jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1082450 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/security/authorization/ main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ main/java/org/apache/jackrabbit/core/security/user...
Date Thu, 17 Mar 2011 11:57:13 GMT
Author: angela
Date: Thu Mar 17 11:57:12 2011
New Revision: 1082450

URL: http://svn.apache.org/viewvc?rev=1082450&view=rev
Log:
JCR-2887 : Split PrivilegeRegistry in a per-session manager instance and a repository level registry [work in progress]

Added:
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java   (with props)
Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/CompiledPermissions.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLProvider.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractACLTemplateTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractAccessControlProvider.java Thu Mar 17 11:57:12 2011
@@ -105,9 +105,9 @@ public abstract class AbstractAccessCont
                 return true;
             }
             public int getPrivileges(Path absPath) throws RepositoryException {
-                return getPrivilegeManagerImpl().getBits(new Privilege[] {getAllPrivilege()});
+                return getPrivilegeManagerImpl().getBits(getAllPrivilege());
             }
-            public boolean hasPrivileges(Path absPath, Privilege[] privileges) {
+            public boolean hasPrivileges(Path absPath, Privilege... privileges) {
                 return true;
             }
             public Set<Privilege> getPrivilegeSet(Path absPath) throws RepositoryException {
@@ -150,10 +150,10 @@ public abstract class AbstractAccessCont
                 if (isAcItem(absPath)) {
                     return PrivilegeRegistry.NO_PRIVILEGE;
                 } else {
-                    return getPrivilegeManagerImpl().getBits(new Privilege[] {getReadPrivilege()});
+                    return getPrivilegeManagerImpl().getBits(getReadPrivilege());
                 }
             }
-            public boolean hasPrivileges(Path absPath, Privilege[] privileges) throws RepositoryException {
+            public boolean hasPrivileges(Path absPath, Privilege... privileges) throws RepositoryException {
                 if (isAcItem(absPath)) {
                     return false;
                 } else {

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AbstractCompiledPermissions.java Thu Mar 17 11:57:12 2011
@@ -20,7 +20,6 @@ import org.apache.commons.collections.ma
 import org.apache.jackrabbit.spi.Path;
 
 import javax.jcr.RepositoryException;
-import javax.jcr.security.AccessControlException;
 import javax.jcr.security.Privilege;
 import java.util.Collection;
 import java.util.Collections;
@@ -123,9 +122,9 @@ public abstract class AbstractCompiledPe
     }
 
     /**
-     * @see CompiledPermissions#hasPrivileges(Path, Privilege[])
+     * @see CompiledPermissions#hasPrivileges(org.apache.jackrabbit.spi.Path,javax.jcr.security.Privilege...)
      */
-    public boolean hasPrivileges(Path absPath, Privilege[] privileges) throws RepositoryException {
+    public boolean hasPrivileges(Path absPath, Privilege... privileges) throws RepositoryException {
         Result result = getResult(absPath);
         int builtin = getPrivilegeManagerImpl().getBits(privileges);
 

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/CompiledPermissions.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/CompiledPermissions.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/CompiledPermissions.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/CompiledPermissions.java Thu Mar 17 11:57:12 2011
@@ -74,7 +74,7 @@ public interface CompiledPermissions {
      * specified <code>absPath</code>.
      * @throws RepositoryException
      */
-    boolean hasPrivileges(Path absPath, Privilege[] privileges) throws RepositoryException;
+    boolean hasPrivileges(Path absPath, Privilege... privileges) throws RepositoryException;
 
     /**
      * Returns the <code>Privilege</code>s granted by the underlying policy
@@ -135,7 +135,7 @@ public interface CompiledPermissions {
             return PrivilegeRegistry.NO_PRIVILEGE;
         }
 
-        public boolean hasPrivileges(Path absPath, Privilege[] privileges) throws RepositoryException {
+        public boolean hasPrivileges(Path absPath, Privilege... privileges) throws RepositoryException {
             return false;
         }
         public Set<Privilege> getPrivilegeSet(Path absPath) throws RepositoryException {

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImpl.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImpl.java Thu Mar 17 11:57:12 2011
@@ -187,7 +187,7 @@ public final class PrivilegeManagerImpl 
      * @throws AccessControlException If the specified array is null, empty
      * or if it contains an unregistered privilege.
      */
-    public int getBits(Privilege[] privileges) throws AccessControlException {
+    public int getBits(Privilege... privileges) throws AccessControlException {
         if (privileges == null || privileges.length == 0) {
             throw new AccessControlException("Privilege array is empty or null.");
         }
@@ -197,7 +197,8 @@ public final class PrivilegeManagerImpl 
             if (priv instanceof PrivilegeImpl) {
                 defs[i] = ((PrivilegeImpl) priv).definition;
             } else {
-                throw new AccessControlException("Unknown privilege '" + priv.getName() + "'.");
+                String name = (priv == null) ? "null" : priv.getName();
+                throw new AccessControlException("Unknown privilege '" + name + "'.");
             }
         }
         return registry.getBits(defs);
@@ -211,11 +212,11 @@ public final class PrivilegeManagerImpl 
      * <code>bits</code>. If <code>bits</code> does not match to any registered
      * privilege an empty array will be returned.
      *
-     * @param bits Privilege bits as obtained from {@link #getBits(Privilege[])}.
+     * @param bits Privilege bits as obtained from {@link #getBits(Privilege...)}.
      * @return Array of <code>Privilege</code>s that are presented by the given
      * <code>bits</code> or an empty array if <code>bits</code> cannot be
      * resolved to registered <code>Privilege</code>s.
-     * @see #getBits(Privilege[])
+     * @see #getBits(Privilege...)
      */
     public Set<Privilege> getPrivileges(int bits) {
         Name[] names = registry.getNames(bits);

