Mailing-List: contact sling-commits-help@incubator.apache.org; run by ezmlm
Precedence: bulk
Reply-To: sling-dev@incubator.apache.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r756393 - in /incubator/sling/trunk/launchpad: bundles/
 content/src/main/resources/content/apps/
 content/src/main/resources/content/apps/sling/
 content/src/main/resources/content/apps/sling/servlet/
 content/src/main/resources/content/apps/s...
Date: Fri, 20 Mar 2009 09:52:04 -0000
To: sling-commits@incubator.apache.org
From: jvazquez@apache.org
Message-Id: <20090320095207.1D54123888E6@eris.apache.org>

Author: jvazquez
Date: Fri Mar 20 09:52:01 2009
New Revision: 756393

URL: http://svn.apache.org/viewvc?rev=756393&view=rev
Log:
SLING-879: New Bundle to provide actions for interacting with the jackrabbit AccessManager 
https://issues.apache.org/jira/browse/SLING-879
Applied integration tests about jackrabbit access manager integration

Added:
    incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/
    incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/
    incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/
    incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/
    incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/ace.html.esp
    incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/acl.html.esp
    incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/
    incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java
    incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java
    incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/RemoveAcesTest.java
Modified:
    incubator/sling/trunk/launchpad/bundles/pom.xml

Modified: incubator/sling/trunk/launchpad/bundles/pom.xml
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/launchpad/bundles/pom.xml?rev=756393&r1=756392&r2=756393&view=diff
==============================================================================
--- incubator/sling/trunk/launchpad/bundles/pom.xml (original)
+++ incubator/sling/trunk/launchpad/bundles/pom.xml Fri Mar 20 09:52:01 2009
@@ -163,6 +163,12 @@
             <scope>provided</scope>
         </dependency>
         <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.jcr.jackrabbit.accessmanager</artifactId>
+            <version>2.0.0-incubator-SNAPSHOT</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
             <groupId>org.apache.jackrabbit</groupId>
             <artifactId>jackrabbit-jcr-commons</artifactId>
             <version>1.5.0</version>
@@ -408,7 +414,7 @@
                                 </goals>
                                 <configuration>
                                     <includeArtifactIds>
-                                        org.apache.sling.jcr.api,org.apache.sling.jcr.base,jackrabbit-api,org.apache.sling.jcr.jackrabbit.server,org.apache.sling.jcr.jackrabbit.usermanager,jackrabbit-jcr-commons,commons-io,commons-collections,commons-lang,org.apache.sling.commons.osgi,org.apache.sling.commons.mime,org.apache.sling.jcr.webdav
+                                        org.apache.sling.jcr.api,org.apache.sling.jcr.base,jackrabbit-api,org.apache.sling.jcr.jackrabbit.server,org.apache.sling.jcr.jackrabbit.usermanager,org.apache.sling.jcr.jackrabbit.accessmanager,jackrabbit-jcr-commons,commons-io,commons-collections,commons-lang,org.apache.sling.commons.osgi,org.apache.sling.commons.mime,org.apache.sling.jcr.webdav
                                     </includeArtifactIds>
         
                                     <excludeTransitive>true</excludeTransitive>

Added: incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/ace.html.esp
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/ace.html.esp?rev=756393&view=auto
==============================================================================
--- incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/ace.html.esp (added)
+++ incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/ace.html.esp Fri Mar 20 09:52:01 2009
@@ -0,0 +1,117 @@
+<%
+   var privilegesInfo = new Packages.org.apache.sling.jcr.jackrabbit.accessmanager.PrivilegesInfo();
+   if (!privilegesInfo.canReadAccessControl(currentNode)) {
+      //no rights to view the access control of the node, so just return a 404 status
+      response.sendError(404);
+   } else {
+      var principalId = request.getParameter("pid");
+      var isUser = false;
+      var isValidPrincipal = false;
+      if (principalId != null && principalId != "") {
