You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2011/03/16 19:07:08 UTC
svn commit: r1082239 [2/2] - in /jackrabbit/trunk/jackrabbit-core/src:
main/java/org/apache/jackrabbit/core/
main/java/org/apache/jackrabbit/core/security/
main/java/org/apache/jackrabbit/core/security/authorization/
main/java/org/apache/jackrabbit/cor...
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEntryTest.java?rev=1082239&r1=1082238&r2=1082239&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEntryTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEntryTest.java Wed Mar 16 18:07:07 2011
@@ -19,10 +19,14 @@ package org.apache.jackrabbit.core.secur
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
+import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
@@ -57,6 +61,13 @@ public abstract class AbstractEntryTest
protected abstract JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow)
throws RepositoryException;
+ protected abstract JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions)
+ throws RepositoryException;
+
+ protected abstract JackrabbitAccessControlEntry createEntryFromBase(JackrabbitAccessControlEntry base, Privilege[] privileges, boolean isAllow) throws RepositoryException, NotExecutableException;
+
+ protected abstract Map<String, Value> getTestRestrictions() throws RepositoryException;
+
public void testIsAllow() throws RepositoryException, NotExecutableException {
JackrabbitAccessControlEntry tmpl = createEntry(new String[] {Privilege.JCR_READ}, true);
assertTrue(tmpl.isAllow());
@@ -117,18 +128,32 @@ public abstract class AbstractEntryTest
public void testEquals() throws RepositoryException, NotExecutableException {
- JackrabbitAccessControlEntry ace = createEntry(new String[] {Privilege.JCR_ALL}, true);
- List<JackrabbitAccessControlEntry> equalAces = new ArrayList<JackrabbitAccessControlEntry>();
- equalAces.add(createEntry(new String[] {Privilege.JCR_ALL}, true));
+ Map<AccessControlEntry, AccessControlEntry> equalAces = new HashMap<AccessControlEntry, AccessControlEntry>();
- Privilege[] privs = acMgr.privilegeFromName(Privilege.JCR_ALL).getDeclaredAggregatePrivileges();
- equalAces.add(createEntry(testPrincipal, privs, true));
+ JackrabbitAccessControlEntry ace = createEntry(new String[] {Privilege.JCR_ALL}, true);
+ // create same entry again
+ equalAces.put(ace, createEntry(new String[] {Privilege.JCR_ALL}, true));
- privs = acMgr.privilegeFromName(Privilege.JCR_ALL).getAggregatePrivileges();
- equalAces.add(createEntry(testPrincipal, privs, true));
+ // create entry with declared aggregate privileges
+ Privilege[] declaredAllPrivs = acMgr.privilegeFromName(Privilege.JCR_ALL).getDeclaredAggregatePrivileges();
+ equalAces.put(ace, createEntry(testPrincipal, declaredAllPrivs, true));
+
+ // create entry with aggregate privileges
+ Privilege[] aggregateAllPrivs = acMgr.privilegeFromName(Privilege.JCR_ALL).getAggregatePrivileges();
+ equalAces.put(ace, createEntry(testPrincipal, aggregateAllPrivs, true));
+
+ // create entry with different privilege order
+ List<Privilege> reordered = new ArrayList<Privilege>(Arrays.asList(aggregateAllPrivs));
+ reordered.add(reordered.remove(0));
+ equalAces.put(createEntry(testPrincipal, reordered.toArray(new Privilege[reordered.size()]), true),
+ createEntry(testPrincipal, aggregateAllPrivs, true));
+
+ // even if entries are build with aggregated or declared aggregate privileges
+ equalAces.put(createEntry(testPrincipal, declaredAllPrivs, true),
+ createEntry(testPrincipal, aggregateAllPrivs, true));
- for (JackrabbitAccessControlEntry equalAce : equalAces) {
- assertEquals(ace, equalAce);
+ for (AccessControlEntry entry : equalAces.keySet()) {
+ assertEquals(entry, equalAces.get(entry));
}
}