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java Thu Mar 17 11:57:12 2011
@@ -220,7 +220,7 @@ public final class PrivilegeRegistry {
      * @throws AccessControlException If the specified array is null
      * or if it contains an unregistered privilege.
      * @see #getPrivileges(int)
-     * @deprecated Use {@link PrivilegeManagerImpl#getBits(javax.jcr.security.Privilege[])} instead.
+     * @deprecated Use {@link PrivilegeManagerImpl#getBits(javax.jcr.security.Privilege...)} instead.
      */
     public static int getBits(Privilege[] privileges) throws AccessControlException {
         if (privileges == null || privileges.length == 0) {

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLProvider.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLProvider.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLProvider.java Thu Mar 17 11:57:12 2011
@@ -102,7 +102,7 @@ public class ACLProvider extends Abstrac
         editor = new ACLEditor(session, resolver.getQPath(acRoot.getPath()));
         entriesCache = new EntriesCache(session, editor, acRoot.getPath());
         PrivilegeManagerImpl pm = getPrivilegeManagerImpl();
-        readBits = pm.getBits(new Privilege[] {pm.getPrivilege(Privilege.JCR_READ)});
+        readBits = pm.getBits(pm.getPrivilege(Privilege.JCR_READ));
 
         // TODO: replace by configurable default policy (see JCR-2331)
         if (!configuration.containsKey(PARAM_OMIT_DEFAULT_PERMISSIONS)) {

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java Thu Mar 17 11:57:12 2011
@@ -379,7 +379,7 @@ public class UserAccessControlProvider e
 
         private int getPrivilegeBits(String privName) throws RepositoryException {
             PrivilegeManagerImpl impl = getPrivilegeManagerImpl();
-            return impl.getBits(new Privilege[] {impl.getPrivilege(privName)});
+            return impl.getBits(impl.getPrivilege(privName));
         }
 
         //------------------------------------< AbstractCompiledPermissions >---

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractACLTemplateTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractACLTemplateTest.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractACLTemplateTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractACLTemplateTest.java Thu Mar 17 11:57:12 2011
@@ -120,7 +120,7 @@ public abstract class AbstractACLTemplat
                     return false;
                 }
                 public int getPrivilegeBits() throws RepositoryException {
-                    return privilegeMgr.getBits(new Privilege[] {privilegeMgr.getPrivilege(Privilege.JCR_READ)});
+                    return privilegeMgr.getBits(privilegeMgr.getPrivilege(Privilege.JCR_READ));
                 }
                 public String[] getRestrictionNames() {
                     return new String[0];

