jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r638834 [13/14] - in /jackrabbit/trunk: jackrabbit-api/src/main/java/org/apache/jackrabbit/api/ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/ jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/ jack...
Date Wed, 19 Mar 2008 13:57:11 GMT
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlEntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlEntryTest.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlEntryTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlEntryTest.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,376 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.jsr283.security;
+
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.TestPrincipal;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Node;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.UnsupportedRepositoryOperationException;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.List;
+
+/**
+ * <code>AccessControlEntryTest</code>...
+ */
+public class AccessControlEntryTest extends AbstractAccessControlTest {
+
+    private static Logger log = LoggerFactory.getLogger(AccessControlEntryTest.class);
+
+    private String path;
+    private Map addedEntries = new HashMap();
+    private Privilege[] privs;
+    private Principal testPrincipal;
+
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        // TODO: test if options is supporte
+        //checkSupportedOption(superuser, Repository.OPTION_ACCESS_CONTROL_ENTRY_SUPPORTED);
+
+        Node n = testRootNode.addNode(nodeName1, testNodeType);
+        superuser.save();
+        path = n.getPath();
+
+        privs = acMgr.getSupportedPrivileges(path);
+        if (privs.length == 0) {
+            throw new NotExecutableException("No supported privileges at absPath " + path);
+        }
+
+        // TODO: make sure, entries to ADD are not present yet.
+        // TODO: retrieve principal name from tck-Configuration
+        // TODO: get rid of SessionImpl dependency
+        Session s = helper.getReadWriteSession();
+        if (s instanceof SessionImpl) {
+            for (Iterator it = ((SessionImpl) s).getSubject().getPrincipals().iterator(); it.hasNext();) {
+                Principal p = (Principal) it.next();
+                if (! (p instanceof Group)) {
+                    testPrincipal = p;
+                }
+            }
+            if (testPrincipal == null) {
+                throw new NotExecutableException("Test principal missing.");
+            }
+        } else {
+            throw new NotExecutableException("SessionImpl expected");
+        }
+    }
+
+    protected void tearDown() throws Exception {
+        try {
+            for (Iterator it = addedEntries.keySet().iterator(); it.hasNext();) {
+                String path = it.next().toString();
+                acMgr.removeAccessControlEntry(path, (AccessControlEntry) addedEntries.get(path));
+            }
+            superuser.save();
+        } catch (Exception e) {
+            log.error("Unexpected error while removing test entries.", e);
+        }
+        super.tearDown();
+    }
+
+    private static AccessControlEntry addEntry(AccessControlManager acMgr,
+                                               String path, Principal principal,
+                                               Privilege[] privs) throws NotExecutableException, RepositoryException {
+        try {
+            return acMgr.addAccessControlEntry(path, principal, privs);
+        } catch (UnsupportedRepositoryOperationException e) {
+            throw new NotExecutableException(e.getMessage());
+        }
+    }
+
+    public void testGetAccessControlEntries() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanReadAc(path);
+        // call must succeed.
+        AccessControlEntry[] entries = acMgr.getAccessControlEntries(path);
+        for (int i = 0; i < entries.length; i++) {
+            assertNotNull("An ACE must contain a principal", entries[i].getPrincipal());
+            Privilege[] privs = entries[i].getPrivileges();
+            assertTrue("An ACE must contain at least a single privilege", privs != null && privs.length > 0);
+        }
+    }
+
+    public void testGetAccessControlEntriesForNonExistingNode() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanReadAc(path);
+        String path = getPathToNonExistingNode();
+        try {
+            acMgr.getAccessControlEntries(path);
+            fail("AccessControlManager.getAccessControlEntries for an invalid absPath must throw PathNotFoundException.");
+        } catch (PathNotFoundException e) {
+            // ok
+        }
+    }
+
+    public void testGetAccessControlEntriesForProperty() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanReadAc(path);
+        String path = getPathToProperty();
+        try {
+            acMgr.getAccessControlEntries(path);
+            fail("AccessControlManager.getAccessControlEntries for a property path must throw PathNotFoundException.");
+        } catch (PathNotFoundException e) {
+            // ok
+        }
+    }
+
+    public void testGetEffectiveAccessControlEntries() throws NotExecutableException, RepositoryException {
+        checkCanReadAc(path);
+        // call must succeed.
