You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/02/18 12:16:21 UTC
svn commit: r1447197 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java
test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java
Author: angela
Date: Mon Feb 18 11:16:21 2013
New Revision: 1447197
URL: http://svn.apache.org/r1447197
Log:
OAK-51 : Access Control Management (WIP)
validator should enforce orderability of acl nodes
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java?rev=1447197&r1=1447196&r2=1447197&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java Mon Feb 18 11:16:21 2013
@@ -28,6 +28,7 @@ import org.apache.jackrabbit.JcrConstant
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.core.TreeImpl;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
@@ -148,6 +149,10 @@ class AccessControlValidator implements
if (!validPolicyNames.contains(policyNode.getName())) {
fail("Invalid policy name " + policyNode.getName());
}
+
+ if (!policyNode.hasProperty(TreeImpl.OAK_CHILD_ORDER)) {
+ fail("Invalid policy node: Order of children is not stable.");
+ }
}
private void checkValidAccessControlledNode(Tree accessControlledTree, String requiredMixin) throws CommitFailedException {
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java?rev=1447197&r1=1447196&r2=1447197&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java Mon Feb 18 11:16:21 2013
@@ -31,6 +31,7 @@ import org.junit.After;
import org.junit.Before;
import org.junit.Test;
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
@@ -95,6 +96,22 @@ public class AccessControlValidatorTest
}
@Test
+ public void testPolicyWithOutChildOrder() {
+ NodeUtil testRoot = getTestRoot();
+ testRoot.setNames(JcrConstants.JCR_MIXINTYPES, MIX_REP_ACCESS_CONTROLLABLE);
+ testRoot.addChild(REP_POLICY, NT_REP_ACL);
+
+ try {
+ root.commit();
+ fail("Policy node with child node ordering");
+ } catch (CommitFailedException e) {
+ // success
+ assertTrue(e.getCause() instanceof AccessControlException);
+ assertEquals("Invalid policy node: Order of children is not stable.", e.getCause().getMessage());
+ }
+ }
+
+ @Test
public void testOnlyRootIsRepoAccessControllable() {
NodeUtil testRoot = getTestRoot();
testRoot.setNames(JcrConstants.JCR_MIXINTYPES, MIX_REP_REPO_ACCESS_CONTROLLABLE);
@@ -129,7 +146,7 @@ public class AccessControlValidatorTest
NodeUtil acl = createAcl();
NodeUtil ace = acl.getChild(aceName);
- NodeUtil[] acContent = new NodeUtil[] {acl, ace, ace.getChild(REP_RESTRICTIONS)};
+ NodeUtil[] acContent = new NodeUtil[]{acl, ace, ace.getChild(REP_RESTRICTIONS)};
for (NodeUtil node : acContent) {
NodeUtil policy = node.addChild(REP_POLICY, NT_REP_ACL);
try {
@@ -149,7 +166,7 @@ public class AccessControlValidatorTest
NodeUtil acl = createAcl();
NodeUtil ace = acl.getChild(aceName);
- NodeUtil[] acContent = new NodeUtil[] {acl, ace, ace.getChild(REP_RESTRICTIONS)};
+ NodeUtil[] acContent = new NodeUtil[]{acl, ace, ace.getChild(REP_RESTRICTIONS)};
for (NodeUtil node : acContent) {
NodeUtil policy = node.addChild(REP_REPO_POLICY, NT_REP_ACL);
try {
@@ -169,7 +186,7 @@ public class AccessControlValidatorTest
NodeUtil acl = createAcl();
NodeUtil ace = acl.getChild(aceName);
- NodeUtil[] acContent = new NodeUtil[] {ace, ace.getChild(REP_RESTRICTIONS)};
+ NodeUtil[] acContent = new NodeUtil[]{ace, ace.getChild(REP_RESTRICTIONS)};
for (NodeUtil node : acContent) {
NodeUtil entry = node.addChild("invalidACE", NT_REP_DENY_ACE);
try {
@@ -189,7 +206,7 @@ public class AccessControlValidatorTest
NodeUtil acl = createAcl();
NodeUtil ace = acl.getChild(aceName);
- NodeUtil[] acContent = new NodeUtil[] {acl, ace.getChild(REP_RESTRICTIONS)};
+ NodeUtil[] acContent = new NodeUtil[]{acl, ace.getChild(REP_RESTRICTIONS)};
for (NodeUtil node : acContent) {
NodeUtil entry = node.addChild("invalidRestriction", NT_REP_RESTRICTIONS);
try {
@@ -206,7 +223,7 @@ public class AccessControlValidatorTest
@Test
public void testAddIsolatedPolicy() {
- String[] policyNames = new String[] {"isolatedACL", REP_POLICY, REP_REPO_POLICY};
+ String[] policyNames = new String[]{"isolatedACL", REP_POLICY, REP_REPO_POLICY};
NodeUtil node = getTestRoot();
for (String policyName : policyNames) {
@@ -227,7 +244,7 @@ public class AccessControlValidatorTest
@Test
public void testAddIsolatedAce() {
- String[] ntNames = new String[] {NT_REP_DENY_ACE, NT_REP_GRANT_ACE};
+ String[] ntNames = new String[]{NT_REP_DENY_ACE, NT_REP_GRANT_ACE};
NodeUtil node = getTestRoot();
for (String aceNtName : ntNames) {