You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2011/09/30 16:03:12 UTC
svn commit: r1177668 [2/2] - in /jackrabbit/trunk:
jackrabbit-core/src/main/java/org/apache/jackrabbit/core/
jackrabbit-core/src/main/java/org/apache/jackrabbit/core/nodetype/
jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/
jackrabbi...
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java?rev=1177668&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java Fri Sep 30 14:03:11 2011
@@ -0,0 +1,485 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization;
+
+import org.apache.jackrabbit.api.JackrabbitWorkspace;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.AccessManager;
+import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.spi.commons.name.NameConstants;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.RepositoryException;
+import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.jcr.Workspace;
+import javax.jcr.nodetype.NodeTypeManager;
+import javax.jcr.nodetype.NodeTypeTemplate;
+import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlList;
+import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.AccessControlPolicy;
+import javax.jcr.security.AccessControlPolicyIterator;
+import javax.jcr.security.Privilege;
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * <code>AbstractRepositoryOperationTest</code>...
+ */
+public abstract class AbstractRepositoryOperationTest extends AbstractEvaluationTest {
+
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+ }
+
+ private Workspace getTestWorkspace() throws RepositoryException {
+ return getTestSession().getWorkspace();
+ }
+
+ private void assertDefaultPrivileges(Name privName) throws Exception {
+ Privilege[] privs = privilegesFromName(privName.toString());
+ // admin must be allowed
+ assertTrue(superuser.getAccessControlManager().hasPrivileges(null, privs));
+ // test user must not be allowed
+ assertFalse(getTestACManager().hasPrivileges(null, privs));
+ }
+
+ private void assertPrivilege(Name privName, boolean isAllow) throws Exception {
+ Privilege[] privs = privilegesFromName(privName.toString());
+ assertEquals(isAllow, getTestACManager().hasPrivileges(null, privs));
+ }
+
+ private void assertPermission(int permission, boolean isAllow) throws Exception {
+ AccessManager acMgr = ((SessionImpl) getTestSession()).getAccessManager();
+ try {
+ acMgr.checkRepositoryPermission(permission);
+ if (!isAllow) {
+ fail();
+ }
+ } catch (AccessDeniedException e) {
+ if (isAllow) {
+ fail();
+ }
+ }
+ }
+
+ private String getNewWorkspaceName(Workspace wsp) throws RepositoryException {
+ List<String> awn = Arrays.asList(wsp.getAccessibleWorkspaceNames());
+ String workspaceName = "new";
+ int i = 0;
+ while (awn.contains(workspaceName)) {
+ workspaceName = "new_" + i++;
+ }
+ return workspaceName;
+ }
+
+ private String getNewNamespacePrefix(Workspace wsp) throws RepositoryException {
+ String prefix = "prefix";
+ List<String> pfcs = Arrays.asList(wsp.getNamespaceRegistry().getPrefixes());
+ int i = 0;
+ while (pfcs.contains(prefix)) {
+ prefix = "prefix" + i++;
+ }
+ return prefix;
+ }
+
+ private String getNewNamespaceURI(Workspace wsp) throws RepositoryException {
+ String uri = "http://jackrabbit.apache.org/uri";
+ List<String> uris = Arrays.asList(wsp.getNamespaceRegistry().getURIs());
+ int i = 0;
+ while (uris.contains(uri)) {
+ uri = "http://jackrabbit.apache.org/uri_" + i++;
+ }
+ return uri;
+ }
+
+ private String getNewPrivilegeName(Workspace wsp) throws RepositoryException, NotExecutableException {
+ String privName = null;
+ AccessControlManager acMgr = wsp.getSession().getAccessControlManager();
+ for (int i = 0; i < 100; i++) {
+ try {
+ Privilege p = acMgr.privilegeFromName(privName);
+ privName = "privilege-" + i;
+ } catch (Exception e) {
+ break;
+ }
+ }
+
+ if (privName == null) {
+ throw new NotExecutableException("failed to define new privilege name.");
+ }
+ return privName;
+ }
