jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r638834 [12/14] - in /jackrabbit/trunk: jackrabbit-api/src/main/java/org/apache/jackrabbit/api/ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/ jack...
Date Wed, 19 Mar 2008 13:57:11 GMT
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PolicyTemplateTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PolicyTemplateTest.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PolicyTemplateTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PolicyTemplateTest.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,192 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization;
+
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.core.security.jsr283.security.AbstractAccessControlTest;
+import org.apache.jackrabbit.core.security.jsr283.security.AccessControlException;
+import org.apache.jackrabbit.core.security.jsr283.security.AccessControlPolicy;
+import org.apache.jackrabbit.core.security.jsr283.security.AccessControlPolicyIterator;
+import org.apache.jackrabbit.core.security.jsr283.security.Privilege;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.Node;
+import javax.jcr.RepositoryException;
+import java.security.Principal;
+
+/**
+ * <code>PolicyTemplateTest</code>...
+ */
+public class PolicyTemplateTest extends AbstractAccessControlTest {
+
+    private static Logger log = LoggerFactory.getLogger(PolicyTemplateTest.class);
+
+    private PolicyTemplate templ;
+
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        Node n = testRootNode.addNode(nodeName1, testNodeType);
+        superuser.save();
+
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(n.getPath());
+        if (it.hasNext()) {
+            AccessControlPolicy p = it.nextAccessControlPolicy();
+            if (p instanceof PolicyTemplate) {
+                templ = (PolicyTemplate) p;
+            } else {
+                throw new NotExecutableException("No PolicyTemplate to test.");
+            }
+        } else {
+            throw new NotExecutableException("No PolicyTemplate to test.");
+        }
+    }
+
+    protected void tearDown() throws Exception {
+        // make sure transient ac-changes are reverted.
+        superuser.refresh(false);
+        super.tearDown();
+    }
+
+    private Principal getValidPrincipal() throws NotExecutableException, RepositoryException {
+        if (!(superuser instanceof JackrabbitSession)) {
+            throw new NotExecutableException();
+        }
+
+        PrincipalManager pMgr = ((JackrabbitSession) superuser).getPrincipalManager();
+        PrincipalIterator it = pMgr.getPrincipals(PrincipalManager.SEARCH_TYPE_ALL);
+        if (it.hasNext()) {
+            return it.nextPrincipal();
+        } else {
+            throw new NotExecutableException();
+        }
+    }
+
+    private static void assertSamePrivileges(Privilege[] privs1, Privilege[] privs2) throws AccessControlException {
+        assertEquals(PrivilegeRegistry.getBits(privs1), PrivilegeRegistry.getBits(privs2));
+    }
+
+    public void testIsEmpty() {
+        if (templ.isEmpty()) {
+            assertEquals(0, templ.size());
+            assertEquals(0, templ.getEntries().length);
+        } else {
+            assertTrue(templ.size() > 0);
+            assertTrue(templ.getEntries().length > 0);
+        }
+    }
+
+    // TODO:
+
+    /*
+    public void testGrantAll() throws NotExecutableException, RepositoryException {
+        Principal princ = getValidPrincipal();
+        Privilege[] priv = PrivilegeRegistry.getPrivileges(new String[] {Privilege.ALL});
+
+        List entriesBefore = Arrays.asList(templ.getEntries(princ));
+        if (templ.grantPrivileges(princ, priv)) {
+            PolicyEntry[] entries = templ.getEntries(princ);
+            if (entries.length == 0) {
+                fail("GrantPrivileges was successful -> at least 1 entry for principal.");
+            }
+            for (int i = 0; i < entries.length; i++) {
+                PolicyEntry en = entries[i];
+                if (en.isAllow()) {
+                    assertSamePrivileges(priv, en.getPrivileges());
+                } else {
+                    fail("Granting ALL privileges must remove any present 'deny' entries.");
+                }
+            }
+        } else {
+            PolicyEntry[] entries = templ.getEntries(princ);
+            assertEquals("Grant ALL not successful -> entries must not have changed.", entriesBefore, Arrays.asList(entries));
+        }
+    }
+
+    public void testGrantWrite() throws NotExecutableException, RepositoryException {
+        Principal princ = getValidPrincipal();
+        Privilege[] priv = PrivilegeRegistry.getPrivileges(new String[] {Privilege.WRITE});
+
+        boolean writeIsGranted = false;
+        if (templ.grantPrivileges(princ, priv)) {
+            PolicyEntry[] entries = templ.getEntries(princ);
+            assertTrue("GrantPrivileges was successful -> at least 1 entry for principal.", entries.length > 0);
+
+            for (int i = 0; i < entries.length; i++) {
+                PolicyEntry en = entries[i];
+                int bits = PrivilegeRegistry.getBits(en.getPrivileges());
+                if (en.isAllow()) {
+                    writeIsGranted = (bits & PrivilegeRegistry.WRITE) > 0;
+                } else {
+                    fail("After successfully granting WRITE, no deny-WRITE must be present any more.");
+                }
+            }
+            assertTrue("After successfully granting WRITE, the entries must reflect this", writeIsGranted);
+        }
+    }
+
+    public void testGrantWriteDenyRemove() throws NotExecutableException, RepositoryException {
+        Principal princ = getValidPrincipal();
+        Privilege[] grPriv = PrivilegeRegistry.getPrivileges(new String[] {Privilege.WRITE});
+        Privilege[] dePriv = PrivilegeRegistry.getPrivileges(new String[] {Privilege.REMOVE_CHILD_NODES});
+
+        if (templ.grantPrivileges(princ, grPriv) && templ.denyPrivileges(princ, dePriv)) {
+            PolicyEntry[] entries = templ.getEntries(princ);
+            assertFalse("Grant & subsequent Deny were both successful -> at least 2 entry for principal.", entries.length < 2);
+
+            for (int i = 0; i < entries.length; i++) {
+                PolicyEntry en = entries[i];
+                int bits = PrivilegeRegistry.getBits(en.getPrivileges());
+                if (en.isAllow()) {
+                    int remaining = PrivilegeRegistry.diff(PrivilegeRegistry.WRITE, PrivilegeRegistry.REMOVE_CHILD_NODES);
+                    assertTrue((bits & remaining) > 0);
+                } else {
+                    assertTrue((bits & PrivilegeRegistry.REMOVE_CHILD_NODES) > 0);
+                }
+            }
+        } else {
+            throw new NotExecutableException();
+        }
+    }
+
+    public void testRemoveEntry() throws NotExecutableException, RepositoryException {
+        Principal princ = getValidPrincipal();
+        Privilege[] grPriv = PrivilegeRegistry.getPrivileges(new String[] {Privilege.WRITE});
+
+        if (templ.grantPrivileges(princ, grPriv)) {
+            PolicyEntry[] entries = templ.getEntries();
+            assertTrue("Grant was both successful -> at least 1 entry.", entries.length > 0);
+
+            for (int i = 0; i < entries.length; i++) {
+                PolicyEntry en = entries[i];
+                assertTrue(templ.removeEntry(en));
+            }
+
+            assertTrue(templ.isEmpty());
+            assertEquals(0, templ.size());
+            assertEquals(0, templ.getEntries().length);
+            assertEquals(0, templ.getEntries(princ).length);
+        } else {
+            throw new NotExecutableException();
+        }
+    }
+    */
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PolicyTemplateTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PolicyTemplateTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,211 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization;
+
+import junit.framework.TestCase;
+import org.apache.jackrabbit.core.security.jsr283.security.AccessControlException;
+import org.apache.jackrabbit.core.security.jsr283.security.Privilege;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * <code>PrivilegeRegistryTest</code>...
