You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2015/10/15 10:24:03 UTC
svn commit: r1708739 - in /jackrabbit/oak/trunk/oak-authorization-cug/src:
main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/
test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/
Author: angela
Date: Thu Oct 15 08:24:02 2015
New Revision: 1708739
URL: http://svn.apache.org/viewvc?rev=1708739&view=rev
Log:
OAK-3520 : Increase test coverage,
OAK-1268 : Add support for composite authorization setup
Added:
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugTreePermissionTest.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/EmptyCugTreePermissionTest.java
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPermissionProvider.java
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImpl.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManagerTest.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeDefaultTest.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeImplTest.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPermissionProviderTest.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImplTest.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/SupportedPathsTest.java
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java?rev=1708739&r1=1708738&r2=1708739&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java Thu Oct 15 08:24:02 2015
@@ -31,7 +31,6 @@ import javax.jcr.security.AccessControlP
import javax.jcr.security.Privilege;
import com.google.common.base.Function;
-import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
@@ -41,6 +40,7 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.PolicyOwner;
import org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy;
@@ -53,7 +53,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.util.TreeUtil;
-import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -89,6 +88,7 @@ class CugAccessControlManager extends Ab
}
}
+ @Override
public AccessControlPolicy[] getPolicies(String absPath) throws RepositoryException {
String oakPath = getOakPath(absPath);
if (oakPath != null && isSupportedPath(oakPath)) {
@@ -100,24 +100,26 @@ class CugAccessControlManager extends Ab
return new AccessControlPolicy[0];
}
+ @Override
public AccessControlPolicy[] getEffectivePolicies(String absPath) throws RepositoryException {
String oakPath = getOakPath(absPath);
getTree(oakPath, Permissions.READ_ACCESS_CONTROL, true);
Root r = getRoot().getContentSession().getLatestRoot();
List<AccessControlPolicy> effective = new ArrayList<AccessControlPolicy>();
- while (!Strings.isNullOrEmpty(oakPath)) {
- if (oakPath != null && isSupportedPath(oakPath)) {
+ while (oakPath != null) {
+ if (isSupportedPath(oakPath)) {
CugPolicy cug = getCugPolicy(oakPath, r.getTree(oakPath));
if (cug != null) {
effective.add(cug);
}
}
- oakPath = Text.getRelativeParent(oakPath, 1);
+ oakPath = (PathUtils.denotesRoot(oakPath)) ? null : PathUtils.getAncestorPath(oakPath, 1);
}
return effective.toArray(new AccessControlPolicy[effective.size()]);
}
+ @Override
public AccessControlPolicyIterator getApplicablePolicies(String absPath) throws RepositoryException {
String oakPath = getOakPath(absPath);
if (oakPath == null || !isSupportedPath(oakPath)) {
@@ -133,6 +135,7 @@ class CugAccessControlManager extends Ab
}
}
+ @Override
public void removePolicy(String absPath, AccessControlPolicy policy) throws RepositoryException {
String oakPath = getOakPath(absPath);
if (isSupportedPath(oakPath)) {
@@ -150,6 +153,7 @@ class CugAccessControlManager extends Ab
}
}
+ @Override
public void setPolicy(String absPath, AccessControlPolicy policy) throws RepositoryException {
String oakPath = getOakPath(absPath);
if (isSupportedPath(oakPath)) {
@@ -177,16 +181,19 @@ class CugAccessControlManager extends Ab
//-------------------------------------< JackrabbitAccessControlManager >---
+ @Override
public JackrabbitAccessControlPolicy[] getApplicablePolicies(Principal principal) throws RepositoryException {
// editing by 'principal' is not supported
return new JackrabbitAccessControlPolicy[0];
}
+ @Override
public JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws RepositoryException {
// editing by 'principal' is not supported
return new JackrabbitAccessControlPolicy[0];
}
+ @Override
public AccessControlPolicy[] getEffectivePolicies(Set<Principal> principals) throws RepositoryException {
// editing by 'principal' is not supported
return new AccessControlPolicy[0];
