jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1434779 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/ oak-core/src/main/java/org/apache/jackrabbit/...
Date Thu, 17 Jan 2013 17:05:03 GMT
Author: angela
Date: Thu Jan 17 17:04:50 2013
New Revision: 1434779

URL: http://svn.apache.org/viewvc?rev=1434779&view=rev
Log:
OAK-51 : Access Control Management (WIP)

Added:
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/TestNameMapper.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ACE.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlListTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACLTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java?rev=1434779&r1=1434778&r2=1434779&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java Thu Jan 17 17:04:50 2013
@@ -79,8 +79,12 @@ abstract class ACL extends AbstractAcces
     @Override
     public boolean addEntry(Principal principal, Privilege[] privileges,
                             boolean isAllow, Map<String, Value> restrictions) throws RepositoryException {
-        // NOTE: validation and any kind of optimization of the entry list is
-        // delegated to the commit validator
+        if (privileges == null || privileges.length == 0) {
+            throw new AccessControlException("Privileges may not be null nor an empty array");
+        }
+        // TODO: check again.
+        // NOTE: in contrast to jr2 any further validation and optimization of
+        // the entry list is delegated to the commit validator
         Set<Restriction> rs;
         if (restrictions == null) {
             rs = Collections.emptySet();

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1434779&r1=1434778&r2=1434779&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java Thu Jan 17 17:04:50 2013
@@ -299,7 +299,7 @@ public class AccessControlManagerImpl im
             return "/";
         } else {
             String oakPath = namePathMapper.getOakPathKeepIndex(jcrPath);
-            if (oakPath == null) {
+            if (oakPath == null || !PathUtils.isAbsolute(oakPath)) {
                 throw new RepositoryException("Failed to resolve JCR path " + jcrPath);
             }
             return oakPath;
@@ -322,7 +322,7 @@ public class AccessControlManagerImpl im
     }
 
     private void checkValidPath(String jcrPath) throws RepositoryException {
-        getTree(jcrPath);
+        getTree(getOakPath(jcrPath));
     }
 
     /**

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java?rev=1434779&r1=1434778&r2=1434779&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java Thu Jan 17 17:04:50 2013
@@ -145,7 +145,7 @@ public class RestrictionProviderImpl imp
     private Tree getRestrictionsTree(Tree aceTree) {
         Tree restrictions = aceTree.getChild(REP_RESTRICTIONS);
         if (restrictions == null) {
-            // no rep: restrictions tree -> read from aceTree for backwards compatibility
+            // no rep:restrictions tree -> read from aceTree for backwards compatibility
             restrictions = aceTree;
         }
         return restrictions;

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java?rev=1434779&r1=1434778&r2=1434779&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java Thu Jan 17 17:04:50 2013
@@ -118,6 +118,9 @@ public class PrivilegeManagerImpl implem
 
     @Nonnull
     private String getOakName(String jcrName) throws RepositoryException {
+        if (jcrName == null) {
+            throw new RepositoryException("Invalid privilege name 'null'");
+        }
         return namePathMapper.getOakName(jcrName);
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ACE.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ACE.java?rev=1434779&r1=1434778&r2=1434779&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ACE.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ACE.java Thu Jan 17 17:04:50 2013
@@ -59,7 +59,7 @@ public class ACE implements JackrabbitAc
         // make sure no abstract privileges are passed.
         for (Privilege privilege : privileges) {
             if (privilege == null) {
-                throw new AccessControlException("Privilege " + privilege + " is null.");
+                throw new AccessControlException("Null Privilege.");
             }
             if (privilege.isAbstract()) {
                 throw new AccessControlException("Privilege " + privilege + " is abstract.");

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java?rev=1434779&r1=1434778&r2=1434779&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java Thu Jan 17 17:04:50 2013
@@ -115,6 +115,8 @@ public abstract class AbstractAccessCont
                 return definition.getRequiredType();
             }
         }
+        // for backwards compatibility with JR2 return undefined type for an
+        // unknown restriction name.
         return PropertyType.UNDEFINED;
     }
 

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/TestNameMapper.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/TestNameMapper.java?rev=1434779&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/TestNameMapper.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/TestNameMapper.java Thu Jan 17 17:04:50 2013
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak;
+
+import java.util.Collections;
+import java.util.Map;
+
+import org.apache.jackrabbit.oak.namepath.LocalNameMapper;
+
+/**
+ * TestNameMapper... TODO
+ */
+public final class TestNameMapper extends LocalNameMapper {
+
+    public static final String TEST_LOCAL_PREFIX = "test";
+    public static final String TEST_PREFIX = "jr";
+    public static final String TEST_URI = "http://jackrabbit.apache.org";
+
+    public static final Map<String, String> LOCAL_MAPPING = Collections.singletonMap(TEST_LOCAL_PREFIX, TEST_URI);
+
+    private final Map<String, String> global;
+
+    public TestNameMapper() {
+        super(LOCAL_MAPPING);
+        this.global = Collections.singletonMap(TEST_PREFIX, TEST_URI);
+    }
+
+    public TestNameMapper(Map<String, String> global) {
+        super(global);
+        this.global = global;
+    }
+
+    public TestNameMapper(TestNameMapper base, Map<String, String> local) {
+        super(local);
+        this.global = base.global;
+    }
+
+    @Override
+    protected Map<String, String> getNamespaceMap() {
+        return global;
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java?rev=1434779&r1=1434778&r2=1434779&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java Thu Jan 17 17:04:50 2013
@@ -16,20 +16,62 @@
  */
 package org.apache.jackrabbit.oak.security.authorization;
 