+ */
+public class PrivilegeRegistryTest extends TestCase {
+
+    public void testRegisteredPrivileges() {
+        Privilege[] ps = PrivilegeRegistry.getRegisteredPrivileges();
+
+        List l = new ArrayList(Arrays.asList(ps));
+        assertTrue(l.remove(PrivilegeRegistry.READ_PRIVILEGE));
+        assertTrue(l.remove(PrivilegeRegistry.ADD_CHILD_NODES_PRIVILEGE));
+        assertTrue(l.remove(PrivilegeRegistry.REMOVE_CHILD_NODES_PRIVILEGE));
+        assertTrue(l.remove(PrivilegeRegistry.MODIFY_PROPERTIES_PRIVILEGE));
+        assertTrue(l.remove(PrivilegeRegistry.READ_AC_PRIVILEGE));
+        assertTrue(l.remove(PrivilegeRegistry.MODIFY_AC_PRIVILEGE));
+        assertTrue(l.remove(PrivilegeRegistry.WRITE_PRIVILEGE));
+        assertTrue(l.remove(PrivilegeRegistry.ALL_PRIVILEGE));
+        assertTrue(l.isEmpty());
+    }
+
+    public void testAllPrivilege() {
+        Privilege p = PrivilegeRegistry.ALL_PRIVILEGE;
+        assertEquals(p.getName(), Privilege.ALL);
+        assertTrue(p.isAggregate());
+        assertFalse(p.isAbstract());
+
+        List l = new ArrayList(Arrays.asList(p.getAggregatePrivileges()));
+        assertTrue(l.remove(PrivilegeRegistry.READ_PRIVILEGE));
+        assertTrue(l.remove(PrivilegeRegistry.ADD_CHILD_NODES_PRIVILEGE));
+        assertTrue(l.remove(PrivilegeRegistry.REMOVE_CHILD_NODES_PRIVILEGE));
+        assertTrue(l.remove(PrivilegeRegistry.MODIFY_PROPERTIES_PRIVILEGE));
+        assertTrue(l.remove(PrivilegeRegistry.READ_AC_PRIVILEGE));
+        assertTrue(l.remove(PrivilegeRegistry.MODIFY_AC_PRIVILEGE));
+        assertTrue(l.isEmpty());
+    }
+
+    public void testGetBits() throws AccessControlException {
+        Privilege[] privs = new Privilege[] {PrivilegeRegistry.ADD_CHILD_NODES_PRIVILEGE,
+                                             PrivilegeRegistry.REMOVE_CHILD_NODES_PRIVILEGE};
+
+        int bits = PrivilegeRegistry.getBits(privs);
+        assertTrue(bits > PrivilegeRegistry.NO_PRIVILEGE);
+        assertTrue(bits == (PrivilegeRegistry.ADD_CHILD_NODES | PrivilegeRegistry.REMOVE_CHILD_NODES));
+    }
+
+    public void testGetBitsFromCustomPrivilege() throws AccessControlException {
+        Privilege p = buildCustomPrivilege("anyName", PrivilegeRegistry.WRITE_PRIVILEGE);
+
+        int bits = PrivilegeRegistry.getBits(new Privilege[] {p});
+
+        assertTrue(bits > PrivilegeRegistry.NO_PRIVILEGE);
+        assertTrue(bits == PrivilegeRegistry.WRITE);
+    }
+
+    public void testGetBitsFromCustomPrivilege2() throws AccessControlException {
+        Privilege p = buildCustomPrivilege(Privilege.READ, null);
+
+        int bits = PrivilegeRegistry.getBits(new Privilege[] {p});
+
+        assertTrue(bits > PrivilegeRegistry.NO_PRIVILEGE);
+        assertTrue(bits == PrivilegeRegistry.READ);
+    }
+
+    public void testGetBitsFromNull() {
+        try {
+            PrivilegeRegistry.getBits((Privilege[]) null);
+            fail("Should throw AccessControlException");
+        } catch (AccessControlException e) {
+            // ok
+        }
+    }
+
+    public void testGetBitsFromEmptyArray() {
+        try {
+            PrivilegeRegistry.getBits(new Privilege[0]);
+            fail("Should throw AccessControlException");
+        } catch (AccessControlException e) {
+            // ok
+        }
+    }
+
+    public void testGetBitsWithInvalidPrivilege() {
+        Privilege p = buildCustomPrivilege("anyName", null);
+        try {
+            PrivilegeRegistry.getBits(new Privilege[] {p});
+            fail();
+        } catch (AccessControlException e) {
+            // ok
+        }
+    }
+
+    public void testGetPrivilegesFromBits() throws AccessControlException {
+        Privilege[] pvs = PrivilegeRegistry.getPrivileges(PrivilegeRegistry.READ_AC);
+
+        assertTrue(pvs != null);
+        assertTrue(pvs.length == 1);
+        assertEquals(pvs[0].getName(), Privilege.READ_ACCESS_CONTROL);
+    }
+
+    public void testGetPrivilegesFromBits2() throws AccessControlException {
+        int writeBits = PrivilegeRegistry.ADD_CHILD_NODES | PrivilegeRegistry.REMOVE_CHILD_NODES | PrivilegeRegistry.MODIFY_PROPERTIES;
+        Privilege[] pvs = PrivilegeRegistry.getPrivileges(writeBits);
+
+        assertTrue(pvs != null);
+        assertTrue(pvs.length == 1);
+        assertEquals(pvs[0].getName(), Privilege.WRITE);
+        assertTrue(pvs[0].isAggregate());
+        assertTrue(pvs[0].getDeclaredAggregatePrivileges().length == 3);
+    }
+
+    public void testGetPrivilegesFromNames() throws AccessControlException {
+        Privilege[] p = PrivilegeRegistry.getPrivileges(new String[] {Privilege.READ});
+
+        assertTrue(p != null && p.length == 1);
+        assertEquals(p[0].getName(), PrivilegeRegistry.READ_PRIVILEGE.getName());
+        assertEquals(p[0], PrivilegeRegistry.READ_PRIVILEGE);
+        assertFalse(p[0].isAggregate());
+
+        p = PrivilegeRegistry.getPrivileges(new String[] {Privilege.WRITE});
+
+        assertTrue(p != null && p.length == 1);
+        assertEquals(p[0].getName(), PrivilegeRegistry.WRITE_PRIVILEGE.getName());
+        assertEquals(p[0], PrivilegeRegistry.WRITE_PRIVILEGE);
+        assertTrue(p[0].isAggregate());
+
+        p = PrivilegeRegistry.getPrivileges(new String[] {Privilege.READ,
+                                                          Privilege.MODIFY_ACCESS_CONTROL});
+        assertTrue(p != null);
+        assertTrue(p.length == 2);
+
+        List l = Arrays.asList(p);
+        assertTrue(l.contains(PrivilegeRegistry.READ_PRIVILEGE) && l.contains(PrivilegeRegistry.MODIFY_AC_PRIVILEGE));
+    }
+
+    public void testGetPrivilegesFromInvalidNames() {
+        try {
+            PrivilegeRegistry.getPrivileges(new String[]{"unknown"});
+            fail("invalid privilege name");
+        } catch (AccessControlException e) {
+            // OK
+        }
+    }
+
+    public void testGetPrivilegesFromEmptyNames() {
+        try {
+            PrivilegeRegistry.getPrivileges(new String[0]);
+            fail("invalid privilege name array");
+        } catch (AccessControlException e) {
+            // OK
+        }
+    }
+
+    public void testGetPrivilegesFromNullNames() {
+        try {
+            PrivilegeRegistry.getPrivileges(null);
+            fail("invalid privilege names (null)");
+        } catch (AccessControlException e) {
+            // OK
+        }
+    }
+
+     private Privilege buildCustomPrivilege(final String name, final Privilege declaredAggr) {
+        return new Privilege() {
+
+            public String getName() {
+                return name;
+            }
+            public String getDescription() {
+                return null;
+            }