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPermissionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPermissionProvider.java?rev=1708739&r1=1708738&r2=1708739&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPermissionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPermissionProvider.java Thu Oct 15 08:24:02 2015
@@ -115,9 +115,12 @@ class CugPermissionProvider implements A
@Nonnull
@Override
public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission parentPermission) {
+ if (TreePermission.NO_RECOURSE == parentPermission) {
+ throw new IllegalStateException("Attempt to create tree permission for unsupported path.");
+ }
Tree immutableTree = getImmutableTree(tree);
- if (((TreePermission.EMPTY == parentPermission) && !immutableTree.isRoot()) || isAcContent(immutableTree, true)) {
- return TreePermission.EMPTY;
+ if (isAcContent(immutableTree, true)) {
+ return TreePermission.NO_RECOURSE;
}
TreePermission tp;
@@ -130,7 +133,7 @@ class CugPermissionProvider implements A
} else if (supportedPaths.mayContainCug(path)) {
tp = new EmptyCugTreePermission(immutableTree, this);
} else {
- tp = TreePermission.EMPTY;
+ tp = TreePermission.NO_RECOURSE;
}
}
return tp;
@@ -195,7 +198,7 @@ class CugPermissionProvider implements A
@Override
public long supportedPermissions(@Nonnull TreeLocation location, long permissions) {
long supported = permissions & Permissions.READ;
- if (supported != Permissions.NO_PERMISSION && includesCug(getTreeFromLocation(location, location.getProperty()), location.getPath())) {
+ if (supported != Permissions.NO_PERMISSION && includesCug(getTreeFromLocation(location), location.getPath())) {
return supported;
} else {
return Permissions.NO_PERMISSION;
@@ -215,10 +218,9 @@ class CugPermissionProvider implements A
@Override
public boolean isGranted(@Nonnull TreeLocation location, long permissions) {
if (isRead(permissions)) {
- PropertyState property = location.getProperty();
- Tree tree = getTreeFromLocation(location, property);
+ Tree tree = getTreeFromLocation(location);
if (tree != null) {
- return isGranted(tree, property, permissions);
+ return isGranted(tree, location.getProperty(), permissions);
}
}
return false;
@@ -294,8 +296,8 @@ class CugPermissionProvider implements A
}
@CheckForNull
- private static Tree getTreeFromLocation(@Nonnull TreeLocation location, @CheckForNull PropertyState property) {
- Tree tree = (property == null) ? location.getTree() : location.getParent().getTree();
+ private static Tree getTreeFromLocation(@Nonnull TreeLocation location) {
+ Tree tree = (location.getProperty() == null) ? location.getTree() : location.getParent().getTree();
while (tree == null && !PathUtils.denotesRoot(location.getPath())) {
location = location.getParent();
tree = location.getTree();
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImpl.java?rev=1708739&r1=1708738&r2=1708739&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImpl.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImpl.java Thu Oct 15 08:24:02 2015
@@ -58,6 +58,7 @@ class CugPolicyImpl implements CugPolicy
CugPolicyImpl(@Nonnull String oakPath, @Nonnull NamePathMapper namePathMapper,
@Nonnull PrincipalManager principalManager, int importBehavior,
@Nonnull Set<Principal> principals) {
+ ImportBehavior.nameFromValue(importBehavior);
this.oakPath = oakPath;
this.namePathMapper = namePathMapper;
this.principalManager = principalManager;
@@ -150,7 +151,7 @@ class CugPolicyImpl implements CugPolicy
log.debug("Best effort: don't verify existence of principals.");
break;
default:
- throw new IllegalArgumentException("Unsupported import behavior " + importBehavior);
+ throw new IllegalStateException("Unsupported import behavior " + importBehavior);
}
return isValid;
}
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.java?rev=1708739&r1=1708738&r2=1708739&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.java Thu Oct 15 08:24:02 2015
@@ -56,7 +56,8 @@ public class AbstractCugTest extends Abs
NodeUtil content = rootNode.addChild("content", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
content.addChild("subtree", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
rootNode.addChild("content2", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
- rootNode.addChild("testNode", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
+ NodeUtil testNode = rootNode.addChild("testNode", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