+         var userManager = Packages.org.apache.sling.jcr.base.util.AccessControlUtil.getUserManager(currentNode.session);
+         if (userManager != null) {
+            var authorizable = userManager.getAuthorizable(principalId);
+            if (authorizable != null) {
+               isUser = !authorizable.isGroup();
+               isValidPrincipal = true;
+            } else {
+               //no user/group matches the supplied principal id
+            }
+         }
+      }
+%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xml:lang="en" lang="en"
+      xmlns="http://www.w3.org/1999/xhtml"
+>
+<head>
+   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+   <title>Access Control Entry : <%=currentNode.name%></title>
+   
+   <style TYPE="text/css">
+   <!--
+      ul.error-msg {
+         list-style-position: inside;
+         list-style-type: none;
+      }
+      li.error-msg {
+         color: #c00;
+         background-color: #fee;
+         border: 1px solid #c00;
+         margin: 3px;
+         padding: 4px;
+         line-height: 18px;
+         font-weight: bold;
+      }
+   -->
+   </style>
+</head>
+<body>
+   <%
+      if (!isValidPrincipal) {
+   %>
+      <ul class="error-msg">
+         <li class="error-msg">Invalid principal name: "<%=principalId%>"</li>
+      </ul>
+   <%
+      } else  {
+         //principal is valid
+         var accessRights = privilegesInfo.getDeclaredAccessRightsForPrincipal(currentNode, principalId);
+         var granted = accessRights.getGranted();
+         var denied = accessRights.getDenied();
+         var supported = privilegesInfo.getSupportedPrivileges(currentNode);
+         var canModify = privilegesInfo.canModifyAccessControl(currentNode);
+   %>
+
+      <h1>Modify Access Control Entry For: <%=principalId%></h1>
+   
+      <form method="POST" action="<%=request.contextPath%><%=currentNode.path%>.modifyAce.html" >
+         <input type="hidden" name=":redirect" value="<%=request.contextPath%><%=currentNode.path%>.acl.html" />
+         <input type="hidden" name="principalId" value="<%=principalId%>" />
+      
+         <table width="100%">
+            <thead>
+               <tr>
+                  <th align="left" width="<%=isUser ? '70%' : '55%'%>">Privilege</th>
+                  <th align="center" width="15%">Ignored</th>
+                  <th align="center" width="15%">Granted</th>
+                  <% if (isUser) { %>
+                  <th align="center" width="15%">Denied</th>
+                  <% } %>
+               </tr>
+            </thead>
+            <tbody>
+            <%
+               for (i=0; i < supported.length; i++) {
+                  var p = supported[i];
+            %>
+            <tr>
+               <td align="left" width="<%=isUser ? '70%' : '55%'%>"><%=p.getName()%></td>
+               <td align="center" width="15%"><input type="radio" name="privilege@<%=p.getName()%>" value="" <%=granted.contains(p) || denied.contains(p) ? "" : "checked"%> /></td>
+               <td align="center" width="15%"><input type="radio" name="privilege@<%=p.getName()%>" value="granted" <%=granted.contains(p) ? "checked" : ""%> /></td>
+               <% if (isUser) { %>
+               <td align="center" width="15%"><input type="radio" name="privilege@<%=p.getName()%>" value="denied" <%=denied.contains(p) ? "checked" : ""%> /></td>
+               <% } %>
+            </tr>      
+            <%      
+               }
+            %>
+            </tbody>
+            <tfoot>
+               <tr>
+                  <td colspan="<%=isUser ? '3' : '2'%>"></td>
+                  <td align="center" width="15%">
+                     <button accesskey="a" id="applyButton" class="form-button" type="submit">Apply</button>
+                  </td>
+               </tr>
+            </tfoot>
+         </table>
+      </form>
+   <%
+      } //end-if isValidPrincipal
+   %>      
+</body>
+</html>
+<%
+   }
+%>
\ No newline at end of file

Added: incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/acl.html.esp
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/acl.html.esp?rev=756393&view=auto
==============================================================================
--- incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/acl.html.esp (added)
+++ incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/acl.html.esp Fri Mar 20 09:52:01 2009
@@ -0,0 +1,93 @@
+<%