+            public boolean isAbstract() {
+                return false;
+            }
+            public boolean isAggregate() {
+                return declaredAggr != null;
+            }
+            public Privilege[] getDeclaredAggregatePrivileges() {
+                return (declaredAggr ==  null) ? new Privilege[0] : new Privilege[] {declaredAggr};
+            }
+            public Privilege[] getAggregatePrivileges() {
+                return (declaredAggr ==  null) ? new Privilege[0] : declaredAggr.getAggregatePrivileges();
+            }
+        };
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Test suite
+ */
+public class TestAll extends TestCase {
+
+    /**
+     * Returns a <code>Test</code> suite that executes all tests inside this
+     * package.
+     *
+     * @return a <code>Test</code> suite that executes all tests inside this
+     *         package.
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite("security.authorization tests");
+
+        suite.addTestSuite(PrivilegeRegistryTest.class);
+
+        suite.addTestSuite(PolicyTemplateTest.class);
+        //TODO suite.addTestSuite(EntryTemplateTest.class);
+
+        return suite;
+    }
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACEImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACEImplTest.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACEImplTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACEImplTest.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,136 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.acl;
+
+import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
+import org.apache.jackrabbit.core.security.authorization.PolicyEntry;
+import org.apache.jackrabbit.core.security.jsr283.security.AccessControlException;
+import org.apache.jackrabbit.core.security.jsr283.security.Privilege;
+import org.apache.jackrabbit.test.JUnitTest;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Iterator;
+
+/**
+ * <code>ACEImplTest</code>...
+ */
+public class ACEImplTest extends JUnitTest {
+
+    private static Logger log = LoggerFactory.getLogger(ACEImplTest.class);
+
+    private Principal testPrincipal;
+
+    protected void setUp() throws Exception {
+        super.setUp();
+        testPrincipal = new Principal() {
+            public String getName() {
+                return "TestPrincipal";
+            }
+        };
+    }
+
+    public void testIsAllow() {
+        ACEImpl tmpl = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
+        assertTrue(tmpl.isAllow());
+
+        tmpl = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, false);
+        assertFalse(tmpl.isAllow());
+    }
+
+    public void testGetPrincipal() {
+        ACEImpl tmpl = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
+        assertNotNull(tmpl.getPrincipal());
+        assertEquals(testPrincipal.getName(), tmpl.getPrincipal().getName());
+        assertSame(testPrincipal, tmpl.getPrincipal());
+    }
+
+    public void testGetPrivileges() throws AccessControlException {
+        ACEImpl tmpl = new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true);
+
+        Privilege[] privs = tmpl.getPrivileges();
+        assertNotNull(privs);
+        assertEquals(1, privs.length);
+        assertEquals(privs[0].getName(), Privilege.READ);
+
+        tmpl = new ACEImpl(testPrincipal, PrivilegeRegistry.WRITE, true);
+        privs = tmpl.getPrivileges();
+        assertNotNull(privs);
+        assertEquals(1, privs.length);
+        assertEquals(privs[0].getName(), Privilege.WRITE);
+
+        tmpl = new ACEImpl(testPrincipal, PrivilegeRegistry.ADD_CHILD_NODES | PrivilegeRegistry.REMOVE_CHILD_NODES, true);
+        privs = tmpl.getPrivileges();
+        assertNotNull(privs);
+        assertEquals(2, privs.length);
+
+        Privilege[] param = PrivilegeRegistry.getPrivileges(new String[] {Privilege.ADD_CHILD_NODES, Privilege.REMOVE_CHILD_NODES});
+        assertEquals(Arrays.asList(param), Arrays.asList(privs));
+    }
+
+    public void testEqual() {
+        ACEImpl ace = new ACEImpl(testPrincipal, PrivilegeRegistry.ALL, true);
+
+        ACEImpl ace2 = new ACEImpl(testPrincipal, PrivilegeRegistry.ALL, true);
+        assertEquals(ace, ace2);
+
+        ace2 = new ACEImpl(testPrincipal, PrivilegeRegistry.READ |
+                PrivilegeRegistry.WRITE |
+                PrivilegeRegistry.MODIFY_AC |
+                PrivilegeRegistry.READ_AC, true);
+        assertEquals(ace, ace2);
+    }
+
+    public void testNotEqual() {
+        ACEImpl ace = new ACEImpl(testPrincipal, PrivilegeRegistry.ALL, true);
+        List otherAces = new ArrayList();
+        // ACE template with different principal
+        otherAces.add(new ACEImpl(new Principal() {
+            public String getName() {
+                return "a name";
+            } }, PrivilegeRegistry.ALL, true)
+        );
+
+        // ACE template with different privileges
+        otherAces.add(new ACEImpl(testPrincipal, PrivilegeRegistry.READ, true));
+        // ACE template with different 'allow' flag
+        otherAces.add(new ACEImpl(testPrincipal, PrivilegeRegistry.ALL, false));
+        // ACE template with different privileges and 'allows
+        otherAces.add(new ACEImpl(testPrincipal, PrivilegeRegistry.WRITE, false));
+        // other ace impl
+        PolicyEntry pe = new PolicyEntry() {
+            public boolean isAllow() {
+                return true;
+            }
+            public Principal getPrincipal() {
+                return testPrincipal;
+            }
+            public Privilege[] getPrivileges() {
+                return PrivilegeRegistry.getPrivileges(PrivilegeRegistry.ALL);
+            }
+        };
+        otherAces.add(pe);
+
+        for (Iterator it = otherAces.iterator(); it.hasNext();) {
+            assertFalse(ace.equals(it.next()));
+        }
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACEImplTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACEImplTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLImplTest.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLImplTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLImplTest.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,147 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.acl;
+
+import org.apache.jackrabbit.core.NodeId;
+import org.apache.jackrabbit.core.security.authorization.Permission;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
+import org.apache.jackrabbit.core.security.jsr283.security.AccessControlException;
+import org.apache.jackrabbit.test.JUnitTest;
+import org.apache.jackrabbit.uuid.UUID;
+
+import javax.jcr.RepositoryException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * <code>ACLImplTest</code>...