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java?rev=1082450&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java Thu Mar 17 11:57:12 2011
@@ -0,0 +1,377 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization;
+
+import org.apache.jackrabbit.commons.privilege.PrivilegeDefinition;
+import org.apache.jackrabbit.commons.privilege.PrivilegeDefinitionWriter;
+import org.apache.jackrabbit.core.RepositoryImpl;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.fs.FileSystem;
+import org.apache.jackrabbit.core.fs.FileSystemException;
+import org.apache.jackrabbit.core.fs.FileSystemResource;
+import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.spi.commons.conversion.IllegalNameException;
+import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
+import org.apache.jackrabbit.spi.commons.name.NameConstants;
+import org.apache.jackrabbit.test.AbstractJCRTest;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.security.Privilege;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import java.io.Writer;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * <code>CustomPrivilegeTest</code>...
+ */
+public class CustomPrivilegeTest extends AbstractJCRTest {
+
+    private NameResolver resolver;
+
+    private FileSystem fs;
+    private PrivilegeRegistry privilegeRegistry;
+
+    @Override
+    protected void setUp() throws Exception {
+        super.setUp();
+        resolver = ((SessionImpl) superuser);
+
+        // setup the custom privilege file with cyclic references
+        fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+        FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml");
+        if (!resource.exists()) {
+            resource.makeParentDirs();
+        }
+
+        privilegeRegistry = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+    }
+
+    @Override
+    protected void tearDown() throws Exception {
+        try {
+            if (fs.exists("/privileges") && fs.isFolder("/privileges")) {
+                fs.deleteFolder("/privileges");
+            }
+        } finally {
+            super.tearDown();
+        }
+    }
+
+    private static void assertPrivilege(PrivilegeRegistry registry, NameResolver resolver, PrivilegeRegistry.Definition def) throws RepositoryException {
+        PrivilegeManagerImpl pmgr = new PrivilegeManagerImpl(registry, resolver);
+        Privilege p = pmgr.getPrivilege(resolver.getJCRName(def.getName()));
+
+        assertNotNull(p);
+
+        assertEquals(def.isCustom(), pmgr.isCustomPrivilege(p));
+        assertEquals(def.isAbstract(), p.isAbstract());
+        Name[] danames = def.getDeclaredAggregateNames();
+        assertEquals(danames.length > 0, p.isAggregate());
+        assertEquals(danames.length, p.getDeclaredAggregatePrivileges().length);
+    }
+
+    private static void assertBits(int expected, PrivilegeRegistry.Definition def, PrivilegeRegistry registry) {
+        assertEquals(expected, registry.getBits(new PrivilegeRegistry.Definition[] {def}));
+    }
+
+    private static Set<Name> createNameSet(Name... names) {
+        Set<Name> set = new HashSet<Name>();
+        set.addAll(Arrays.asList(names));
+        return set;
+    }
+
+    public void testInvalidCustomDefinitions() throws RepositoryException, FileSystemException, IOException {
+        // setup the custom privilege file with cyclic references
+        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+        FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml");
+        if (!resource.exists()) {
+            resource.makeParentDirs();
+        }
+        StringBuilder sb = new StringBuilder();
+        sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?><privileges><privilege isAbstract=\"false\" name=\"test\"><contains name=\"test2\"/></privilege></privileges>");
+
+        Writer writer = new OutputStreamWriter(resource.getOutputStream(), "utf-8");
+        writer.write(sb.toString());
+        writer.flush();
+        writer.close();
+
+        try {
+            new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+            fail("Invalid names must be detected upon registry startup.");
+        } catch (RepositoryException e) {
+            // success
+        } finally {
+            fs.deleteFolder("/privileges");
+        }
+    }
+
+    public void testCustomDefinitionsWithCyclicReferences() throws RepositoryException, FileSystemException, IOException {
+        // setup the custom privilege file with cyclic references
+        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+        FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml");
+        if (!resource.exists()) {
+            resource.makeParentDirs();
+        }
+
+        OutputStream out = resource.getOutputStream();
+        try {
+            List<PrivilegeDefinition> defs = new ArrayList<PrivilegeDefinition>();
+            defs.add(new PrivilegeDefinition("test", false, new String[] {"test2"}));
+            defs.add(new PrivilegeDefinition("test4", true, new String[] {"test5"}));
+            defs.add(new PrivilegeDefinition("test5", false, new String[] {"test3"}));
+            defs.add(new PrivilegeDefinition("test3", false, new String[] {"test"}));
+            defs.add(new PrivilegeDefinition("test2", false, new String[] {"test4"}));
+            PrivilegeDefinitionWriter pdw = new PrivilegeDefinitionWriter("text/xml");
+            pdw.writeDefinitions(out, defs.toArray(new PrivilegeDefinition[defs.size()]), Collections.<String, String>emptyMap());
+
+            new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+            fail("Cyclic definitions must be detected upon registry startup.");
+        } catch (RepositoryException e) {
+            // success
+        } finally {
+            out.close();
+            fs.deleteFolder("/privileges");
+        }
+    }
+
+    public void testCustomEquivalentDefinitions() throws RepositoryException, FileSystemException, IOException {
+        // setup the custom privilege file with cyclic references
+        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+        FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml");
+        if (!resource.exists()) {
+            resource.makeParentDirs();
+        }
+
+        OutputStream out = resource.getOutputStream();
+        try {
+            List<PrivilegeDefinition> defs = new ArrayList<PrivilegeDefinition>();
+            defs.add(new PrivilegeDefinition("test", false, new String[] {"test2","test3"}));
+            defs.add(new PrivilegeDefinition("test2", true, new String[] {"test4"}));
+            defs.add(new PrivilegeDefinition("test3", true, new String[] {"test5"}));
+            defs.add(new PrivilegeDefinition("test4", true, new String[0]));
+            defs.add(new PrivilegeDefinition("test5", true, new String[0]));
+
+            // the equivalent definition to 'test'
+            defs.add(new PrivilegeDefinition("test6", false, new String[] {"test2","test5"}));
+
+            PrivilegeDefinitionWriter pdw = new PrivilegeDefinitionWriter("text/xml");
+            pdw.writeDefinitions(out, defs.toArray(new PrivilegeDefinition[defs.size()]), Collections.<String, String>emptyMap());
+
+            new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+            fail("Equivalent definitions must be detected upon registry startup.");
+        } catch (RepositoryException e) {
+            // success
+        } finally {
+            out.close();
+            fs.deleteFolder("/privileges");
+        }
+    }
+
+    public void testRegisterBuiltInPrivilege() throws RepositoryException, IllegalNameException, FileSystemException {
+        Map<Name, Set<Name>> builtIns = new HashMap<Name, Set<Name>>();
+        builtIns.put(NameConstants.JCR_READ, Collections.<Name>emptySet());
+        builtIns.put(NameConstants.JCR_LIFECYCLE_MANAGEMENT, Collections.singleton(NameConstants.JCR_ADD_CHILD_NODES));
+        builtIns.put(PrivilegeRegistry.REP_WRITE_NAME, Collections.<Name>emptySet());
+        builtIns.put(NameConstants.JCR_ALL, Collections.<Name>emptySet());
+
+        for (Name builtInName : builtIns.keySet()) {
+            try {
+                privilegeRegistry.registerDefinition(builtInName, false, builtIns.get(builtInName));
+                fail("Privilege name already in use -> Exception expected");
+            } catch (RepositoryException e) {
+                // success
+            }
+        }
+    }
+
+    public void testRegisterInvalidNewAggregate() throws RepositoryException, IllegalNameException, FileSystemException {
+        Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
+        // same as jcr:read
+        newAggregates.put(resolver.getQName("jcr:newAggregate"), Collections.singleton(NameConstants.JCR_READ));