+   var privilegesInfo = new Packages.org.apache.sling.jcr.jackrabbit.accessmanager.PrivilegesInfo();
+   if (!privilegesInfo.canReadAccessControl(currentNode)) {
+      //no rights to view the access control of the node, so just return a 404 status
+      response.sendError(404);
+   } else {
+      var canModify = privilegesInfo.canModifyAccessControl(currentNode);
+%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xml:lang="en" lang="en"
+      xmlns="http://www.w3.org/1999/xhtml"
+>
+<head>
+   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+   <title>Access Control List : <%=currentNode.name%></title>
+</head>
+
+<body>
+
+   <h1>Manage Access Control For: <%=currentNode.path%></h1>
+
+   <% if (canModify) { %>
+   <fieldset>
+      <legend>Add an entry for a user or group</legend>
+      <form method="GET" action="<%=request.contextPath%><%=currentNode.path%>.ace.html">
+         <label for="addpid">Principal Name:</label> 
+         <input id="addpid" type="text" name="pid" value="" />
+         <input type="submit" value="Add"/>
+      </form>
+   </fieldset>
+   <% } %>
+
+   <fieldset>
+      <legend>Current access control entries</legend>
+
+      <form method="POST" action="<%=request.contextPath%><%=currentNode.path%>.deleteAce.html" >
+         <input type="hidden" name=":redirect" value="<%=request.contextPath%>" />
+         
+         <table width="100%">
+            <thead>
+               <tr>
+                  <th align="left" width="60%">Principal</th>
+                  <th align="center" width="25%">Privileges</th>
+                  <th align="center" width="15%"><% if (canModify) { %>Remove<% } %></th>
+               </tr>
+            </thead>
+            <tbody>
+            <%
+               var accessMap = privilegesInfo.getDeclaredAccessRights(currentNode);
+               var entrySet = accessMap.entrySet();
+               var iterator = entrySet.iterator();
+               while (iterator.hasNext()) {
+                  var entry = iterator.next();
+                  var principal = entry.getKey();
+                  var accessrights = entry.getValue();
+            %>
+               <tr>
+                  <td align="left" width="60%" >
+                     <% if (canModify) { %>
+                        <a href="<%=request.contextPath%><%=currentNode.path%>.ace.html?pid=<%=principal.getName()%>">
+                           <%=principal.getName()%>
+                        </a>
+                     <% } else { %>
+                        <%=principal.getName()%>
+                     <% } %>
+                  </td>
+                  <td align="center" width="25%" >
+                     <%=accessrights.getPrivilegeSetDisplayName(request.locale)%>
+                  </td>
+                  <td align="center" width="15%">
+                     <% if (canModify) { %>
+                        <input type="checkbox" name=":applyTo" value="<%=principal.getName()%>" />
+                     <% } %>
+                  </td>
+               </tr>
+            <%      
+               }
+            %>
+            </tbody>
+            <tfoot>
+               <tr>
+                  <td colspan="2"></td>
+                  <td align="center"><input type="submit" value="Remove Selected" /></td>
+               </tr>
+            </tfoot>
+         </table>
+      </form>
+   </fieldset>
+</body>
+</html>
+<%   
+   }
+%>

Added: incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java?rev=756393&view=auto
==============================================================================
--- incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java (added)
+++ incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java Fri Mar 20 09:52:01 2009
@@ -0,0 +1,196 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sling.launchpad.webapp.integrationtest.accessManager;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.httpclient.Credentials;
+import org.apache.commons.httpclient.Header;
+import org.apache.commons.httpclient.HttpException;
+import org.apache.commons.httpclient.NameValuePair;
+import org.apache.commons.httpclient.UsernamePasswordCredentials;
+import org.apache.commons.httpclient.auth.AuthScope;
+import org.apache.commons.httpclient.methods.GetMethod;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.sling.commons.testing.integration.HttpTestBase;
+import org.apache.sling.servlets.post.SlingPostConstants;
+
+/**
+ * Base class for AccessManager tests.