+ */
+public class ACLImplTest extends JUnitTest {
+
+    private static Principal testPrincipal = new Principal() {
+        public String getName() {
+            return "TestPrincipal";
+        }
+    };
+
+    private static ACEImpl createACE(int privileges, boolean isAllow) {
+        return new ACEImpl(testPrincipal, privileges, isAllow);
+    }
+
+    private static ACLImpl getEmptyACL(NodeId nid) {
+        NodeId id = (nid == null) ? new NodeId(UUID.randomUUID()) : nid;
+        return new ACLImpl(id, Collections.EMPTY_LIST, null, false);
+    }
+
+    private static ACLImpl getLocalACL(List localEntries, boolean protectsAcl) {
+        NodeId id = new NodeId(UUID.randomUUID());
+        return new ACLImpl(id, localEntries, null, protectsAcl);
+    }
+
+    private static ACLImpl getComplexACL(List localEntries, ACLImpl base,
+                                         boolean protectsAcl) {
+        NodeId id = new NodeId(UUID.randomUUID());
+        return new ACLImpl(id, localEntries, base, protectsAcl);
+    }
+
+    public void testGetName() throws RepositoryException {
+        ACLImpl acl = getEmptyACL(null);
+
+        assertNotNull(acl.getName());
+        assertEquals(ACLImpl.POLICY_NAME, acl.getName());
+    }
+
+    public void testGetId() {
+        NodeId nid = new NodeId(UUID.randomUUID());
+        ACLImpl acl = getEmptyACL(nid);
+
+        assertEquals(nid, acl.getId());
+    }
+
+    public void testGetEntries() {
+        // an empty acl must not have any entries not even inherited onces.
+        ACLImpl acl = getEmptyACL(null);
+        assertNotNull(acl.getEntries());
+        assertFalse(acl.getEntries().hasNext());
+
+        // create an acl with local entries but no inherited onces
+        List aces = new ArrayList();
+        aces.add(createACE(PrivilegeRegistry.ALL, true));
+        aces.add(createACE(PrivilegeRegistry.ADD_CHILD_NODES, false));
+        aces.add(createACE(PrivilegeRegistry.READ_AC | PrivilegeRegistry.MODIFY_AC, false));
+
+        acl = getLocalACL(aces, false);
+        int i = 0;
+        for (Iterator it = acl.getEntries(); it.hasNext();) {
+            ACEImpl ace = (ACEImpl) it.next();
+            assertEquals(aces.get(i), ace);
+            i++;
+        }
+
+        // create an acl with inherited entries but no local
+        acl = getComplexACL(Collections.EMPTY_LIST, acl, false);
+        i = 0;
+        for (Iterator it = acl.getEntries(); it.hasNext();) {
+            ACEImpl ace = (ACEImpl) it.next();
+            assertEquals(aces.get(i), ace);
+            i++;
+        }
+
+        // create acl with inherited and local entries
+        List local = new ArrayList();
+        local.add(createACE(PrivilegeRegistry.ALL, false));
+        local.add(createACE(PrivilegeRegistry.READ, true));
+        local.add(createACE(PrivilegeRegistry.READ_AC, true));
+
+        acl = getComplexACL(local, acl, false);
+        List test = new ArrayList();
+        test.addAll(local);
+        test.addAll(aces);
+        i = 0;
+        for (Iterator it = acl.getEntries(); it.hasNext();) {
+            ACEImpl ace = (ACEImpl) it.next();
+            assertEquals(test.get(i), ace);
+            i++;
+        }
+    }
+
+    public void testGetPrivileges() throws AccessControlException {
+        ACLImpl acl = getEmptyACL(null);
+        assertTrue(PrivilegeRegistry.NO_PRIVILEGE == acl.getPrivileges());
+
+        // TODO: inherited
+        // TODO: locals
+    }
+
+    public void testGetPermissions() throws AccessControlException {
+        ACLImpl acl = getEmptyACL(null);
+        assertTrue(Permission.NONE == acl.getPermissions("any"));
+
+        // TODO: inherited
+        // TODO: locals
+        // TODO: test effect of protectsACL flag
+    }
+
+    public void testProtectsFlag() {
+        // TODO
+
+    }
+
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLImplTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLImplTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.acl;
+
+import org.apache.jackrabbit.test.JUnitTest;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * <code>ACLTemplateTest</code>...
+ */
+public class ACLTemplateTest extends JUnitTest {
+
+    private static Logger log = LoggerFactory.getLogger(ACLTemplateTest.class);
+
+    public void testEmptyTemplate() throws RepositoryException {
+        ACLTemplate at = new ACLTemplate();
+
+        assertNotNull(at.getEntries());
+        assertTrue(at.getEntries().length == 0);
+        assertTrue(at.isEmpty());
+        assertNotNull(at.getName());
+    }
+
+    // TODO: add tests
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,448 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.acl;
+
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.TestPrincipal;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
+import org.apache.jackrabbit.core.security.jsr283.security.AbstractAccessControlTest;
+import org.apache.jackrabbit.core.security.jsr283.security.AccessControlEntry;
+import org.apache.jackrabbit.core.security.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.core.security.jsr283.security.AccessControlPolicy;
+import org.apache.jackrabbit.core.security.jsr283.security.AccessControlPolicyIterator;
+import org.apache.jackrabbit.core.security.jsr283.security.Privilege;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.util.Text;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Credentials;
+import javax.jcr.Node;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.Property;
+import javax.jcr.RepositoryException;
+import javax.jcr.SimpleCredentials;
+import javax.jcr.NodeIterator;
+import javax.jcr.Session;
+import javax.jcr.nodetype.ConstraintViolationException;
+import java.security.Principal;
+
+/**
+ * <code>EvaluationTest</code>...