+ testNode.addChild("child", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
root.commit();
}
@@ -64,6 +65,7 @@ public class AbstractCugTest extends Abs
public void after() throws Exception {
try {
root.getTree(SUPPORTED_PATH).remove();
+ root.getTree(SUPPORTED_PATH2).remove();
root.getTree(UNSUPPORTED_PATH).remove();
root.commit();
} finally {
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManagerTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManagerTest.java?rev=1708739&r1=1708738&r2=1708739&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManagerTest.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManagerTest.java Thu Oct 15 08:24:02 2015
@@ -32,6 +32,8 @@ import javax.jcr.security.Privilege;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
@@ -41,6 +43,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;
+import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.oak.util.TreeUtil;
import org.junit.Test;
@@ -120,6 +123,12 @@ public class CugAccessControlManagerTest
}
@Test
+ public void testGetApplicablePoliciesNullPath() throws Exception {
+ AccessControlPolicyIterator it = cugAccessControlManager.getApplicablePolicies((String) null);
+ assertFalse(it.hasNext());
+ }
+
+ @Test
public void testGetPolicies() throws Exception {
AccessControlPolicy[] policies = cugAccessControlManager.getPolicies(SUPPORTED_PATH);
assertEquals(0, policies.length);
@@ -134,6 +143,24 @@ public class CugAccessControlManagerTest
assertTrue(policies[0] instanceof CugPolicyImpl);
}
+ @Test
+ public void testGetPoliciesAfterManualCreation() throws Exception {
+ NodeUtil n = new NodeUtil(root.getTree(SUPPORTED_PATH));
+ NodeUtil cug = n.addChild(REP_CUG_POLICY, NT_REP_CUG_POLICY);
+
+ AccessControlPolicy[] policies = cugAccessControlManager.getPolicies(SUPPORTED_PATH);
+ assertEquals(1, policies.length);
+ assertTrue(policies[0] instanceof CugPolicy);
+ CugPolicy cugPolicy = (CugPolicy) policies[0];
+ assertTrue(cugPolicy.getPrincipals().isEmpty());
+
+ cug.setStrings(REP_PRINCIPAL_NAMES, "unknownPrincipalName", EveryonePrincipal.NAME);
+
+ policies = cugAccessControlManager.getPolicies(SUPPORTED_PATH);
+ cugPolicy = (CugPolicy) policies[0];
+ assertEquals(2, cugPolicy.getPrincipals().size());
+ }
+
@Test(expected = PathNotFoundException.class)
public void testGetPoliciesInvalidPath() throws Exception {
cugAccessControlManager.getPolicies(INVALID_PATH);
@@ -146,6 +173,47 @@ public class CugAccessControlManagerTest
}
@Test
+ public void testGetPoliciesNullPath() throws Exception {
+ AccessControlPolicy[] policies = cugAccessControlManager.getPolicies((String) null);
+ assertEquals(0, policies.length);
+ }
+
+ @Test
+ public void testGetEffectivePolicies() throws Exception {
+ AccessControlPolicy[] policies = cugAccessControlManager.getEffectivePolicies(SUPPORTED_PATH);
+ assertEquals(0, policies.length);
+
+ cugAccessControlManager.setPolicy(SUPPORTED_PATH, createCug(SUPPORTED_PATH));
+ root.commit();
+
+ policies = cugAccessControlManager.getEffectivePolicies(SUPPORTED_PATH);
+ assertEquals(1, policies.length);
+
+ AccessControlPolicy[] effectiveOnChild = cugAccessControlManager.getEffectivePolicies(SUPPORTED_PATH + "/subtree");
+ assertEquals(1, policies.length);
+
+ assertEquals(policies.length, effectiveOnChild.length);
+ assertEquals(((JackrabbitAccessControlPolicy) policies[0]).getPath(), ((JackrabbitAccessControlPolicy) effectiveOnChild[0]).getPath());
+ }
+
+ @Test(expected = PathNotFoundException.class)
+ public void testGetEffectivePoliciesInvalidPath() throws Exception {
+ cugAccessControlManager.getEffectivePolicies(INVALID_PATH);
+ }
+
+ @Test
+ public void testGetEffectivePoliciesUnsupportedPath() throws Exception {
+ AccessControlPolicy[] policies = cugAccessControlManager.getEffectivePolicies(UNSUPPORTED_PATH);
+ assertEquals(0, policies.length);
+ }
+
+ @Test
+ public void testGetEffectivePoliciesNullPath() throws Exception {
+ AccessControlPolicy[] policies = cugAccessControlManager.getEffectivePolicies((String) null);
+ assertEquals(0, policies.length);
+ }
+
+ @Test
public void testSetPolicy() throws Exception {
CugPolicy cug = getApplicableCug(SUPPORTED_PATH);
cug.addPrincipals(EveryonePrincipal.getInstance());
@@ -219,6 +287,14 @@ public class CugAccessControlManagerTest
cugAccessControlManager.setPolicy(SUPPORTED_PATH, createCug(SUPPORTED_PATH + "/subtree"));
}
+ @Test(expected = AccessControlException.class)