+import java.security.Principal;
+import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 import javax.annotation.Nonnull;
+import javax.jcr.Value;
+import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.Privilege;
 
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
+import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
+import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.spi.security.authorization.ACE;
 import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlList;
 import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlListTest;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 
 /**
  * ACLTest... TODO
+ *
+ * TODO: test restrictions
+ * TODO: add test with multiple entries
  */
 public class ACLTest extends AbstractAccessControlListTest{
 
+    private AbstractAccessControlList emptyAcl;
+    private Principal testPrincipal;
+    private Privilege[] testPrivileges;
+
+    @Override
+    @Before
+    public void before() throws Exception {
+        super.before();
+
+        emptyAcl = createEmptyACL();
+        testPrincipal = getTestPrincipal("testUser");
+        testPrivileges = privilegesFromNames(PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_LOCK_MANAGEMENT);
+    }
+
+    private Principal getTestPrincipal(String name) {
+        return new PrincipalImpl(name);
+    }
+
     @Override
     protected AbstractAccessControlList createACL(String jcrPath, List<JackrabbitAccessControlEntry> entries, NamePathMapper namePathMapper) {
         String path = (jcrPath == null) ? null : namePathMapper.getOakPathKeepIndex(jcrPath);
@@ -43,5 +85,221 @@ public class ACLTest extends AbstractAcc
         };
     }
 
