jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1393003 - in /jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege: AbstractPrivilegeTest.java CustomPrivilegeTest.java PrivilegeManagerImplTest.java
Date Tue, 02 Oct 2012 16:09:42 GMT
Author: angela
Date: Tue Oct  2 16:09:41 2012
New Revision: 1393003

URL: http://svn.apache.org/viewvc?rev=1393003&view=rev
Log:
OAK-64 : Privilege Management (WIP)

- revert recent changes (hardcoded credentials)
- move privilege registration tests to separate class
- ignore CustomPrivilegeTest as long as teardown is not complete

Added:
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/AbstractPrivilegeTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/CustomPrivilegeTest.java
Modified:
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImplTest.java

Added: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/AbstractPrivilegeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/AbstractPrivilegeTest.java?rev=1393003&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/AbstractPrivilegeTest.java
(added)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/AbstractPrivilegeTest.java
Tue Oct  2 16:09:41 2012
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.jcr.security.privilege;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.Workspace;
+import javax.jcr.security.Privilege;
+
+import org.apache.jackrabbit.api.JackrabbitWorkspace;
+import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
+import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.test.AbstractJCRTest;
+import org.junit.After;
+import org.junit.Before;
+
+/**
+ * AbstractPrivilegeTest... TODO
+ */
+abstract class AbstractPrivilegeTest extends AbstractJCRTest implements PrivilegeConstants
{
+
+    PrivilegeManager privilegeManager;
+
+    @Before
+    public void setUp() throws Exception {
+        super.setUp();
+        privilegeManager = getPrivilegeManager(superuser);
+    }
+
+    @After
+    public void tearDown() throws Exception {
+        privilegeManager = null;
+        super.tearDown();
+    }
+
+    static PrivilegeManager getPrivilegeManager(Session session) throws RepositoryException
{
+        Workspace workspace = session.getWorkspace();
+        return ((JackrabbitWorkspace) workspace).getPrivilegeManager();
+    }
+
+    static String[] getAggregateNames(String... names) {
+        return names;
+    }
+
+    static void assertContainsDeclared(Privilege privilege, String aggrName) {
+        boolean found = false;
+        for (Privilege p : privilege.getDeclaredAggregatePrivileges()) {
+            if (aggrName.equals(p.getName())) {
+                found = true;
+                break;
+            }
+        }
+        assertTrue(found);
+    }
+
+    void assertPrivilege(Privilege priv, String name, boolean isAggregate, boolean isAbstract)
{
+        assertNotNull(priv);
+        assertEquals(name, priv.getName());
+        assertEquals(isAggregate, priv.isAggregate());
+        assertEquals(isAbstract, priv.isAbstract());
+    }
+}
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/CustomPrivilegeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/CustomPrivilegeTest.java?rev=1393003&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/CustomPrivilegeTest.java
(added)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/CustomPrivilegeTest.java
Tue Oct  2 16:09:41 2012
@@ -0,0 +1,325 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.jcr.security.privilege;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import javax.jcr.AccessDeniedException;
+import javax.jcr.NamespaceException;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.Workspace;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.Privilege;
+
+import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
+import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
+import org.junit.After;
+import org.junit.Ignore;
+import org.junit.Test;
+
+/**
+ * CustomPrivilegeTest...