+ */
+public abstract class AbstractAccessManagerTest extends HttpTestBase {
+
+	public static final String TEST_BASE_PATH = "/sling-tests";
+
+    /** Execute a POST request and check status */
+    protected void assertAuthenticatedPostStatus(Credentials creds, String url, int expectedStatusCode, List<NameValuePair> postParams, String assertMessage)
+    throws IOException {
+        final PostMethod post = new PostMethod(url);
+        post.setFollowRedirects(false);
+        
+        URL baseUrl = new URL(HTTP_BASE_URL);
+        AuthScope authScope = new AuthScope(baseUrl.getHost(), baseUrl.getPort(), AuthScope.ANY_REALM);
+        post.setDoAuthentication(true);
+        Credentials oldCredentials = httpClient.getState().getCredentials(authScope);
+        try {
+			httpClient.getState().setCredentials(authScope, creds);
+	        
+	        if(postParams!=null) {
+	            final NameValuePair [] nvp = {};
+	            post.setRequestBody(postParams.toArray(nvp));
+	        }
+	
+	        final int status = httpClient.executeMethod(post);
+	        if(assertMessage == null) {
+	            assertEquals(expectedStatusCode, status);
+	        } else {
+	            assertEquals(assertMessage, expectedStatusCode, status);
+	        }
+        } finally {
+        	httpClient.getState().setCredentials(authScope, oldCredentials);
+        }
+    }
+
+    /** Verify that given URL returns expectedStatusCode
+     * @throws IOException */
+    protected void assertAuthenticatedHttpStatus(Credentials creds, String urlString, int expectedStatusCode, String assertMessage) throws IOException {
+        URL baseUrl = new URL(HTTP_BASE_URL);
+        AuthScope authScope = new AuthScope(baseUrl.getHost(), baseUrl.getPort(), AuthScope.ANY_REALM);
+        GetMethod getMethod = new GetMethod(urlString);
+        getMethod.setDoAuthentication(true);
+        
+        Credentials oldCredentials = httpClient.getState().getCredentials(authScope);
+    	try {
+			httpClient.getState().setCredentials(authScope, creds);
+
+			final int status = httpClient.executeMethod(getMethod);
+            if(assertMessage == null) {
+                assertEquals(urlString,expectedStatusCode, status);
+            } else {
+                assertEquals(assertMessage, expectedStatusCode, status);
+            }
+    	} finally {
+        	httpClient.getState().setCredentials(authScope, oldCredentials);
+    	}
+    }
+
+    
+    /** retrieve the contents of given URL and assert its content type
+     * @param expectedContentType use CONTENT_TYPE_DONTCARE if must not be checked 
+     * @throws IOException
+     * @throws HttpException */
+    protected String getAuthenticatedContent(Credentials creds, String url, String expectedContentType, List<NameValuePair> params, int expectedStatusCode) throws IOException {
+        final GetMethod get = new GetMethod(url);
+
+        URL baseUrl = new URL(HTTP_BASE_URL);
+        AuthScope authScope = new AuthScope(baseUrl.getHost(), baseUrl.getPort(), AuthScope.ANY_REALM);
+        get.setDoAuthentication(true);
+        Credentials oldCredentials = httpClient.getState().getCredentials(authScope);
+    	try {
+			httpClient.getState().setCredentials(authScope, creds);
+			
+	        if(params != null) {
+	            final NameValuePair [] nvp = new NameValuePair[0];
+	            get.setQueryString(params.toArray(nvp));
+	        }
+	        final int status = httpClient.executeMethod(get);
+	        final InputStream is = get.getResponseBodyAsStream();
+	        final StringBuffer content = new StringBuffer();
+	        final String charset = get.getResponseCharSet();
+	        final byte [] buffer = new byte[16384];
+	        int n = 0;
+	        while( (n = is.read(buffer, 0, buffer.length)) > 0) {
+	            content.append(new String(buffer, 0, n, charset));
+	        }
+	        assertEquals("Expected status " + expectedStatusCode + " for " + url + " (content=" + content + ")",
+	                expectedStatusCode,status);