@@ -238,4 +263,31 @@ public abstract class AbstractEntryTest
// success
}
}
+
+ public void testCreateFromBase() throws RepositoryException, NotExecutableException {
+ Map<String, Value> testRestrictions = getTestRestrictions();
+ JackrabbitAccessControlEntry base = createEntry(testPrincipal, privilegesFromName(Privilege.JCR_READ), false, testRestrictions);
+ assertEquals(testPrincipal, base.getPrincipal());
+ assertTrue(Arrays.equals(privilegesFromName(Privilege.JCR_READ), base.getPrivileges()));
+ assertFalse(base.isAllow());
+
+ Map<String, Value> baseRestrictions = new HashMap<String, Value>();
+ for (String name : base.getRestrictionNames()) {
+ baseRestrictions.put(name, base.getRestriction(name));
+ }
+ assertEquals(testRestrictions, baseRestrictions);
+
+
+ JackrabbitAccessControlEntry entry = createEntryFromBase(base, privilegesFromName(Privilege.JCR_WRITE), true);
+ assertEquals(testPrincipal, entry.getPrincipal());
+ assertTrue(Arrays.equals(privilegesFromName(Privilege.JCR_WRITE), entry.getPrivileges()));
+ assertTrue(entry.isAllow());
+
+ Map<String, Value> entryRestrictions = new HashMap<String, Value>();
+ for (String name : entry.getRestrictionNames()) {
+ entryRestrictions.put(name, entry.getRestriction(name));
+ }
+ assertEquals(testRestrictions, entryRestrictions);
+
+ }
}
\ No newline at end of file
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java?rev=1082239&r1=1082238&r2=1082239&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java Wed Mar 16 18:07:07 2011
@@ -18,13 +18,21 @@ package org.apache.jackrabbit.core.secur
import org.apache.jackrabbit.api.JackrabbitWorkspace;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManagerTest;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.spi.commons.conversion.IllegalNameException;
import org.apache.jackrabbit.test.NotExecutableException;
import javax.jcr.AccessDeniedException;
+import javax.jcr.NamespaceException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
/**
* <code>PrivilegeManagerTest</code>...
@@ -52,6 +60,57 @@ public class PrivilegeManagerImplTest ex
}
return privs;
}
+
+ private void assertPrivilege(Privilege priv, String name, boolean isAggregate, boolean isAbstract) throws NamespaceException, IllegalNameException {
+ assertNotNull(priv);
+ assertPrivilegeName(name, priv.getName());
+ assertEquals(isAggregate, priv.isAggregate());
+ assertEquals(isAbstract, priv.isAbstract());
+ }
+
+ private void assertPrivilegeName(String name, String name2) throws NamespaceException, IllegalNameException {
+ if (!((SessionImpl) superuser).getQName(name).equals(((SessionImpl) superuser).getQName(name2))) {
+ fail();
+ }
+ }
+
+ public void testGetRegisteredPrivileges() throws RepositoryException {
+ Privilege[] registered = privilegeMgr.getRegisteredPrivileges();
+ Set<Privilege> set = new HashSet<Privilege>();
+ Privilege all = privilegeMgr.getPrivilege(Privilege.JCR_ALL);
+ set.add(all);
+ set.addAll(Arrays.asList(all.getAggregatePrivileges()));
+
+ for (Privilege p : registered) {
+ assertTrue(set.remove(p));
+ }
+ assertTrue(set.isEmpty());
+ }
+
+ public void testGetPrivilege() throws RepositoryException {
+ assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_READ), Privilege.JCR_READ, false, false);
+ assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_ADD_CHILD_NODES), Privilege.JCR_ADD_CHILD_NODES, false, false);
+ assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_REMOVE_CHILD_NODES), Privilege.JCR_REMOVE_CHILD_NODES, false, false);
+ assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_MODIFY_PROPERTIES), Privilege.JCR_MODIFY_PROPERTIES, false, false);
+ assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_REMOVE_NODE), Privilege.JCR_REMOVE_NODE, false, false);
+ assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_READ_ACCESS_CONTROL), Privilege.JCR_READ_ACCESS_CONTROL, false, false);
+ assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_MODIFY_ACCESS_CONTROL), Privilege.JCR_MODIFY_ACCESS_CONTROL, false, false);
+ assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_LIFECYCLE_MANAGEMENT), Privilege.JCR_LIFECYCLE_MANAGEMENT, false, false);
+ assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT), Privilege.JCR_LOCK_MANAGEMENT, false, false);
+ assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT), Privilege.JCR_NODE_TYPE_MANAGEMENT, false, false);
+ assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT), Privilege.JCR_RETENTION_MANAGEMENT, false, false);
+ assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT), Privilege.JCR_VERSION_MANAGEMENT, false, false);
+
+ assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_ALL), Privilege.JCR_ALL, true, false);
+ assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_WRITE), Privilege.JCR_WRITE, true, false);
+ assertPrivilege(privilegeMgr.getPrivilege(PrivilegeRegistry.REP_WRITE), PrivilegeRegistry.REP_WRITE, true, false);
+ }
+
+ public void testIsCustom() throws RepositoryException {
+ for (Privilege builtin : privilegeMgr.getRegisteredPrivileges()) {
+ assertFalse(getPrivilegeManagerImpl().isCustomPrivilege(builtin));
+ }
+ }
public void testGetBits() throws RepositoryException {
Privilege p1 = privilegeMgr.getPrivilege(Privilege.JCR_ADD_CHILD_NODES);
@@ -86,16 +145,7 @@ public class PrivilegeManagerImplTest ex
public void testGetBitsFromNull() {
try {
- getPrivilegeManagerImpl().getBits((Privilege[]) null);
- fail("Should throw AccessControlException");
- } catch (AccessControlException e) {
- // ok
- }
- }
-
- public void testGetBitsFromNullString() {
- try {
- getPrivilegeManagerImpl().getBits((String[]) null);
+ getPrivilegeManagerImpl().getBits(null);
fail("Should throw AccessControlException");
} catch (AccessControlException e) {
// ok
@@ -111,15 +161,6 @@ public class PrivilegeManagerImplTest ex
}
}
- public void testGetBitsFromEmptyStringArray() throws AccessControlException {
- try {
- getPrivilegeManagerImpl().getBits(new String[0]);
- fail("Should throw AccessControlException");
- } catch (AccessControlException e) {
- // ok
- }
- }
-
public void testGetBitsWithInvalidPrivilege() {
Privilege p = buildCustomPrivilege("anyName", null);
try {
@@ -131,11 +172,11 @@ public class PrivilegeManagerImplTest ex
}
public void testGetPrivilegesFromBits() throws RepositoryException {
- Privilege[] pvs = getPrivilegeManagerImpl().getPrivileges(getPrivilegeManagerImpl().getBits(privilegesFromNames(new String[] {Privilege.JCR_READ_ACCESS_CONTROL})));
+ Set<Privilege> pvs = getPrivilegeManagerImpl().getPrivileges(getPrivilegeManagerImpl().getBits(privilegesFromNames(new String[] {Privilege.JCR_READ_ACCESS_CONTROL})));
assertTrue(pvs != null);
- assertTrue(pvs.length == 1);
- assertSamePrivilegeName(pvs[0].getName(), Privilege.JCR_READ_ACCESS_CONTROL);
+ assertTrue(pvs.size() == 1);
+ assertSamePrivilegeName(pvs.iterator().next().getName(), Privilege.JCR_READ_ACCESS_CONTROL);
}
public void testGetPrivilegesFromBits2() throws RepositoryException {
@@ -146,13 +187,14 @@ public class PrivilegeManagerImplTest ex
Privilege.JCR_MODIFY_PROPERTIES
};
int writeBits = getPrivilegeManagerImpl().getBits(privilegesFromNames(names));
- Privilege[] pvs = getPrivilegeManagerImpl().getPrivileges(writeBits);
+ Set<Privilege> pvs = getPrivilegeManagerImpl().getPrivileges(writeBits);
assertTrue(pvs != null);
- assertTrue(pvs.length == 1);
- assertSamePrivilegeName(pvs[0].getName(), Privilege.JCR_WRITE);
- assertTrue(pvs[0].isAggregate());