+        AccessControlEntry[] entries = acMgr.getEffectiveAccessControlEntries(path);
+        for (int i = 0; i < entries.length; i++) {
+            assertNotNull("An ACE must contain a principal", entries[i].getPrincipal());
+            Privilege[] privs = entries[i].getPrivileges();
+            assertNotNull("An ACE must contain at least a single privilege", privs);
+            assertTrue("An ACE must contain at least a single privilege", privs.length > 0);
+        }
+    }
+
+    public void testGetEffectiveAccessControlEntriesForNonExistingNode() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanReadAc(path);
+        String path = getPathToNonExistingNode();
+        try {
+            acMgr.getEffectiveAccessControlEntries(path);
+            fail("AccessControlManager.getAccessControlEntries for an invalid absPath must throw PathNotFoundException.");
+        } catch (PathNotFoundException e) {
+            // ok
+        }
+    }
+
+    public void testGetEffectiveAccessControlEntriesForProperty() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanReadAc(path);
+        String path = getPathToProperty();
+        try {
+            acMgr.getEffectiveAccessControlEntries(path);
+            fail("AccessControlManager.getAccessControlEntries for a property path must throw PathNotFoundException.");
+        } catch (PathNotFoundException e) {
+            // ok
+        }
+    }
+
+    public void testAddAccessControlEntry() throws NotExecutableException, RepositoryException {
+        checkCanModifyAc(path);
+
+        Privilege[] privileges = new Privilege[] {privs[0]};
+
+        AccessControlEntry entry = addEntry(acMgr, path, testPrincipal, privileges);
+        assertEquals("Principal name of the ACE must be equal to the name of the passed Principal", testPrincipal.getName(), entry.getPrincipal().getName());
+        assertEquals("Privileges of the ACE must be equal to the passed ones", Arrays.asList(privileges), Arrays.asList(entry.getPrivileges()));
+    }
+
+    public void testAddAccessControlEntryAggregatePrivilege() throws NotExecutableException, RepositoryException {
+        checkCanModifyAc(path);
+
+        Privilege[] privileges = null;
+        for (int i = 0; i < privs.length; i++) {
+            if (privs[i].isAggregate()) {
+                privileges = new Privilege[] {privs[i]};
+                break;
+            }
+        }
+        if (privileges == null) {
+            throw new NotExecutableException("No aggregate privilege supported at " + path);
+        }
+
+        AccessControlEntry entry = addEntry(acMgr, path, testPrincipal, privileges);
+        assertEquals("Principal name of the ACE must be equal to the name of the passed Principal", testPrincipal.getName(), entry.getPrincipal().getName());
+        assertEquals("Privileges of the ACE must be equal to the passed ones", Arrays.asList(privileges), Arrays.asList(entry.getPrivileges()));
+    }
+
+    public void testAddAccessControlEntryPresentInEntriesArray() throws NotExecutableException, RepositoryException {
+        checkCanModifyAc(path);
+
+        AccessControlEntry entry = addEntry(acMgr, path, testPrincipal, privs);
+        boolean found = false;
+        AccessControlEntry[] entries = acMgr.getAccessControlEntries(path);
+        for (int i = 0; i < entries.length; i++) {
+            if (entries[i].equals(entry)) {
+                found = true;
+            }
+        }
+        assertTrue("getAccessControlEntries must reflect an added ACE", found);
+    }
+
+    public void testAddAccessControlEntryIsTransient() throws NotExecutableException, RepositoryException {
+        checkCanModifyAc(path);
+
+        AccessControlEntry entry = addEntry(acMgr, path, testPrincipal, privs);
+        superuser.refresh(false);
+        try {
+            acMgr.removeAccessControlEntry(path, entry);
+            fail("Reverting changes made to 'path' must remove the transiently added entry. Its removal must therefore fail.");
+        } catch (AccessControlException e) {
+            // success.
+        }
+    }
+
+    public void testAddAccessControlEntryInvalidPrincipal() throws NotExecutableException, RepositoryException {
+        checkCanModifyAc(path);
+        try {
+            // TODO: retrieve unknown principal name from config
+            Principal invalidPrincipal = new TestPrincipal("an_unknown_principal");
+            addEntry(acMgr, path, invalidPrincipal, privs);
+            fail("Adding an entry with an unknown principal must throw AccessControlException.");
+        } catch (AccessControlException e) {
+            // success.
+        } catch (UnsupportedRepositoryOperationException e) {
+            throw new NotExecutableException(e.getMessage());
+        } finally {
+            superuser.refresh(false);
+        }
+    }
+
+    public void testRemoveAccessControlEntry() throws NotExecutableException, RepositoryException {
+        checkCanModifyAc(path);
+
+        AccessControlEntry entry = addEntry(acMgr, path, testPrincipal, privs);
+        acMgr.removeAccessControlEntry(path, entry);
+
+        boolean found = false;
+        AccessControlEntry[] entries = acMgr.getAccessControlEntries(path);
+        for (int i = 0; i < entries.length; i++) {
+            if (entries[i].equals(entry)) {
+                found = true;
+            }
+        }
+        assertFalse("After transiently removing an ACE it must not appear upon getAccessControlEntries any more.", found);
+    }
+
+    public void testRemoveAccessControlEntryIsTransient() throws NotExecutableException, RepositoryException {
+        checkCanModifyAc(path);
+
+        AccessControlEntry entry = addEntry(acMgr, path, testPrincipal, privs);
+        superuser.save();
+
+        // remember for teardown.
+        addedEntries.put(path, entry);
+
+        // transient removal
+        acMgr.removeAccessControlEntry(path, entry);
+
+        // make sure 'getAccessControlEntries' does not contain the removed one
+        AccessControlEntry[] entries = acMgr.getAccessControlEntries(path);
+        for (int i = 0; i < entries.length; i++) {
+            AccessControlEntry ace = entries[i];
+            if (ace.equals(entry)) {
+                fail("getAccessControlEntries still returns a removed ACE.");
+            }
+        }
+
+        // revert removal -> entry must be present again.