+ */
+@Ignore
+public class CustomPrivilegeTest extends AbstractPrivilegeTest {
+
+    @After
+    public void tearDown() throws Exception {
+
+        // FIXME: remove any remaining custom privilege definitions
+
+        super.tearDown();
+    }
+
+    @Ignore // FIXME: default setup should enforce access restrictions
+    @Test
+    public void testRegisterPrivilegeWithReadOnly() throws RepositoryException {
+        Session readOnly = getHelper().getReadOnlySession();
+        try {
+            getPrivilegeManager(readOnly).registerPrivilege("test", true, new String[0]);
+            fail("Only admin is allowed to register privileges.");
+        } catch (AccessDeniedException e) {
+            // success
+        } finally {
+            readOnly.logout();
+        }
+    }
+
+    @Test
+    public void testCustomDefinitionsWithCyclicReferences() throws RepositoryException {
+        try {
+            privilegeManager.registerPrivilege("cycl-1", false, new String[] {"cycl-1"});
+            fail("Cyclic definitions must be detected upon registry startup.");
+        } catch (RepositoryException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testCustomEquivalentDefinitions() throws RepositoryException {
+        privilegeManager.registerPrivilege("custom4", false, new String[0]);
+        privilegeManager.registerPrivilege("custom5", false, new String[0]);
+        privilegeManager.registerPrivilege("custom2", false, new String[] {"custom4", "custom5"});
+
+        List<String[]> equivalent = new ArrayList<String[]>();
+        equivalent.add(new String[] {"custom4", "custom5"});
+        equivalent.add(new String[] {"custom2", "custom4"});
+        equivalent.add(new String[] {"custom2", "custom5"});
+        int cnt = 6;
+        for (String[] aggrNames : equivalent) {
+            try {
+                // the equivalent definition to 'custom1'
+                String name = "custom"+(cnt++);
+                privilegeManager.registerPrivilege(name, false, aggrNames);
+                fail("Equivalent '"+name+"' definitions must be detected.");
+            } catch (RepositoryException e) {
+                // success
+            }
+        }
+    }
+
+    @Test
+    public void testRegisterBuiltInPrivilege() throws RepositoryException {
+        Map<String, String[]> builtIns = new HashMap<String, String[]>();
+        builtIns.put(PrivilegeConstants.JCR_READ, new String[0]);
+        builtIns.put(PrivilegeConstants.JCR_LIFECYCLE_MANAGEMENT, new String[] {PrivilegeConstants.JCR_ADD_CHILD_NODES});
+        builtIns.put(PrivilegeConstants.REP_WRITE, new String[0]);
+        builtIns.put(PrivilegeConstants.JCR_ALL, new String[0]);
+
+        for (String builtInName : builtIns.keySet()) {
+            try {
+                privilegeManager.registerPrivilege(builtInName, false, builtIns.get(builtInName));
+                fail("Privilege name " +builtInName+ " already in use -> Exception expected");
+            } catch (RepositoryException e) {
+                // success
+            }
+        }
+    }
+
+    @Test
+    public void testRegisterInvalidNewAggregate() throws RepositoryException {
+        Map<String, String[]> newAggregates = new LinkedHashMap<String, String[]>();
+        // same as jcr:read
+        newAggregates.put("jcrReadAggregate", getAggregateNames(PrivilegeConstants.JCR_READ));
+        // aggregated combining built-in and an unknown privilege
+        newAggregates.put("newAggregate2", getAggregateNames(PrivilegeConstants.JCR_READ,
"unknownPrivilege"));
+        // aggregate containing unknown privilege
+        newAggregates.put("newAggregate3", getAggregateNames("unknownPrivilege"));
+        // custom aggregated contains itself
+        newAggregates.put("newAggregate4", getAggregateNames("newAggregate"));
+        // same as rep:write
+        newAggregates.put("repWriteAggregate", getAggregateNames(PrivilegeConstants.JCR_MODIFY_PROPERTIES,
PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_NODE_TYPE_MANAGEMENT, PrivilegeConstants.JCR_REMOVE_CHILD_NODES,
PrivilegeConstants.JCR_REMOVE_NODE));
+        // aggregated combining built-in and unknown custom
+        newAggregates.put("newAggregate5", getAggregateNames(PrivilegeConstants.JCR_READ,
"unknownPrivilege"));
+
+        for (String name : newAggregates.keySet()) {
+            try {
+                privilegeManager.registerPrivilege(name, true, newAggregates.get(name));
+                fail("New aggregate "+ name +" referring to unknown Privilege  -> Exception
expected");
+            } catch (RepositoryException e) {
+                // success
+            }
+        }
+    }
+
+    @Test
+    public void testRegisterInvalidNewAggregate2() throws RepositoryException {
+        Map<String, String[]> newCustomPrivs = new LinkedHashMap<String, String[]>();
+        newCustomPrivs.put("new", new String[0]);
+        newCustomPrivs.put("new2", new String[0]);
+        Set<String> decl = new HashSet<String>();
+        decl.add("new");
+        decl.add("new2");
+        newCustomPrivs.put("new3", getAggregateNames("new", "new2"));
+
+        for (String name : newCustomPrivs.keySet()) {
+            boolean isAbstract = true;
+            String[] aggrNames = newCustomPrivs.get(name);
+            privilegeManager.registerPrivilege(name, isAbstract, aggrNames);
+        }
+
+        Map<String, String[]> newAggregates = new LinkedHashMap<String, String[]>();
+         // other illegal aggregates already represented by registered definition.