-    // TODO add test
+    @Ignore // TODO: principal not yet validated
+    @Test
+    public void testAddInvalidEntry() throws Exception {
+        Principal unknownPrincipal = new PrincipalImpl("unknown");
+        try {
+            emptyAcl.addAccessControlEntry(unknownPrincipal, privilegesFromNames(Privilege.JCR_READ));
+            fail("Adding an ACE with an unknown principal should fail");
+        } catch (AccessControlException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testAddEntryWithoutPrivilege() throws Exception {
+        try {
+            emptyAcl.addAccessControlEntry(testPrincipal, new Privilege[0]);
+            fail("Adding an ACE with empty privilege array should fail.");
+        } catch (AccessControlException e) {
+            // success
+        }
+        try {
+            emptyAcl.addAccessControlEntry(testPrincipal, null);
+            fail("Adding an ACE with null privileges should fail.");
+        } catch (AccessControlException e) {
+            // success
+        }
+    }
+
+    @Ignore // TODO: privileges not yet validated upon addACE
+    @Test
+    public void testAddEntryWithInvalidPrivilege() throws Exception {
+        try {
+            emptyAcl.addAccessControlEntry(testPrincipal, new Privilege[] {new InvalidPrivilege()});
+            fail("Adding an ACE with invalid privileges should fail.");
+        } catch (AccessControlException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testAddEntry() throws Exception {
+        assertTrue(emptyAcl.addEntry(testPrincipal, testPrivileges, true, Collections.<String, Value>emptyMap()));
+        assertFalse(emptyAcl.isEmpty());
+    }
+
+    @Test
+    public void testAddEntryTwice() throws Exception {
+        emptyAcl.addEntry(testPrincipal, testPrivileges, true, Collections.<String, Value>emptyMap());
+        assertFalse(emptyAcl.addEntry(testPrincipal, testPrivileges, true, Collections.<String, Value>emptyMap()));
+    }
+
+    @Test
+    public void testAddEntryWithInvalidRestrictions() throws Exception {
+        Map<String,Value> restrictions = Collections.singletonMap("unknownRestriction", new ValueFactoryImpl(root.getBlobFactory(), namePathMapper).createValue("value"));
+        try {
+            emptyAcl.addEntry(testPrincipal, testPrivileges, false, restrictions);
+            fail("Invalid restrictions -> AccessControlException expected");
+        } catch (AccessControlException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testRemoveEntry() throws Exception {
+        assertTrue(emptyAcl.addAccessControlEntry(testPrincipal, testPrivileges));
+        emptyAcl.removeAccessControlEntry(emptyAcl.getAccessControlEntries()[0]);
+        assertTrue(emptyAcl.isEmpty());
+    }
+
+    @Test
+    public void testRemoveEntries() throws Exception {
+        JackrabbitAccessControlList acl = createACL(getTestPath(), createTestEntries(), namePathMapper);
+        for (AccessControlEntry ace : acl.getAccessControlEntries()) {
+            acl.removeAccessControlEntry(ace);
+        }
+        assertTrue(acl.isEmpty());
+    }
+
+    @Test
+    public void testRemoveInvalidEntry() throws Exception {
+        try {
+            emptyAcl.removeAccessControlEntry(new JackrabbitAccessControlEntry() {
+                public boolean isAllow() {
+                    return false;
+                }
+                public String[] getRestrictionNames() {
+                    return new String[0];
+                }
+                public Value getRestriction(String restrictionName) {
+                    return null;
+                }
+                public Principal getPrincipal() {
+                    return testPrincipal;
+                }
+
+                public Privilege[] getPrivileges() {
+                    return testPrivileges;
+                }
+            });
+            fail("Passing an unknown ACE should fail");
+        } catch (AccessControlException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testRemoveNonExisting() throws Exception {
+        try {
+            emptyAcl.removeAccessControlEntry(new ACE(testPrincipal, testPrivileges, true, null));
+            fail("Removing a non-existing ACE should fail.");
+        } catch (AccessControlException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testReorderToTheEnd() throws Exception {
+        Privilege[] read = privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
+        Privilege[] write = privilegesFromNames(PrivilegeConstants.JCR_WRITE);
+
+        AbstractAccessControlList acl = createEmptyACL();
+        acl.addAccessControlEntry(testPrincipal, read);
+        acl.addEntry(testPrincipal, write, false);
+        acl.addAccessControlEntry(getTestPrincipal("p2"), write);
+
+        List<JackrabbitAccessControlEntry> entries = acl.getEntries();
+        assertEquals(3, entries.size());
+
+        AccessControlEntry first = entries.get(0);
+        acl.orderBefore(first, null);
+
+        List<JackrabbitAccessControlEntry> entriesAfter = acl.getEntries();
+        assertEquals(first, entriesAfter.get(2));
+    }
+
+    @Test
+    public void testReorder() throws Exception {
+        Privilege[] read = privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
+        Privilege[] write = privilegesFromNames(PrivilegeConstants.JCR_WRITE);
+
+        AbstractAccessControlList acl = createEmptyACL();
+        acl.addAccessControlEntry(testPrincipal, read);
+        acl.addEntry(testPrincipal, write, false);
+        acl.addAccessControlEntry(getTestPrincipal("p2"), write);
+
+        AccessControlEntry[] entries = acl.getAccessControlEntries();
+
+        assertEquals(3, entries.length);
+        AccessControlEntry first = entries[0];
+        AccessControlEntry second = entries[1];
+        AccessControlEntry third = entries[2];
+
+        // reorder 'second' to the first position
+        acl.orderBefore(second, first);
+        assertEquals(second, acl.getEntries().get(0));
+        assertEquals(first, acl.getEntries().get(1));
+        assertEquals(third, acl.getEntries().get(2));
+
+        // reorder 'third' before 'first'
+        acl.orderBefore(third, first);
+        assertEquals(second, acl.getEntries().get(0));
+        assertEquals(third, acl.getEntries().get(1));
+        assertEquals(first, acl.getEntries().get(2));
+    }
+
+    @Test
+    public void testReorderInvalidElements() throws Exception {
+        Privilege[] read = privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
+        Privilege[] write = privilegesFromNames(PrivilegeConstants.JCR_WRITE);
+
+        emptyAcl.addAccessControlEntry(testPrincipal, read);
+        emptyAcl.addAccessControlEntry(getTestPrincipal("p2"), write);
+
+        AccessControlEntry invalid = new ACE(testPrincipal, write, false, Collections.<Restriction>emptySet());
+        try {
+            emptyAcl.orderBefore(invalid, emptyAcl.getEntries().get(0));
+            fail("src entry not contained in list -> reorder should fail.");
+        } catch (AccessControlException e) {
+            // success
+        }
+        try {
+            emptyAcl.orderBefore(emptyAcl.getEntries().get(0), invalid);
+            fail("dest entry not contained in list -> reorder should fail.");
+        } catch (AccessControlException e) {
+            // success
+        }
+    }
+
+    //--------------------------------------------------------------------------
+
+    private class InvalidPrivilege implements Privilege {
+
+        @Override
+        public String getName() {
+            return "invalidPrivilege";
+        }
+
+        @Override
+        public boolean isAbstract() {
+            return false;
+        }
+
+        @Override
+        public boolean isAggregate() {
+            return false;
+        }
+
+        @Override
+        public Privilege[] getDeclaredAggregatePrivileges() {
+            return new Privilege[0];
+        }
+
+        @Override
+        public Privilege[] getAggregatePrivileges() {
+            return new Privilege[0];
+        }
+    }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1434779&r1=1434778&r2=1434779&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java Thu Jan 17 17:04:50 2013
@@ -16,18 +16,291 @@
  */
 package org.apache.jackrabbit.oak.security.authorization;
 
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import javax.jcr.NamespaceRegistry;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.RepositoryException;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.AccessControlPolicy;
+import javax.jcr.security.AccessControlPolicyIterator;
+import javax.jcr.security.Privilege;
+
+import org.apache.jackrabbit.JcrConstants;
+import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.TestNameMapper;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.namepath.NameMapper;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.namepath.NamePathMapperImpl;
+import org.apache.jackrabbit.oak.plugins.name.Namespaces;
+import org.apache.jackrabbit.oak.plugins.name.ReadWriteNamespaceRegistry;
+import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.util.NodeUtil;
+import org.junit.After;
 import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 
 /**
  * AccessControlManagerImplTest... TODO
  */
 public class AccessControlManagerImplTest extends AbstractSecurityTest {
 