+ public void testSetInvalidCugNode() throws Exception {
+ Tree supportedTree = root.getTree(SUPPORTED_PATH);
+ new NodeUtil(supportedTree).addChild(REP_CUG_POLICY, NodeTypeConstants.NT_OAK_UNSTRUCTURED);
+
+ cugAccessControlManager.setPolicy(SUPPORTED_PATH, new CugPolicyImpl(SUPPORTED_PATH, NamePathMapper.DEFAULT, getPrincipalManager(root), ImportBehavior.BESTEFFORT));
+ }
+
@Test
public void testRemovePolicy() throws Exception {
CugPolicy cug = getApplicableCug(SUPPORTED_PATH);
@@ -262,6 +338,14 @@ public class CugAccessControlManagerTest
}
}
+ @Test(expected = AccessControlException.class)
+ public void testRemoveInvalidCugNode() throws Exception {
+ Tree supportedTree = root.getTree(SUPPORTED_PATH);
+ new NodeUtil(supportedTree).addChild(REP_CUG_POLICY, NodeTypeConstants.NT_OAK_UNSTRUCTURED);
+
+ cugAccessControlManager.removePolicy(SUPPORTED_PATH, new CugPolicyImpl(SUPPORTED_PATH, NamePathMapper.DEFAULT, getPrincipalManager(root), ImportBehavior.BESTEFFORT));
+ }
+
@Test(expected = PathNotFoundException.class)
public void testRemovePolicyInvalidPath() throws Exception {
cugAccessControlManager.removePolicy(INVALID_PATH, createCug(INVALID_PATH));
@@ -277,6 +361,27 @@ public class CugAccessControlManagerTest
cugAccessControlManager.removePolicy(SUPPORTED_PATH, createCug(SUPPORTED_PATH + "/subtree"));
}
+ @Test
+ public void testGetApplicablePoliciesByPrincipal() throws Exception {
+ AccessControlPolicy[] applicable = cugAccessControlManager.getApplicablePolicies(EveryonePrincipal.getInstance());
+ assertNotNull(applicable);
+ assertEquals(0, applicable.length);
+ }
+
+ @Test
+ public void testGetPoliciesByPrincipal() throws Exception {
+ AccessControlPolicy[] applicable = cugAccessControlManager.getPolicies(EveryonePrincipal.getInstance());
+ assertNotNull(applicable);
+ assertEquals(0, applicable.length);
+ }
+
+ @Test
+ public void testGetEffectivePoliciesByPrincipal() throws Exception {
+ AccessControlPolicy[] applicable = cugAccessControlManager.getEffectivePolicies(ImmutableSet.<Principal>of(EveryonePrincipal.getInstance()));
+ assertNotNull(applicable);
+ assertEquals(0, applicable.length);
+ }
+
/**
* An invalid (unsupported) implementation of {@link CugPolicy}.
*/
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java?rev=1708739&r1=1708738&r2=1708739&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java Thu Oct 15 08:24:02 2015
@@ -16,18 +16,26 @@
*/
package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;
+import java.lang.reflect.Field;
import java.security.Principal;
import java.util.List;
import java.util.Set;
+import javax.jcr.GuestCredentials;
import javax.jcr.security.AccessControlManager;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.Oak;
+import org.apache.jackrabbit.oak.api.ContentRepository;
+import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
+import org.apache.jackrabbit.oak.plugins.nodetype.write.InitialContent;
import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.OpenSecurityProvider;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider;
@@ -38,6 +46,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.principal.SystemUserPrincipal;
import org.junit.Test;
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
@@ -49,6 +58,11 @@ public class CugConfigurationTest extend
}
@Test
+ public void testGetName() {
+ assertEquals(AuthorizationConfiguration.NAME, createConfiguration(ConfigurationParameters.EMPTY).getName());
+ }
+
+ @Test
public void testGetPermissionProviderDisabled() {
CugConfiguration cc = createConfiguration(ConfigurationParameters.of(CugConstants.PARAM_CUG_ENABLED, false));
@@ -151,4 +165,27 @@ public class CugConfigurationTest extend
}
}
+ @Test
+ public void testActivate() throws Exception {
+ SecurityProvider sp = new OpenSecurityProvider();
+ ContentRepository repo = new Oak().with(sp).with(new InitialContent()).createContentRepository();
+ ContentSession cs = null;
+ try {
+ Field repoField = CugConfiguration.class.getDeclaredField("repository");
+ repoField.setAccessible(true);
+
+ CugConfiguration cc = new CugConfiguration(sp);
+ repoField.set(cc, repo);
+
+ cc.activate();
+
+ cs = repo.login(new GuestCredentials(), null);
+ ReadOnlyNodeTypeManager ntMgr = ReadOnlyNodeTypeManager.getInstance(cs.getLatestRoot(), NamePathMapper.DEFAULT);
+ assertTrue(ntMgr.hasNodeType(CugConstants.NT_REP_CUG_POLICY));
+ } finally {
+ if (cs != null) {
+ cs.close();
+ }
+ }
