 +1689,20 @@ public class AccessControlManagerImplTes
}
}
- @Test
+ @Test(expected = AccessControlException.class)
public void testRemovePolicyAtDifferentPath() throws Exception {
- try {
- setupPolicy(testPath);
- ACL acl = getApplicablePolicy("/");
- acMgr.removePolicy(testPath, acl);
- fail("Removing access control policy at a different node path must fail");
- } catch (AccessControlException e) {
- // success
- }
+ setupPolicy(testPath);
+ ACL acl = getApplicablePolicy("/");
+ acMgr.removePolicy(testPath, acl);
+ }
+
+ @Test(expected = AccessControlException.class)
+ public void testRemovePolicyNodeRemoved() throws Exception {
+ setupPolicy(testPath);
+ AccessControlPolicy acl = acMgr.getPolicies(testPath)[0];
+ root.getTree(testPath + "/" + REP_POLICY).remove();
+
+ acMgr.removePolicy(testPath, acl);
}
//-----------------------------------< getApplicablePolicies(Principal) >---
@@ -2221,11 +2238,8 @@ public class AccessControlManagerImplTes
root.commit();
JackrabbitAccessControlPolicy[] policies = acMgr.getPolicies(testPrincipal);
- assertNotNull(policies);
- assertEquals(1, policies.length);
- assertTrue(policies[0] instanceof ACL);
-
ACL acl = (ACL) policies[0];
+
Map<String, Value> restrictions = new HashMap<String, Value>();
restrictions.put(REP_NODE_PATH, getValueFactory().createValue(testPath, PropertyType.PATH));
@@ -2238,6 +2252,64 @@ public class AccessControlManagerImplTes
assertEquals(2, ((ACL) acMgr.getPolicies(testPath)[0]).getAccessControlEntries().length);
}
+ @Test
+ public void testSetPrincipalPolicyWithNewMvRestriction() throws Exception {
+ setupPolicy(testPath);
+ root.commit();
+
+ JackrabbitAccessControlPolicy[] policies = acMgr.getPolicies(testPrincipal);
+ ACL acl = (ACL) policies[0];
+
+ Map<String, Value> restrictions = new HashMap();
+ restrictions.put(REP_NODE_PATH, getValueFactory().createValue(testPath, PropertyType.PATH));
+
+ Map<String, Value[]> mvRestrictions = new HashMap();
+ ValueFactory vf = getValueFactory(root);
+ Value[] restrValues = new Value[] {vf.createValue("itemname", PropertyType.NAME), vf.createValue("propName", PropertyType.NAME)};
+ mvRestrictions.put(REP_ITEM_NAMES, restrValues);
+
+ assertTrue(acl.addEntry(testPrincipal, testPrivileges, true, restrictions, mvRestrictions));
+
+ acMgr.setPolicy(acl.getPath(), acl);
+ AccessControlEntry[] entries = ((ACL) acMgr.getPolicies(testPath)[0]).getAccessControlEntries();
+ assertEquals(2, entries.length);
+ ACE newEntry = (ACE) entries[1];
+ assertEquals(1, newEntry.getRestrictions().size());
+ assertArrayEquals(restrValues, newEntry.getRestrictions(REP_ITEM_NAMES));
+ }
+
+ @Test
+ public void testSetPrincipalPolicyRemovesEntries() throws Exception {
+ setupPolicy(testPath);
+ root.commit();
+
+ ACL acl = (ACL) acMgr.getPolicies(testPrincipal)[0];
+ acl.getEntries().clear();
+ acMgr.setPolicy(acl.getPath(), acl);
+
+ assertEquals(0, ((ACL) acMgr.getPolicies(testPath)[0]).getAccessControlEntries().length);
+ }
+
+ @Test
+ public void testSetPrincipalPolicyRemovedACL() throws Exception {
+ setupPolicy(testPath);
+ root.commit();
+
+ AccessControlPolicy nodeBased = acMgr.getPolicies(testPath)[0];
+
+ ACL acl = (ACL) acMgr.getPolicies(testPrincipal)[0];
+ acl.getEntries().clear();
+
+ // remove policy at test-path before writing back the principal-based policy
+ acMgr.removePolicy(testPath, nodeBased);
+
+ // now write it back
+ acMgr.setPolicy(acl.getPath(), acl);
+
+ // ... which must not have an effect and the policy must not be re-added.