+
+ public void testWorkspaceCreation() throws Exception {
+ assertDefaultPrivileges(NameConstants.JCR_WORKSPACE_MANAGEMENT);
+
+ String wspName = getNewWorkspaceName(superuser.getWorkspace());
+ try {
+ getTestWorkspace().createWorkspace(wspName);
+ fail("Workspace creation should be denied.");
+ } catch (AccessDeniedException e) {
+ // success
+ }
+
+ wspName = getNewWorkspaceName(superuser.getWorkspace());
+ try {
+ Workspace wsp = getTestWorkspace();
+ wsp.createWorkspace(wspName, wsp.getName());
+ fail("Workspace creation should be denied.");
+ } catch (AccessDeniedException e) {
+ // success
+ }
+ }
+
+ public void testWorkspaceCreationWithPrivilege() throws Exception {
+ assertDefaultPrivileges(NameConstants.JCR_WORKSPACE_MANAGEMENT);
+ assertPermission(Permission.WORKSPACE_MNGMT, false);
+
+ modifyPrivileges(null, NameConstants.JCR_WORKSPACE_MANAGEMENT.toString(), true);
+ // assert that permission have changed:
+ assertPrivilege(NameConstants.JCR_WORKSPACE_MANAGEMENT, true);
+ assertPermission(Permission.WORKSPACE_MNGMT, true);
+
+ try {
+ Workspace testWsp = getTestWorkspace();
+ testWsp.createWorkspace(getNewWorkspaceName(superuser.getWorkspace()));
+ } finally {
+ modifyPrivileges(null, NameConstants.JCR_WORKSPACE_MANAGEMENT.toString(), false);
+ }
+
+ assertPrivilege(NameConstants.JCR_WORKSPACE_MANAGEMENT, false);
+ assertPermission(Permission.WORKSPACE_MNGMT, false);
+ }
+
+ public void testWorkspaceDeletion() throws Exception {
+ assertDefaultPrivileges(NameConstants.JCR_WORKSPACE_MANAGEMENT);
+ assertPermission(Permission.WORKSPACE_MNGMT, false);
+
+ Workspace wsp = superuser.getWorkspace();
+ String workspaceName = getNewWorkspaceName(wsp);
+
+ wsp.createWorkspace(workspaceName);
+ try {
+ Workspace testWsp = getTestWorkspace();
+ List<String> wspNames = Arrays.asList(testWsp.getAccessibleWorkspaceNames());
+ if (wspNames.contains(workspaceName)) {
+ testWsp.deleteWorkspace(workspaceName);
+ fail("Workspace deletion should be denied.");
+ }
+ } catch (AccessDeniedException e) {
+ // success
+ } finally {
+ // clean up (not supported by jackrabbit-core)
+ try {
+ superuser.getWorkspace().deleteWorkspace(workspaceName);
+ } catch (Exception e) {
+ // workspace removal is not supported by jackrabbit-core.
+ }
+ }
+ }
+
+ public void testRegisterNodeType() throws Exception {
+ assertDefaultPrivileges(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT);
+ assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
+
+ Workspace testWsp = getTestWorkspace();
+ NodeTypeManager ntm = testWsp.getNodeTypeManager();
+ NodeTypeTemplate ntd = ntm.createNodeTypeTemplate();
+ ntd.setName("testNodeType");
+ ntd.setMixin(true);
+
+ try {
+ ntm.registerNodeType(ntd, true);
+ fail("Node type registration should be denied.");
+ } catch (AccessDeniedException e) {
+ // success
+ }
+ try {
+ ntm.registerNodeType(ntd, false);
+ fail("Node type registration should be denied.");
+ } catch (AccessDeniedException e) {
+ // success
+ }
+
+ NodeTypeTemplate[] ntds = new NodeTypeTemplate[2];
+ ntds[0] = ntd;
+ ntds[1] = ntm.createNodeTypeTemplate();
+ ntds[1].setName("anotherNodeType");
+ ntds[1].setDeclaredSuperTypeNames(new String[] {"nt:file"});
+ try {
+ ntm.registerNodeTypes(ntds, true);
+ fail("Node type registration should be denied.");
+ } catch (AccessDeniedException e) {
+ // success
+ }
+
+ try {
+ ntm.registerNodeTypes(ntds, false);
+ fail("Node type registration should be denied.");
+ } catch (AccessDeniedException e) {
+ // success
+ }
+ }
+
+ public void testRegisterNodeTypeWithPrivilege() throws Exception {
+ assertDefaultPrivileges(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT);
+ assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
+
+ modifyPrivileges(null, NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(), true);
+ assertPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, true);
+ assertPermission(Permission.NODE_TYPE_DEF_MNGMT, true);
+