+        superuser.refresh(false);
+        entries = acMgr.getAccessControlEntries(path);
+        boolean found = false;
+        for (int i = 0; i < entries.length; i++) {
+            AccessControlEntry ace = entries[i];
+            if (ace.equals(entry)) {
+                found = true;
+            }
+        }
+        assertTrue("After reverting any changes the remove ACE should be returned by getAccessControlEntries again", found);
+    }
+
+    public void testRemoveIllegalAccessControlEntry() throws NotExecutableException, RepositoryException {
+        checkCanModifyAc(path);
+        try {
+            AccessControlEntry entry = new AccessControlEntry() {
+                public Principal getPrincipal() {
+                    return testPrincipal;
+                }
+                public Privilege[] getPrivileges() {
+                    return privs;
+                }
+            };
+            acMgr.removeAccessControlEntry(path, entry);
+            fail("AccessControlManager.removeAccessControlEntry with an unknown entry must throw AccessControlException.");
+        } catch (AccessControlException e) {
+            // ok
+        }
+    }
+
+    public void testRemoveAccessControlEntriesForProperty() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanReadAc(path);
+        String path = getPathToProperty();
+        try {
+            AccessControlEntry entry = new AccessControlEntry() {
+                public Principal getPrincipal() {
+                    return testPrincipal;
+                }
+                public Privilege[] getPrivileges() {
+                    return privs;
+                }
+            };
+            acMgr.removeAccessControlEntry(path, entry);
+            fail("AccessControlManager.getAccessControlEntries for a property path must throw PathNotFoundException.");
+        } catch (PathNotFoundException e) {
+            // ok
+        }
+    }
+
+    public void testAddAccessControlEntryTwice() throws NotExecutableException, RepositoryException {
+        checkCanModifyAc(path);
+
+        AccessControlEntry entry = addEntry(acMgr, path, testPrincipal, privs);
+        AccessControlEntry entry2 = addEntry(acMgr, path, testPrincipal, privs);
+
+        assertEquals("Adding the same ACE twice must still return a valid ACE.", entry, entry2);
+    }
+
+    public void testAddAccessControlEntryAgain() throws NotExecutableException, RepositoryException {
+        checkCanModifyAc(path);
+
+        AccessControlEntry[] entries = acMgr.getAccessControlEntries(path);
+        if (entries.length > 0) {
+            AccessControlEntry ace = addEntry(acMgr, path, entries[0].getPrincipal(), entries[0].getPrivileges());
+            assertEquals("Adding an existing entry again -> Principal must be equal.", entries[0].getPrincipal(), ace.getPrincipal());
+            assertEquals("Adding an existing entry again -> Privileges must the same.", Arrays.asList(entries[0].getPrivileges()), Arrays.asList(ace.getPrivileges()));
+        } else {
+            throw new NotExecutableException();
+        }
+    }
+
+    public void testExtendPrivileges() throws NotExecutableException, RepositoryException {
+        checkCanModifyAc(path);
+        if (privs.length == 1) {
+            throw new NotExecutableException();
+        }
+
+        Privilege privilege = privs[0];
+        // add a single privilege first:
+        AccessControlEntry ace = addEntry(acMgr, path, testPrincipal, new Privilege[] {privilege});
+        assertTrue("The resulting entry must contain the privilege added.",
+                Arrays.asList(ace.getPrivileges()).contains(privilege));
+
+        // add a second privilege (but not specifying the privilege added before)
+        // -> the first privilege must not be removed.
+        Privilege privilege2 = privs[1];
+        AccessControlEntry ace2 = addEntry(acMgr, path, testPrincipal, new Privilege[] {privilege2});
+        List pvlgs = Arrays.asList(ace2.getPrivileges());
+        assertTrue("Calling 'addAccessControlEntry' must not removed privileges added before",
+                pvlgs.contains(privilege) && pvlgs.contains(privilege2));
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlEntryTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlEntryTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyIteratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyIteratorTest.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyIteratorTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyIteratorTest.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,114 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.jsr283.security;
+
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Node;
+import javax.jcr.RepositoryException;
+import java.util.NoSuchElementException;
+
+/**
+ * <code>AccessControlPolicyIteratorTest</code>...
+ */
+public class AccessControlPolicyIteratorTest extends AbstractAccessControlTest {
+
+    private static Logger log = LoggerFactory.getLogger(AccessControlPolicyIteratorTest.class);
+
+    private String path;
+
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        // policy-option is cover the by the 'OPTION_SIMPLE_ACCESS_CONTROL_SUPPORTED' -> see super-class
+
+        Node n = testRootNode.addNode(nodeName1, testNodeType);
+        superuser.save();
+        path = n.getPath();
+    }
+
+    public void testGetSize() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanReadAc(path);
+
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+        // get size must succeed. its value however is indefined.
+        long size = it.getSize();
+        assertTrue("Size must be -1 or any value >= 0", size == -1 || size >= 0);
+    }
+
+    public void testGetInitialPosition() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanReadAc(path);
+
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+        // the initial position of the policy iterator must be 0.
+        assertTrue("Initial position of AccessControlPolicyIterator must be 0.", it.getPosition() == 0);
+    }
+
+    public void testGetPosition() throws NotExecutableException, RepositoryException {
+        checkCanReadAc(path);
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+
+        long position = 0;
+        while (it.hasNext()) {
+            assertEquals("Position must be adjusted during iteration.", position, it.getPosition());
+            it.nextAccessControlPolicy();
+            assertEquals("Position must be adjusted after calling next.", ++position, it.getPosition());
+        }
+    }
+
+    public void testSkip() throws NotExecutableException, RepositoryException {
+        checkCanReadAc(path);
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+
+        long size = it.getSize();
+        if (size > -1) {
+            it.skip(size);
+            assertFalse("After skipping all elements 'hasNext()' must return false", it.hasNext());
+
+            try {
+                it.nextAccessControlPolicy();
+                fail("After skipping all 'nextAccessControlPolicy()' must fail.");
+            } catch (NoSuchElementException e) {
+                // success
+            }
+        } else {
+            throw new NotExecutableException();
+        }
+    }
+    /*
+    // TODO: uncomment as soon as RangeIterator is adjusted.
+    public void testgetNumberRemaining() {
+        checkCanReadAc(path);
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+
+        long remaining = it.getNumberRemaining();
+        assertTrue("Number of remaining entries must be >= -1", remaining >= -1);
+
+        while (it.hasNext()) {
+            it.nextAccessControlPolicy();
+            long rem = it.getNumberRemaining();
+            if (remaining != -1) {
+                assertTrue("Number of remaining entries must decrease or be -1", rem == -1 || rem < remaining);
+            }
+            remaining = rem;
+        }
+    }
+    */
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyIteratorTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyIteratorTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyTest.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyTest.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,415 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.jsr283.security;
+
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Item;
+import javax.jcr.Node;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * <code>AccessControlPolicyTest</code>...