- assertTrue(pvs[0].getDeclaredAggregatePrivileges().length == names.length);
+ assertTrue(pvs.size() == 1);
+ Privilege p = pvs.iterator().next();
+ assertSamePrivilegeName(p.getName(), Privilege.JCR_WRITE);
+ assertTrue(p.isAggregate());
+ assertTrue(p.getDeclaredAggregatePrivileges().length == names.length);
}
public void testGetPrivilegesFromBits3() throws RepositoryException {
@@ -160,12 +202,13 @@ public class PrivilegeManagerImplTest ex
PrivilegeRegistry.REP_WRITE
};
int writeBits = getPrivilegeManagerImpl().getBits(privilegesFromNames(names));
- Privilege[] pvs = getPrivilegeManagerImpl().getPrivileges(writeBits);
+ Set<Privilege> pvs = getPrivilegeManagerImpl().getPrivileges(writeBits);
assertTrue(pvs != null);
- assertTrue(pvs.length == 1);
- assertSamePrivilegeName(pvs[0].getName(), PrivilegeRegistry.REP_WRITE);
- assertTrue(pvs[0].isAggregate());
+ assertTrue(pvs.size() == 1);
+ Privilege p = pvs.iterator().next();
+ assertSamePrivilegeName(p.getName(), PrivilegeRegistry.REP_WRITE);
+ assertTrue(p.isAggregate());
names = new String[] {
PrivilegeRegistry.REP_WRITE,
@@ -175,10 +218,11 @@ public class PrivilegeManagerImplTest ex
pvs = getPrivilegeManagerImpl().getPrivileges(writeBits);
assertTrue(pvs != null);
- assertTrue(pvs.length == 1);
- assertSamePrivilegeName(pvs[0].getName(), PrivilegeRegistry.REP_WRITE);
- assertTrue(pvs[0].isAggregate());
- assertTrue(pvs[0].getDeclaredAggregatePrivileges().length == names.length);
+ assertTrue(pvs.size() == 1);
+ p = pvs.iterator().next();
+ assertSamePrivilegeName(p.getName(), PrivilegeRegistry.REP_WRITE);
+ assertTrue(p.isAggregate());
+ assertTrue(p.getDeclaredAggregatePrivileges().length == names.length);
}
public void testGetPrivilegesFromBits4() throws RepositoryException {
@@ -187,10 +231,10 @@ public class PrivilegeManagerImplTest ex
Privilege.JCR_LIFECYCLE_MANAGEMENT
};
int writeBits = getPrivilegeManagerImpl().getBits(privilegesFromNames(names));
- Privilege[] pvs = getPrivilegeManagerImpl().getPrivileges(writeBits);
+ Set<Privilege> pvs = getPrivilegeManagerImpl().getPrivileges(writeBits);
assertTrue(pvs != null);
- assertTrue(pvs.length == 2);
+ assertTrue(pvs.size() == 2);
}
public void testRegisterPrivilegeAsNonAdmin() throws RepositoryException {
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java?rev=1082239&r1=1082238&r2=1082239&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java Wed Mar 16 18:07:07 2011
@@ -16,6 +16,9 @@
*/
package org.apache.jackrabbit.core.security.authorization;
+import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
+import org.apache.jackrabbit.commons.privilege.PrivilegeDefinition;
+import org.apache.jackrabbit.commons.privilege.PrivilegeDefinitionWriter;
import org.apache.jackrabbit.core.RepositoryImpl;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.fs.FileSystem;
@@ -28,9 +31,11 @@ import org.apache.jackrabbit.spi.commons
import org.apache.jackrabbit.test.AbstractJCRTest;
import javax.jcr.RepositoryException;
+import javax.jcr.Session;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
import java.io.IOException;
+import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.util.ArrayList;
@@ -38,6 +43,7 @@ import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -57,6 +63,10 @@ public class PrivilegeRegistryTest exten
privilegeRegistry = new PrivilegeRegistry(resolver);
}
+ private int getBits(PrivilegeRegistry.Definition def) {
+ return privilegeRegistry.getBits(new PrivilegeRegistry.Definition[] {def});
+ }
+
public void testGetAll() throws RepositoryException {
PrivilegeRegistry.Definition[] defs = privilegeRegistry.getAll();
@@ -100,7 +110,7 @@ public class PrivilegeRegistryTest exten
assertTrue(d.declaredAggregateNames.containsAll(l));