+ try {
+ Workspace testWsp = getTestWorkspace();
+ NodeTypeManager ntm = testWsp.getNodeTypeManager();
+ NodeTypeTemplate ntd = ntm.createNodeTypeTemplate();
+ ntd.setName("testNodeType");
+ ntd.setMixin(true);
+ ntm.registerNodeType(ntd, true);
+
+ NodeTypeTemplate[] ntds = new NodeTypeTemplate[2];
+ ntds[0] = ntd;
+ ntds[1] = ntm.createNodeTypeTemplate();
+ ntds[1].setName("anotherNodeType");
+ ntds[1].setDeclaredSuperTypeNames(new String[] {"nt:file"});
+ ntm.registerNodeTypes(ntds, true);
+ } finally {
+ modifyPrivileges(null, NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(), false);
+ }
+
+ assertPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, false);
+ assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
+ }
+
+ public void testUnRegisterNodeType() throws Exception {
+ assertDefaultPrivileges(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT);
+ assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
+
+ NodeTypeManager ntm = superuser.getWorkspace().getNodeTypeManager();
+ NodeTypeTemplate ntd = ntm.createNodeTypeTemplate();
+ ntd.setName("testNodeType");
+ ntd.setMixin(true);
+ ntm.registerNodeType(ntd, true);
+
+ Workspace testWsp = getTestWorkspace();
+ try {
+ try {
+ NodeTypeManager testNtm = testWsp.getNodeTypeManager();
+ testNtm.unregisterNodeType(ntd.getName());
+ fail("Namespace unregistration should be denied.");
+ } catch (AccessDeniedException e) {
+ // success
+ }
+ try {
+ NodeTypeManager testNtm = testWsp.getNodeTypeManager();
+ testNtm.unregisterNodeTypes(new String[] {ntd.getName()});
+ fail("Namespace unregistration should be denied.");
+ } catch (AccessDeniedException e) {
+ // success
+ }
+ } finally {
+ // clean up (not supported by jackrabbit-core)
+ try {
+ ntm.unregisterNodeType(ntd.getName());
+ } catch (Exception e) {
+ // ns unregistration is not supported by jackrabbit-core.
+ }
+ }
+
+ }
+
+ public void testRegisterNamespace() throws Exception {
+ assertDefaultPrivileges(NameConstants.JCR_NAMESPACE_MANAGEMENT);
+ assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
+
+ try {
+ Workspace testWsp = getTestWorkspace();
+ testWsp.getNamespaceRegistry().registerNamespace(getNewNamespacePrefix(testWsp), getNewNamespaceURI(testWsp));
+ fail("Namespace registration should be denied.");
+ } catch (AccessDeniedException e) {
+ // success
+ }
+ }
+
+ public void testRegisterNamespaceWithPrivilege() throws Exception {
+ assertDefaultPrivileges(NameConstants.JCR_NAMESPACE_MANAGEMENT);
+ assertPermission(Permission.NAMESPACE_MNGMT, false);
+
+ modifyPrivileges(null, NameConstants.JCR_NAMESPACE_MANAGEMENT.toString(), true);
+ assertPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT, true);
+ assertPermission(Permission.NAMESPACE_MNGMT, true);
+
+ try {
+ Workspace testWsp = getTestWorkspace();
+ testWsp.getNamespaceRegistry().registerNamespace(getNewNamespacePrefix(testWsp), getNewNamespaceURI(testWsp));
+ } finally {
+ modifyPrivileges(null, NameConstants.JCR_NAMESPACE_MANAGEMENT.toString(), false);
+ }
+
+ assertPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT, false);
+ assertPermission(Permission.NAMESPACE_MNGMT, false);
+ }
+
+ public void testUnregisterNamespace() throws Exception {
+ assertDefaultPrivileges(NameConstants.JCR_NAMESPACE_MANAGEMENT);
+ assertPermission(Permission.NAMESPACE_MNGMT, false);
+
+ Workspace wsp = superuser.getWorkspace();
+ String pfx = getNewNamespacePrefix(wsp);
+ wsp.getNamespaceRegistry().registerNamespace(pfx, getNewNamespaceURI(wsp));
+
+ try {
+ Workspace testWsp = getTestWorkspace();
+ testWsp.getNamespaceRegistry().unregisterNamespace(pfx);
+ fail("Namespace unregistration should be denied.");
+ } catch (AccessDeniedException e) {
+ // success
+ } finally {
+ // clean up (not supported by jackrabbit-core)
+ try {
+ superuser.getWorkspace().getNamespaceRegistry().unregisterNamespace(pfx);
+ } catch (Exception e) {
+ // ns unregistration is not supported by jackrabbit-core.