+ */
+public class AccessControlPolicyTest extends AbstractAccessControlTest {
+
+    private static Logger log = LoggerFactory.getLogger(AccessControlPolicyTest.class);
+
+    private String path;
+    private List addedPolicies = new ArrayList();
+
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        // policy-option is cover the by the 'OPTION_SIMPLE_ACCESS_CONTROL_SUPPORTED' -> see super-class
+
+        Node n = testRootNode.addNode(nodeName1, testNodeType);
+        superuser.save();
+        path = n.getPath();
+    }
+
+    protected void tearDown() throws Exception {
+        try {
+            for (Iterator it = addedPolicies.iterator(); it.hasNext();) {
+                String path = it.next().toString();
+                acMgr.removePolicy(path);
+            }
+            superuser.save();
+        } catch (Exception e) {
+            log.error("Unexpected error while removing test policies.", e);
+        }
+        super.tearDown();
+    }
+
+    private AccessControlPolicy buildInvalidPolicy(String path) throws RepositoryException, AccessDeniedException {
+        List applicable = new ArrayList();
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+        while (it.hasNext()) {
+            applicable.add(it.nextAccessControlPolicy().getName());
+        }
+
+        String name = "invalidPolicy";
+        int index = 0;
+        while (applicable.contains(name)) {
+            name = "invalidPolicy" + index;
+            index++;
+        }
+        final String policyName = name;
+        return new AccessControlPolicy() {
+
+            public String getName() throws RepositoryException {
+                return policyName;
+            }
+            public String getDescription() throws RepositoryException {
+                return null;
+            }
+        };
+    }
+
+    public void testGetEffectivePolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanReadAc(path);
+        // call must succeed without exception
+        AccessControlPolicy policy = acMgr.getEffectivePolicy(path);
+        if (policy != null) {
+            assertTrue("The name of an AccessControlPolicy must not be null.", policy.getName() != null);
+        } else {
+            // no policy present on that node. // TODO: check if possible.
+        }
+    }
+
+    public void testGetEffectivePolicyForNonExistingNode() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        String path = getPathToNonExistingNode();
+        try {
+            acMgr.getEffectivePolicy(path);
+            fail("AccessControlManager.getEffectivePolicy for an invalid absPath must throw PathNotFoundException.");
+        } catch (PathNotFoundException e) {
+            // ok
+        }
+    }
+
+    public void testGetEffectivePolicyForProperty() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        String path = getPathToProperty();
+        try {
+            acMgr.getEffectivePolicy(path);
+            fail("AccessControlManager.getEffectivePolicy for property must throw PathNotFoundException.");
+        } catch (PathNotFoundException e) {
+            // ok
+        }
+    }
+
+    public void testGetPolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanReadAc(path);
+        // call must succeed without exception
+        AccessControlPolicy policy = acMgr.getPolicy(path);
+        if (policy != null) {
+            assertTrue("The name of an AccessControlPolicy must not be null.", policy.getName() != null);
+        } else {
+            // no policy present on that node.
+        }
+    }
+
+    public void testGetApplicablePolicies() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanReadAc(path);
+        // call must succeed without exception
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+        assertNotNull("The iterator of applicable policies must not be null", it);
+    }
+
+    public void testApplicablePoliciesAreDistinct() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanReadAc(path);
+        // call must succeed without exception
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+        Set names = new HashSet();
+
+        while (it.hasNext()) {
+            AccessControlPolicy policy = it.nextAccessControlPolicy();
+            if (!names.add(policy.getName())) {
+                fail("The names of the policies present should be unique among the choices presented for a specific node. Name " + policy.getName() + " occured multiple times.");
+            }
+        }
+    }
+
+    public void testSetPolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanModifyAc(path);
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+        if (it.hasNext()) {
+            AccessControlPolicy policy = it.nextAccessControlPolicy();
+            acMgr.setPolicy(path, policy);
+        } else {
+            throw new NotExecutableException();
+        }
+    }
+
+    public void testSetIllegalPolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanModifyAc(path);
+        try {
+            acMgr.setPolicy(path, buildInvalidPolicy(path));
+            fail("SetPolicy with an unknown policy should throw AccessControlException.");
+        } catch (AccessControlException e) {
+            // success.
+        }
+    }
+
+    public void testGetPolicyAfterSet() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanReadAc(path);
+        checkCanModifyAc(path);
+
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+        if (it.hasNext()) {
+            AccessControlPolicy policy = it.nextAccessControlPolicy();
+            acMgr.setPolicy(path, policy);
+
+            AccessControlPolicy p = acMgr.getPolicy(path);
+            assertEquals("GetPolicy must return the policy that has been set before.", policy, p);
+        } else {
+            throw new NotExecutableException();
+        }
+    }
+
+    public void testSetPolicyIsTransient() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanModifyAc(path);
+
+        AccessControlPolicy current = acMgr.getPolicy(path);
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+        if (it.hasNext()) {
+            AccessControlPolicy policy = it.nextAccessControlPolicy();
+            acMgr.setPolicy(path, policy);
+            superuser.refresh(false);
+
+            String mgs = "Reverting 'setPolicy' must change back the return value of getPolicy.";
+            if (current == null) {
+                assertEquals(mgs, acMgr.getPolicy(path), current);
+            } else {
+                assertTrue(mgs, acMgr.getPolicy(path).equals(current));
+            }
+        } else {
+            throw new NotExecutableException();
+        }
+    }
+
+    public void testGetPolicyAfterSave() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanReadAc(path);
+        checkCanModifyAc(path);
+
+        AccessControlPolicy policy;
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+        if (it.hasNext()) {
+            policy = it.nextAccessControlPolicy();
+            acMgr.setPolicy(path, policy);
+            superuser.save();
+
+            // remember for tearDown
+            addedPolicies.add(path);
+        } else {
+            throw new NotExecutableException();
+        }
+
+        Session s2 = null;
+        try {
+            s2 = helper.getSuperuserSession();
+            AccessControlPolicy p = getAccessControlManager(s2).getPolicy(path);
+            assertEquals("Policy must be visible to another superuser session.", policy, p);
+        } finally {
+            if (s2 != null) {
+                s2.logout();
+            }
+        }
+    }
+
+
+    public void testNodeIsModifiedAfterSecondSetPolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanModifyAc(path);
+        // make sure an policy has been explicitely set.