assertTrue(l.containsAll(d.declaredAggregateNames));
- assertTrue(d.getBits() > PrivilegeRegistry.NO_PRIVILEGE);
+ assertTrue(getBits(d) > PrivilegeRegistry.NO_PRIVILEGE);
}
}
@@ -115,7 +125,7 @@ public class PrivilegeRegistryTest exten
for (Name n : l) {
PrivilegeRegistry.Definition d = privilegeRegistry.get(n);
assertNotNull(d);
- Name[] names = privilegeRegistry.getNames(d.getBits());
+ Name[] names = privilegeRegistry.getNames(getBits(d));
assertNotNull(names);
assertEquals(1, names.length);
assertEquals(d.name, names[0]);
@@ -134,11 +144,11 @@ public class PrivilegeRegistryTest exten
assertEquals(def.isAbstract, def.isAbstract());
assertNotNull(def.declaredAggregateNames);
- List l = Arrays.asList(def.getDeclaredAggregateNames());
+ List<Name> l = Arrays.asList(def.getDeclaredAggregateNames());
assertTrue(def.declaredAggregateNames.containsAll(l));
assertTrue(l.containsAll(def.declaredAggregateNames));
- assertTrue(def.getBits() > PrivilegeRegistry.NO_PRIVILEGE);
+ assertTrue(getBits(def) > PrivilegeRegistry.NO_PRIVILEGE);
}
}
@@ -295,7 +305,7 @@ public class PrivilegeRegistryTest exten
public void testGetBitsFromNull() {
try {
- PrivilegeRegistry.getBits(null);
+ PrivilegeRegistry.getBits((Privilege[]) null);
fail("Should throw AccessControlException");
} catch (AccessControlException e) {
// ok
@@ -459,24 +469,24 @@ public class PrivilegeRegistryTest exten
if (!resource.exists()) {
resource.makeParentDirs();
}
- StringBuilder sb = new StringBuilder();
- sb.append("{}test;;{}test2\n");
- sb.append("{}test4;abstract;{}test5\n");
- sb.append("{}test5;;{}test3\n");
- sb.append("{}test3;;{}test\n");
- sb.append("{}test2;;{}test4");
-
- Writer writer = new OutputStreamWriter(resource.getOutputStream(), "utf-8");
- writer.write(sb.toString());
- writer.flush();
- writer.close();
+ OutputStream out = resource.getOutputStream();
try {
+ List<PrivilegeDefinition> defs = new ArrayList<PrivilegeDefinition>();
+ defs.add(new PrivilegeDefinition("test", false, new String[] {"test2"}));
+ defs.add(new PrivilegeDefinition("test4", true, new String[] {"test5"}));
+ defs.add(new PrivilegeDefinition("test5", false, new String[] {"test3"}));
+ defs.add(new PrivilegeDefinition("test3", false, new String[] {"test"}));
+ defs.add(new PrivilegeDefinition("test2", false, new String[] {"test4"}));
+ PrivilegeDefinitionWriter pdw = new PrivilegeDefinitionWriter("text/xml");
+ pdw.writeDefinitions(out, defs.toArray(new PrivilegeDefinition[defs.size()]), Collections.<String, String>emptyMap());
+
new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
fail("Cyclic definitions must be detected upon registry startup.");
} catch (RepositoryException e) {
// success
} finally {
+ out.close();
fs.deleteFolder("/privileges");
}
}
@@ -511,10 +521,20 @@ public class PrivilegeRegistryTest exten
PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
+ // same as jcr:read
newAggregates.put(resolver.getQName("jcr:newAggregate"), Collections.singleton(NameConstants.JCR_READ));
+ // aggregated combining built-in and an unknown privilege
newAggregates.put(resolver.getQName("jcr:newAggregate"), createNameSet(NameConstants.JCR_READ, resolver.getQName("unknownPrivilege")));
+ // aggregate containing unknown privilege
+ newAggregates.put(resolver.getQName("newAggregate"), createNameSet(resolver.getQName("unknownPrivilege")));
+ // aggregated combining built-in and custom
newAggregates.put(resolver.getQName("newAggregate"), createNameSet(NameConstants.JCR_READ, resolver.getQName("unknownPrivilege")));
+ // custom aggregated contains itself
newAggregates.put(resolver.getQName("newAggregate"), createNameSet(resolver.getQName("newAggregate")));
+ // same as rep:write