+    final String testName = TestNameMapper.TEST_PREFIX + ":testRoot";
+    final String testPath = "/"+testName;
+
+    TestNameMapper nameMapper;
+    NamePathMapper npMapper;
+
+    AccessControlManagerImpl acMgr;
+    PrivilegeManager privilegeManager;
+
     @Override
     @Before
     public void before() throws Exception {
         super.before();
+
+        NamespaceRegistry nsRegistry = new ReadWriteNamespaceRegistry() {
+            @Override
+            protected Root getWriteRoot() {
+                return root;
+            }
+
+            @Override
+            protected Tree getReadTree() {
+                return root.getTree("/");
+            }
+        };
+        nsRegistry.registerNamespace(TestNameMapper.TEST_PREFIX, TestNameMapper.TEST_URI);
+
+        nameMapper = new TestNameMapper(Namespaces.getNamespaceMap(root.getTree("/")));
+        npMapper = new NamePathMapperImpl(nameMapper);
+
+        acMgr = getAccessControlManager(npMapper);
+        privilegeManager = getSecurityProvider().getPrivilegeConfiguration().getPrivilegeManager(root, npMapper);
+
+        NodeUtil rootNode = new NodeUtil(root.getTree("/"), npMapper);
+        rootNode.addChild(testName, JcrConstants.NT_UNSTRUCTURED);
+
+        root.commit();
+    }
+
+    @After
+    public void after() throws Exception {
+        root.getTree(testPath).remove();
+        root.commit();
+    }
+
+    private AccessControlManagerImpl getAccessControlManager(NamePathMapper npMapper) {
+        return new AccessControlManagerImpl(root, npMapper, getSecurityProvider());
+    }
+
+    private NamePathMapper getLocalNamePathMapper() {
+        NameMapper remapped = new TestNameMapper(nameMapper, TestNameMapper.LOCAL_MAPPING);
+        return new NamePathMapperImpl(remapped);
+    }
+
+    private AccessControlPolicy getApplicablePolicy(String path) throws RepositoryException {
+        AccessControlPolicyIterator itr = acMgr.getApplicablePolicies(path);
+        if (itr.hasNext()) {
+            return itr.nextAccessControlPolicy();
+        } else {
+            throw new RepositoryException("No applicable policy found.");
+        }
+    }
+
+    @Test
+    public void testGetSupportedPrivileges() throws Exception {
+        List<Privilege> allPrivileges = Arrays.asList(privilegeManager.getRegisteredPrivileges());
+
+        List<String> testPaths = new ArrayList<String>();
+        testPaths.add(null);
+        testPaths.add("/");
+        testPaths.add("/jcr:system");
+        testPaths.add(testPath);
+
+        for (String path : testPaths) {
+            Privilege[] supported = acMgr.getSupportedPrivileges(path);
+
+            assertNotNull(supported);
+            assertEquals(allPrivileges.size(), supported.length);
+            assertTrue(allPrivileges.containsAll(Arrays.asList(supported)));
+        }
+    }
+
+    @Test
+    public void testGetSupportedPrivilegesWithInvalidPath() throws Exception {
+        List<String> invalid = new ArrayList<String>();
+        invalid.add("");
+        invalid.add("../../jcr:testRoot");
+        invalid.add("jcr:testRoot");
+        invalid.add("./jcr:testRoot");
+
+        for (String path : invalid) {
+            try {
+                acMgr.getSupportedPrivileges(path);
+                fail("Expects valid node path, found: " + path);
+            } catch (RepositoryException e) {
+                // success
+            }
+        }
+    }
+
+    @Test
+    public void testGetSupportedPrivilegesWithNonExistingPath() throws Exception {
+        try {
+            acMgr.getSupportedPrivileges("/non/existing/node");
+            fail("Nonexisting node -> PathNotFoundException expected.");
+        } catch (PathNotFoundException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testGetSupportedPrivilegesIncludingPathConversion() throws Exception {
+        List<Privilege> allPrivileges = Arrays.asList(privilegeManager.getRegisteredPrivileges());
+
+        List<String> testPaths = new ArrayList<String>();
+        testPaths.add("/"+ TestNameMapper.TEST_LOCAL_PREFIX + ":testRoot");
+        testPaths.add("/{"+ TestNameMapper.TEST_URI+"}testRoot");
+
+        AccessControlManager acMgr = getAccessControlManager(getLocalNamePathMapper());
+        for (String path : testPaths) {
+            Privilege[] supported = acMgr.getSupportedPrivileges(path);
+
+            assertNotNull(supported);
+            assertEquals(allPrivileges.size(), supported.length);
+            assertTrue(allPrivileges.containsAll(Arrays.asList(supported)));
+        }
     }
 