+        // aggregated combining built-in and an unknown privilege
+        newAggregates.put(resolver.getQName("jcr:newAggregate"), createNameSet(NameConstants.JCR_READ, resolver.getQName("unknownPrivilege")));
+        // aggregate containing unknown privilege
+        newAggregates.put(resolver.getQName("newAggregate"), createNameSet(resolver.getQName("unknownPrivilege")));
+        // aggregated combining built-in and custom
+        newAggregates.put(resolver.getQName("newAggregate"), createNameSet(NameConstants.JCR_READ, resolver.getQName("unknownPrivilege")));
+        // custom aggregated contains itself
+        newAggregates.put(resolver.getQName("newAggregate"), createNameSet(resolver.getQName("newAggregate")));
+        // same as rep:write
+        newAggregates.put(resolver.getQName("repWriteAggregate"), createNameSet(NameConstants.JCR_MODIFY_PROPERTIES, NameConstants.JCR_ADD_CHILD_NODES, NameConstants.JCR_NODE_TYPE_MANAGEMENT, NameConstants.JCR_REMOVE_CHILD_NODES,NameConstants.JCR_REMOVE_NODE));
+        // aggregating built-in -> currently not supported
+        newAggregates.put(resolver.getQName("aggrBuiltIn"), createNameSet(NameConstants.JCR_MODIFY_PROPERTIES, NameConstants.JCR_READ));
+
+        for (Name name : newAggregates.keySet()) {
+            try {
+                privilegeRegistry.registerDefinition(name, true, newAggregates.get(name));
+                fail("New aggregate referring to unknown Privilege  -> Exception expected");
+            } catch (RepositoryException e) {
+                // success
+            }
+        }
+    }
+
+    public void testRegisterInvalidNewAggregate2() throws RepositoryException, FileSystemException {
+        Map<Name, Set<Name>> newCustomPrivs = new LinkedHashMap<Name, Set<Name>>();
+        newCustomPrivs.put(resolver.getQName("new"), Collections.<Name>emptySet());
+        newCustomPrivs.put(resolver.getQName("new2"), Collections.<Name>singleton(resolver.getQName("new")));
+
+        for (Name name : newCustomPrivs.keySet()) {
+            boolean isAbstract = true;
+            Set<Name> aggrNames = newCustomPrivs.get(name);
+            privilegeRegistry.registerDefinition(name, isAbstract, aggrNames);
+        }
+
+        Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
+        // a new aggregate of custom and built-in privilege
+        newAggregates.put(resolver.getQName("newA1"), createNameSet(resolver.getQName("new"), NameConstants.JCR_READ));
+        // other illegal aggregates already represented by registered definition.
+        newAggregates.put(resolver.getQName("newA2"), Collections.<Name>singleton(resolver.getQName("new")));
+        newAggregates.put(resolver.getQName("newA3"), Collections.<Name>singleton(resolver.getQName("new2")));
+
+        for (Name name : newAggregates.keySet()) {
+            boolean isAbstract = false;
+            Set<Name> aggrNames = newAggregates.get(name);
+
+            try {
+                privilegeRegistry.registerDefinition(name, isAbstract, aggrNames);
+                fail("Invalid aggregation in definition '"+ name.toString()+"' : Exception expected");
+            } catch (RepositoryException e) {
+                // success
+            }
+        }
+    }
+
+    public void testRegisterCustomPrivileges() throws RepositoryException, FileSystemException {
+        Map<Name, Set<Name>> newCustomPrivs = new HashMap<Name, Set<Name>>();
+        newCustomPrivs.put(resolver.getQName("new"), Collections.<Name>emptySet());
+        newCustomPrivs.put(resolver.getQName("test:new"), Collections.<Name>emptySet());
+
+        for (Name name : newCustomPrivs.keySet()) {
+            boolean isAbstract = true;
+            Set<Name> aggrNames = newCustomPrivs.get(name);
+
+            privilegeRegistry.registerDefinition(name, isAbstract, aggrNames);
+
+            // validate definition
+            PrivilegeRegistry.Definition definition = privilegeRegistry.get(name);
+            assertNotNull(definition);
+            assertTrue(definition.isCustom());
+            assertEquals(name, definition.getName());
+            assertTrue(definition.isAbstract());
+            assertTrue(definition.declaredAggregateNames.isEmpty());
+            assertEquals(aggrNames.size(), definition.declaredAggregateNames.size());
+            for (Name n : aggrNames) {
+                assertTrue(definition.declaredAggregateNames.contains(n));
+            }
+            assertBits(PrivilegeRegistry.NO_PRIVILEGE, definition, privilegeRegistry);
+
+            List<Name> allAgg = Arrays.asList(privilegeRegistry.get(NameConstants.JCR_ALL).getDeclaredAggregateNames());
+            assertTrue(allAgg.contains(name));
+
+            // re-read the filesystem resource and check if definition is correct
+            PrivilegeRegistry registry = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+            PrivilegeRegistry.Definition def = registry.get(name);
+            assertEquals(isAbstract, def.isAbstract);
+            assertEquals(aggrNames.size(), def.declaredAggregateNames.size());
+            for (Name n : aggrNames) {
+                assertTrue(def.declaredAggregateNames.contains(n));
+            }
+
+            assertPrivilege(privilegeRegistry, (SessionImpl) superuser, definition);
+        }
+
+        Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
+        // a new aggregate of custom privileges
+        newAggregates.put(resolver.getQName("newA2"), createNameSet(resolver.getQName("test:new"), resolver.getQName("new")));
+
+        for (Name name : newAggregates.keySet()) {
+            boolean isAbstract = false;
+            Set<Name> aggrNames = newAggregates.get(name);
+            privilegeRegistry.registerDefinition(name, isAbstract, aggrNames);
+            PrivilegeRegistry.Definition definition = privilegeRegistry.get(name);
+
+            assertNotNull(definition);
+            assertTrue(definition.isCustom());
+            assertEquals(name, definition.getName());
+            assertFalse(definition.isAbstract());
+            assertFalse(definition.declaredAggregateNames.isEmpty());
+            assertEquals(aggrNames.size(), definition.declaredAggregateNames.size());
+            for (Name n : aggrNames) {
+                assertTrue(definition.declaredAggregateNames.contains(n));
+            }
+
+            assertBits(PrivilegeRegistry.NO_PRIVILEGE, definition, privilegeRegistry);
+
+            List<Name> allAgg = Arrays.asList(privilegeRegistry.get(NameConstants.JCR_ALL).getDeclaredAggregateNames());
+            assertTrue(allAgg.contains(name));
+
+            // re-read the filesystem resource and check if definition is correct
+            PrivilegeRegistry registry = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+            PrivilegeRegistry.Definition def = registry.get(name);
+            assertEquals(isAbstract, def.isAbstract);
+            assertEquals(isAbstract, def.isAbstract);
+            assertEquals(aggrNames.size(), def.declaredAggregateNames.size());
+            for (Name n : aggrNames) {
+                assertTrue(def.declaredAggregateNames.contains(n));
+            }
+
+            assertPrivilege(registry, (SessionImpl) superuser, def);
+        }
+    }
+
+    public void testCustomPrivilege() throws RepositoryException, FileSystemException {
+        boolean isAbstract = false;
+        Name name = ((SessionImpl) superuser).getQName("test");
+        privilegeRegistry.registerDefinition(name, isAbstract, Collections.<Name>emptySet());
+
+        PrivilegeManagerImpl pm = new PrivilegeManagerImpl(privilegeRegistry, resolver);
+        String privName = resolver.getJCRName(name);
+
+        Privilege priv = pm.getPrivilege(privName);
+        assertEquals(privName, priv.getName());
+        assertEquals(isAbstract, priv.isAbstract());
+        assertFalse(priv.isAggregate());
+        assertEquals(PrivilegeRegistry.NO_PRIVILEGE, pm.getBits(priv));
+
+        Privilege jcrWrite = pm.getPrivilege(Privilege.JCR_WRITE);
+        assertEquals(pm.getBits(jcrWrite), pm.getBits(priv, jcrWrite));
+
+    }
+
+    public void testRegister100CustomPrivileges() throws RepositoryException, FileSystemException {
+        for (int i = 0; i < 100; i++) {
+            boolean isAbstract = true;
+            Name name = ((SessionImpl) superuser).getQName("test"+i);
+            privilegeRegistry.registerDefinition(name, isAbstract, Collections.<Name>emptySet());
+            PrivilegeRegistry.Definition definition = privilegeRegistry.get(name);
+
+            assertNotNull(definition);
+            assertEquals(name, definition.getName());
+        }
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev URL