+	        final Header h = get.getResponseHeader("Content-Type");
+	        if(expectedContentType == null) {
+	            if(h!=null) {
+	                fail("Expected null Content-Type, got " + h.getValue());
+	            }
+	        } else if(CONTENT_TYPE_DONTCARE.equals(expectedContentType)) {
+	            // no check
+	        } else if(h==null) {
+	            fail(
+	                    "Expected Content-Type that starts with '" + expectedContentType
+	                    +" but got no Content-Type header at " + url
+	            );
+	        } else {
+	            assertTrue(
+	                "Expected Content-Type that starts with '" + expectedContentType
+	                + "' for " + url + ", got '" + h.getValue() + "'",
+	                h.getValue().startsWith(expectedContentType)
+	            );
+	        }
+	        return content.toString();
+			
+    	} finally {
+        	httpClient.getState().setCredentials(authScope, oldCredentials);
+    	}
+    }
+    
+    
+    protected static int counter = 1;
+    
+	protected String createTestUser() throws IOException {
+        String postUrl = HTTP_BASE_URL + "/system/userManager/user.create.html";
+
+		String testUserId = "testUser" + (counter++);
+		List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+		postParams.add(new NameValuePair(":name", testUserId));
+		postParams.add(new NameValuePair("pwd", "testPwd"));
+		postParams.add(new NameValuePair("pwdConfirm", "testPwd"));
+		assertPostStatus(postUrl, HttpServletResponse.SC_OK, postParams, null);
+		
+		return testUserId;
+	}
+    
+	protected String createTestGroup() throws IOException {
+        String postUrl = HTTP_BASE_URL + "/system/userManager/group.create.html";
+
+		String testGroupId = "testGroup" + (counter++);
+		List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+		postParams.add(new NameValuePair(":name", testGroupId));
+		
+		//success would be a redirect to the welcome page of the webapp
+        Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+		assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
+		
+		return testGroupId;
+	}
+	
+	protected String createTestFolder() throws IOException {
+        String postUrl = HTTP_BASE_URL + TEST_BASE_PATH + "/" + "testFolder" + (counter++);
+
+        final String location = testClient.createNode(postUrl + SlingPostConstants.DEFAULT_CREATE_SUFFIX, null);
+        assertHttpStatus(location + DEFAULT_EXT, HttpServletResponse.SC_OK,
+                "POST must redirect to created resource (" + location + ")");
+        assertTrue("Node (" + location + ") must have generated name",
+                !location.endsWith("/*"));
+        assertTrue("Node (" + location + ") must created be under POST URL (" + postUrl + ")",
+                location.contains(postUrl + "/"));
+
+        return location;
+	}
+}

Added: incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java?rev=756393&view=auto
==============================================================================
--- incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java (added)
+++ incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java Fri Mar 20 09:52:01 2009
@@ -0,0 +1,140 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sling.launchpad.webapp.integrationtest.accessManager;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.httpclient.Credentials;
+import org.apache.commons.httpclient.NameValuePair;
+import org.apache.commons.httpclient.UsernamePasswordCredentials;
+import org.apache.sling.commons.json.JSONArray;
+import org.apache.sling.commons.json.JSONException;
+import org.apache.sling.commons.json.JSONObject;
+
+/**
+ * Tests for the 'modifyAce' Sling Post Operation
+ */
+public class ModifyAceTest extends AbstractAccessManagerTest {
+
+	String testUserId = null;
+	String testGroupId = null;
+	String testFolderUrl = null;
+	
+	@Override
+	protected void tearDown() throws Exception {
+		super.tearDown();
+
+		Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+
+		if (testFolderUrl != null) {
+			//remove the test user if it exists.