+    @Test
+    public void testPrivilegeFromName() throws Exception {
+        List<Privilege> allPrivileges = Arrays.asList(privilegeManager.getRegisteredPrivileges());
+        for (Privilege privilege : allPrivileges) {
+            Privilege p = acMgr.privilegeFromName(privilege.getName());
+            assertEquals(privilege, p);
+        }
+    }
+
+    @Test
+    public void testPrivilegeFromExpandedName() throws Exception {
+        Privilege readPriv = privilegeManager.getPrivilege(PrivilegeConstants.JCR_READ);
+
+        assertEquals(readPriv, acMgr.privilegeFromName(Privilege.JCR_READ));
+    }
+
+    @Test
+    public void testPrivilegeFromInvalidName() throws Exception {
+        List<String> invalid = new ArrayList<String>();
+        invalid.add(null);
+        invalid.add("");
+        invalid.add("test:read");
+
+        for (String privilegeName : invalid) {
+            try {
+                acMgr.privilegeFromName(privilegeName);
+                fail("Invalid privilege name " + privilegeName);
+            } catch (RepositoryException e) {
+                // success
+            }
+        }
+    }
+
+    @Test
+    public void testPrivilegeFromUnknownName() throws Exception {
+        List<String> invalid = new ArrayList<String>();
+        invalid.add("unknownPrivilege");
+        invalid.add("{"+ NamespaceRegistry.NAMESPACE_JCR+"}unknown");
+
+        for (String privilegeName : invalid) {
+            try {
+                acMgr.privilegeFromName(privilegeName);
+                fail("Invalid privilege name " + privilegeName);
+            } catch (AccessControlException e) {
+                // success
+            }
+        }
+    }
+
+    @Test
+    public void testHasPrivileges() throws Exception {
+        // TODO
+    }
+
+    @Test
+    public void testGetPrivileges() throws Exception {
+        // TODO
+    }
+
+    @Test
+    public void testGetApplicablePolicies() throws Exception {
+        AccessControlPolicyIterator itr = acMgr.getApplicablePolicies(testPath);
+
+        assertNotNull(itr);
+        assertTrue(itr.hasNext());
+
+        AccessControlPolicy policy = itr.nextAccessControlPolicy();
+        assertNotNull(policy);
+        assertTrue(policy instanceof ACL);
+        assertTrue(((ACL) policy).isEmpty());
+
+        assertFalse(itr.hasNext());
+    }
+
+    @Test
+    public void testGetApplicablePoliciesNodeAccessControlled() throws Exception {
+        AccessControlPolicy policy = getApplicablePolicy(testPath);
+        acMgr.setPolicy(testPath, policy);
+
+        AccessControlPolicyIterator itr = acMgr.getApplicablePolicies(testPath);
+        assertNotNull(itr);
+        assertFalse(itr.hasNext());
+    }
+
+    @Test
+    public void testGetPoliciesNodeNotAccessControlled() throws Exception {
+        AccessControlPolicy[] policies = acMgr.getPolicies(testPath);
+        assertNotNull(policies);
+        assertEquals(0, policies.length);
+    }
+
+    @Test
+    public void testGetPolicies() throws Exception {
+        AccessControlPolicy policy = getApplicablePolicy(testPath);
+        acMgr.setPolicy(testPath, policy);
+
+        AccessControlPolicy[] policies = acMgr.getPolicies(testPath);
+        assertNotNull(policies);
+        assertEquals(1, policies.length);
+
+        assertTrue(policies[0] instanceof ACL);
+        ACL acl = (ACL) policies[0];
+        assertTrue(acl.isEmpty());
+    }
+
+    @Test
+    public void testGetEffectivePolicies() throws Exception {
+        // TODO
+    }
+
+    @Test
+    public void testSetPolicy() throws Exception {
+        // TODO
+    }
+
+    @Test
+    public void testRemovePolicy() throws Exception {
+        // TODO
+    }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlListTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlListTest.java?rev=1434779&r1=1434778&r2=1434779&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlListTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlListTest.java Thu Jan 17 17:04:50 2013
@@ -17,10 +17,12 @@
 package org.apache.jackrabbit.oak.spi.security.authorization;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.security.Privilege;
 
@@ -28,8 +30,8 @@ import com.google.common.collect.Lists;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
 import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.TestNameMapper;
 import org.apache.jackrabbit.oak.namepath.GlobalNameMapper;
-import org.apache.jackrabbit.oak.namepath.LocalNameMapper;
 import org.apache.jackrabbit.oak.namepath.NameMapper;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.namepath.NamePathMapperImpl;
@@ -42,6 +44,7 @@ import org.junit.Test;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
 /**
@@ -66,14 +69,22 @@ public abstract class AbstractAccessCont
         return testPath;
     }
 
-    protected PrivilegeManager getPrivilegeManager() {
-        return privMgr;
+    protected Privilege[] privilegesFromNames(String... privilegeNames) throws RepositoryException {
+        Privilege[] privs = new Privilege[privilegeNames.length];
+        for (int i = 0; i < privilegeNames.length; i++) {
+            privs[i] = privMgr.getPrivilege(privilegeNames[i]);
+        }
+        return privs;
     }
 
     protected RestrictionProvider getRestrictionProvider() {
         return restrictionProvider;
     }
 