+ */
+public class EvaluationTest extends AbstractAccessControlTest {
+
+    private User testUser;
+    private SessionImpl testSession;
+    private AccessControlManager testAcMgr;
+
+    private String path;
+    private String childNPath;
+    private String childNPath2;
+    private String childPPath;
+    private String childchildPPath;
+    private String siblingPath;
+
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        UserManager uMgr = getUserManager(superuser);
+        Principal princ = new TestPrincipal("anyUser");
+        Credentials creds = new SimpleCredentials("anyUser", "anyUser".toCharArray());
+
+        Authorizable a = uMgr.getAuthorizable(princ);
+        if (a == null) {
+            testUser = uMgr.createUser("anyUser", creds, princ);
+        } else if (a.isGroup()) {
+            throw new NotExecutableException();
+        } else {
+            testUser = (User) a;
+        }
+
+        // TODO: remove cast once 283 is released.
+        testSession = (SessionImpl) helper.getRepository().login(creds);
+        testAcMgr = getAccessControlManager(testSession);
+
+        // create some nodes below the test root in order to apply ac-stuff
+        Node node = testRootNode.addNode(nodeName1, testNodeType);
+        Node cn1 = node.addNode(nodeName2, testNodeType);
+        Property cp1 = node.setProperty(propertyName1, "anyValue");
+        Node cn2 = node.addNode(nodeName3, testNodeType);
+
+        Property ccp1 = cn1.setProperty(propertyName1, "childNodeProperty");
+
+        Node n2 = testRootNode.addNode(nodeName2, testNodeType);
+        superuser.save();
+
+        path = node.getPath();
+        childNPath = cn1.getPath();
+        childNPath2 = cn2.getPath();
+        childPPath = cp1.getPath();
+        childchildPPath = ccp1.getPath();
+        siblingPath = n2.getPath();
+    }
+
+    protected void tearDown() throws Exception {
+        super.tearDown();
+
+        if (testSession != null && testSession.isLive()) {
+            testSession.logout();
+        }
+        if (testUser != null) {
+            testUser.remove();
+        }
+    }
+
+    private static UserManager getUserManager(Session session) throws NotExecutableException {
+        if (!(session instanceof JackrabbitSession)) {
+            throw new NotExecutableException();
+        }
+
+        try {
+            return ((JackrabbitSession) session).getUserManager();
+        } catch (RepositoryException e) {
+            throw new NotExecutableException();
+        }
+    }
+
+    private static ACLTemplate getACLTemplate(AccessControlManager acM, String path) throws RepositoryException, AccessDeniedException {
+        AccessControlPolicyIterator it = acM.getApplicablePolicies(path);
+        while (it.hasNext()) {
+            AccessControlPolicy acp = it.nextAccessControlPolicy();
+            if (acp instanceof ACLTemplate) {
+                return (ACLTemplate) acp;
+            }
+        }
+        // TODO: change to NotExecutableException
+        throw new RepositoryException();
+    }
+
+    private void givePrivileges(String nPath, int privileges) throws NotExecutableException, RepositoryException {
+        ACLTemplate tmpl = getACLTemplate(acMgr, nPath);
+        tmpl.setEntry(new ACEImpl(testUser.getPrincipal(), privileges, true));
+        acMgr.setPolicy(nPath, tmpl);
+        superuser.save();
+    }
+
+    private void withdrawPrivileges(String nPath, int privileges) throws NotExecutableException, RepositoryException {
+        ACLTemplate tmpl = getACLTemplate(acMgr, nPath);
+        tmpl.setEntry(new ACEImpl(testUser.getPrincipal(), privileges, false));
+        acMgr.setPolicy(nPath, tmpl);
+        superuser.save();
+    }
+
+    private void checkReadOnly(String path) throws RepositoryException {
+        Privilege[] privs = testAcMgr.getPrivileges(path);
+        assertTrue(privs.length == 1);
+        assertEquals(PrivilegeRegistry.READ_PRIVILEGE, privs[0]);
+    }
+
+    public void testGrantedPermissions() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        /* precondition:
+           testuser must have READ-only permission on test-node and below
+         */
+        checkReadOnly(path);
+
+        // give 'testUser' ADD_CHILD_NODES|MODIFY_PROPERTIES privileges at 'path'
+        givePrivileges(path, PrivilegeRegistry.ADD_CHILD_NODES | PrivilegeRegistry.MODIFY_PROPERTIES);
+        /*
+         testuser must now have
+         - ADD_NODE permission for child node
+         - SET_PROPERTY permission for child props
+         - REMOVE permission for child-props
+         - READ-only permission for the node at 'path'
+
+         testuser must not have
+         - REMOVE permission for child node
+        */
+        String nonExChildPath = path + "/anyItem";
+        assertTrue(testSession.hasPermission(nonExChildPath, "read,add_node,set_property"));
+        assertFalse(testSession.hasPermission(nonExChildPath, "remove"));
+
+        Node testN = testSession.getNode(path);
+
+        // must be allowed to add child node
+        testN.addNode(nodeName3, testNodeType);
+        testSession.save();
+
+        // must be allowed to remove child-property
+        testSession.getProperty(childPPath).remove();
+        testSession.save();
+
+        // must be allowed to set child property again
+        testN.setProperty(Text.getName(childPPath), "othervalue");
+        testSession.save();
+
+        // must not be allowed to remove child nodes
+        try {
+            testSession.getNode(childNPath).remove();
+            testSession.save();
+            fail("test-user is not allowed to remove a node below " + path);
+        } catch (AccessDeniedException e) {
+            // success
+        }
+
+        // must have read-only access on 'testN' and it's sibling
+        assertTrue(testSession.hasPermission(path, "read"));
+        assertFalse(testSession.hasPermission(path, "add_node,set_property,remove"));
+        checkReadOnly(siblingPath);
+    }
+
+    public void testDeniedPermission() throws RepositoryException, NotExecutableException, InterruptedException {
+         /* precondition:
+           testuser must have READ-only permission on test-node and below
+         */
+        checkReadOnly(path);
+
+        // withdraw READ privilege to 'testUser' at 'path'
+        withdrawPrivileges(childNPath, PrivilegeRegistry.READ);
+        /*
+         testuser must now have
+         - READ-only permission for the child-props of path
+
+         testuser must not have
+         - any permission on child-node and all its subtree
+        */
+
+        // must still have read-access to path, ...