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+        if (it.hasNext()) {
+            AccessControlPolicy policy = it.nextAccessControlPolicy();
+            acMgr.setPolicy(path, policy);
+            superuser.save();
+            // remember for tearDown
+            addedPolicies.add(path);
+        } else {
+            throw new NotExecutableException();
+        }
+
+        // call 'setPolicy' a second time -> Node must be modified.
+        it = acMgr.getApplicablePolicies(path);
+        try {
+            if (it.hasNext()) {
+                Item item = superuser.getItem(path);
+                AccessControlPolicy policy = it.nextAccessControlPolicy();
+                acMgr.setPolicy(path, policy);
+
+                assertTrue("After setting a policy the node must be marked modified.", item.isModified());
+            } else {
+                throw new NotExecutableException();
+            }
+        } finally {
+            // revert changes
+            superuser.refresh(false);
+        }
+    }
+
+    public void testNodeIsModifiedAfterSetPolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanModifyAc(path);
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+        if (it.hasNext()) {
+            Item item = superuser.getItem(path);
+
+            AccessControlPolicy policy = it.nextAccessControlPolicy();
+            acMgr.setPolicy(path, policy);
+
+            assertTrue("After setting a policy the node must be marked modified.", item.isModified());
+        } else {
+            throw new NotExecutableException();
+        }
+    }
+
+    public void testRemovePolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanModifyAc(path);
+
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+        if (it.hasNext()) {
+            AccessControlPolicy policy = it.nextAccessControlPolicy();
+            acMgr.setPolicy(path, policy);
+            AccessControlPolicy removed = acMgr.removePolicy(path);
+            assertEquals("RemovePolicy must return the policy that has been set before.", policy, removed);
+        } else {
+            throw new NotExecutableException();
+        }
+    }
+
+    public void testRemovePolicyIsTransient() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanReadAc(path);
+        checkCanModifyAc(path);
+
+        AccessControlPolicy current = acMgr.getPolicy(path);
+        if (acMgr.getPolicy(path) == null) {
+            // no policy to remove ->> apply one
+            AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+            if (it.hasNext()) {
+                AccessControlPolicy policy = it.nextAccessControlPolicy();
+                acMgr.setPolicy(path, policy);
+                superuser.save();
+
+                // remember for teardown
+                addedPolicies.add(path);
+
+                current = policy;
+            } else {
+                throw new NotExecutableException();
+            }
+        }
+
+        // test transient behaviour of the removal
+        acMgr.removePolicy(path);
+        AccessControlPolicy p = acMgr.getPolicy(path);
+        assertTrue("After transient remove AccessControlManager.getPolicy must return null.", p == null);
+
+        // revert changes
+        superuser.refresh(false);
+        p = acMgr.getPolicy(path);
+        assertEquals("Reverting a Policy removal must restore the original state.", p, current);
+    }
+
+    public void testNodeIsModifiedAfterRemovePolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        checkCanReadAc(path);
+        checkCanModifyAc(path);
+
+        Item item = superuser.getItem(path);
+        if (acMgr.getPolicy(path) == null) {
+            // no policy to remove ->> apply one
+            AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+            if (it.hasNext()) {
+                AccessControlPolicy policy = it.nextAccessControlPolicy();
+                acMgr.setPolicy(path, policy);
+                superuser.save();
+
+                // remember for teardown
+                addedPolicies.add(path);
+            } else {
+                throw new NotExecutableException();
+            }
+        }
+
+        // test transient behaviour of the removal
+        try {acMgr.removePolicy(path);
+            assertTrue("After removing a policy the node must be marked modified.", item.isModified());
+        } finally {
+            item.refresh(false);
+        }
+    }
+
+    public void testNullPolicyOnNewNode() throws NotExecutableException, RepositoryException, AccessDeniedException {
+        Node n;
+        try {
+            n = ((Node) superuser.getItem(path)).addNode(nodeName2, testNodeType);
+        } catch (RepositoryException e) {
+            throw new NotExecutableException();
+        }
+
+        assertNull("A new Node must not have an access control policy set.", acMgr.getPolicy(n.getPath()));
+    }
+
+    public void testSetPolicyOnNewNode() throws NotExecutableException, RepositoryException, AccessDeniedException {
+        Node n;
+        try {
+            n = ((Node) superuser.getItem(path)).addNode(nodeName2, testNodeType);
+        } catch (RepositoryException e) {
+            throw new NotExecutableException();
+        }
+
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(n.getPath());
+        while (it.hasNext()) {
+            AccessControlPolicy policy = it.nextAccessControlPolicy();
+            acMgr.setPolicy(n.getPath(), policy);
+
+            AccessControlPolicy p = acMgr.getPolicy(n.getPath());
+            assertNotNull("After calling setPolicy the manager must return a non-null policy for the new Node.", p);
+            assertEquals("The name of applicable policy must be equal to the name of the set policy", policy.getName(), p.getName());
+        }
+    }
+
+    public void testRemoveTransientlyAddedPolicy() throws RepositoryException, AccessDeniedException {
+        AccessControlPolicy ex = acMgr.getPolicy(path);
+
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+        while (it.hasNext()) {
+            AccessControlPolicy policy = it.nextAccessControlPolicy();
+            acMgr.setPolicy(path, policy);
+            acMgr.removePolicy(path);
+
+            String msg = "transiently added AND removing a policy must revert " +
+                    "the changes made. " +
+                    "ACMgr.getPolicy must then return the original value.";
+            if (ex == null) {
+                assertNull(msg, acMgr.getPolicy(path));
+            } else {
+                assertEquals(msg, ex.getName(), acMgr.getPolicy(path).getName());
+            }
+        }
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/AccessControlPolicyTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlDiscoveryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlDiscoveryTest.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlDiscoveryTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlDiscoveryTest.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.jsr283.security;
+
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * <code>RSessionAccessControlDiscoveryTest</code>: A read-only session must
+ * be able to call 'hasPrivilege' and 'getPrivileges' and 'getSupportedPrivileges'
+ * without access denied exception
+ */
+public class RSessionAccessControlDiscoveryTest extends AbstractAccessControlTest {
+
+    private Session readOnlySession;
+    private AccessControlManager testAcMgr;
+    private String testPath;
+
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        readOnlySession = helper.getReadOnlySession();