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeDefaultTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeDefaultTest.java?rev=1708739&r1=1708738&r2=1708739&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeDefaultTest.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeDefaultTest.java Thu Oct 15 08:24:02 2015
@@ -27,6 +27,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.SystemUserPrincipal;
+import org.junit.Before;
import org.junit.Test;
import static org.junit.Assert.assertFalse;
@@ -34,7 +35,21 @@ import static org.junit.Assert.assertTru
public class CugExcludeDefaultTest {
- private CugExclude exclude = new CugExclude.Default();
+ CugExclude exclude;
+
+ @Before
+ public void before() {
+ exclude = createInstance();
+ }
+
+ CugExclude createInstance() {
+ return new CugExclude.Default();
+ }
+
+ @Test
+ public void testEmptyPrincipalSet() {
+ assertTrue(exclude.isExcluded(ImmutableSet.<Principal>of()));
+ }
@Test
public void testSystemPrincipal() {
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeImplTest.java?rev=1708739&r1=1708738&r2=1708739&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeImplTest.java Thu Oct 15 08:24:02 2015
@@ -21,19 +21,30 @@ import java.util.Collections;
import java.util.Map;
import java.util.Set;
+import javax.annotation.Nonnull;
+
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
+import org.apache.jackrabbit.oak.spi.security.authorization.cug.CugExclude;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.junit.Test;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
-public class CugExcludeImplTest {
+public class CugExcludeImplTest extends CugExcludeDefaultTest {
- private CugExcludeImpl exclude = new CugExcludeImpl();
private Set<Principal> principals = ImmutableSet.<Principal>of(new PrincipalImpl("test"));
+ @Override
+ CugExclude createInstance() {
+ return new CugExcludeImpl();
+ }
+
+ private void activate(@Nonnull Map<String, Object> map) {
+ ((CugExcludeImpl) exclude).activate(map);
+ }
+
@Test
public void testEmpty() {
assertFalse(exclude.isExcluded(principals));
@@ -41,21 +52,21 @@ public class CugExcludeImplTest {
@Test
public void testEmpty2() {
- exclude.activate(Collections.<String, Object>emptyMap());
+ activate(Collections.<String, Object>emptyMap());
assertFalse(exclude.isExcluded(principals));
}
@Test
public void testExcludeTest() {
Map<String, Object> m = ImmutableMap.<String, Object>of("principalNames", new String[] {"a","b","c","test"});
- exclude.activate(m);
+ activate(m);
assertTrue(exclude.isExcluded(principals));
}
@Test
public void testExcludeAnother() {
Map<String, Object> m = ImmutableMap.<String, Object>of("principalNames", new String[] {"a","b","c","test"});
- exclude.activate(m);
+ activate(m);
assertFalse(exclude.isExcluded(ImmutableSet.<Principal>of(new PrincipalImpl("another"))));
}
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPermissionProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPermissionProviderTest.java?rev=1708739&r1=1708738&r2=1708739&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPermissionProviderTest.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPermissionProviderTest.java Thu Oct 15 08:24:02 2015
@@ -50,6 +50,7 @@ import static org.junit.Assert.assertFal
import static org.junit.Assert.assertNotSame;
import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
public class CugPermissionProviderTest extends AbstractCugTest implements NodeTypeConstants {
@@ -407,6 +408,14 @@ public class CugPermissionProviderTest e
assertTrue(pp.getPrivileges(root.getTree("/content/a/b/c")).isEmpty());
}
+ /**
+ * @see PermissionProvider#getPrivileges(org.apache.jackrabbit.oak.api.Tree)
+ */
+ @Test
+ public void testGetPrivilegesNullPath() {
+ assertTrue(cugPermProvider.getPrivileges(null).isEmpty());
+ }
+
//------------------------------------------------------< hasPrivileges >---
/**
* @see PermissionProvider#hasPrivileges(org.apache.jackrabbit.oak.api.Tree, String...)
@@ -444,7 +453,7 @@ public class CugPermissionProviderTest e
* @see PermissionProvider#hasPrivileges(org.apache.jackrabbit.oak.api.Tree, String...)
*/
@Test
- public void hasNonReadPrivileges() {
+ public void testHasNonReadPrivileges() {
for (String p : Iterables.concat(READABLE_PATHS, NOT_READABLE_PATHS)) {
Tree tree = root.getTree(p);
if (tree.exists()) {
@@ -457,6 +466,14 @@ public class CugPermissionProviderTest e
}
}
+ /**
+ * @see PermissionProvider#hasPrivileges(org.apache.jackrabbit.oak.api.Tree, String...)