+    protected AbstractAccessControlList createEmptyACL() {
+        return createACL(getTestPath(), Collections.<JackrabbitAccessControlEntry>emptyList(), namePathMapper);
+    }
+
     protected AbstractAccessControlList createACL(List<JackrabbitAccessControlEntry> entries) {
         return createACL(getTestPath(), entries);
     }
@@ -86,19 +97,15 @@ public abstract class AbstractAccessCont
                                                            List<JackrabbitAccessControlEntry> entries,
                                                            NamePathMapper namePathMapper);
 
-    protected List<JackrabbitAccessControlEntry> createTestEntries(int size) throws RepositoryException {
-        if (size == 0) {
-            return Collections.emptyList();
-        } else {
-            List<JackrabbitAccessControlEntry> entries = new ArrayList<JackrabbitAccessControlEntry>(size);
-            for (int i = 0; i < size; i++) {
-                entries.add(new ACE(
-                        new PrincipalImpl("testPrincipal"+i),
-                        new Privilege[] {getPrivilegeManager().getPrivilege(PrivilegeConstants.JCR_READ)},
-                        true, null));
-            }
-            return entries;
+    protected List<JackrabbitAccessControlEntry> createTestEntries() throws RepositoryException {
+        List<JackrabbitAccessControlEntry> entries = new ArrayList<JackrabbitAccessControlEntry>(3);
+        for (int i = 0; i < 3; i++) {
+            entries.add(new ACE(
+                    new PrincipalImpl("testPrincipal"+i),
+                    new Privilege[] {privMgr.getPrivilege(PrivilegeConstants.JCR_READ)},
+                    true, null));
         }
+        return entries;
     }
 
     @Test
@@ -127,21 +134,17 @@ public abstract class AbstractAccessCont
 
     @Test
     public void testGetOakPath() {
-        NameMapper nameMapper = new LocalNameMapper(Collections.singletonMap("my", "http://jackrabbit.apache.org")) {
-            @Override
-            protected Map<String, String> getNamespaceMap() {
-                return Collections.singletonMap("jr", "http://jackrabbit.apache.org");
-            }
-        };
-        NamePathMapper npMapper = new NamePathMapperImpl(nameMapper);
-
+        NamePathMapper npMapper = new NamePathMapperImpl(new TestNameMapper());
         // map of jcr-path to oak path
         Map<String, String> paths = new HashMap<String, String>();
         paths.put(null, null);
         paths.put(getTestPath(), getTestPath());
         paths.put("/", "/");
-        paths.put("/my:testPath", "/jr:testPath");
-        paths.put("/{http://jackrabbit.apache.org}testPath", "/jr:testPath");
+        String oakPath = '/' + TestNameMapper.TEST_PREFIX +":testPath";
+        String jcrPath = '/' + TestNameMapper.TEST_LOCAL_PREFIX+":testPath";
+        paths.put(jcrPath, oakPath);
+        jcrPath = "/{"+ TestNameMapper.TEST_URI+"}testPath";
+        paths.put(jcrPath, oakPath);
 
         // test if oak-path is properly set.
         for (String path : paths.keySet()) {
@@ -151,39 +154,50 @@ public abstract class AbstractAccessCont
     }
 
     @Test
-    public void testGetEntries() {
-        AbstractAccessControlList acl = createACL(Collections.<JackrabbitAccessControlEntry>emptyList());
+    public void testEmptyAcl() throws RepositoryException {
+        AbstractAccessControlList acl = createEmptyACL();
 
+        assertNotNull(acl.getAccessControlEntries());
+        assertNotNull(acl.getEntries());
 
+        assertTrue(acl.getAccessControlEntries().length == 0);
+        assertEquals(acl.getAccessControlEntries().length, acl.getEntries().size());
+        assertEquals(0, acl.size());
+        assertTrue(acl.isEmpty());
     }
-
-    @Test
-    public void testGetAccessControlEntries() {
-
-    }
-
     @Test
     public void testSize() throws RepositoryException {
-        AbstractAccessControlList acl = createACL(createTestEntries(0));
-        assertEquals(0, acl.size());
-
-        acl = createACL(createTestEntries(3));
+        AbstractAccessControlList acl = createACL(createTestEntries());
         assertEquals(3, acl.size());
     }
 
     @Test
     public void testIsEmpty() throws RepositoryException {
-        AbstractAccessControlList acl = createACL(createTestEntries(0));
-        assertTrue(acl.isEmpty());
-
-        acl = createACL(createTestEntries(3));
+        AbstractAccessControlList acl = createACL(createTestEntries());
         assertFalse(acl.isEmpty());
     }
 