+ assertEquals(0, acMgr.getPolicies(testPath).length);
+ }
+
//--------------------------------------------< removePrincipalPolicy() >---
@Test
@@ -2279,4 +2351,20 @@ public class AccessControlManagerImplTes
policies = acMgr.getPolicies(testPrincipal);
assertEquals(0, policies.length);
}
+
+ @Test(expected = AccessControlException.class)
+ public void testRemovePrincipalPolicyRemovedACL() throws Exception {
+ setupPolicy(testPath);
+ root.commit();
+
+ AccessControlPolicy nodeBased = acMgr.getPolicies(testPath)[0];
+
+ ACL acl = (ACL) acMgr.getPolicies(testPrincipal)[0];
+
+ // remove policy at test-path before writing back the principal-based policy
+ acMgr.removePolicy(testPath, nodeBased);
+
+ // now try to write it back, which is expected to throw AccessControlException
+ acMgr.removePolicy(acl.getPath(), acl);
+ }
}
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/PolicyOwnerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/PolicyOwnerImplTest.java?rev=1793645&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/PolicyOwnerImplTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/PolicyOwnerImplTest.java Wed May 3 13:39:46 2017
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.accesscontrol;
+
+import javax.jcr.security.AccessControlList;
+import javax.jcr.security.AccessControlPolicy;
+
+import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+public class PolicyOwnerImplTest extends AbstractAccessControlTest {
+
+ private AccessControlManagerImpl acMgr;
+
+ @Override
+ @Before
+ public void before() throws Exception {
+ super.before();
+
+ acMgr = new AccessControlManagerImpl(root, getNamePathMapper(), getSecurityProvider());
+
+ AccessControlList policy = AccessControlUtils.getAccessControlList(acMgr, TEST_PATH);
+ policy.addAccessControlEntry(testPrincipal, testPrivileges);
+ acMgr.setPolicy(TEST_PATH, policy);
+
+ root.commit();
+ }
+
+ @Test
+ public void testDefines() throws Exception {
+ assertTrue(acMgr.defines(TEST_PATH, AccessControlUtils.getAccessControlList(acMgr, TEST_PATH)));
+ }
+
+ @Test
+ public void testDefinesReadPolicy() throws Exception {
+ String readPath = PermissionConstants.DEFAULT_READ_PATHS.iterator().next();
+ assertTrue(acMgr.defines(readPath, AccessControlUtils.getAccessControlList(acMgr, readPath)));
+ }
+
+
+ @Test
+ public void testDefinesWrongPath() throws Exception {
+ String readPath = PermissionConstants.DEFAULT_READ_PATHS.iterator().next();
+
+ assertFalse(acMgr.defines(PathUtils.ROOT_PATH, AccessControlUtils.getAccessControlList(acMgr, TEST_PATH)));
+ assertFalse(acMgr.defines(TEST_PATH, AccessControlUtils.getAccessControlList(acMgr, readPath)));
+ }
+
+ @Test
+ public void testDefinesDifferentPolicy() throws Exception {
+ assertFalse(acMgr.defines(TEST_PATH, new AccessControlPolicy() {}));
+ }
+
+ @Test
+ public void testDefinesWithRelPath() throws Exception {
+ assertFalse(acMgr.defines("testPath", AccessControlUtils.getAccessControlList(acMgr, TEST_PATH)));
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/PolicyOwnerImplTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/PrincipalACLTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/PrincipalACLTest.java?rev=1793645&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/PrincipalACLTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/PrincipalACLTest.java Wed May 3 13:39:46 2017
@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.accesscontrol;
+
+import java.security.Principal;
+import javax.annotation.Nonnull;
+import javax.jcr.RepositoryException;
+import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlList;
+import javax.jcr.security.AccessControlPolicy;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
+
+public class PrincipalACLTest extends AbstractAccessControlTest {
+
+ private ACL principalAcl;
+
+ @Override
+ @Before