+ }
+ }
+ }
+
+ public void testRegisterPrivilege() throws Exception {
+ assertDefaultPrivileges(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME);
+ assertPermission(Permission.PRIVILEGE_MNGMT, false);
+
+ try {
+ Workspace testWsp = getTestWorkspace();
+ ((JackrabbitWorkspace) testWsp).getPrivilegeManager().registerPrivilege(getNewPrivilegeName(testWsp), false, new String[0]);
+ fail("Privilege registration should be denied.");
+ } catch (AccessDeniedException e) {
+ // success
+ }
+ }
+
+ public void testRegisterPrivilegeWithPrivilege() throws Exception {
+ assertDefaultPrivileges(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME);
+ assertPermission(Permission.PRIVILEGE_MNGMT, false);
+
+ modifyPrivileges(null, PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME.toString(), true);
+ assertPrivilege(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME, true);
+ assertPermission(Permission.PRIVILEGE_MNGMT, true);
+
+ try {
+ Workspace testWsp = getTestWorkspace();
+ ((JackrabbitWorkspace) testWsp).getPrivilegeManager().registerPrivilege(getNewPrivilegeName(testWsp), false, new String[0]); } finally {
+ modifyPrivileges(null, PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME.toString(), false);
+ }
+
+ assertPrivilege(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME, false);
+ assertPermission(Permission.PRIVILEGE_MNGMT, false);
+ }
+
+ public void testRepoPolicyAPI() throws Exception {
+ try {
+ // initial state: no repo level policy
+ AccessControlPolicy[] policies = acMgr.getPolicies(null);
+ assertNotNull(policies);
+ assertEquals(0, policies.length);
+
+ AccessControlPolicy[] effective = acMgr.getEffectivePolicies(null);
+ assertNotNull(effective);
+ assertEquals(0, effective.length);
+
+ AccessControlPolicyIterator it = acMgr.getApplicablePolicies(null);
+ assertNotNull(it);
+ assertTrue(it.hasNext());
+ AccessControlPolicy acp = it.nextAccessControlPolicy();
+ assertNotNull(acp);
+ assertTrue(acp instanceof JackrabbitAccessControlPolicy);
+
+ // modify the repo level policy
+ modifyPrivileges(null, NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(), false);
+ modifyPrivileges(null, NameConstants.JCR_NAMESPACE_MANAGEMENT.toString(), true);
+
+ AccessControlPolicy[] plcs = acMgr.getPolicies(null);
+ assertNotNull(plcs);
+ assertEquals(1, plcs.length);
+ assertTrue(plcs[0] instanceof AccessControlList);
+
+ AccessControlList acl = (AccessControlList) plcs[0];
+ AccessControlEntry[] aces = acl.getAccessControlEntries();
+ assertNotNull(aces);
+ assertEquals(2, aces.length);
+
+ assertPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT, true);
+ assertPermission(Permission.NAMESPACE_MNGMT, true);
+
+ assertPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, false);
+ assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
+
+ effective = acMgr.getEffectivePolicies(null);
+ assertNotNull(effective);
+ assertEquals(1, effective.length);
+ assertTrue(effective[0] instanceof AccessControlList);
+
+ acl = (AccessControlList) effective[0];
+ aces = acl.getAccessControlEntries();
+ assertNotNull(aces);
+ assertEquals(2, aces.length);
+
+ // change the policy
+ acl = (AccessControlList) acMgr.getPolicies(null)[0];
+ acl.removeAccessControlEntry(aces[0]);
+ acMgr.setPolicy(null, acl);
+ superuser.save();
+
+ acl = (AccessControlList) acMgr.getPolicies(null)[0];
+ aces = acl.getAccessControlEntries();
+ assertNotNull(aces);
+ assertEquals(1, aces.length);
+
+ assertPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT, false);
+ assertPermission(Permission.NAMESPACE_MNGMT, false);
+
+ assertPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, false);
+ assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
+
+
+ // remove it again
+ acMgr.removePolicy(null, acl);
+ superuser.save();
+
+ // back to initial state: no repo level policy
+ policies = acMgr.getPolicies(null);
+ assertNotNull(policies);
+ assertEquals(0, policies.length);
+