+        testAcMgr = getAccessControlManager(readOnlySession);
+        testPath = testRootNode.getPath();
+    }
+
+    protected void tearDown() throws Exception {
+        if (readOnlySession != null) {
+            readOnlySession.logout();
+        }
+        super.tearDown();
+    }
+
+    private Privilege getPrivilege(String name) throws RepositoryException, NotExecutableException {
+        Privilege[] privileges = acMgr.getSupportedPrivileges(testPath);
+        for (int i = 0; i < privileges.length; i++) {
+            if (name.equals(privileges[i].getName())) {
+                return privileges[i];
+            }
+        }
+        throw new NotExecutableException();
+    }
+
+    public void testGetSupportedPrivileges() throws RepositoryException {
+        Privilege[] privileges = testAcMgr.getSupportedPrivileges(testPath);
+        assertNotNull("getSupportedPrivileges must return a non-null value even for read-only session.", privileges);
+        assertTrue("getSupportedPrivileges must return a non-empty array even for read-only session.", privileges.length > 0);
+    }
+
+    public void testGetPrivileges() throws RepositoryException {
+        Privilege[] privs = testAcMgr.getPrivileges(testPath);
+        List names = new ArrayList(privs.length);
+        for (int i = 0; i < privs.length; i++) {
+            names.add(privs[i].getName());
+        }
+        assertTrue("A read-only session must have READ access to the test node.",
+                names.contains(Privilege.READ));
+    }
+
+    public void testHasPrivileges() throws RepositoryException, NotExecutableException {
+        Privilege priv = getPrivilege(Privilege.READ);
+        assertTrue("Read-only session must have READ privilege on test node.",
+                testAcMgr.hasPrivileges(testPath, new Privilege[] {priv}));
+    }
+
+    public void testNotHasPrivileges() throws RepositoryException, NotExecutableException {
+        Privilege all = getPrivilege(Privilege.ALL);
+        assertFalse("Read-only session must not have ALL privilege",
+                testAcMgr.hasPrivileges(testPath, new Privilege[] {all}));
+    }
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlDiscoveryTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlDiscoveryTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlEntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlEntryTest.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlEntryTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlEntryTest.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.jsr283.security;
+
+import org.apache.jackrabbit.core.security.TestPrincipal;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Node;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+
+/**
+ * <code>AccessControlEntryTest</code>...
+ */
+public class RSessionAccessControlEntryTest extends AbstractAccessControlTest {
+
+    private static Logger log = LoggerFactory.getLogger(RSessionAccessControlEntryTest.class);
+
+    private String path;
+    private Session readOnlySession;
+    private AccessControlManager testAcMgr;
+
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        // TODO: test if options is supporte
+        //checkSupportedOption(superuser, Repository.OPTION_ACCESS_CONTROL_ENTRY_SUPPORTED);
+
+        Node n = testRootNode.addNode(nodeName1, testNodeType);
+        superuser.save();
+        path = n.getPath();
+
+        readOnlySession = helper.getReadOnlySession();
+        testAcMgr = getAccessControlManager(readOnlySession);
+    }
+
+    protected void tearDown() throws Exception {
+        if (readOnlySession != null) {
+            readOnlySession.logout();
+        }
+        super.tearDown();
+    }
+    
+    public void testGetAccessControlEntries() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        try {
+            testAcMgr.getAccessControlEntries(path);
+            fail("read only session may not read AC content.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+    }
+
+    public void testGetEffectiveAccessControlEntries() throws NotExecutableException, RepositoryException {
+        try {
+            testAcMgr.getEffectiveAccessControlEntries(path);
+            fail("read only session may not read AC content.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+    }
+
+    public void testAddAccessControlEntry() throws NotExecutableException, RepositoryException {
+        Privilege[] privs = testAcMgr.getSupportedPrivileges(path);
+        try {
+            testAcMgr.addAccessControlEntry(path, new TestPrincipal("principal"), privs);
+            fail("read only session may not add an AC entry.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+    }
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlEntryTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlEntryTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlPolicyTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlPolicyTest.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlPolicyTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlPolicyTest.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,129 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.jsr283.security;
+
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Node;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+
+/**
+ * <code>AccessControlPolicyTest</code>...
+ */
+public class RSessionAccessControlPolicyTest extends AbstractAccessControlTest {
+
+    private static Logger log = LoggerFactory.getLogger(RSessionAccessControlPolicyTest.class);
+
+    private String path;
+    private Session readOnlySession;
+    private AccessControlManager testAcMgr;
+
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        // policy-option is cover the by the 'OPTION_SIMPLE_ACCESS_CONTROL_SUPPORTED' -> see super-class
+        
+        Node n = testRootNode.addNode(nodeName1, testNodeType);
+        superuser.save();
+        path = n.getPath();
+
+        readOnlySession = helper.getReadOnlySession();
+        testAcMgr = getAccessControlManager(readOnlySession);
+    }
+
+    protected void tearDown() throws Exception {
+        if (readOnlySession != null) {
+            readOnlySession.logout();
+        }
+        super.tearDown();
+    }
+
+    public void testGetPolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        try {
+            testAcMgr.getPolicy(path);
+            fail("read only session may not read AC content.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+    }
+
+    public void testGetEffectivePolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        try {
+            testAcMgr.getEffectivePolicy(path);
+            fail("read only session may not read AC content.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+    }
+
+    public void testGetApplicablePolicies() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        try {
+            testAcMgr.getApplicablePolicies(path);
+            fail("read only session may not read AC content.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+    }
+
+    public void testSetPolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        // retrieve valid policy using superuser session:
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+        if (!it.hasNext()) {
+            throw new NotExecutableException();
+        }
+
+        try {
+            testAcMgr.setPolicy(path, it.nextAccessControlPolicy());
+            fail("read only session may not modify AC content.");
+        } catch (AccessControlException e) {
+            // fine as well (policy validity was check first).