+ newAggregates.put(resolver.getQName("repWriteAggregate"), createNameSet(NameConstants.JCR_MODIFY_PROPERTIES, NameConstants.JCR_ADD_CHILD_NODES, NameConstants.JCR_NODE_TYPE_MANAGEMENT, NameConstants.JCR_REMOVE_CHILD_NODES,NameConstants.JCR_REMOVE_NODE));
+ // aggregating built-in -> currently not supported
+ newAggregates.put(resolver.getQName("aggrBuiltIn"), createNameSet(NameConstants.JCR_MODIFY_PROPERTIES, NameConstants.JCR_READ));
for (Name name : newAggregates.keySet()) {
try {
@@ -529,6 +549,44 @@ public class PrivilegeRegistryTest exten
}
}
+ public void testRegisterInvalidNewAggregate2() throws RepositoryException, FileSystemException {
+ FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+ try {
+ PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+
+ Map<Name, Set<Name>> newCustomPrivs = new LinkedHashMap<Name, Set<Name>>();
+ newCustomPrivs.put(resolver.getQName("new"), Collections.<Name>emptySet());
+ newCustomPrivs.put(resolver.getQName("new2"), Collections.<Name>singleton(resolver.getQName("new")));
+
+ for (Name name : newCustomPrivs.keySet()) {
+ boolean isAbstract = true;
+ Set<Name> aggrNames = newCustomPrivs.get(name);
+ pr.registerDefinition(name, isAbstract, aggrNames);
+ }
+
+ Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
+ // a new aggregate of custom and built-in privilege
+ newAggregates.put(resolver.getQName("newA1"), createNameSet(resolver.getQName("new"), NameConstants.JCR_READ));
+ // other illegal aggregates already represented by registered definition.
+ newAggregates.put(resolver.getQName("newA2"), Collections.<Name>singleton(resolver.getQName("new")));
+ newAggregates.put(resolver.getQName("newA3"), Collections.<Name>singleton(resolver.getQName("new2")));
+
+ for (Name name : newAggregates.keySet()) {
+ boolean isAbstract = false;
+ Set<Name> aggrNames = newAggregates.get(name);
+
+ try {
+ pr.registerDefinition(name, isAbstract, aggrNames);
+ fail("Invalid aggregation in definition '"+ name.toString()+"' : Exception expected");
+ } catch (RepositoryException e) {
+ // success
+ }
+ }
+ } finally {
+ fs.deleteFolder("/privileges");
+ }
+ }
+
public void testRegisterCustomPrivileges() throws RepositoryException, FileSystemException {
FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
try {
@@ -541,10 +599,13 @@ public class PrivilegeRegistryTest exten
for (Name name : newCustomPrivs.keySet()) {
boolean isAbstract = true;
Set<Name> aggrNames = newCustomPrivs.get(name);
+
pr.registerDefinition(name, isAbstract, aggrNames);
- PrivilegeRegistry.Definition definition = pr.get(name);
+ // validate definition
+ PrivilegeRegistry.Definition definition = pr.get(name);
assertNotNull(definition);
+ assertTrue(definition.isCustom());
assertEquals(name, definition.getName());
assertTrue(definition.isAbstract());
assertTrue(definition.declaredAggregateNames.isEmpty());
@@ -552,6 +613,7 @@ public class PrivilegeRegistryTest exten
for (Name n : aggrNames) {
assertTrue(definition.declaredAggregateNames.contains(n));
}
+ assertEquals(PrivilegeRegistry.NO_PRIVILEGE, getBits(definition));
List<Name> allAgg = Arrays.asList(pr.get(NameConstants.JCR_ALL).getDeclaredAggregateNames());
assertTrue(allAgg.contains(name));
@@ -564,14 +626,13 @@ public class PrivilegeRegistryTest exten
for (Name n : aggrNames) {
assertTrue(def.declaredAggregateNames.contains(n));
}
+
+ assertPrivilege(pr, (SessionImpl) superuser, definition);
}
Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
- // a new aggregate of existing built-in privileges
- newAggregates.put(resolver.getQName("newA1"), createNameSet(NameConstants.JCR_READ, NameConstants.JCR_RETENTION_MANAGEMENT));
- // a new aggregate of custom and built-in privilege
- newAggregates.put(resolver.getQName("newA2"), createNameSet(resolver.getQName("new"), NameConstants.JCR_READ));