+ effective = acMgr.getEffectivePolicies(null);
+ assertNotNull(effective);
+ assertEquals(0, effective.length);
+
+ it = acMgr.getApplicablePolicies(null);
+ assertNotNull(it);
+ assertTrue(it.hasNext());
+ acp = it.nextAccessControlPolicy();
+ assertNotNull(acp);
+ assertTrue(acp instanceof JackrabbitAccessControlPolicy);
+ } catch (UnsupportedRepositoryOperationException e) {
+ throw new NotExecutableException();
+ }
+ }
+}
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision Rev URL
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java?rev=1177668&r1=1177667&r2=1177668&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java Fri Sep 30 14:03:11 2011
@@ -401,4 +401,4 @@ public class CustomPrivilegeTest extends
previous = bits;
}
}
-}
\ No newline at end of file
+}
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PermissionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PermissionTest.java?rev=1177668&r1=1177667&r2=1177668&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PermissionTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PermissionTest.java Fri Sep 30 14:03:11 2011
@@ -45,6 +45,9 @@ public class PermissionTest extends Test
assertEquals(1024, Permission.LIFECYCLE_MNGMT);
assertEquals(2048, Permission.RETENTION_MNGMT);
assertEquals(4096, Permission.MODIFY_CHILD_NODE_COLLECTION);
- assertEquals(8192, Permission.PRIVILEGE_MNGMT);
+ assertEquals(8192, Permission.NODE_TYPE_DEF_MNGMT);
+ assertEquals(16384, Permission.NAMESPACE_MNGMT);
+ assertEquals(32768, Permission.WORKSPACE_MNGMT);
+ assertEquals(65536, Permission.PRIVILEGE_MNGMT);
}
}
\ No newline at end of file
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java?rev=1177668&r1=1177667&r2=1177668&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java Fri Sep 30 14:03:11 2011
@@ -20,6 +20,7 @@ import org.apache.jackrabbit.api.Jackrab
import org.apache.jackrabbit.api.security.authorization.PrivilegeManagerTest;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.spi.commons.conversion.IllegalNameException;
+import org.apache.jackrabbit.spi.commons.name.NameConstants;
import org.apache.jackrabbit.test.NotExecutableException;
import javax.jcr.AccessDeniedException;
@@ -71,7 +72,7 @@ public class PrivilegeManagerImplTest ex
fail();
}
}
-
+
public void testGetRegisteredPrivileges() throws RepositoryException {
Privilege[] registered = privilegeMgr.getRegisteredPrivileges();
Set<Privilege> set = new HashSet<Privilege>();
@@ -99,6 +100,12 @@ public class PrivilegeManagerImplTest ex
assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT), Privilege.JCR_RETENTION_MANAGEMENT, false, false);
assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT), Privilege.JCR_VERSION_MANAGEMENT, false, false);
+ // repo-level operation privileges
+ assertPrivilege(privilegeMgr.getPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT.toString()), NameConstants.JCR_NAMESPACE_MANAGEMENT.toString() , false, false);
+ assertPrivilege(privilegeMgr.getPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString()), NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(), false, false);
+ assertPrivilege(privilegeMgr.getPrivilege(NameConstants.JCR_WORKSPACE_MANAGEMENT.toString()), NameConstants.JCR_WORKSPACE_MANAGEMENT.toString(), false, false);
+
+ // aggregates
assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_ALL), Privilege.JCR_ALL, true, false);
assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_WRITE), Privilege.JCR_WRITE, true, false);
assertPrivilege(privilegeMgr.getPrivilege(PrivilegeRegistry.REP_WRITE), PrivilegeRegistry.REP_WRITE, true, false);
@@ -278,4 +285,4 @@ public class PrivilegeManagerImplTest ex
}
};
}
-}
\ No newline at end of file
+}
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java?rev=1177668&r1=1177667&r2=1177668&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java Fri Sep 30 14:03:11 2011
@@ -66,9 +66,14 @@ public class PrivilegeRegistryTest exten
assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_NODE_TYPE_MANAGEMENT)));
assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_RETENTION_MANAGEMENT)));
assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_VERSION_MANAGEMENT)));
- assertTrue(l.remove(privilegeRegistry.get(resolver.getQName(PrivilegeRegistry.REP_WRITE))));
+ // including repo-level operation privileges
+ assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_NAMESPACE_MANAGEMENT)));
+ assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT)));
+ assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_WORKSPACE_MANAGEMENT)));
assertTrue(l.remove(privilegeRegistry.get(resolver.getQName(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT))));
-
+ // and aggregates
+ assertTrue(l.remove(privilegeRegistry.get(resolver.getQName(PrivilegeRegistry.REP_WRITE))));
+
assertTrue(l.isEmpty());
}
@@ -131,8 +136,7 @@ public class PrivilegeRegistryTest exten
Set<Name> l = new HashSet<Name>(p.getDeclaredAggregateNames());
assertTrue(l.remove(NameConstants.JCR_READ));
assertTrue(l.remove(NameConstants.JCR_WRITE));
- assertTrue(l.remove(resolver.getQName(PrivilegeRegistry.REP_WRITE)));
- assertTrue(l.remove(resolver.getQName(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT)));
+ assertTrue(l.remove(resolver.getQName(PrivilegeRegistry.REP_WRITE)));
assertTrue(l.remove(NameConstants.JCR_READ_ACCESS_CONTROL));
assertTrue(l.remove(NameConstants.JCR_MODIFY_ACCESS_CONTROL));
assertTrue(l.remove(NameConstants.JCR_LIFECYCLE_MANAGEMENT));
@@ -140,6 +144,11 @@ public class PrivilegeRegistryTest exten
assertTrue(l.remove(NameConstants.JCR_NODE_TYPE_MANAGEMENT));
assertTrue(l.remove(NameConstants.JCR_RETENTION_MANAGEMENT));
assertTrue(l.remove(NameConstants.JCR_VERSION_MANAGEMENT));
+ // including repo-level operation privileges
+ assertTrue(l.remove(NameConstants.JCR_NAMESPACE_MANAGEMENT));
+ assertTrue(l.remove(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT));
+ assertTrue(l.remove(NameConstants.JCR_WORKSPACE_MANAGEMENT));
+ assertTrue(l.remove(resolver.getQName(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT)));
assertTrue(l.isEmpty());
}
@@ -203,6 +212,10 @@ public class PrivilegeRegistryTest exten
assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT)));
assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
assertTrue(l.remove(privilegeRegistry.getPrivilege(PrivilegeRegistry.REP_WRITE)));
+ // including repo-level operation privileges
+ assertTrue(l.remove(privilegeRegistry.getPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT.toString())));
+ assertTrue(l.remove(privilegeRegistry.getPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString())));
+ assertTrue(l.remove(privilegeRegistry.getPrivilege(NameConstants.JCR_WORKSPACE_MANAGEMENT.toString())));
assertTrue(l.remove(privilegeRegistry.getPrivilege(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT)));
assertTrue(l.isEmpty());
}
@@ -228,6 +241,10 @@ public class PrivilegeRegistryTest exten
assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_WRITE)));
assertTrue(l.remove(privilegeRegistry.getPrivilege(PrivilegeRegistry.REP_WRITE)));
+ // including repo-level operation privileges
+ assertTrue(l.remove(privilegeRegistry.getPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT.toString())));
+ assertTrue(l.remove(privilegeRegistry.getPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString())));
+ assertTrue(l.remove(privilegeRegistry.getPrivilege(NameConstants.JCR_WORKSPACE_MANAGEMENT.toString())));
assertTrue(l.remove(privilegeRegistry.getPrivilege(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT)));
assertTrue(l.isEmpty());
@@ -243,6 +260,10 @@ public class PrivilegeRegistryTest exten
assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT)));
assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT)));
+ // including repo-level operation privileges
+ assertTrue(l.remove(privilegeRegistry.getPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT.toString())));