+        newAggregates.put("newA2", getAggregateNames("new"));
+        newAggregates.put("newA3", getAggregateNames("new2"));
+
+        for (String name : newAggregates.keySet()) {
+            boolean isAbstract = false;
+            String[] aggrNames = newAggregates.get(name);
+
+            try {
+                privilegeManager.registerPrivilege(name, isAbstract, aggrNames);
+                fail("Invalid aggregation in definition '"+ name.toString()+"' : Exception
expected");
+            } catch (RepositoryException e) {
+                // success
+            }
+        }
+    }
+
+        @Test
+    public void testRegisterPrivilegeWithIllegalName() {
+        Map<String, String[]> illegal = new HashMap<String, String[]>();
+        // invalid privilege name
+        illegal.put(null, new String[0]);
+        illegal.put("", new String[0]);
+        illegal.put("invalid:privilegeName", new String[0]);
+        illegal.put(".e:privilegeName", new String[0]);
+        // invalid aggregate names
+        illegal.put("newPrivilege", new String[] {"invalid:privilegeName"});
+        illegal.put("newPrivilege", new String[] {".e:privilegeName"});
+        illegal.put("newPrivilege", new String[] {null});
+        illegal.put("newPrivilege", new String[] {""});
+
+        for (String illegalName : illegal.keySet()) {
+            try {
+                privilegeManager.registerPrivilege(illegalName, true, illegal.get(illegalName));
+                fail("Illegal name -> Exception expected");
+            } catch (NamespaceException e) {
+                // success
+            } catch (RepositoryException e) {
+                // success
+            }
+        }
+    }
+
+    @Test
+    public void testRegisterReservedName() {
+        Map<String, String[]> illegal = new HashMap<String, String[]>();
+        // invalid privilege name
+        illegal.put(null, new String[0]);
+        illegal.put("jcr:privilegeName", new String[0]);
+        illegal.put("rep:privilegeName", new String[0]);
+        illegal.put("nt:privilegeName", new String[0]);
+        illegal.put("mix:privilegeName", new String[0]);
+        illegal.put("sv:privilegeName", new String[0]);
+        illegal.put("xml:privilegeName", new String[0]);
+        illegal.put("xmlns:privilegeName", new String[0]);
+        // invalid aggregate names
+        illegal.put("newPrivilege", new String[] {"jcr:privilegeName"});
+
+        for (String illegalName : illegal.keySet()) {
+            try {
+                privilegeManager.registerPrivilege(illegalName, true, illegal.get(illegalName));
+                fail("Illegal name -> Exception expected");
+            } catch (RepositoryException e) {
+                // success
+            }
+        }
+    }
+
+    @Test
+    public void testRegisterCustomPrivileges() throws RepositoryException {
+        Workspace workspace = superuser.getWorkspace();
+        workspace.getNamespaceRegistry().registerNamespace("test", "http://www.apache.org/jackrabbit/test");
+
+        Map<String, String[]> newCustomPrivs = new HashMap<String, String[]>();
+        newCustomPrivs.put("new", new String[0]);
+        newCustomPrivs.put("test:new", new String[0]);
+
+        for (String name : newCustomPrivs.keySet()) {
+            boolean isAbstract = true;
+            String[] aggrNames = newCustomPrivs.get(name);
+
+            Privilege registered = privilegeManager.registerPrivilege(name, isAbstract, aggrNames);
+
+            // validate definition
+            Privilege privilege = privilegeManager.getPrivilege(name);
+            assertNotNull(privilege);
+            assertEquals(name, privilege.getName());
+            assertTrue(privilege.isAbstract());
+            assertEquals(0, privilege.getDeclaredAggregatePrivileges().length);
+            assertContainsDeclared(privilegeManager.getPrivilege(PrivilegeConstants.JCR_ALL),
name);
+        }
+
+        Map<String, String[]> newAggregates = new HashMap<String, String[]>();
+        // a new aggregate of custom privileges
+        newAggregates.put("newA2", getAggregateNames("test:new", "new"));