+        assertTrue(testSession.hasPermission(path, "read"));
+        Node n = testSession.getNode(path);
+        // ... siblings of childN
+        testSession.getNode(childNPath2);
+        // ... and props of path
+        assertTrue(n.getProperties().hasNext());
+
+        // must not have access to 'childNPath'
+        assertFalse(testSession.itemExists(childNPath));
+        try {
+            Node testN = testSession.getNode(childNPath);
+            fail("Read access has been denied -> cannot retrieve child node.");
+        } catch (PathNotFoundException e) {
+            // ok.
+        }
+
+        // must not have access to subtree below 'childNPath'
+        assertFalse(testSession.itemExists(childchildPPath));
+        try {
+            testSession.getItem(childchildPPath);
+            fail("Read access has been denied -> cannot retrieve prop below child node.");
+        } catch (PathNotFoundException e) {
+            // ok.
+        }
+    }
+
+    public void testAccessControlRead() throws NotExecutableException, RepositoryException {
+        checkReadOnly(path);
+
+        // re-grant READ in order to have an ACL-node
+        givePrivileges(path, PrivilegeRegistry.READ);
+        // make sure the 'rep:policy' node has been created.
+        assertTrue(superuser.itemExists(path + "/rep:policy"));
+
+        /*
+         Testuser must still have READ-only access only and must not be
+         allowed to view the acl-node that has been created.
+        */
+        assertFalse(testAcMgr.hasPrivileges(path, new Privilege[] {PrivilegeRegistry.READ_AC_PRIVILEGE}));
+        assertFalse(testSession.itemExists(path + "/rep:policy"));
+        Node n = testSession.getNode(path);
+        assertFalse(n.hasNode("rep:policy"));
+        try {
+            n.getNode("rep:policy");
+            fail("Accessing the rep:policy node must throw PathNotFoundException.");
+        } catch (PathNotFoundException e) {
+            // ok.
+        }
+
+        /* Finally the test user must not be allowed to remove the policy. */
+        try {
+            testAcMgr.removePolicy(path);
+            fail("Test user must not be allowed to remove the access control policy.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+    }
+
+    public void testAccessControlModification() throws RepositoryException, NotExecutableException {
+        /* precondition:
+          testuser must have READ-only permission on test-node and below
+        */
+        checkReadOnly(path);
+
+        // give 'testUser' ADD_CHILD_NODES|MODIFY_PROPERTIES| REMOVE_CHILD_NODES privileges at 'path'
+        givePrivileges(path, PrivilegeRegistry.ADD_CHILD_NODES | PrivilegeRegistry.REMOVE_CHILD_NODES | PrivilegeRegistry.MODIFY_PROPERTIES);
+        /*
+         testuser must not have
+         - permission to view AC items
+         - permission to modify AC items
+        */
+
+        // make sure the 'rep:policy' node has been created.
+        assertTrue(superuser.itemExists(path + "/rep:policy"));
+
+        assertFalse(testSession.itemExists(path + "/rep:policy"));
+        try {
+            testAcMgr.getPolicy(path);
+            fail("test user must not have READ_AC privilege.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+        try {
+            testAcMgr.getEffectivePolicy(path);
+            fail("test user must not have READ_AC privilege.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+        try {
+            testAcMgr.getAccessControlEntries(path);
+            fail("test user must not have READ_AC privilege.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+        try {
+            testAcMgr.removePolicy(path);
+            fail("test user must not have MODIFY_AC privilege.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+    }
+
+    public void testAccessControlModification2() throws RepositoryException, NotExecutableException {
+        /* precondition:
+          testuser must have READ-only permission on test-node and below
+        */
+        checkReadOnly(path);
+
+        // give 'testUser' READ_AC|MODIFY_AC privileges at 'path'
+        givePrivileges(path, PrivilegeRegistry.READ_AC | PrivilegeRegistry.MODIFY_AC);
+        /*
+         testuser must
+         - still have the inherited READ permission.
+         - must have permission to view AC items at 'path' (and below)
+         - must have permission to modify AC items at 'path'
+
+         testuser must not have
+         - permission to view AC items outside of the tree defined by path.
+        */
+
+        // make sure the 'rep:policy' node has been created.
+        assertTrue(testSession.itemExists(path + "/rep:policy"));
+
+        // test: READ_AC privilege does not apply outside of the tree.
+        try {
+            testAcMgr.getPolicy(siblingPath);
+            fail("READ_AC privilege must not apply outside of the tree it has applied to.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+
+        // test: MODIFY_AC privilege does not apply outside of the tree.
+        try {
+            testAcMgr.addAccessControlEntry(siblingPath,
+                testUser.getPrincipal(),
+                new Privilege[] {PrivilegeRegistry.WRITE_PRIVILEGE});
+            fail("MODIFY_AC privilege must not apply outside of the tree it has applied to.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+
+        // test if testuser can READ access control on the path and on the
+        // entire subtree that gets the policy inherited.
+        AccessControlPolicy policy = testAcMgr.getPolicy(path);
+        AccessControlPolicy effPOnChild = testAcMgr.getEffectivePolicy(childNPath);
+
+        // test if testuser can modify AC-items
+        // 1) add an ac-entry
+        AccessControlEntry entry = testAcMgr.addAccessControlEntry(path,
+                testUser.getPrincipal(),
+                new Privilege[] {PrivilegeRegistry.WRITE_PRIVILEGE});
+        testSession.save();
+
+        assertTrue(testAcMgr.hasPrivileges(path,
+                new Privilege[] {PrivilegeRegistry.REMOVE_CHILD_NODES_PRIVILEGE}));
+
+        // 2) remove the policy
+        testAcMgr.removePolicy(path);
+        testSession.save();
+
+        // Finally: testuser removed the policy that granted him permission
+        // to modify the AC content. Since testuser removed the policy, it's
+        // privileges must be gone again...
+        try {
+            testAcMgr.getEffectivePolicy(childNPath);
+            fail("READ_AC privilege has been revoked -> must throw again.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+        // ... and since the ACE is stored with the policy all right except
+        // READ must be gone.