     @Test
+    public void testGetEntries() throws RepositoryException {
+        List<JackrabbitAccessControlEntry> aces = createTestEntries();
+        AbstractAccessControlList acl = createACL(aces);
+
+        assertNotNull(acl.getEntries());
+        assertNotNull(acl.getAccessControlEntries());
+
+        assertEquals(aces.size(), acl.getEntries().size());
+        assertEquals(aces.size(), acl.getAccessControlEntries().length);
+        assertTrue(acl.getEntries().containsAll(aces));
+        assertTrue(Arrays.asList(acl.getAccessControlEntries()).containsAll(aces));
+    }
+
+    @Test
     public void testGetRestrictionNames() throws RepositoryException {
-        AbstractAccessControlList acl = createACL(createTestEntries(0));
-        List<String> names = Lists.newArrayList(acl.getRestrictionNames());
+        AbstractAccessControlList acl = createEmptyACL();
+
+        String[] restrNames = acl.getRestrictionNames();
+        assertNotNull(restrNames);
+        List<String> names = Lists.newArrayList(restrNames);
         for (RestrictionDefinition def : getRestrictionProvider().getSupportedRestrictions(getTestPath())) {
             assertTrue(names.remove(def.getJcrName()));
         }
@@ -192,10 +206,20 @@ public abstract class AbstractAccessCont
 
     @Test
     public void testGetRestrictionType() throws RepositoryException {
-        AbstractAccessControlList acl = createACL(createTestEntries(0));
+        AbstractAccessControlList acl = createEmptyACL();
         for (RestrictionDefinition def : getRestrictionProvider().getSupportedRestrictions(getTestPath())) {
             int reqType = acl.getRestrictionType(def.getJcrName());
+
+            assertTrue(reqType > PropertyType.UNDEFINED);
             assertEquals(def.getRequiredType(), reqType);
         }
     }
+
+    @Test
+    public void testGetRestrictionTypeForUnknownName() throws RepositoryException {
+        AbstractAccessControlList acl = createEmptyACL();
+        // for backwards compatibility getRestrictionType(String) must return
+        // UNDEFINED for a unknown restriction name:
+        assertEquals(PropertyType.UNDEFINED, acl.getRestrictionType("unknownRestrictionName"));
+    }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACLTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACLTest.java?rev=1434779&r1=1434778&r2=1434779&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACLTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACLTest.java Thu Jan 17 17:04:50 2013
@@ -53,10 +53,7 @@ public class ImmutableACLTest extends Ab
         super.before();
 
         testPrincipal = new PrincipalImpl("testPrincipal");
-        testPrivileges = new Privilege[] {
-                getPrivilegeManager().getPrivilege(PrivilegeConstants.JCR_READ),
-                getPrivilegeManager().getPrivilege(PrivilegeConstants.JCR_ADD_CHILD_NODES)
-        };
+        testPrivileges = privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_ADD_CHILD_NODES);
     }
 
     @Override
@@ -120,7 +117,7 @@ public class ImmutableACLTest extends Ab
     public void testImmutable() throws Exception {
         List<JackrabbitAccessControlEntry> entries = new ArrayList<JackrabbitAccessControlEntry>();
         entries.add(new ACE(testPrincipal, testPrivileges, true, null));
-        entries.add(new ACE(testPrincipal, new Privilege[] {getPrivilegeManager().getPrivilege(PrivilegeConstants.JCR_LIFECYCLE_MANAGEMENT)}, false, null));
+        entries.add(new ACE(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_LIFECYCLE_MANAGEMENT), false, null));
 
         JackrabbitAccessControlList acl = createACL(entries);
         assertFalse(acl.isEmpty());