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java Thu Mar 17 11:57:12 2011
@@ -28,10 +28,8 @@ import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.security.AccessControlException;
 import javax.jcr.security.Privilege;
-import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashSet;
-import java.util.List;
 import java.util.Set;
 
 /**
@@ -119,14 +117,14 @@ public class PrivilegeManagerImplTest ex
 
         int bits = getPrivilegeManagerImpl().getBits(privs);
         assertTrue(bits > PrivilegeRegistry.NO_PRIVILEGE);
-        assertTrue(bits == (getPrivilegeManagerImpl().getBits(new Privilege[] {p1}) |
-                getPrivilegeManagerImpl().getBits(new Privilege[] {p2})));
+        assertTrue(bits == (getPrivilegeManagerImpl().getBits(p1) |
+                getPrivilegeManagerImpl().getBits(p2)));
     }
 
     public void testGetBitsFromCustomPrivilege() throws AccessControlException {
         Privilege p = buildCustomPrivilege(Privilege.JCR_READ, null);
         try {
-            getPrivilegeManagerImpl().getBits(new Privilege[] {p});
+            getPrivilegeManagerImpl().getBits(p);
             fail("Retrieving bits from unknown privilege should fail.");
         } catch (AccessControlException e) {
             // ok
@@ -136,7 +134,7 @@ public class PrivilegeManagerImplTest ex
     public void testGetBitsFromCustomAggregatePrivilege() throws RepositoryException {
         Privilege p = buildCustomPrivilege("anyName", privilegeMgr.getPrivilege(Privilege.JCR_WRITE));
         try {
-            getPrivilegeManagerImpl().getBits(new Privilege[] {p});
+            getPrivilegeManagerImpl().getBits(p);
             fail("Retrieving bits from unknown privilege should fail.");
         } catch (AccessControlException e) {
             // ok
@@ -145,7 +143,14 @@ public class PrivilegeManagerImplTest ex
 
     public void testGetBitsFromNull() {
         try {
-            getPrivilegeManagerImpl().getBits(null);
+            getPrivilegeManagerImpl().getBits((Privilege) null);
+            fail("Should throw AccessControlException");
+        } catch (AccessControlException e) {
+            // ok
+        }
+
+        try {
+            getPrivilegeManagerImpl().getBits((Privilege[]) null);
             fail("Should throw AccessControlException");
         } catch (AccessControlException e) {
             // ok
@@ -161,10 +166,19 @@ public class PrivilegeManagerImplTest ex
         }
     }
 
+    public void testGetBitsFromArrayContainingNull() throws RepositoryException {
+        try {
+            getPrivilegeManagerImpl().getBits(privilegeMgr.getPrivilege(Privilege.JCR_READ), null);
+            fail("Should throw AccessControlException");
+        } catch (AccessControlException e) {
+            // ok
+        }
+    }
+
     public void testGetBitsWithInvalidPrivilege() {
         Privilege p = buildCustomPrivilege("anyName", null);
         try {
-            getPrivilegeManagerImpl().getBits(new Privilege[] {p});
+            getPrivilegeManagerImpl().getBits(p);
             fail();
         } catch (AccessControlException e) {
             // ok

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java Thu Mar 17 11:57:12 2011
@@ -16,36 +16,19 @@
  */
 package org.apache.jackrabbit.core.security.authorization;
 
-import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
-import org.apache.jackrabbit.commons.privilege.PrivilegeDefinition;
-import org.apache.jackrabbit.commons.privilege.PrivilegeDefinitionWriter;
-import org.apache.jackrabbit.core.RepositoryImpl;
 import org.apache.jackrabbit.core.SessionImpl;
-import org.apache.jackrabbit.core.fs.FileSystem;
-import org.apache.jackrabbit.core.fs.FileSystemException;
-import org.apache.jackrabbit.core.fs.FileSystemResource;
 import org.apache.jackrabbit.spi.Name;
-import org.apache.jackrabbit.spi.commons.conversion.IllegalNameException;
 import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
 import org.apache.jackrabbit.spi.commons.name.NameConstants;
 import org.apache.jackrabbit.test.AbstractJCRTest;
 
 import javax.jcr.RepositoryException;
-import javax.jcr.Session;
 import javax.jcr.security.AccessControlException;
 import javax.jcr.security.Privilege;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import java.io.Writer;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
 import java.util.HashSet;
-import java.util.LinkedHashMap;
 import java.util.List;
-import java.util.Map;
 import java.util.Set;
 