+        checkReadOnly(path);
+    }
+
+    public void testACItemsAreProtected() throws NotExecutableException, RepositoryException {
+        // make sure a rep:policy node is present at 'path'
+        givePrivileges(path, PrivilegeRegistry.WRITE);
+        Node n = ((SessionImpl) superuser).getNode(path);
+        Node policyNode = n.getNode("rep:policy");
+
+        assertTrue("The rep:policy node must be protected", policyNode.getDefinition().isProtected());
+        try {
+            policyNode.remove();
+            fail("rep:policy node must be protected.");
+        } catch (ConstraintViolationException e) {
+            // success
+        }
+        Node aceNode = null;
+        for (NodeIterator it = policyNode.getNodes(); it.hasNext();) {
+            n = it.nextNode();
+            if (n.isNodeType("rep:ACE")) {
+                aceNode = n;
+                break;
+            }
+        }
+        if (aceNode == null) {
+            fail("Child-node expected below rep:policy node.");
+        }
+        try {
+            aceNode.remove();
+            fail("ACE node must be protected.");
+        } catch (ConstraintViolationException e) {
+            // success
+        }
+        try {
+            aceNode.setProperty("anyProperty", "anyValue");
+            fail("ACE node must be protected.");
+        } catch (ConstraintViolationException e) {
+            // success
+        }
+        try {
+            policyNode.setProperty("test", "anyvalue");
+            fail("rep:policy node must be protected.");
+        } catch (ConstraintViolationException e) {
+            // success
+        }
+        try {
+            policyNode.addNode("test", aceNode.getPrimaryNodeType().getName());
+            fail("rep:policy node must be protected.");
+        } catch (ConstraintViolationException e) {
+            // success
+        }
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.acl;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Test suite
+ */
+public class TestAll extends TestCase {
+
+    /**
+     * Returns a <code>Test</code> suite that executes all tests inside this
+     * package.
+     *
+     * @return a <code>Test</code> suite that executes all tests inside this
+     *         package.
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite("security.authorization.acl tests");
+
+        suite.addTestSuite(ACLTemplateTest.class);
+        suite.addTestSuite(ACLImplTest.class);
+        suite.addTestSuite(ACEImplTest.class);
+
+        suite.addTestSuite(EvaluationTest.class);
+
+        return suite;
+    }
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/TestAll.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/TestAll.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/TestAll.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,26 @@
+package org.apache.jackrabbit.core.security.authorization.combined;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Test suite
+ */
+public class TestAll extends TestCase {
+
+    /**
+     * Returns a <code>Test</code> suite that executes all tests inside this
+     * package.
+     *
+     * @return a <code>Test</code> suite that executes all tests inside this
+     *         package.
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite("security.authorization.combined tests");
+
+        // TODO add tests
+
+        return suite;
+    }
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/TestAll.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/TestAll.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AbstractAccessControlTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AbstractAccessControlTest.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AbstractAccessControlTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AbstractAccessControlTest.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,114 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.jsr283.security;
+
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.test.AbstractJCRTest;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.UnsupportedRepositoryOperationException;
+
+/**
+ * <code>AbstractAccessControlTest</code>...
+ */
+public abstract class AbstractAccessControlTest extends AbstractJCRTest {
+
+    private static Logger log = LoggerFactory.getLogger(AbstractAccessControlTest.class);
+
+    protected AccessControlManager acMgr;
+
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        acMgr = getAccessControlManager(superuser);
+    }
+
+    protected static AccessControlManager getAccessControlManager(Session s) throws RepositoryException, NotExecutableException {
+        // TODO: fix (Replace by Session) test as soon as jackrabbit implements 283
+        if (!(s instanceof SessionImpl)) {
+            throw new NotExecutableException();
+        }
+        /*
+        if (s.getRepository().getDescriptor(Repository.OPTION_SIMPLE_ACCESS_CONTROL_SUPPORTED) == null) {
+            throw new NotExecutableException();
+        }
+        */
+        try {
+            return ((SessionImpl) s).getAccessControlManager();
+        } catch (UnsupportedRepositoryOperationException e) {
+            throw new NotExecutableException();
+        }
+    }
+
+    protected static void checkSupportedOption(Session s, String option) throws NotExecutableException {
+        if (Boolean.FALSE.toString().equals(s.getRepository().getDescriptor(option))) {
+            throw new NotExecutableException();
+        }
+    }
+
+    protected void checkCanReadAc(String path) throws RepositoryException, NotExecutableException {
+        if (!acMgr.hasPrivileges(path, new Privilege[] {getPrivilege(Privilege.READ_ACCESS_CONTROL)})) {
+            throw new NotExecutableException();
+        }
+    }
+
+    protected void checkCanModifyAc(String path) throws RepositoryException, NotExecutableException {
+        if (!acMgr.hasPrivileges(path, new Privilege[] {getPrivilege(Privilege.MODIFY_ACCESS_CONTROL)})) {
+            throw new NotExecutableException();
+        }
+    }
+
+    protected String getPathToNonExistingNode() throws RepositoryException {
+        String name = "nonexisting";
+        String path = name;
+        int i = 0;
+        while (testRootNode.hasNode(path)) {
+            path = name + i;
+            i++;
+        }
+
+        path = testRootNode.getPath() + "/" + path;
+        return path;
+    }
+
+    protected String getPathToProperty() throws RepositoryException {
+        String path = testRootNode.getPath() + "/" + jcrPrimaryType;
+        // TODO: remove cast to SessionImpl again once 283 is released.
+        if (((SessionImpl) superuser).nodeExists(path)) {
+            throw new RepositoryException("Path " + path + " should point to property.");
+        }
+        return path;
+    }
+
+    private Privilege getPrivilege(String name) throws NotExecutableException {
+        try {
+            Privilege[] supported = acMgr.getSupportedPrivileges(testRootNode.getPath());
+            for (int i = 0; i < supported.length; i++) {
+                if (supported[i].getName().equals(name)) {
+                    return supported[i];
+                }
+            }
+            throw new NotExecutableException("Unable to retrieve privilege with name "+ name);
+        } catch (RepositoryException e) {
+            throw new NotExecutableException("Unable to retrieve privilege with name "+ name);
+        }
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AbstractAccessControlTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AbstractAccessControlTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlDiscoveryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlDiscoveryTest.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlDiscoveryTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlDiscoveryTest.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,193 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.jsr283.security;
+
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.PathNotFoundException;
+import javax.jcr.RepositoryException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * <code>AccessControlDiscoveryTest</code>...
+ */
+public class AccessControlDiscoveryTest extends AbstractAccessControlTest {
+
+
+    protected void setUp() throws Exception {
+        super.setUp();
+        // TODO: test if options is supporte
+        //checkSupportedOption(superuser, Repository.OPTION_SIMPLE_ACCESS_CONTROL_SUPPORTED
+    }
+
+    private Privilege getPrivilege(String name) throws RepositoryException, NotExecutableException {
+        Privilege[] privileges = acMgr.getSupportedPrivileges(testRootNode.getPath());
+        for (int i = 0; i < privileges.length; i++) {
+            if (name.equals(privileges[i].getName())) {
+                return privileges[i];
+            }
+        }
+        throw new NotExecutableException();
+    }
+
+    public void testGetSupportedPrivileges() throws RepositoryException {
+        // retrieving supported privileges:
+        // Quote from spec:
+        // "[...] it returns the privileges that the repository supports."