+ public void before() throws Exception {
+ super.before();
+
+ JackrabbitAccessControlManager acMgr = getAccessControlManager(root);
+ AccessControlList policy = AccessControlUtils.getAccessControlList(acMgr, TEST_PATH);
+ policy.addAccessControlEntry(testPrincipal, testPrivileges);
+ policy.addAccessControlEntry(EveryonePrincipal.getInstance(), testPrivileges);
+ acMgr.setPolicy(TEST_PATH, policy);
+ root.commit();
+
+ principalAcl = getPrincipalAcl(acMgr, testPrincipal);
+ }
+
+ @Nonnull
+ private static ACL getPrincipalAcl(@Nonnull JackrabbitAccessControlManager acMgr, @Nonnull Principal testPrincipal) throws RepositoryException {
+ for (AccessControlPolicy acp : acMgr.getPolicies(testPrincipal)) {
+ if (acp instanceof ACL) {
+ return (ACL) acp;
+ }
+ }
+ throw new RuntimeException("no principal acl found");
+ }
+
+ @Test(expected = UnsupportedRepositoryOperationException.class)
+ public void testReorder() throws Exception {
+ AccessControlEntry[] entries = principalAcl.getAccessControlEntries();
+ principalAcl.orderBefore(entries[0], null);
+ }
+
+ @Test
+ public void testEquals() throws Exception {
+ assertEquals(principalAcl, principalAcl);
+ assertEquals(principalAcl, getPrincipalAcl(getAccessControlManager(root), testPrincipal));
+ }
+
+ @Test
+ public void testEqualsDifferentPrincipal() throws Exception {
+ assertNotEquals(principalAcl, getPrincipalAcl(getAccessControlManager(root), EveryonePrincipal.getInstance()));
+ }
+
+ @Test
+ public void testEqualsDifferentACL() throws Exception {
+ assertNotEquals(principalAcl, AccessControlUtils.getAccessControlList(getAccessControlManager(root), TEST_PATH));
+ }
+
+ @Test
+ public void testHashCode() {
+ assertEquals(0, principalAcl.hashCode());
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/PrincipalACLTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ReadPolicyTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ReadPolicyTest.java?rev=1793645&r1=1793644&r2=1793645&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ReadPolicyTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ReadPolicyTest.java Wed May 3 13:39:46 2017
@@ -18,6 +18,7 @@ package org.apache.jackrabbit.oak.securi
import java.util.Set;
import javax.jcr.security.AccessControlPolicy;
+import javax.jcr.security.NamedAccessControlPolicy;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
@@ -26,6 +27,8 @@ import org.apache.jackrabbit.oak.spi.sec
import org.junit.Before;
import org.junit.Test;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
/**
@@ -65,7 +68,7 @@ public class ReadPolicyTest extends Abst
@Test
public void testGetEffectivePolicies() throws Exception {
for (String path : readPaths) {
- AccessControlPolicy[] policies = getAccessControlManager(root).getPolicies(path);
+ AccessControlPolicy[] policies = getAccessControlManager(root).getEffectivePolicies(path);
assertTrue(policies.length > 0);
boolean found = false;
for (AccessControlPolicy policy : policies) {
@@ -77,4 +80,13 @@ public class ReadPolicyTest extends Abst
assertTrue(found);
}
}
+
+ @Test
+ public void testGetName() throws Exception {
+ AccessControlPolicy[] policies = getAccessControlManager(root).getPolicies(readPaths.iterator().next());
+ assertEquals(1, policies.length);
+ assertTrue(policies[0] instanceof NamedAccessControlPolicy);
+ assertNotNull(((NamedAccessControlPolicy) policies[0]).getName());
+ }
+
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/UtilTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/UtilTest.java?rev=1793645&r1=1793644&r2=1793645&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/UtilTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/UtilTest.java Wed May 3 13:39:46 2017
@@ -16,7 +16,6 @@
*/
package org.apache.jackrabbit.oak.security.authorization.accesscontrol;
-import java.security.Principal;
import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;