+        // a new aggregate of custom and built-in privilege
+        newAggregates.put("newA1", getAggregateNames("new", PrivilegeConstants.JCR_READ));
+        // aggregating built-in privileges
+        newAggregates.put("aggrBuiltIn", getAggregateNames(PrivilegeConstants.JCR_MODIFY_PROPERTIES,
PrivilegeConstants.JCR_READ));
+
+        for (String name : newAggregates.keySet()) {
+            boolean isAbstract = false;
+            String[] aggrNames = newAggregates.get(name);
+            privilegeManager.registerPrivilege(name, isAbstract, aggrNames);
+            Privilege p = privilegeManager.getPrivilege(name);
+
+            assertNotNull(p);
+            assertEquals(name, p.getName());
+            assertFalse(p.isAbstract());
+
+            for (String n : aggrNames) {
+                assertContainsDeclared(p, n);
+            }
+            assertContainsDeclared(privilegeManager.getPrivilege(PrivilegeConstants.JCR_ALL),
name);
+        }
+    }
+
+    @Test
+    public void testCustomPrivilegeVisibleToNewSession() throws RepositoryException {
+        boolean isAbstract = false;
+        String privName = "testCustomPrivilegeVisibleToNewSession";
+        privilegeManager.registerPrivilege(privName, isAbstract, new String[0]);
+
+        Session s2 = getHelper().getSuperuserSession();
+        try {
+            PrivilegeManager pm = getPrivilegeManager(s2);
+            Privilege priv = pm.getPrivilege(privName);
+            assertEquals(privName, priv.getName());
+            assertEquals(isAbstract, priv.isAbstract());
+            assertFalse(priv.isAggregate());
+        } finally {
+            s2.logout();
+        }
+    }
+
+    @Ignore // FIXME
+    @Test
+    public void testCustomPrivilegeVisibleAfterRefresh() throws RepositoryException {
+        Session s2 = getHelper().getSuperuserSession();
+        try {
+            boolean isAbstract = false;
+            String privName = "testCustomPrivilegeVisibleAfterRefresh";
+            privilegeManager.registerPrivilege(privName, isAbstract, new String[0]);
+
+            // before refreshing: privilege not visible
+            PrivilegeManager pm = getPrivilegeManager(s2);
+            try {
+                Privilege priv = pm.getPrivilege(privName);
+                fail("Custom privilege must show up after Session#refresh()");
+            } catch (AccessControlException e) {
+                // success
+            }
+
+            // after refresh privilege manager must be updated
+            s2.refresh(true);
+            Privilege priv = pm.getPrivilege(privName);
+            assertEquals(privName, priv.getName());
+            assertEquals(isAbstract, priv.isAbstract());
+            assertFalse(priv.isAggregate());
+        } finally {
+            s2.logout();
+        }
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImplTest.java?rev=1393003&r1=1393002&r2=1393003&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImplTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImplTest.java
Tue Oct  2 16:09:41 2012
@@ -24,85 +24,23 @@ import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-
 import javax.jcr.AccessDeniedException;
-import javax.jcr.Credentials;
-import javax.jcr.GuestCredentials;
 import javax.jcr.NamespaceException;
-import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
-import javax.jcr.SimpleCredentials;
-import javax.jcr.Workspace;
+import javax.jcr.Session;
 import javax.jcr.security.AccessControlException;
 import javax.jcr.security.Privilege;
 
-import org.apache.jackrabbit.api.JackrabbitWorkspace;
-import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
-import org.apache.jackrabbit.oak.jcr.RepositoryImpl;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
-import org.junit.After;
-import org.junit.Before;
+import org.junit.Ignore;
 import org.junit.Test;
 
-import static junit.framework.Assert.assertEquals;
-import static junit.framework.Assert.assertFalse;
-import static junit.framework.Assert.assertNotNull;
-import static junit.framework.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
 /**
  * PrivilegeManagerTest...