 /**
@@ -283,8 +266,8 @@ public class PrivilegeRegistryTest exten
                 PrivilegeRegistry.getBits(new Privilege[] {p2})));
     }
 
-    public void testGetBitsFromCustomPrivilege() throws AccessControlException {
-        Privilege p = buildCustomPrivilege(Privilege.JCR_READ, null);
+    public void testGetBitsFromInvalidPrivilege() throws AccessControlException {
+        Privilege p = buildUnregisteredPrivilege(Privilege.JCR_READ, null);
         try {
             PrivilegeRegistry.getBits(new Privilege[] {p});
             fail("Retrieving bits from unknown privilege should fail.");
@@ -293,8 +276,8 @@ public class PrivilegeRegistryTest exten
         }
     }
 
-    public void testGetBitsFromCustomAggregatePrivilege() throws RepositoryException {
-        Privilege p = buildCustomPrivilege("anyName", privilegeRegistry.getPrivilege(Privilege.JCR_WRITE));
+    public void testGetBitsFromInvalidAggregatePrivilege() throws RepositoryException {
+        Privilege p = buildUnregisteredPrivilege("anyName", privilegeRegistry.getPrivilege(Privilege.JCR_WRITE));
         try {
             PrivilegeRegistry.getBits(new Privilege[] {p});
             fail("Retrieving bits from unknown privilege should fail.");
@@ -322,7 +305,7 @@ public class PrivilegeRegistryTest exten
     }
 
     public void testGetBitsWithInvalidPrivilege() {
-        Privilege p = buildCustomPrivilege("anyName", null);
+        Privilege p = buildUnregisteredPrivilege("anyName", null);
         try {
             PrivilegeRegistry.getBits(new Privilege[] {p});
             fail();
@@ -437,314 +420,7 @@ public class PrivilegeRegistryTest exten
         }
     }
 