+ */
+ @Test
+ public void testHasPrivilegesNullPath() {
+ assertFalse(cugPermProvider.hasPrivileges(null, PrivilegeConstants.JCR_READ));
+ }
+
//--------------------------------------------< getRepositoryPermission >---
/**
* @see org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider#getRepositoryPermission()
@@ -507,11 +524,18 @@ public class CugPermissionProviderTest e
// cug content
TreePermission cugTp = cugPermProvider.getTreePermission(root.getTree("/content/a/rep:cugPolicy"), aTp);
- assertSame(TreePermission.EMPTY, cugTp);
+ assertSame(TreePermission.NO_RECOURSE, cugTp);
// paths that may not contain cugs anyway
- assertSame(TreePermission.EMPTY, cugPermProvider.getTreePermission(root.getTree("/jcr:system"), rootTp));
- assertSame(TreePermission.EMPTY, cugPermProvider.getTreePermission(root.getTree(UNSUPPORTED_PATH), rootTp));
+ assertSame(TreePermission.NO_RECOURSE, cugPermProvider.getTreePermission(root.getTree("/jcr:system"), rootTp));
+ TreePermission unsupportedPathTp = cugPermProvider.getTreePermission(root.getTree(UNSUPPORTED_PATH), rootTp);
+ assertSame(TreePermission.NO_RECOURSE, unsupportedPathTp);
+ try {
+ cugPermProvider.getTreePermission(root.getTree(UNSUPPORTED_PATH + "/child"), unsupportedPathTp);
+ fail();
+ } catch (IllegalStateException e) {
+ // success
+ }
}
//-------------------------------< isGranted(Tree, PropertyState, long) >---
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImplTest.java?rev=1708739&r1=1708738&r2=1708739&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImplTest.java Thu Oct 15 08:24:02 2015
@@ -142,6 +142,7 @@ public class CugPolicyImplTest extends A
Set<Principal> principalSet = cug.getPrincipals();
assertEquals(2, principalSet.size());
assertFalse(principalSet.contains(new PrincipalImpl("unknown")));
+ assertFalse(principalSet.contains(new PrincipalImpl("")));
}
@Test
@@ -154,6 +155,32 @@ public class CugPolicyImplTest extends A
}
@Test
+ public void testAddNullPrincipal() throws Exception {
+ CugPolicy cug = new CugPolicyImpl(path, NamePathMapper.DEFAULT, principalManager, ImportBehavior.ABORT, principals);
+ assertTrue(cug.addPrincipals(EveryonePrincipal.getInstance(), null));
+
+ assertTrue(cug.getPrincipals().contains(EveryonePrincipal.getInstance()));
+ assertTrue(cug.getPrincipals().contains(testPrincipal));
+ }
+
+ @Test(expected = AccessControlException.class)
+ public void testAddEmptyPrincipalName() throws Exception {
+ CugPolicy cug = new CugPolicyImpl(path, NamePathMapper.DEFAULT, principalManager, ImportBehavior.BESTEFFORT);
+ cug.addPrincipals(new PrincipalImpl(""));
+ }
+
+ @Test(expected = AccessControlException.class)
+ public void testAddNullPrincipalName() throws Exception {
+ CugPolicy cug = new CugPolicyImpl(path, NamePathMapper.DEFAULT, principalManager, ImportBehavior.BESTEFFORT);
+ cug.addPrincipals(new Principal() {
+ @Override
+ public String getName() {
+ return null;
+ }
+ });
+ }
+
+ @Test
public void testRemovePrincipals() throws Exception {
CugPolicy cug = new CugPolicyImpl(path, NamePathMapper.DEFAULT, principalManager,
ImportBehavior.BESTEFFORT,
@@ -165,6 +192,14 @@ public class CugPolicyImplTest extends A
}
@Test
+ public void testRemoveNullPrincipal() throws Exception {
+ CugPolicy cug = new CugPolicyImpl(path, NamePathMapper.DEFAULT, principalManager, ImportBehavior.ABORT, principals);
+ assertTrue(cug.removePrincipals(testPrincipal, null));
+
+ assertTrue(cug.getPrincipals().isEmpty());
+ }
+
+ @Test
public void testGetPath() {
CugPolicy empty = createEmptyCugPolicy();
assertEquals(path, empty.getPath());
@@ -178,4 +213,9 @@ public class CugPolicyImplTest extends A
CugPolicy empty = new CugPolicyImpl(oakPath, mapper, principalManager, ImportBehavior.ABORT);
assertEquals("/quercus:testPath", empty.getPath());
}
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testInvalidImportBehavior() {
+ CugPolicy cug = new CugPolicyImpl(path, NamePathMapper.DEFAULT, principalManager, -1, principals);
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java?rev=1708739&r1=1708738&r2=1708739&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java Thu Oct 15 08:24:02 2015
@@ -33,7 +33,7 @@ final class CugSecurityProvider extends
composite.setDefaultConfig(authorizationConfiguration);
composite.addConfiguration(new CugConfiguration(this));
composite.addConfiguration(authorizationConfiguration);
- ((CugSecurityProvider) this).bindAuthorizationConfiguration(composite);
+ this.bindAuthorizationConfiguration(composite);
}
}