+			String postUrl = testFolderUrl;
+			List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+			postParams.add(new NameValuePair(":operation", "delete"));
+			assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
+		}
+		if (testGroupId != null) {
+			//remove the test user if it exists.
+			String postUrl = HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".delete.html";
+			List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+			assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
+		}
+		if (testUserId != null) {
+			//remove the test user if it exists.
+			String postUrl = HTTP_BASE_URL + "/system/userManager/user/" + testUserId + ".delete.html";
+			List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+			assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
+		}
+	}
+
+	public void testModifyAceForUser() throws IOException, JSONException {
+		testUserId = createTestUser();
+		
+		testFolderUrl = createTestFolder();
+		
+        String postUrl = testFolderUrl + ".modifyAce.html";
+
+		List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+		postParams.add(new NameValuePair("principalId", testUserId));
+		postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
+		postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
+		
+		Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+		assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
+		
+		
+		//fetch the JSON for the acl to verify the settings.
+		String getUrl = testFolderUrl + ".acl.json";
+
+		String json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
+		assertNotNull(json);
+		JSONObject jsonObj = new JSONObject(json);
+		String aceString = jsonObj.getString(testUserId);
+		assertNotNull(aceString);
+		
+		JSONObject aceObject = new JSONObject(aceString); 
+		assertNotNull(aceObject);
+		
+		JSONArray grantedArray = aceObject.getJSONArray("granted");
+		assertNotNull(grantedArray);
+		assertEquals("jcr:read", grantedArray.getString(0));
+
+		JSONArray deniedArray = aceObject.getJSONArray("denied");
+		assertNotNull(deniedArray);
+		assertEquals("jcr:write", deniedArray.getString(0));
+	}
+
+	public void testModifyAceForGroup() throws IOException, JSONException {
+		testGroupId = createTestGroup();
+
+		testFolderUrl = createTestFolder();
+
+        String postUrl = testFolderUrl + ".modifyAce.html";
+
+		List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+		postParams.add(new NameValuePair("principalId", testGroupId));
+		postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
+		postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
+		
+		Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+		assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
+		
+		
+		//fetch the JSON for the acl to verify the settings.
+		String getUrl = testFolderUrl + ".acl.json";
+
+		String json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
+		assertNotNull(json);
+		JSONObject jsonObj = new JSONObject(json);
+		String aceString = jsonObj.getString(testGroupId);
+		assertNotNull(aceString);
+
+		JSONObject aceObject = new JSONObject(aceString);
+		assertNotNull(aceObject);
+		
+		JSONArray grantedArray = aceObject.getJSONArray("granted");
+		assertNotNull(grantedArray);
+		assertEquals("jcr:read", grantedArray.getString(0));
+
+		//denied rights are not applied for groups, so make sure it is not there
+		assertTrue(aceObject.isNull("denied"));
+	}
+}

Added: incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/RemoveAcesTest.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/RemoveAcesTest.java?rev=756393&view=auto
==============================================================================
--- incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/RemoveAcesTest.java (added)
+++ incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/RemoveAcesTest.java Fri Mar 20 09:52:01 2009
@@ -0,0 +1,171 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sling.launchpad.webapp.integrationtest.accessManager;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.httpclient.Credentials;
+import org.apache.commons.httpclient.NameValuePair;
+import org.apache.commons.httpclient.UsernamePasswordCredentials;
+import org.apache.sling.commons.json.JSONArray;
+import org.apache.sling.commons.json.JSONException;
+import org.apache.sling.commons.json.JSONObject;
+
+/**
+ * Tests for the 'removeAce' Sling POST operation
+ */
+public class RemoveAcesTest extends AbstractAccessManagerTest {
+	String testUserId = null;
+	String testGroupId = null;
+	String testFolderUrl = null;
+	
+	@Override
+	protected void tearDown() throws Exception {
+		super.tearDown();
+
+		Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+
+		if (testFolderUrl != null) {
+			//remove the test user if it exists.