  *
  * TODO: more tests for cyclic aggregation
  */
-public class PrivilegeManagerImplTest implements PrivilegeConstants {
-
-    private static final Credentials ADMIN =
-            new SimpleCredentials("admin", "admin".toCharArray());
-
-    private Repository repository;
-
-    private PrivilegeManager privilegeManager;
-
-    @Before
-    public void setUp() throws RepositoryException {
-        repository = new RepositoryImpl();
-        privilegeManager = getPrivilegeManager(ADMIN);
-    }
-
-    @After
-    public void tearDown() {
-        privilegeManager = null;
-        repository = null;
-    }
-
-    private PrivilegeManager getPrivilegeManager(Credentials credentials)
-            throws RepositoryException {
-        Workspace workspace = repository.login(credentials).getWorkspace();
-        return ((JackrabbitWorkspace) workspace).getPrivilegeManager();
-    }
-
-    private static String[] getAggregateNames(String... names) {
-        return names;
-    }
-
-    private static void assertContainsDeclared(Privilege privilege, String aggrName) {
-        boolean found = false;
-        for (Privilege p : privilege.getDeclaredAggregatePrivileges()) {
-            if (aggrName.equals(p.getName())) {
-                found = true;
-                break;
-            }
-        }
-        assertTrue(found);
-    }
-
-    private void assertPrivilege(Privilege priv, String name, boolean isAggregate, boolean
isAbstract) {
-        assertNotNull(priv);
-        assertEquals(name, priv.getName());
-        assertEquals(isAggregate, priv.isAggregate());
-        assertEquals(isAbstract, priv.isAbstract());
-    }
+public class PrivilegeManagerImplTest extends AbstractPrivilegeTest {
 
     public void testGetRegisteredPrivileges() throws RepositoryException {
         Privilege[] registered = privilegeManager.getRegisteredPrivileges();
@@ -215,268 +153,4 @@ public class PrivilegeManagerImplTest im
             // OK
         }
     }
-
-    @Test
-    public void testRegisterPrivilegeWithIllegalName() {
-        Map<String, String[]> illegal = new HashMap<String, String[]>();
-        // invalid privilege name
-        illegal.put(null, new String[0]);
-        illegal.put("", new String[0]);
-        illegal.put("invalid:privilegeName", new String[0]);
-        illegal.put(".e:privilegeName", new String[0]);
-        // invalid aggregate names
-        illegal.put("newPrivilege", new String[] {"invalid:privilegeName"});
-        illegal.put("newPrivilege", new String[] {".e:privilegeName"});
-        illegal.put("newPrivilege", new String[] {null});
-        illegal.put("newPrivilege", new String[] {""});
-
-        for (String illegalName : illegal.keySet()) {
-            try {
-                privilegeManager.registerPrivilege(illegalName, true, illegal.get(illegalName));
-                fail("Illegal name -> Exception expected");
-            } catch (NamespaceException e) {
-                // success
-            } catch (RepositoryException e) {
-                // success
-            }
-        }
-    }
-
-    @Test
-    public void testRegisterReservedName() {
-        Map<String, String[]> illegal = new HashMap<String, String[]>();
-        // invalid privilege name
-        illegal.put(null, new String[0]);
-        illegal.put("jcr:privilegeName", new String[0]);
-        illegal.put("rep:privilegeName", new String[0]);
-        illegal.put("nt:privilegeName", new String[0]);
-        illegal.put("mix:privilegeName", new String[0]);
-        illegal.put("sv:privilegeName", new String[0]);
-        illegal.put("xml:privilegeName", new String[0]);
-        illegal.put("xmlns:privilegeName", new String[0]);
-        // invalid aggregate names
-        illegal.put("newPrivilege", new String[] {"jcr:privilegeName"});
-
-        for (String illegalName : illegal.keySet()) {
-            try {
-                privilegeManager.registerPrivilege(illegalName, true, illegal.get(illegalName));
-                fail("Illegal name -> Exception expected");
-            } catch (RepositoryException e) {
-                // success
-            }
-        }
-    }
-
-    @Test
-    public void testRegisterPrivilegeWithReadOnly() throws RepositoryException {
-        try {
-            getPrivilegeManager(new GuestCredentials()).registerPrivilege("test", true, new
String[0]);
-            fail("Only admin is allowed to register privileges.");
-        } catch (AccessDeniedException e) {
-            // success
-        }
-    }
-
-    @Test
-    public void testCustomDefinitionsWithCyclicReferences() throws RepositoryException {
-        try {