Added: jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugTreePermissionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugTreePermissionTest.java?rev=1708739&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugTreePermissionTest.java (added)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugTreePermissionTest.java Thu Oct 15 08:24:02 2015
@@ -0,0 +1,127 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;
+
+import java.security.Principal;
+import java.util.Set;
+import javax.annotation.Nonnull;
+
+import com.google.common.collect.ImmutableSet;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.plugins.memory.EmptyNodeState;
+import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
+import org.junit.Test;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+
+public class CugTreePermissionTest extends AbstractCugTest {
+
+ private CugTreePermission allowedTp;
+ private CugTreePermission deniedTp;
+
+ @Override
+ public void before() throws Exception {
+ super.before();
+
+ createCug(SUPPORTED_PATH, EveryonePrincipal.getInstance());
+ root.commit();
+
+ Set<Principal> principals = ImmutableSet.of(getTestUser().getPrincipal(), EveryonePrincipal.getInstance());
+ Set<String> supportedPaths = ImmutableSet.of(SUPPORTED_PATH, SUPPORTED_PATH2);
+
+ allowedTp = getCugTreePermission(root, getTestUser().getPrincipal(), EveryonePrincipal.getInstance());
+ deniedTp = getCugTreePermission(root);
+ }
+
+ private static CugTreePermission getCugTreePermission(@Nonnull Root root, @Nonnull Principal... principals) {
+ PermissionProvider pp = new CugPermissionProvider(root, ImmutableSet.copyOf(principals), ImmutableSet.of(SUPPORTED_PATH, SUPPORTED_PATH2), CugContext.INSTANCE);
+ TreePermission rootTp = pp.getTreePermission(root.getTree("/"), TreePermission.EMPTY);
+ TreePermission targetTp = pp.getTreePermission(root.getTree(SUPPORTED_PATH), rootTp);
+ assertTrue(targetTp instanceof CugTreePermission);
+ return (CugTreePermission) targetTp;
+ }
+
+ @Test
+ public void testGetChildPermission() throws Exception {
+ TreePermission child = allowedTp.getChildPermission("subtree", EmptyNodeState.EMPTY_NODE);
+ assertTrue(child instanceof CugTreePermission);
+
+ TreePermission cugChild = allowedTp.getChildPermission(REP_CUG_POLICY, EmptyNodeState.EMPTY_NODE);
+ assertSame(TreePermission.NO_RECOURSE, cugChild);
+
+ child = allowedTp.getChildPermission("subtree", EmptyNodeState.EMPTY_NODE);
+ assertTrue(child instanceof CugTreePermission);
+ }
+
+ @Test
+ public void testCanRead() {
+ assertTrue(allowedTp.canRead());
+ assertFalse(deniedTp.canRead());
+ }
+
+ @Test
+ public void testCanReadProperty() {
+ PropertyState ps = PropertyStates.createProperty("prop", "val");
+
+ assertTrue(allowedTp.canRead(ps));
+ assertFalse(deniedTp.canRead(ps));
+ }
+
+ @Test
+ public void testCanReadAll() {
+ assertFalse(allowedTp.canReadAll());
+ assertFalse(deniedTp.canReadAll());
+ }
+
+ @Test
+ public void testCanReadProperties() {
+ assertFalse(allowedTp.canReadProperties());
+ assertFalse(deniedTp.canReadProperties());
+ }
+
+ @Test
+ public void testIsGranted() {
+ assertFalse(allowedTp.isGranted(Permissions.ALL));
+ assertFalse(allowedTp.isGranted(Permissions.WRITE));
+ assertTrue(allowedTp.isGranted(Permissions.READ_NODE));
+
+ assertFalse(deniedTp.isGranted(Permissions.ALL));
+ assertFalse(deniedTp.isGranted(Permissions.WRITE));
+ assertFalse(deniedTp.isGranted(Permissions.READ_NODE));
+
+ }
+
+ @Test
+ public void testIsGrantedProperty() {
+ PropertyState ps = PropertyStates.createProperty("prop", "val");
+
+ assertFalse(allowedTp.isGranted(Permissions.ALL, ps));
+ assertFalse(allowedTp.isGranted(Permissions.WRITE, ps));
+ assertTrue(allowedTp.isGranted(Permissions.READ_PROPERTY, ps));
+
+ assertFalse(deniedTp.isGranted(Permissions.ALL, ps));
+ assertFalse(deniedTp.isGranted(Permissions.WRITE, ps));
+ assertFalse(deniedTp.isGranted(Permissions.READ_PROPERTY, ps));
+ }
+}
\ No newline at end of file
Added: jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/EmptyCugTreePermissionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/EmptyCugTreePermissionTest.java?rev=1708739&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/EmptyCugTreePermissionTest.java (added)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/EmptyCugTreePermissionTest.java Thu Oct 15 08:24:02 2015
@@ -0,0 +1,104 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;
+
+import java.security.Principal;
+import java.util.Set;
+
+import com.google.common.collect.ImmutableSet;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.plugins.memory.EmptyNodeState;