-    public void testInvalidCustomDefinitions() throws RepositoryException, FileSystemException, IOException {
-        // setup the custom privilege file with cyclic references
-        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
-        FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml");
-        if (!resource.exists()) {
-            resource.makeParentDirs();
-        }
-        StringBuilder sb = new StringBuilder();
-        sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?><privileges><privilege isAbstract=\"false\" name=\"test\"><contains name=\"test2\"/></privilege></privileges>");
-
-        Writer writer = new OutputStreamWriter(resource.getOutputStream(), "utf-8");
-        writer.write(sb.toString());
-        writer.flush();
-        writer.close();
-
-        try {
-            new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
-            fail("Invalid names must be detected upon registry startup.");
-        } catch (RepositoryException e) {
-            // success
-        } finally {
-            fs.deleteFolder("/privileges");
-        }
-    }
-
-    public void testCustomDefinitionsWithCyclicReferences() throws RepositoryException, FileSystemException, IOException {
-        // setup the custom privilege file with cyclic references
-        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
-        FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml");
-        if (!resource.exists()) {
-            resource.makeParentDirs();
-        }
-
-        OutputStream out = resource.getOutputStream();
-        try {
-            List<PrivilegeDefinition> defs = new ArrayList<PrivilegeDefinition>();
-            defs.add(new PrivilegeDefinition("test", false, new String[] {"test2"}));
-            defs.add(new PrivilegeDefinition("test4", true, new String[] {"test5"}));
-            defs.add(new PrivilegeDefinition("test5", false, new String[] {"test3"}));
-            defs.add(new PrivilegeDefinition("test3", false, new String[] {"test"}));
-            defs.add(new PrivilegeDefinition("test2", false, new String[] {"test4"}));
-            PrivilegeDefinitionWriter pdw = new PrivilegeDefinitionWriter("text/xml");
-            pdw.writeDefinitions(out, defs.toArray(new PrivilegeDefinition[defs.size()]), Collections.<String, String>emptyMap());
-
-            new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
-            fail("Cyclic definitions must be detected upon registry startup.");
-        } catch (RepositoryException e) {
-            // success
-        } finally {
-            out.close();
-            fs.deleteFolder("/privileges");
-        }
-    }
-
-    public void testRegisterBuiltInPrivilege() throws RepositoryException, IllegalNameException, FileSystemException {
-        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
-        try {
-            PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
-
-            Map<Name, Set<Name>> builtIns = new HashMap<Name, Set<Name>>();
-            builtIns.put(NameConstants.JCR_READ, Collections.<Name>emptySet());
-            builtIns.put(NameConstants.JCR_LIFECYCLE_MANAGEMENT, Collections.singleton(NameConstants.JCR_ADD_CHILD_NODES));
-            builtIns.put(PrivilegeRegistry.REP_WRITE_NAME, Collections.<Name>emptySet());
-            builtIns.put(NameConstants.JCR_ALL, Collections.<Name>emptySet());
-
-            for (Name builtInName : builtIns.keySet()) {
-                try {
-                    pr.registerDefinition(builtInName, false, builtIns.get(builtInName));
-                    fail("Privilege name already in use -> Exception expected");
-                } catch (RepositoryException e) {
-                    // success
-                }
-            }
-        } finally {
-            fs.deleteFolder("/privileges");
-        }
-    }
-
-    public void testRegisterInvalidNewAggregate() throws RepositoryException, IllegalNameException, FileSystemException {
-        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
-        try {
-            PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
-
-            Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
-            // same as jcr:read
-            newAggregates.put(resolver.getQName("jcr:newAggregate"), Collections.singleton(NameConstants.JCR_READ));
-            // aggregated combining built-in and an unknown privilege
-            newAggregates.put(resolver.getQName("jcr:newAggregate"), createNameSet(NameConstants.JCR_READ, resolver.getQName("unknownPrivilege")));
-            // aggregate containing unknown privilege
-            newAggregates.put(resolver.getQName("newAggregate"), createNameSet(resolver.getQName("unknownPrivilege")));
-            // aggregated combining built-in and custom
-            newAggregates.put(resolver.getQName("newAggregate"), createNameSet(NameConstants.JCR_READ, resolver.getQName("unknownPrivilege")));
-            // custom aggregated contains itself
-            newAggregates.put(resolver.getQName("newAggregate"), createNameSet(resolver.getQName("newAggregate")));
-            // same as rep:write
-            newAggregates.put(resolver.getQName("repWriteAggregate"), createNameSet(NameConstants.JCR_MODIFY_PROPERTIES, NameConstants.JCR_ADD_CHILD_NODES, NameConstants.JCR_NODE_TYPE_MANAGEMENT, NameConstants.JCR_REMOVE_CHILD_NODES,NameConstants.JCR_REMOVE_NODE));
-            // aggregating built-in -> currently not supported
-            newAggregates.put(resolver.getQName("aggrBuiltIn"), createNameSet(NameConstants.JCR_MODIFY_PROPERTIES, NameConstants.JCR_READ));
-
-            for (Name name : newAggregates.keySet()) {
-                try {
-                    pr.registerDefinition(name, true, newAggregates.get(name));
-                    fail("New aggregate referring to unknown Privilege  -> Exception expected");
-                } catch (RepositoryException e) {
-                    // success
-                }
-            }
-        } finally {
-            fs.deleteFolder("/privileges");
-        }
-    }
-
-    public void testRegisterInvalidNewAggregate2() throws RepositoryException, FileSystemException {
-        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
-        try {
-            PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
-
-            Map<Name, Set<Name>> newCustomPrivs = new LinkedHashMap<Name, Set<Name>>();
-            newCustomPrivs.put(resolver.getQName("new"), Collections.<Name>emptySet());
-            newCustomPrivs.put(resolver.getQName("new2"), Collections.<Name>singleton(resolver.getQName("new")));
-
-            for (Name name : newCustomPrivs.keySet()) {
-                boolean isAbstract = true;
-                Set<Name> aggrNames = newCustomPrivs.get(name);
-                pr.registerDefinition(name, isAbstract, aggrNames);
-            }
-
-            Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
-            // a new aggregate of custom and built-in privilege
-            newAggregates.put(resolver.getQName("newA1"), createNameSet(resolver.getQName("new"), NameConstants.JCR_READ));
-            // other illegal aggregates already represented by registered definition.
-            newAggregates.put(resolver.getQName("newA2"), Collections.<Name>singleton(resolver.getQName("new")));
-            newAggregates.put(resolver.getQName("newA3"), Collections.<Name>singleton(resolver.getQName("new2")));
-
-            for (Name name : newAggregates.keySet()) {
-                boolean isAbstract = false;
-                Set<Name> aggrNames = newAggregates.get(name);
-
-                try {
-                    pr.registerDefinition(name, isAbstract, aggrNames);
-                    fail("Invalid aggregation in definition '"+ name.toString()+"' : Exception expected");
-                } catch (RepositoryException e) {
-                    // success
-                }
-            }
-        } finally {
-            fs.deleteFolder("/privileges");
-        }
-    }
-
-    public void testRegisterCustomPrivileges() throws RepositoryException, FileSystemException {
-        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
-        try {
-            PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
-
-            Map<Name, Set<Name>> newCustomPrivs = new HashMap<Name, Set<Name>>();
