You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/02/18 12:16:21 UTC

svn commit: r1447197 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java

Author: angela
Date: Mon Feb 18 11:16:21 2013
New Revision: 1447197

URL: http://svn.apache.org/r1447197
Log:
OAK-51 : Access Control Management (WIP)

validator should enforce orderability of acl nodes

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java?rev=1447197&r1=1447196&r2=1447197&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java Mon Feb 18 11:16:21 2013
@@ -28,6 +28,7 @@ import org.apache.jackrabbit.JcrConstant
 import org.apache.jackrabbit.oak.api.CommitFailedException;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.core.TreeImpl;
 import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
 import org.apache.jackrabbit.oak.spi.commit.Validator;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
@@ -148,6 +149,10 @@ class AccessControlValidator implements 
         if (!validPolicyNames.contains(policyNode.getName())) {
             fail("Invalid policy name " + policyNode.getName());
         }
+
+        if (!policyNode.hasProperty(TreeImpl.OAK_CHILD_ORDER)) {
+            fail("Invalid policy node: Order of children is not stable.");
+        }
     }
 
     private void checkValidAccessControlledNode(Tree accessControlledTree, String requiredMixin) throws CommitFailedException {

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java?rev=1447197&r1=1447196&r2=1447197&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java Mon Feb 18 11:16:21 2013
@@ -31,6 +31,7 @@ import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
@@ -95,6 +96,22 @@ public class AccessControlValidatorTest 
     }
 
     @Test
+    public void testPolicyWithOutChildOrder() {
+        NodeUtil testRoot = getTestRoot();
+        testRoot.setNames(JcrConstants.JCR_MIXINTYPES, MIX_REP_ACCESS_CONTROLLABLE);
+        testRoot.addChild(REP_POLICY, NT_REP_ACL);
+
+        try {
+            root.commit();
+            fail("Policy node with child node ordering");
+        } catch (CommitFailedException e) {
+            // success
+            assertTrue(e.getCause() instanceof AccessControlException);
+            assertEquals("Invalid policy node: Order of children is not stable.", e.getCause().getMessage());
+        }
+    }
+
+    @Test
     public void testOnlyRootIsRepoAccessControllable() {
         NodeUtil testRoot = getTestRoot();
         testRoot.setNames(JcrConstants.JCR_MIXINTYPES, MIX_REP_REPO_ACCESS_CONTROLLABLE);
@@ -129,7 +146,7 @@ public class AccessControlValidatorTest 
         NodeUtil acl = createAcl();
         NodeUtil ace = acl.getChild(aceName);
 
-        NodeUtil[] acContent = new NodeUtil[] {acl, ace, ace.getChild(REP_RESTRICTIONS)};
+        NodeUtil[] acContent = new NodeUtil[]{acl, ace, ace.getChild(REP_RESTRICTIONS)};
         for (NodeUtil node : acContent) {
             NodeUtil policy = node.addChild(REP_POLICY, NT_REP_ACL);
             try {
@@ -149,7 +166,7 @@ public class AccessControlValidatorTest 
         NodeUtil acl = createAcl();
         NodeUtil ace = acl.getChild(aceName);
 
-        NodeUtil[] acContent = new NodeUtil[] {acl, ace, ace.getChild(REP_RESTRICTIONS)};
+        NodeUtil[] acContent = new NodeUtil[]{acl, ace, ace.getChild(REP_RESTRICTIONS)};
         for (NodeUtil node : acContent) {
             NodeUtil policy = node.addChild(REP_REPO_POLICY, NT_REP_ACL);
             try {
@@ -169,7 +186,7 @@ public class AccessControlValidatorTest 
         NodeUtil acl = createAcl();
         NodeUtil ace = acl.getChild(aceName);
 
-        NodeUtil[] acContent = new NodeUtil[] {ace, ace.getChild(REP_RESTRICTIONS)};
+        NodeUtil[] acContent = new NodeUtil[]{ace, ace.getChild(REP_RESTRICTIONS)};
         for (NodeUtil node : acContent) {
             NodeUtil entry = node.addChild("invalidACE", NT_REP_DENY_ACE);
             try {
@@ -189,7 +206,7 @@ public class AccessControlValidatorTest 
         NodeUtil acl = createAcl();
         NodeUtil ace = acl.getChild(aceName);
 
-        NodeUtil[] acContent = new NodeUtil[] {acl, ace.getChild(REP_RESTRICTIONS)};
+        NodeUtil[] acContent = new NodeUtil[]{acl, ace.getChild(REP_RESTRICTIONS)};
         for (NodeUtil node : acContent) {
             NodeUtil entry = node.addChild("invalidRestriction", NT_REP_RESTRICTIONS);
             try {
@@ -206,7 +223,7 @@ public class AccessControlValidatorTest 
 
     @Test
     public void testAddIsolatedPolicy() {
-        String[] policyNames = new String[] {"isolatedACL", REP_POLICY, REP_REPO_POLICY};
+        String[] policyNames = new String[]{"isolatedACL", REP_POLICY, REP_REPO_POLICY};
         NodeUtil node = getTestRoot();
 
         for (String policyName : policyNames) {
@@ -227,7 +244,7 @@ public class AccessControlValidatorTest 
 
     @Test
     public void testAddIsolatedAce() {
-        String[] ntNames = new String[] {NT_REP_DENY_ACE, NT_REP_GRANT_ACE};
+        String[] ntNames = new String[]{NT_REP_DENY_ACE, NT_REP_GRANT_ACE};
         NodeUtil node = getTestRoot();
 
         for (String aceNtName : ntNames) {