+import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
+import org.apache.jackrabbit.util.Text;
+import org.junit.Test;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+
+public class EmptyCugTreePermissionTest extends AbstractCugTest {
+
+ private EmptyCugTreePermission tp;
+
+ @Override
+ public void before() throws Exception {
+ super.before();
+
+ createCug(SUPPORTED_PATH, EveryonePrincipal.getInstance());
+ root.commit();
+
+ Set<Principal> principals = ImmutableSet.of(getTestUser().getPrincipal(), EveryonePrincipal.getInstance());
+ Set<String> supportedPaths = ImmutableSet.of(SUPPORTED_PATH, SUPPORTED_PATH2);
+
+ PermissionProvider pp = new CugPermissionProvider(root, principals, supportedPaths, CugContext.INSTANCE);
+ tp = new EmptyCugTreePermission(root.getTree("/"), pp);
+ }
+
+ @Test
+ public void testGetChildPermission() throws Exception {
+ TreePermission child = tp.getChildPermission(Text.getName(SUPPORTED_PATH2), EmptyNodeState.EMPTY_NODE);
+ assertTrue(child instanceof EmptyCugTreePermission);
+
+ child = tp.getChildPermission(Text.getName(SUPPORTED_PATH), EmptyNodeState.EMPTY_NODE);
+ assertFalse(child instanceof EmptyCugTreePermission);
+ assertTrue(child instanceof CugTreePermission);
+
+ TreePermission child2 = tp.getChildPermission(Text.getName(UNSUPPORTED_PATH), EmptyNodeState.EMPTY_NODE);
+ assertFalse(child2 instanceof EmptyCugTreePermission);
+ assertSame(child2, TreePermission.NO_RECOURSE);
+ }
+
+ @Test
+ public void testCanRead() {
+ assertFalse(tp.canRead());
+ }
+
+ @Test
+ public void testCanReadProperty() {
+ assertFalse(tp.canRead(PropertyStates.createProperty("prop", "val")));
+ }
+
+ @Test
+ public void testCanReadAll() {
+ assertFalse(tp.canReadAll());
+ }
+
+ @Test
+ public void testCanReadProperties() {
+ assertFalse(tp.canReadProperties());
+ }
+
+ @Test
+ public void testIsGranted() {
+ assertFalse(tp.isGranted(Permissions.ALL));
+ assertFalse(tp.isGranted(Permissions.WRITE));
+ assertFalse(tp.isGranted(Permissions.READ));
+ }
+
+ @Test
+ public void testIsGrantedProperty() {
+ PropertyState ps = PropertyStates.createProperty("prop", "val");
+ assertFalse(tp.isGranted(Permissions.ALL, ps));
+ assertFalse(tp.isGranted(Permissions.WRITE, ps));
+ assertFalse(tp.isGranted(Permissions.READ, ps));
+ }
+
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/SupportedPathsTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/SupportedPathsTest.java?rev=1708739&r1=1708738&r2=1708739&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/SupportedPathsTest.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/SupportedPathsTest.java Thu Oct 15 08:24:02 2015
@@ -16,19 +16,23 @@
*/
package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;
-import java.util.Collections;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
public class SupportedPathsTest {
@Test
public void testIncludes() {
- SupportedPaths supportedPaths = new SupportedPaths(Collections.singleton("/content"));
+ SupportedPaths supportedPaths = new SupportedPaths(ImmutableSet.of("/content"));
Map<String, Boolean> pathMap = new HashMap<String, Boolean>();
pathMap.put("/content", true);
@@ -53,7 +57,7 @@ public class SupportedPathsTest {
@Test
public void testMayContainCug() {
- SupportedPaths supportedPaths = new SupportedPaths(Collections.singleton("/content/a"));
+ SupportedPaths supportedPaths = new SupportedPaths(ImmutableSet.of("/content/a"));
Map<String, Boolean> pathMap = new HashMap<String, Boolean>();
pathMap.put("/", true);
@@ -69,4 +73,29 @@ public class SupportedPathsTest {
assertEquals(path, expected, supportedPaths.mayContainCug(path));
}
}
+
+
+ @Test
+ public void testRootPath() {
+ SupportedPaths supportedPaths = new SupportedPaths(ImmutableSet.of("/"));
+
+ List<String> paths = ImmutableList.of("/", "/content", "/jcr:system", "/testRoot", "/some/other/path", "/content/a", "/content/a/b");
+
+ for (String path : paths) {
+ assertTrue(path, supportedPaths.includes(path));
+ assertTrue(path, supportedPaths.mayContainCug(path));
+ }
+ }
+
+ @Test
+ public void testEmpty() {
+ SupportedPaths supportedPaths = new SupportedPaths(ImmutableSet.<String>of());
+
+ List<String> paths = ImmutableList.of("/", "/content", "/jcr:system", "/testRoot", "/some/other/path", "/content/a", "/content/a/b");
+
+ for (String path : paths) {
+ assertFalse(path, supportedPaths.includes(path));
+ assertFalse(path, supportedPaths.mayContainCug(path));
+ }
+ }
}
\ No newline at end of file