+        } catch (AccessDeniedException e) {
+            // success.
+        }
+    }
+
+    public void testSetInvalidPolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        try {
+            testAcMgr.setPolicy(path, new AccessControlPolicy() {
+                public String getName() throws RepositoryException {
+                    return getClass().getName();
+                }
+                public String getDescription() throws RepositoryException {
+                    return "";
+                }
+            });
+            fail("Invalid policy may not be set by a READ-only session.");
+        } catch (AccessControlException e) {
+            // success.
+        } catch (AccessDeniedException e) {
+            // fine as well (privileges were apparently checked first)
+        }
+    }
+
+    public void testRemovePolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
+        try {
+            testAcMgr.removePolicy(path);
+            fail("read only session may not remove a policy.");
+        } catch (AccessDeniedException e) {
+            // success.
+        }
+    }
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlPolicyTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/RSessionAccessControlPolicyTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/TestAll.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/TestAll.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/TestAll.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.jsr283.security;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * <code>TestAll</code>...
+ */
+/**
+ * Test suite
+ */
+public class TestAll extends TestCase {
+
+    /**
+     * Returns a <code>Test</code> suite that executes all tests inside this
+     * package.
+     *
+     * @return a <code>Test</code> suite that executes all tests inside this
+     *         package.
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite("jsr 283 security tests");
+
+        suite.addTestSuite(AccessControlDiscoveryTest.class);
+        suite.addTestSuite(AccessControlPolicyTest.class);
+         suite.addTestSuite(AccessControlPolicyIteratorTest.class);
+        suite.addTestSuite(AccessControlEntryTest.class);
+
+        // tests with read only session:
+        suite.addTestSuite(RSessionAccessControlDiscoveryTest.class);
+        suite.addTestSuite(RSessionAccessControlEntryTest.class);
+        suite.addTestSuite(RSessionAccessControlPolicyTest.class);
+
+        return suite;
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/TestAll.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/jsr283/security/TestAll.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.principal;
+
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.AbstractUserTest;
+import org.apache.jackrabbit.core.security.user.UserManagerImpl;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.RepositoryException;
+import java.security.Principal;
+import java.util.Properties;
+
+/**
+ * <code>DefaultPrincipalProviderTest</code>...
+ */
+public class DefaultPrincipalProviderTest extends AbstractUserTest {
+
+    private static Logger log = LoggerFactory.getLogger(DefaultPrincipalProviderTest.class);
+
+    private PrincipalProvider principalProvider;
+
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        if (!(userMgr instanceof UserManagerImpl)) {
+            throw new NotExecutableException();
+        }
+
+        principalProvider = new DefaultPrincipalProvider(superuser, (UserManagerImpl) userMgr);
+        principalProvider.init(new Properties());
+    }
+
+    protected void tearDown() throws Exception {
+        principalProvider.close();
+
+        super.tearDown();
+    }
+
+    // TODO: add tests for 'findPrincipals'
+
+    public void testUnknownUserMemberShip() throws RepositoryException {
+        Principal userPrincipal = getTestPrincipal();
+
+        PrincipalIterator pit = principalProvider.getGroupMembership(userPrincipal);
+
+        // unknown user must be in 'everyone' group but nothing else
+        assertTrue(pit.hasNext());
+        assertEquals(EveryonePrincipal.getInstance(), pit.nextPrincipal());
+        assertFalse(pit.hasNext());
+    }
+
+    public void testInheritedMemberShip() throws RepositoryException {
+        Principal up = getTestPrincipal();
+
+        User u = null;
+        Group gr1 = null;
+        Group gr2 = null;
+        try {
+            u = userMgr.createUser(up.getName(), buildCredentials(up), up);
+            gr1 = userMgr.createGroup(getTestPrincipal());
+            gr2 = userMgr.createGroup(getTestPrincipal());
+
+            gr1.addMember(gr2);
+            gr2.addMember(u);
+
+            PrincipalIterator it = principalProvider.getGroupMembership(u.getPrincipal());
+            while (it.hasNext()) {
+                Principal p = it.nextPrincipal();
+                if (p.equals(gr1.getPrincipal())) {
+                    // success return
+                    return;
+                }
+            }
+
+            fail("User principal " + up.getName() + " must have inherited group membership for " + gr1.getPrincipal().getName());
+
+        } finally {
+            if (gr2 != null && u != null) gr2.removeMember(u);
+            if (gr1 != null && gr2 != null) gr1.removeMember(gr2);
+
+            if (gr1 != null) gr1.remove();
+            if (gr2 != null) gr2.remove();
+            if (u != null) u.remove();
+        }
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/TestAll.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/TestAll.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/TestAll.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,26 @@
+package org.apache.jackrabbit.core.security.principal;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Test suite
+ */
+public class TestAll extends TestCase {
+
+    /**
+     * Returns a <code>Test</code> suite that executes all tests inside this
+     * package.
+     *
+     * @return a <code>Test</code> suite that executes all tests inside this
+     *         package.