+ assertTrue(l.remove(privilegeRegistry.getPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString())));
+ assertTrue(l.remove(privilegeRegistry.getPrivilege(NameConstants.JCR_WORKSPACE_MANAGEMENT.toString())));
assertTrue(l.isEmpty());
}
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/RepositoryOperationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/RepositoryOperationTest.java?rev=1177668&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/RepositoryOperationTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/RepositoryOperationTest.java Fri Sep 30 14:03:11 2011
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.acl;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.security.authorization.AbstractRepositoryOperationTest;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.Value;
+import javax.jcr.security.AccessControlManager;
+import java.security.Principal;
+import java.util.Map;
+
+/**
+ * <code>RepositoryOperationTest</code>...
+ */
+public class RepositoryOperationTest extends AbstractRepositoryOperationTest {
+
+ @Override
+ protected boolean isExecutable() {
+ return EvaluationUtil.isExecutable(acMgr);
+ }
+ @Override
+ protected JackrabbitAccessControlList getPolicy(AccessControlManager acMgr, String path, Principal princ) throws
+ RepositoryException, NotExecutableException {
+ return EvaluationUtil.getPolicy(acMgr, path, princ);
+ }
+ @Override
+ protected Map<String, Value> getRestrictions(Session s, String path) throws RepositoryException, NotExecutableException {
+ return EvaluationUtil.getRestrictions(s, path);
+ }
+}
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/RepositoryOperationTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/RepositoryOperationTest.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision Rev URL
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java?rev=1177668&r1=1177667&r2=1177668&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java Fri Sep 30 14:03:11 2011
@@ -49,7 +49,8 @@ public class TestAll extends TestCase {
suite.addTestSuite(NodeTypeTest.class);
suite.addTestSuite(EffectivePolicyTest.class);
suite.addTestSuite(ACLEditorTest.class);
-
+ suite.addTestSuite(RepositoryOperationTest.class);
+
return suite;
}
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java?rev=1177668&r1=1177667&r2=1177668&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java Fri Sep 30 14:03:11 2011
@@ -65,7 +65,7 @@ class EvaluationUtil {
String path,
Principal principal)
throws RepositoryException, AccessDeniedException, NotExecutableException {
- if (acM instanceof JackrabbitAccessControlManager) {
+ if (acM instanceof JackrabbitAccessControlManager && path != null) {
// first try applicable policies
AccessControlPolicy[] policies = ((JackrabbitAccessControlManager) acM).getApplicablePolicies(principal);
for (AccessControlPolicy policy : policies) {
@@ -86,7 +86,7 @@ class EvaluationUtil {
}
static Map<String, Value> getRestrictions(Session s, String path) throws RepositoryException, NotExecutableException {
- if (s instanceof SessionImpl) {
+ if (s instanceof SessionImpl && path != null) {
Map<String, Value> restr = new HashMap<String, Value>();
restr.put(((SessionImpl) s).getJCRName(ACLTemplate.P_NODE_PATH), s.getValueFactory().createValue(path, PropertyType.PATH));
return restr;
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/RepositoryOperationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/RepositoryOperationTest.java?rev=1177668&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/RepositoryOperationTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/RepositoryOperationTest.java Fri Sep 30 14:03:11 2011
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.authorization.AbstractRepositoryOperationTest;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.Value;
+import javax.jcr.security.AccessControlManager;
+import java.security.Principal;
+import java.util.Map;
+
+/**
+ * <code>RepositoryOperationTest</code>...