-            privilegeManager.registerPrivilege("cycl-1", false, new String[] {"cycl-1"});
-            fail("Cyclic definitions must be detected upon registry startup.");
-        } catch (RepositoryException e) {
-            // success
-        }
-    }
-
-    @Test
-    public void testCustomEquivalentDefinitions() throws RepositoryException {
-        privilegeManager.registerPrivilege("custom4", false, new String[0]);
-        privilegeManager.registerPrivilege("custom5", false, new String[0]);
-        privilegeManager.registerPrivilege("custom2", false, new String[] {"custom4", "custom5"});
-
-        List<String[]> equivalent = new ArrayList<String[]>();
-        equivalent.add(new String[] {"custom4", "custom5"});
-        equivalent.add(new String[] {"custom2", "custom4"});
-        equivalent.add(new String[] {"custom2", "custom5"});
-        int cnt = 6;
-        for (String[] aggrNames : equivalent) {
-            try {
-                // the equivalent definition to 'custom1'
-                String name = "custom"+(cnt++);
-                privilegeManager.registerPrivilege(name, false, aggrNames);
-                fail("Equivalent '"+name+"' definitions must be detected.");
-            } catch (RepositoryException e) {
-                // success
-            }
-        }
-    }
-
-    @Test
-    public void testRegisterBuiltInPrivilege() throws RepositoryException {
-        Map<String, String[]> builtIns = new HashMap<String, String[]>();
-        builtIns.put(PrivilegeConstants.JCR_READ, new String[0]);
-        builtIns.put(PrivilegeConstants.JCR_LIFECYCLE_MANAGEMENT, new String[] {PrivilegeConstants.JCR_ADD_CHILD_NODES});
-        builtIns.put(PrivilegeConstants.REP_WRITE, new String[0]);
-        builtIns.put(PrivilegeConstants.JCR_ALL, new String[0]);
-
-        for (String builtInName : builtIns.keySet()) {
-            try {
-                privilegeManager.registerPrivilege(builtInName, false, builtIns.get(builtInName));
-                fail("Privilege name " +builtInName+ " already in use -> Exception expected");
-            } catch (RepositoryException e) {
-                // success
-            }
-        }
-    }
-
-    @Test
-    public void testRegisterInvalidNewAggregate() throws RepositoryException {
-        Map<String, String[]> newAggregates = new LinkedHashMap<String, String[]>();
-        // same as jcr:read
-        newAggregates.put("jcrReadAggregate", getAggregateNames(PrivilegeConstants.JCR_READ));
-        // aggregated combining built-in and an unknown privilege
-        newAggregates.put("newAggregate2", getAggregateNames(PrivilegeConstants.JCR_READ,
"unknownPrivilege"));
-        // aggregate containing unknown privilege
-        newAggregates.put("newAggregate3", getAggregateNames("unknownPrivilege"));
-        // custom aggregated contains itself
-        newAggregates.put("newAggregate4", getAggregateNames("newAggregate"));
-        // same as rep:write
-        newAggregates.put("repWriteAggregate", getAggregateNames(PrivilegeConstants.JCR_MODIFY_PROPERTIES,
PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_NODE_TYPE_MANAGEMENT, PrivilegeConstants.JCR_REMOVE_CHILD_NODES,
PrivilegeConstants.JCR_REMOVE_NODE));
-        // aggregated combining built-in and unknown custom
-        newAggregates.put("newAggregate5", getAggregateNames(PrivilegeConstants.JCR_READ,
"unknownPrivilege"));
-
-        for (String name : newAggregates.keySet()) {
-            try {
-                privilegeManager.registerPrivilege(name, true, newAggregates.get(name));
-                fail("New aggregate "+ name +" referring to unknown Privilege  -> Exception
expected");
-            } catch (RepositoryException e) {
-                // success
-            }
-        }
-    }
-
-    @Test
-    public void testRegisterInvalidNewAggregate2() throws RepositoryException {
-        Map<String, String[]> newCustomPrivs = new LinkedHashMap<String, String[]>();
-        newCustomPrivs.put("new", new String[0]);
-        newCustomPrivs.put("new2", new String[0]);
-        Set<String> decl = new HashSet<String>();
-        decl.add("new");
-        decl.add("new2");
-        newCustomPrivs.put("new3", getAggregateNames("new", "new2"));
-
-        for (String name : newCustomPrivs.keySet()) {
-            boolean isAbstract = true;
-            String[] aggrNames = newCustomPrivs.get(name);
-            privilegeManager.registerPrivilege(name, isAbstract, aggrNames);
-        }
-
-        Map<String, String[]> newAggregates = new LinkedHashMap<String, String[]>();
-         // other illegal aggregates already represented by registered definition.