- newAggregates.put(resolver.getQName("newA3"), createNameSet(resolver.getQName("test:new"), resolver.getQName("new")));
+ // a new aggregate of custom privileges
+ newAggregates.put(resolver.getQName("newA2"), createNameSet(resolver.getQName("test:new"), resolver.getQName("new")));
for (Name name : newAggregates.keySet()) {
boolean isAbstract = false;
@@ -580,6 +641,7 @@ public class PrivilegeRegistryTest exten
PrivilegeRegistry.Definition definition = pr.get(name);
assertNotNull(definition);
+ assertTrue(definition.isCustom());
assertEquals(name, definition.getName());
assertFalse(definition.isAbstract());
assertFalse(definition.declaredAggregateNames.isEmpty());
@@ -588,6 +650,8 @@ public class PrivilegeRegistryTest exten
assertTrue(definition.declaredAggregateNames.contains(n));
}
+ assertEquals(PrivilegeRegistry.NO_PRIVILEGE, getBits(definition));
+
List<Name> allAgg = Arrays.asList(pr.get(NameConstants.JCR_ALL).getDeclaredAggregateNames());
assertTrue(allAgg.contains(name));
@@ -600,6 +664,74 @@ public class PrivilegeRegistryTest exten
for (Name n : aggrNames) {
assertTrue(def.declaredAggregateNames.contains(n));
}
+
+ assertPrivilege(registry, (SessionImpl) superuser, def);
+ }
+ } finally {
+ fs.deleteFolder("/privileges");
+ }
+ }
+
+ private static void assertPrivilege(PrivilegeRegistry registry, SessionImpl session, PrivilegeRegistry.Definition def) throws RepositoryException {
+
+ PrivilegeManagerImpl pmgr = new PrivilegeManagerImpl(registry, session);
+ Privilege p = pmgr.getPrivilege(session.getJCRName(def.getName()));
+
+ assertNotNull(p);
+
+ assertEquals(def.isCustom(), pmgr.isCustomPrivilege(p));
+ assertEquals(def.isAbstract(), p.isAbstract());
+ Name[] danames = def.getDeclaredAggregateNames();
+ assertEquals(danames.length > 0, p.isAggregate());
+ assertEquals(danames.length, p.getDeclaredAggregatePrivileges().length);
+ }
+
+ public void testCustomEquivalentDefinitions() throws RepositoryException, FileSystemException, IOException {
+ // setup the custom privilege file with cyclic references
+ FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+ FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml");
+ if (!resource.exists()) {
+ resource.makeParentDirs();
+ }
+
+ OutputStream out = resource.getOutputStream();
+ try {
+ List<PrivilegeDefinition> defs = new ArrayList<PrivilegeDefinition>();
+ defs.add(new PrivilegeDefinition("test", false, new String[] {"test2","test3"}));
+ defs.add(new PrivilegeDefinition("test2", true, new String[] {"test4"}));
+ defs.add(new PrivilegeDefinition("test3", true, new String[] {"test5"}));
+ defs.add(new PrivilegeDefinition("test4", true, new String[0]));
+ defs.add(new PrivilegeDefinition("test5", true, new String[0]));
+
+ // the equivalent definition to 'test'
+ defs.add(new PrivilegeDefinition("test6", false, new String[] {"test2","test5"}));
+
+ PrivilegeDefinitionWriter pdw = new PrivilegeDefinitionWriter("text/xml");
+ pdw.writeDefinitions(out, defs.toArray(new PrivilegeDefinition[defs.size()]), Collections.<String, String>emptyMap());
+
+ new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+ fail("Equivalent definitions must be detected upon registry startup.");
+ } catch (RepositoryException e) {
+ // success
+ } finally {
+ out.close();
+ fs.deleteFolder("/privileges");
+ }
+ }
+
+ public void testRegister100CustomPrivileges() throws RepositoryException, FileSystemException {
+ FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+ try {
+ PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+
+ for (int i = 0; i < 100; i++) {
+ boolean isAbstract = true;
+ Name name = ((SessionImpl) superuser).getQName("test"+i);
+ pr.registerDefinition(name, isAbstract, Collections.<Name>emptySet());