+        Privilege[] privileges = acMgr.getSupportedPrivileges(testRootNode.getPath());
+
+        // Quote from spec:
+        // "A repository must support the following standard privileges."
+        List names = new ArrayList(privileges.length);
+        for (int i = 0; i < privileges.length; i++) {
+            names.add(privileges[i].getName());
+        }
+
+        // test if those privileges are present:
+        String msg = "A repository must support the privilege ";
+        assertTrue(msg + Privilege.READ, names.contains(Privilege.READ));
+        assertTrue(msg + Privilege.ADD_CHILD_NODES, names.contains(Privilege.ADD_CHILD_NODES));
+        assertTrue(msg + Privilege.REMOVE_CHILD_NODES, names.contains(Privilege.REMOVE_CHILD_NODES));
+        assertTrue(msg + Privilege.MODIFY_PROPERTIES, names.contains(Privilege.MODIFY_PROPERTIES));
+        assertTrue(msg + Privilege.READ_ACCESS_CONTROL, names.contains(Privilege.READ_ACCESS_CONTROL));
+        assertTrue(msg + Privilege.MODIFY_ACCESS_CONTROL, names.contains(Privilege.MODIFY_ACCESS_CONTROL));
+        assertTrue(msg + Privilege.WRITE, names.contains(Privilege.WRITE));
+        assertTrue(msg + Privilege.ALL, names.contains(Privilege.ALL));
+    }
+
+    public void testAllPrivilegeContainsAll() throws RepositoryException, NotExecutableException {
+        Privilege[] supported = acMgr.getSupportedPrivileges(testRootNode.getPath());
+
+        Set allSet = new HashSet();
+        Privilege all = getPrivilege(Privilege.ALL);
+        allSet.addAll(Arrays.asList(all.getAggregatePrivileges()));
+
+        String msg = "The all privilege must also contain ";
+        for (int i=0; i < supported.length; i++) {
+            Privilege sp = supported[i];
+            if (sp.isAggregate()) {
+                Collection col = Arrays.asList(sp.getAggregatePrivileges());
+                assertTrue(msg + sp.getName(), allSet.containsAll(col));
+            } else {
+                assertTrue(msg + sp.getName(), allSet.contains(sp));
+            }
+        }
+    }
+
+    public void testAllPrivilege() throws RepositoryException, NotExecutableException {
+        Privilege all = getPrivilege(Privilege.ALL);
+        assertFalse("All privilege must be not be abstract.", all.isAbstract());
+        assertTrue("All privilege must be an aggregate privilege.", all.isAggregate());
+        assertEquals("The name of the all privilege must be " + Privilege.ALL, all.getName(), Privilege.ALL);
+    }
+
+    public void testWritePrivilege() throws RepositoryException, NotExecutableException {
+        Privilege w = getPrivilege(Privilege.WRITE);
+        assertTrue("Write privilege must be an aggregate privilege.", w.isAggregate());
+        assertEquals("The name of the write privilege must be " + Privilege.WRITE, w.getName(), Privilege.WRITE);
+    }
+
+    public void testGetPrivileges() throws RepositoryException {
+        acMgr.getPrivileges(testRootNode.getPath());
+    }
+
+    public void testGetPrivilegesOnNonExistingNode() throws RepositoryException {
+        String path = getPathToNonExistingNode();
+        try {
+            acMgr.getPrivileges(path);
+            fail("AccessControlManager.getPrivileges for an invalid absPath must throw PathNotFoundException.");
+        } catch (PathNotFoundException e) {
+            // ok
+        }
+    }
+
+    public void testGetPrivilegesOnProperty() throws RepositoryException, NotExecutableException {
+        String path = getPathToProperty();
+        try {
+            acMgr.getPrivileges(path);
+            fail("AccessControlManager.getPrivileges for a property path must throw PathNotFoundException.");
+        } catch (PathNotFoundException e) {
+            // ok
+        }
+    }
+
+    public void testHasPrivileges() throws RepositoryException {
+        Privilege[] privs = acMgr.getPrivileges(testRootNode.getPath());
+        assertTrue(acMgr.hasPrivileges(testRootNode.getPath(), privs));
+    }
+
+    public void testHasIndividualPrivileges() throws RepositoryException {
+        Privilege[] privs = acMgr.getPrivileges(testRootNode.getPath());
+
+        for (int i = 0; i < privs.length; i++) {
+            Privilege[] single = new Privilege[] {privs[i]};
+            assertTrue(acMgr.hasPrivileges(testRootNode.getPath(), single));
+        }
+    }
+
+    public void testNotHasPrivileges() throws RepositoryException, NotExecutableException {
+        Privilege[] privs = acMgr.getPrivileges(testRootNode.getPath());
+        Privilege all = getPrivilege(Privilege.ALL);
+
+        // remove all privileges that are granted.
+        Set notGranted = new HashSet(Arrays.asList(all.getAggregatePrivileges()));
+        for (int i = 0; i < privs.length; i++) {
+            if (privs[i].isAggregate()) {
+                notGranted.removeAll(Arrays.asList(privs[i].getAggregatePrivileges()));
+            } else {
+                notGranted.remove(privs[i]);
+            }
+        }
+
+        // make sure that either 'all' are granted or the 'diff' is denied.
+        if (notGranted.isEmpty()) {
+            assertTrue(acMgr.hasPrivileges(testRootNode.getPath(), new Privilege[] {all}));
+        } else {
+            Privilege[] toTest = (Privilege[]) notGranted.toArray(new Privilege[notGranted.size()]);
+            assertTrue(!acMgr.hasPrivileges(testRootNode.getPath(), toTest));
+        }
+    }
+
+    public void testHasPrivilegesOnNotExistingNode() throws RepositoryException {
+        String path = getPathToNonExistingNode();
+        try {
+            acMgr.hasPrivileges(path, new Privilege[0]);
+            fail("AccessControlManager.hasPrivileges for an invalid absPath must throw PathNotFoundException.");
+        } catch (PathNotFoundException e) {
+            // success
+        }
+    }
+
+    public void testHasPrivilegesOnProperty() throws RepositoryException, NotExecutableException {
+        String path = getPathToProperty();
+        try {
+            acMgr.hasPrivileges(path, new Privilege[0]);
+            fail("AccessControlManager.hasPrivileges for a property path must throw PathNotFoundException.");
+        } catch (PathNotFoundException e) {
+            // success
+        }
+    }
+
+    public void testHasPrivilegesEmptyArray() throws RepositoryException, NotExecutableException {
+        assertTrue(acMgr.hasPrivileges(testRootNode.getPath(), new Privilege[0]));
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlDiscoveryTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlDiscoveryTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url



Mime
View raw message