Added: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java?rev=1434779&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java (added)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java Thu Jan 17 17:04:50 2013
@@ -0,0 +1,196 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.jcr.security.authorization;
+
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import javax.jcr.Node;
+import javax.jcr.PropertyType;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlPolicy;
+import javax.jcr.security.AccessControlPolicyIterator;
+import javax.jcr.security.Privilege;
+
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.test.api.security.AbstractAccessControlTest;
+
+/**
+ * JackrabbitAccessControlListTest... TODO
+ */
+public class JackrabbitAccessControlListTest extends AbstractAccessControlTest {
+
+    private JackrabbitAccessControlList acl;
+    private Principal testPrincipal;
+    private Privilege[] testPrivileges;
+
+    @Override
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        Node n = testRootNode.addNode(nodeName1, testNodeType);
+        superuser.save();
+
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(n.getPath());
+        while (it.hasNext() && acl == null) {
+            AccessControlPolicy p = it.nextAccessControlPolicy();
+            if (p instanceof JackrabbitAccessControlList) {
+                acl = (JackrabbitAccessControlList) p;
+            }
+        }
+        if (acl == null) {
+            superuser.logout();
+            throw new NotExecutableException("No JackrabbitAccessControlList to test.");
+        }
+
+        testPrincipal = getValidPrincipal();
+        testPrivileges = privilegesFromName(Privilege.JCR_ALL);
+    }
+
+    @Override
+    protected void tearDown() throws Exception {
+        // make sure transient ac-changes are reverted.
+        superuser.refresh(false);
+        super.tearDown();
+    }
+
+    private Principal getValidPrincipal() throws NotExecutableException, RepositoryException {
+        if (!(superuser instanceof JackrabbitSession)) {
+            throw new NotExecutableException();
+        }
+
+        PrincipalManager pMgr = ((JackrabbitSession) superuser).getPrincipalManager();
+        PrincipalIterator it = pMgr.getPrincipals(PrincipalManager.SEARCH_TYPE_NOT_GROUP);
+        if (it.hasNext()) {
+            return it.nextPrincipal();
+        } else {
+            throw new NotExecutableException();
+        }
+    }
+
+    public void testGetRestrictionNames() throws RepositoryException {
+        assertNotNull(acl.getRestrictionNames());
+    }
+
+    public void testGetRestrictionType() throws RepositoryException {
+        String[] names = acl.getRestrictionNames();
+        for (String name : names) {
+            int type = acl.getRestrictionType(name);
+            assertTrue(type > PropertyType.UNDEFINED);
+        }
+    }
+
+    public void testApplicablePolicyIsEmpty() {
+        assertTrue(acl.isEmpty());
+        assertEquals(0, acl.size());
+    }
+
+    public void testIsEmpty() throws RepositoryException {
+        if (acl.addAccessControlEntry(testPrincipal, testPrivileges)) {
+            assertFalse(acl.isEmpty());
+        } else {
+            assertTrue(acl.isEmpty());
+        }
+    }
+
+    public void testSize() throws RepositoryException {
+        if (acl.addAccessControlEntry(testPrincipal, testPrivileges)) {
+            assertTrue(acl.size() > 0);
+        } else {
+            assertEquals(0, acl.size());
+        }
+    }
+
+    public void testAddEntry() throws NotExecutableException, RepositoryException {
+        List<AccessControlEntry> entriesBefore = Arrays.asList(acl.getAccessControlEntries());
+        if (acl.addEntry(testPrincipal, testPrivileges, true, Collections.<String, Value>emptyMap())) {
+            AccessControlEntry[] entries = acl.getAccessControlEntries();
+            AccessControlEntry ace = null;
+            for (AccessControlEntry entry : entries) {
+                if (testPrincipal.equals(entry.getPrincipal())) {
+                    ace = entry;
+                }
+            }
+            assertNotNull("addEntry was successful -> expected entry for tesPrincipal.", ace);
+            assertTrue("addEntry was successful -> at least 1 entry.", entries.length > 0);
+        } else {
+            AccessControlEntry[] entries = acl.getAccessControlEntries();
+            assertEquals("Grant ALL not successful -> entries must not have changed.", entriesBefore, Arrays.asList(entries));
+        }
+    }
+
+    // TODO: rewrite
+//    public void testAllowWriteDenyRemove() throws NotExecutableException, RepositoryException {
+//        Principal princ = getValidPrincipal();
+//        Privilege[] grPriv = privilegesFromName("rep:write");
+//        Privilege[] dePriv = privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES);
+//
+//        acl.addEntry(princ, grPriv, true, Collections.<String, Value>emptyMap());
+//        acl.addEntry(princ, dePriv, false, Collections.<String, Value>emptyMap());
+//
+//        Set<Privilege> allows = new HashSet<Privilege>();
+//        Set<Privilege> denies = new HashSet<Privilege>();
+//        AccessControlEntry[] entries = acl.getAccessControlEntries();
+//        for (AccessControlEntry en : entries) {
+//            if (princ.equals(en.getPrincipal()) && en instanceof JackrabbitAccessControlEntry) {
+//                JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) en;
+//                Privilege[] privs = ace.getPrivileges();
+//                if (ace.isAllow()) {
+//                    allows.addAll(Arrays.asList(privs));
+//                } else {
+//                    denies.addAll(Arrays.asList(privs));
+//                }
+//            }
+//        }
+//
+//        String[] expected = new String[] {Privilege.JCR_ADD_CHILD_NODES, Privilege.JCR_REMOVE_NODE, Privilege.JCR_MODIFY_PROPERTIES, Privilege.JCR_NODE_TYPE_MANAGEMENT};
+//        assertEquals(expected.length, allows.size());
+//        for (String name : expected) {
+//            assertTrue(allows.contains(acMgr.privilegeFromName(name)));
+//        }
+//
+//        assertEquals(1, denies.size());
+//        assertEquals(acMgr.privilegeFromName(Privilege.JCR_REMOVE_CHILD_NODES), denies.iterator().next());
+//    }
+
+    public void testRemoveEntry() throws NotExecutableException, RepositoryException {
+        Principal princ = getValidPrincipal();
+        Privilege[] grPriv = privilegesFromName("rep:write");
+
+        acl.addEntry(princ, grPriv, true, Collections.<String, Value>emptyMap());
+        AccessControlEntry[] entries = acl.getAccessControlEntries();
+        int length = entries.length;
+        assertTrue("Grant was both successful -> at least 1 entry.", length > 0);
+        for (AccessControlEntry entry : entries) {
+            acl.removeAccessControlEntry(entry);
+            length = length - 1;
+            assertEquals(length, acl.size());
+            assertEquals(length, acl.getAccessControlEntries().length);
+        }
+
+        assertTrue(acl.isEmpty());
+        assertEquals(0, acl.size());
+        assertEquals(0, acl.getAccessControlEntries().length);
+    }
+}
\ No newline at end of file



Mime
View raw message