+ PrivilegeRegistry.Definition definition = pr.get(name);
+
+ assertNotNull(definition);
+ assertEquals(name, definition.getName());
}
} finally {
fs.deleteFolder("/privileges");
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java?rev=1082239&r1=1082238&r2=1082239&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java Wed Mar 16 18:07:07 2011
@@ -58,6 +58,26 @@ public class EntryTest extends AbstractE
return acl.createEntry(principal, privileges, isAllow, Collections.<String, Value>emptyMap());
}
+ @Override
+ protected JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions) throws RepositoryException {
+ return acl.createEntry(principal, privileges, isAllow, restrictions);
+ }
+
+ @Override
+ protected JackrabbitAccessControlEntry createEntryFromBase(JackrabbitAccessControlEntry base, Privilege[] privileges, boolean isAllow) throws RepositoryException, NotExecutableException {
+ if (base instanceof ACLTemplate.Entry) {
+ return acl.createEntry((ACLTemplate.Entry) base, privileges, isAllow);
+ } else {
+ throw new NotExecutableException();
+ }
+ }
+
+ @Override
+ protected Map<String, Value> getTestRestrictions() throws RepositoryException {
+ String restrName = ((SessionImpl) superuser).getJCRName(ACLTemplate.P_GLOB);
+ return Collections.singletonMap(restrName, superuser.getValueFactory().createValue("/.*"));
+ }
+
public void testIsLocal() throws NotExecutableException, RepositoryException {
ACLTemplate.Entry entry = (ACLTemplate.Entry) createEntry(new String[] {Privilege.JCR_READ}, true);
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java?rev=1082239&r1=1082238&r2=1082239&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java Wed Mar 16 18:07:07 2011
@@ -71,11 +71,26 @@ public class EntryTest extends AbstractE
return (JackrabbitAccessControlEntry) acl.createEntry(principal, privileges, isAllow, restrictions);
}
- private JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions)
+ @Override
+ protected JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions)
throws RepositoryException {
return (JackrabbitAccessControlEntry) acl.createEntry(principal, privileges, isAllow, restrictions);
}
+ @Override
+ protected JackrabbitAccessControlEntry createEntryFromBase(JackrabbitAccessControlEntry base, Privilege[] privileges, boolean isAllow) throws RepositoryException, NotExecutableException {
+ Map<String, Value> restr = new HashMap<String, Value>();
+ for (String name : base.getRestrictionNames()) {
+ restr.put(name, base.getRestriction(name));
+ }
+ return (JackrabbitAccessControlEntry) acl.createEntry(base.getPrincipal(), privileges, isAllow, restr);
+ }
+
+ @Override
+ protected Map<String, Value> getTestRestrictions() throws RepositoryException {
+ return restrictions;
+ }
+
public void testNodePathMustNotBeNull() throws RepositoryException, NotExecutableException {
try {
Privilege[] privs = privilegesFromName(Privilege.JCR_ALL);
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java?rev=1082239&r1=1082238&r2=1082239&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java Wed Mar 16 18:07:07 2011
@@ -110,7 +110,7 @@ public class UserAccessControlProviderTe
assertFalse(cp.canReadAll());
assertFalse(cp.grants(rootPath, Permission.READ));
- assertEquals(PrivilegeRegistry.NO_PRIVILEGE, cp.getPrivileges(rootPath));
+ assertTrue(cp.getPrivilegeSet(rootPath).isEmpty());
assertSame(CompiledPermissions.NO_PERMISSION, cp);
}
}
@@ -139,7 +139,7 @@ public class UserAccessControlProviderTe
if (cp != null) {
assertFalse(cp.canReadAll());
assertFalse(cp.grants(rootPath, Permission.READ));
- assertEquals(PrivilegeRegistry.NO_PRIVILEGE, cp.getPrivileges(rootPath));
+ assertTrue(cp.getPrivilegeSet(rootPath).isEmpty());
}
}
}