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite("security.principal tests");
+
+        suite.addTestSuite(DefaultPrincipalProviderTest.class);
+
+        return suite;
+    }
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/TestAll.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/TestAll.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java?rev=638834&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java Wed Mar 19 06:56:13 2008
@@ -0,0 +1,183 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.user;
+
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.core.NodeImpl;
+import org.apache.jackrabbit.api.security.user.AbstractUserTest;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.value.StringValue;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.Property;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.jcr.nodetype.ConstraintViolationException;
+
+/**
+ * <code>AuthorizableImplTest</code>...
+ */
+public class AuthorizableImplTest extends AbstractUserTest {
+
+    private static Logger log = LoggerFactory.getLogger(AuthorizableImplTest.class);
+
+    private static void checkProtected(Property prop) throws RepositoryException {
+        assertTrue(prop.getDefinition().isProtected());
+    }
+
+    public void testSetSpecialProperties() throws NotExecutableException, RepositoryException {
+        Value v = superuser.getValueFactory().createValue("any_value");
+        User u = getTestUser(superuser);
+        try {
+            u.setProperty("rep:userId", v);
+            fail("changing the user id should fail.");
+        } catch (RepositoryException e) {
+            // success
+        }
+
+        try {
+            u.setProperty("rep:principalName", v);
+            fail("changing the principalName should fail.");
+        } catch (RepositoryException e) {
+            // success
+        }
+
+        try {
+            Value[] vs = new Value[] {v};
+            u.setProperty("rep:referees", vs);
+            fail("changing the referees property should fail.");
+        } catch (RepositoryException e) {
+            // success
+        }
+
+        Group g = getTestGroup(superuser);
+        try {
+            g.setProperty("rep:principalName", v);
+            fail("changing the principalName should fail.");
+        } catch (RepositoryException e) {
+            // success
+        }
+        try {
+            Value[] vs = new Value[] {v};
+            g.setProperty("rep:members", vs);
+            fail("changing the members property should fail.");
+        } catch (RepositoryException e) {
+            // success
+        }
+    }
+
+    public void testRemoveSpecialProperties() throws NotExecutableException, RepositoryException {
+        User u = getTestUser(superuser);
+        try {
+            u.removeProperty("rep:userId");
+            fail("removing the user id should fail.");
+        } catch (RepositoryException e) {
+            // success
+        }
+
+        try {
+            u.removeProperty("rep:principalName");
+            fail("removing the principalName should fail.");
+        } catch (RepositoryException e) {
+            // success
+        }
+
+        Group g = getTestGroup(superuser);
+        try {
+            g.removeProperty("rep:principalName");
+            fail("removing the principalName should fail.");
+        } catch (RepositoryException e) {
+            // success
+        }
+        try {
+            g.removeProperty("rep:members");
+            fail("removing the members property should fail.");
+        } catch (RepositoryException e) {
+            // success
+        }
+    }
+
+    public void testProtectedUserProperties() throws NotExecutableException, RepositoryException {
+        UserImpl user = (UserImpl) getTestUser(superuser);
+        NodeImpl n = user.getNode();
+
+        checkProtected(n.getProperty(UserConstants.P_USERID));
+        checkProtected(n.getProperty(UserConstants.P_PRINCIPAL_NAME));
+        if (n.hasProperty(UserConstants.P_REFEREES)) {
+           checkProtected(n.getProperty(UserConstants.P_REFEREES));
+        }
+        if (n.hasProperty(UserConstants.P_IMPERSONATORS)) {
+           checkProtected(n.getProperty(UserConstants.P_IMPERSONATORS));
+        }
+    }
+
+    public void testProtectedGroupProperties() throws NotExecutableException, RepositoryException {
+        GroupImpl gr = (GroupImpl) getTestGroup(superuser);
+        NodeImpl n = gr.getNode();
+
+        checkProtected(n.getProperty(UserConstants.P_PRINCIPAL_NAME));
+        if (n.hasProperty(UserConstants.P_MEMBERS)) {
+           checkProtected(n.getProperty(UserConstants.P_MEMBERS));
+        }
+        if (n.hasProperty(UserConstants.P_REFEREES)) {
+           checkProtected(n.getProperty(UserConstants.P_REFEREES));
+        }
+    }
+
+    public void testSetSpecialPropertiesDirectly() throws NotExecutableException, RepositoryException {
+        AuthorizableImpl user = (AuthorizableImpl) getTestUser(superuser);
+        NodeImpl n = user.getNode();
+        try {
+            String pName = user.getPrincipalName();
+            n.setProperty(UserConstants.P_PRINCIPAL_NAME, new StringValue("any-value"));
+
+            // should have failed => change value back.
+            n.setProperty(UserConstants.P_PRINCIPAL_NAME, new StringValue(pName));
+            fail("Attempt to change protected property rep:principalName should fail.");
+        } catch (ConstraintViolationException e) {
+            // ok.
+        }
+
+        try {
+            String refereeName = "anyreferee";
+            n.setProperty(UserConstants.P_REFEREES, new Value[] {new StringValue(refereeName)});
+            fail("Attempt to change protected property rep:referees should fail.");
+        } catch (ConstraintViolationException e) {
+            // ok.
+        }
+        try {
+            String imperson = "anyimpersonator";
+            n.setProperty(UserConstants.P_IMPERSONATORS, new Value[] {new StringValue(imperson)});
+            fail("Attempt to change protected property rep:impersonators should fail.");
+        } catch (ConstraintViolationException e) {
+            // ok.
+        }
+    }
+
+    public void testRemoveSpecialPropertiesDirectly() throws RepositoryException, NotExecutableException {
+        AuthorizableImpl g = (AuthorizableImpl) getTestGroup(superuser);
+        NodeImpl n = g.getNode();
+        try {
+            n.getProperty(UserConstants.P_PRINCIPAL_NAME).remove();
+            fail("Attempt to remove protected property rep:principalName should fail.");
+        } catch (ConstraintViolationException e) {
+            // ok.
+        }
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url



Mime
View raw message