-        newAggregates.put("newA2", getAggregateNames("new"));
-        newAggregates.put("newA3", getAggregateNames("new2"));
-
-        for (String name : newAggregates.keySet()) {
-            boolean isAbstract = false;
-            String[] aggrNames = newAggregates.get(name);
-
-            try {
-                privilegeManager.registerPrivilege(name, isAbstract, aggrNames);
-                fail("Invalid aggregation in definition '"+ name.toString()+"' : Exception
expected");
-            } catch (RepositoryException e) {
-                // success
-            }
-        }
-    }
-
-    @Test
-    public void testRegisterCustomPrivileges() throws RepositoryException {
-        Workspace workspace = repository.login(ADMIN).getWorkspace();
-        workspace.getNamespaceRegistry().registerNamespace(
-                "test", "http://www.apache.org/jackrabbit/test");
-
-        Map<String, String[]> newCustomPrivs = new HashMap<String, String[]>();
-        newCustomPrivs.put("new", new String[0]);
-        newCustomPrivs.put("test:new", new String[0]);
-
-        for (String name : newCustomPrivs.keySet()) {
-            boolean isAbstract = true;
-            String[] aggrNames = newCustomPrivs.get(name);
-
-            Privilege registered = privilegeManager.registerPrivilege(name, isAbstract, aggrNames);
-
-            // validate definition
-            Privilege privilege = privilegeManager.getPrivilege(name);
-            assertNotNull(privilege);
-            assertEquals(name, privilege.getName());
-            assertTrue(privilege.isAbstract());
-            assertEquals(0, privilege.getDeclaredAggregatePrivileges().length);
-            assertContainsDeclared(privilegeManager.getPrivilege(PrivilegeConstants.JCR_ALL),
name);
-        }
-
-        Map<String, String[]> newAggregates = new HashMap<String, String[]>();
-        // a new aggregate of custom privileges
-        newAggregates.put("newA2", getAggregateNames("test:new", "new"));
-        // a new aggregate of custom and built-in privilege
-        newAggregates.put("newA1", getAggregateNames("new", PrivilegeConstants.JCR_READ));
-        // aggregating built-in privileges
-        newAggregates.put("aggrBuiltIn", getAggregateNames(PrivilegeConstants.JCR_MODIFY_PROPERTIES,
PrivilegeConstants.JCR_READ));
-
-        for (String name : newAggregates.keySet()) {
-            boolean isAbstract = false;
-            String[] aggrNames = newAggregates.get(name);
-            privilegeManager.registerPrivilege(name, isAbstract, aggrNames);
-            Privilege p = privilegeManager.getPrivilege(name);
-
-            assertNotNull(p);
-            assertEquals(name, p.getName());
-            assertFalse(p.isAbstract());
-
-            for (String n : aggrNames) {
-                assertContainsDeclared(p, n);
-            }
-            assertContainsDeclared(privilegeManager.getPrivilege(PrivilegeConstants.JCR_ALL),
name);
-        }
-    }
-
-    @Test
-    public void testCustomPrivilegeVisibleToNewSession() throws RepositoryException {
-        boolean isAbstract = false;
-        String privName = "testCustomPrivilegeVisibleToNewSession";
-        privilegeManager.registerPrivilege(privName, isAbstract, new String[0]);
-
-        PrivilegeManager pm = getPrivilegeManager(ADMIN);
-        Privilege priv = pm.getPrivilege(privName);
-        assertEquals(privName, priv.getName());
-        assertEquals(isAbstract, priv.isAbstract());
-        assertFalse(priv.isAggregate());
-    }
-
-//    FIXME: Session#refresh must refresh privilege definitions
-//    @Test
-//    public void testCustomPrivilegeVisibleAfterRefresh() throws RepositoryException {
-//        Session s2 = getHelper().getSuperuserSession();
-//        try {
-//            boolean isAbstract = false;
-//            String privName = "testCustomPrivilegeVisibleAfterRefresh";
-//            privilegeManager.registerPrivilege(privName, isAbstract, new String[0]);
-//
-//            // before refreshing: privilege not visible
-//            PrivilegeManager pm = getPrivilegeManager(s2);
-//            try {
-//                Privilege priv = pm.getPrivilege(privName);
-//                fail("Custom privilege must show up after Session#refresh()");
-//            } catch (AccessControlException e) {
-//                // success
-//            }
-//
-//            // after refresh privilege manager must be updated
-//            s2.refresh(true);
-//            Privilege priv = pm.getPrivilege(privName);
-//            assertEquals(privName, priv.getName());
-//            assertEquals(isAbstract, priv.isAbstract());
-//            assertFalse(priv.isAggregate());
-//        } finally {
-//            s2.logout();
-//        }
-//    }
 }
\ No newline at end of file



Mime
View raw message