+			String postUrl = testFolderUrl;
+			List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+			postParams.add(new NameValuePair(":operation", "delete"));
+			assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
+		}
+		if (testGroupId != null) {
+			//remove the test user if it exists.
+			String postUrl = HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".delete.html";
+			List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+			assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
+		}
+		if (testUserId != null) {
+			//remove the test user if it exists.
+			String postUrl = HTTP_BASE_URL + "/system/userManager/user/" + testUserId + ".delete.html";
+			List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+			assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
+		}
+		//todo delete test folder
+	}
+	
+	private String createFolderWithAces(boolean addGroupAce) throws IOException, JSONException {
+		testUserId = createTestUser();
+		testFolderUrl = createTestFolder();
+
+        String postUrl = testFolderUrl + ".modifyAce.html";
+
+		List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+		postParams.add(new NameValuePair("principalId", testUserId));
+		postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
+		postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
+		
+		Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+		assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
+
+		if (addGroupAce) {
+			testGroupId = createTestGroup();
+			
+			postParams = new ArrayList<NameValuePair>();
+			postParams.add(new NameValuePair("principalId", testGroupId));
+			postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
+			
+			assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
+		}
+		
+		//fetch the JSON for the acl to verify the settings.
+		String getUrl = testFolderUrl + ".acl.json";
+
+		String json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
+		assertNotNull(json);
+		
+		JSONObject jsonObj = new JSONObject(json);
+		String aceString = jsonObj.getString(testUserId);
+		assertNotNull(aceString);
+
+		JSONObject aceObject = new JSONObject(aceString);
+		assertNotNull(aceObject);
+		
+		JSONArray grantedArray = aceObject.getJSONArray("granted");
+		assertNotNull(grantedArray);
+		assertEquals("jcr:read", grantedArray.getString(0));
+
+		JSONArray deniedArray = aceObject.getJSONArray("denied");
+		assertNotNull(deniedArray);
+		assertEquals("jcr:write", deniedArray.getString(0));
+
+		if (addGroupAce) {
+			aceString = jsonObj.getString(testGroupId);
+			assertNotNull(aceString);
+
+			aceObject = new JSONObject(aceString);
+			assertNotNull(aceObject);
+
+			grantedArray = aceObject.getJSONArray("granted");
+			assertNotNull(grantedArray);
+			assertEquals("jcr:read", grantedArray.getString(0));
+		}
+		
+		return testFolderUrl;
+	}
+	
+	//test removing a single ace
+	public void testRemoveAce() throws IOException, JSONException {
+		String folderUrl = createFolderWithAces(false);
+		
+		//remove the ace for the testUser principal
+		String postUrl = folderUrl + ".deleteAce.html"; 
+		List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+		postParams.add(new NameValuePair(":applyTo", testUserId));
+        Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+		assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
+
+		//fetch the JSON for the acl to verify the settings.
+		String getUrl = folderUrl + ".acl.json";
+
+		String json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
+		assertNotNull(json);
+
+		JSONObject jsonObj = new JSONObject(json);
+		assertTrue(jsonObj.isNull(testUserId));
+	}
+
+	//test removing multiple aces
+	public void testRemoveAces() throws IOException, JSONException {
+		String folderUrl = createFolderWithAces(true);
+		
+		//remove the ace for the testUser principal
+		String postUrl = folderUrl + ".deleteAce.html"; 
+		List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+		postParams.add(new NameValuePair(":applyTo", testUserId));
+		postParams.add(new NameValuePair(":applyTo", testGroupId));
+        Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+		assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
+
+		//fetch the JSON for the acl to verify the settings.
+		String getUrl = folderUrl + ".acl.json";
+
+		String json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
+		assertNotNull(json);
+
+		JSONObject jsonObj = new JSONObject(json);
+		assertTrue(jsonObj.isNull(testUserId));
+		assertTrue(jsonObj.isNull(testGroupId));
+	}
+}