-            newCustomPrivs.put(resolver.getQName("new"), Collections.<Name>emptySet());
-            newCustomPrivs.put(resolver.getQName("test:new"), Collections.<Name>emptySet());
-
-            for (Name name : newCustomPrivs.keySet()) {
-                boolean isAbstract = true;
-                Set<Name> aggrNames = newCustomPrivs.get(name);
-
-                pr.registerDefinition(name, isAbstract, aggrNames);
-
-                // validate definition
-                PrivilegeRegistry.Definition definition = pr.get(name);
-                assertNotNull(definition);
-                assertTrue(definition.isCustom());
-                assertEquals(name, definition.getName());
-                assertTrue(definition.isAbstract());
-                assertTrue(definition.declaredAggregateNames.isEmpty());
-                assertEquals(aggrNames.size(), definition.declaredAggregateNames.size());
-                for (Name n : aggrNames) {
-                    assertTrue(definition.declaredAggregateNames.contains(n));
-                }
-                assertEquals(PrivilegeRegistry.NO_PRIVILEGE, getBits(definition));
-
-                List<Name> allAgg = Arrays.asList(pr.get(NameConstants.JCR_ALL).getDeclaredAggregateNames());
-                assertTrue(allAgg.contains(name));
-
-                // re-read the filesystem resource and check if definition is correct
-                PrivilegeRegistry registry = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
-                PrivilegeRegistry.Definition def = registry.get(name);
-                assertEquals(isAbstract, def.isAbstract);
-                assertEquals(aggrNames.size(), def.declaredAggregateNames.size());
-                for (Name n : aggrNames) {
-                    assertTrue(def.declaredAggregateNames.contains(n));
-                }
-
-                assertPrivilege(pr, (SessionImpl) superuser, definition);
-            }
-
-            Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
-            // a new aggregate of custom privileges
-            newAggregates.put(resolver.getQName("newA2"), createNameSet(resolver.getQName("test:new"), resolver.getQName("new")));
-
-            for (Name name : newAggregates.keySet()) {
-                boolean isAbstract = false;
-                Set<Name> aggrNames = newAggregates.get(name);
-                pr.registerDefinition(name, isAbstract, aggrNames);
-                PrivilegeRegistry.Definition definition = pr.get(name);
-
-                assertNotNull(definition);
-                assertTrue(definition.isCustom());                
-                assertEquals(name, definition.getName());
-                assertFalse(definition.isAbstract());
-                assertFalse(definition.declaredAggregateNames.isEmpty());
-                assertEquals(aggrNames.size(), definition.declaredAggregateNames.size());
-                for (Name n : aggrNames) {
-                    assertTrue(definition.declaredAggregateNames.contains(n));
-                }
-
-                assertEquals(PrivilegeRegistry.NO_PRIVILEGE, getBits(definition));
-
-                List<Name> allAgg = Arrays.asList(pr.get(NameConstants.JCR_ALL).getDeclaredAggregateNames());
-                assertTrue(allAgg.contains(name));
-
-                // re-read the filesystem resource and check if definition is correct
-                PrivilegeRegistry registry = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
-                PrivilegeRegistry.Definition def = registry.get(name);
-                assertEquals(isAbstract, def.isAbstract);
-                assertEquals(isAbstract, def.isAbstract);
-                assertEquals(aggrNames.size(), def.declaredAggregateNames.size());
-                for (Name n : aggrNames) {
-                    assertTrue(def.declaredAggregateNames.contains(n));
-                }
-
-                assertPrivilege(registry, (SessionImpl) superuser, def);
-            }
-        } finally {
-            fs.deleteFolder("/privileges");
-        }
-    }
-
-    private static void assertPrivilege(PrivilegeRegistry registry, SessionImpl session, PrivilegeRegistry.Definition def) throws RepositoryException {
-
-        PrivilegeManagerImpl pmgr = new PrivilegeManagerImpl(registry, session);
-        Privilege p = pmgr.getPrivilege(session.getJCRName(def.getName()));
-
-        assertNotNull(p);
-        
-        assertEquals(def.isCustom(), pmgr.isCustomPrivilege(p));
-        assertEquals(def.isAbstract(), p.isAbstract());
-        Name[] danames = def.getDeclaredAggregateNames();
-        assertEquals(danames.length > 0, p.isAggregate());
-        assertEquals(danames.length, p.getDeclaredAggregatePrivileges().length);
-    }
-
-    public void testCustomEquivalentDefinitions() throws RepositoryException, FileSystemException, IOException {
-        // setup the custom privilege file with cyclic references
-        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
-        FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml");
-        if (!resource.exists()) {
-            resource.makeParentDirs();
-        }
-
-        OutputStream out = resource.getOutputStream();
-        try {
-            List<PrivilegeDefinition> defs = new ArrayList<PrivilegeDefinition>();
-            defs.add(new PrivilegeDefinition("test", false, new String[] {"test2","test3"}));
-            defs.add(new PrivilegeDefinition("test2", true, new String[] {"test4"}));
-            defs.add(new PrivilegeDefinition("test3", true, new String[] {"test5"}));
-            defs.add(new PrivilegeDefinition("test4", true, new String[0]));
-            defs.add(new PrivilegeDefinition("test5", true, new String[0]));
-
-            // the equivalent definition to 'test'
-            defs.add(new PrivilegeDefinition("test6", false, new String[] {"test2","test5"}));
-            
-            PrivilegeDefinitionWriter pdw = new PrivilegeDefinitionWriter("text/xml");
-            pdw.writeDefinitions(out, defs.toArray(new PrivilegeDefinition[defs.size()]), Collections.<String, String>emptyMap());
-
-            new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
-            fail("Equivalent definitions must be detected upon registry startup.");
-        } catch (RepositoryException e) {
-            // success
-        } finally {
-            out.close();
-            fs.deleteFolder("/privileges");
-        }
-    }
-
-    public void testRegister100CustomPrivileges() throws RepositoryException, FileSystemException {
-        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
-        try {
-            PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
-
-            for (int i = 0; i < 100; i++) {
-                boolean isAbstract = true;
-                Name name = ((SessionImpl) superuser).getQName("test"+i);
-                pr.registerDefinition(name, isAbstract, Collections.<Name>emptySet());
-                PrivilegeRegistry.Definition definition = pr.get(name);
-
-                assertNotNull(definition);
-                assertEquals(name, definition.getName());
-            }
-        } finally {
-            fs.deleteFolder("/privileges");
-        }
-    }
-
-    private static Set<Name> createNameSet(Name... names) {
-        Set<Name> set = new HashSet<Name>();
-        set.addAll(Arrays.asList(names));
-        return set;
-    }
-
-    private Privilege buildCustomPrivilege(final String name, final Privilege declaredAggr) {
+    private Privilege buildUnregisteredPrivilege(final String name, final Privilege declaredAggr) {
         return new Privilege() {
 
             public String getName() {

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java?rev=1082450&r1=1082449&r2=1082450&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java Thu Mar 17 11:57:12 2011
@@ -37,6 +37,7 @@ public class TestAll extends TestCase {
 
         suite.addTestSuite(PrivilegeRegistryTest.class);
         suite.addTestSuite(PrivilegeManagerImplTest.class);
+        suite.addTestSuite(CustomPrivilegeTest.class);
         suite.addTestSuite(JackrabbitAccessControlListTest.class);
         suite.addTestSuite(GlobPatternTest.class);
         suite.addTestSuite(PermissionTest.class);



Mime
View raw message