+ */
+public class RepositoryOperationTest extends AbstractRepositoryOperationTest {
+
+ protected boolean isExecutable() {
+ return EvaluationUtil.isExecutable((SessionImpl) superuser, acMgr);
+ }
+
+ protected JackrabbitAccessControlList getPolicy(AccessControlManager acMgr, String path, Principal princ) throws
+ RepositoryException, NotExecutableException {
+ return EvaluationUtil.getPolicy(acMgr, path, princ);
+ }
+
+ protected Map<String, Value> getRestrictions(Session s, String path) throws RepositoryException, NotExecutableException {
+ return EvaluationUtil.getRestrictions(s, path);
+ }
+}
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/RepositoryOperationTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/RepositoryOperationTest.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision Rev URL
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java?rev=1177668&r1=1177667&r2=1177668&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java Fri Sep 30 14:03:11 2011
@@ -43,6 +43,7 @@ public class TestAll extends TestCase {
suite.addTestSuite(VersionTest.class);
suite.addTestSuite(NodeTypeTest.class);
suite.addTestSuite(EffectivePolicyTest.class);
+ suite.addTestSuite(RepositoryOperationTest.class);
return suite;
}
Modified: jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/name/NameConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/name/NameConstants.java?rev=1177668&r1=1177667&r2=1177668&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/name/NameConstants.java (original)
+++ jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/name/NameConstants.java Fri Sep 30 14:03:11 2011
@@ -603,6 +603,9 @@ public class NameConstants {
/** rep:policy */
public static final Name REP_POLICY = rep("policy");
+ /** rep:repoPolicy */
+ public static final Name REP_REPO_POLICY = rep("repoPolicy");
+
/** rep:accesscontrol */
public static final Name REP_ACCESSCONTROL = rep("accesscontrol");
@@ -618,6 +621,9 @@ public class NameConstants {
/** rep:AccessControllable */
public static final Name REP_ACCESS_CONTROLLABLE = rep("AccessControllable");
+ /** rep:RepoAccessControllable */
+ public static final Name REP_REPO_ACCESS_CONTROLLABLE = rep("RepoAccessControllable");
+
/** rep:ACL */
public static final Name REP_ACL = rep("ACL");
@@ -721,12 +727,24 @@ public class NameConstants {
public static final Name JCR_RETENTION_MANAGEMENT =
FACTORY.create(Privilege.JCR_RETENTION_MANAGEMENT);
+ /** jcr:workspaceManagement */
+ // TODO replace with Privilege constant once next JCR version is released
+ public static final Name JCR_WORKSPACE_MANAGEMENT =
+ FACTORY.create("{http://www.jcp.org/jcr/1.0}workspaceManagement");
+
+ /** jcr:nodeTypeDefinitionManagement */
+ // TODO replace with Privilege constant once next JCR version is released
+ public static final Name JCR_NODE_TYPE_DEFINITION_MANAGEMENT =
+ FACTORY.create("{http://www.jcp.org/jcr/1.0}nodeTypeDefinitionManagement");
+
+ /** jcr:namespaceManagement */
+ // TODO replace with Privilege constant once next JCR version is released
+ public static final Name JCR_NAMESPACE_MANAGEMENT =
+ FACTORY.create("{http://www.jcp.org/jcr/1.0}namespaceManagement");
+
/** jcr:write */
- public static final Name JCR_WRITE =
- FACTORY.create(Privilege.JCR_WRITE);
+ public static final Name JCR_WRITE = FACTORY.create(Privilege.JCR_WRITE);
/** jcr:all */
- public static final Name JCR_ALL =
- FACTORY.create(Privilege.JCR_ALL);
-
-}
\ No newline at end of file
+ public static final Name JCR_ALL = FACTORY.create(Privilege.JCR_ALL);
+}