jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1437630 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authorization/restriction/ test/java/org/apache/jackrabbit/oak/security/authorization/
Date Wed, 23 Jan 2013 19:06:57 GMT
Author: angela
Date: Wed Jan 23 19:06:56 2013
New Revision: 1437630

URL: http://svn.apache.org/viewvc?rev=1437630&view=rev
Log:
OAK-51 : Access Control Management (WIP)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java?rev=1437630&r1=1437629&r2=1437630&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
Wed Jan 23 19:06:56 2013
@@ -109,10 +109,12 @@ public class RestrictionProviderImpl imp
     public void writeRestrictions(String oakPath, Tree aceTree, Set<Restriction> restrictions)
throws AccessControlException {
         // validation of the restrictions is delegated to the commit hook
         // see #validateRestrictions below
-        NodeUtil aceNode = new NodeUtil(aceTree);
-        NodeUtil rNode = aceNode.getOrAddChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
-        for (Restriction restriction : restrictions) {
-            rNode.getTree().setProperty(restriction.getProperty());
+        if (!restrictions.isEmpty()) {
+            NodeUtil aceNode = new NodeUtil(aceTree);
+            NodeUtil rNode = aceNode.getOrAddChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
+            for (Restriction restriction : restrictions) {
+                rNode.getTree().setProperty(restriction.getProperty());
+            }
         }
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1437630&r1=1437629&r2=1437630&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
Wed Jan 23 19:06:56 2013
@@ -19,12 +19,13 @@ package org.apache.jackrabbit.oak.securi
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
 import javax.jcr.NamespaceRegistry;
 import javax.jcr.PathNotFoundException;
 import javax.jcr.RepositoryException;
+import javax.jcr.Value;
 import javax.jcr.ValueFactory;
 import javax.jcr.security.AccessControlEntry;
 import javax.jcr.security.AccessControlException;
@@ -33,9 +34,11 @@ import javax.jcr.security.AccessControlP
 import javax.jcr.security.AccessControlPolicyIterator;
 import javax.jcr.security.Privilege;
 
+import com.google.common.collect.ImmutableMap;
 import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
 import org.apache.jackrabbit.oak.TestNameMapper;
+import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.namepath.NameMapper;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
@@ -45,11 +48,14 @@ import org.apache.jackrabbit.oak.plugins
 import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.util.NodeUtil;
 import org.junit.After;
 import org.junit.Before;
+import org.junit.Ignore;
 import org.junit.Test;
 
+import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
@@ -118,25 +124,29 @@ public class AccessControlManagerImplTes
         return new NamePathMapperImpl(remapped);
     }
 
-    private AccessControlPolicy getApplicablePolicy(String path) throws RepositoryException
{
+    private ACL getApplicablePolicy(String path) throws RepositoryException {
         AccessControlPolicyIterator itr = acMgr.getApplicablePolicies(path);
         if (itr.hasNext()) {
-            return itr.nextAccessControlPolicy();
+            return (ACL) itr.nextAccessControlPolicy();
         } else {
             throw new RepositoryException("No applicable policy found.");
         }
     }
 
     private void setupPolicy(String path) throws RepositoryException {
-        ACL policy = (ACL) getApplicablePolicy(path);
+        ACL policy = getApplicablePolicy(path);
         if (path == null) {
             policy.addAccessControlEntry(testPrincipal, testPrivileges);
         } else {
-            policy.addEntry(testPrincipal, testPrivileges, true, Collections.singletonMap(REP_GLOB,
valueFactory.createValue("*")));
+            policy.addEntry(testPrincipal, testPrivileges, true, getGlobRestriction("*"));
         }
         acMgr.setPolicy(path, policy);
     }
 
+    private Map<String, Value> getGlobRestriction(String value) {
+        return ImmutableMap.of(REP_GLOB, valueFactory.createValue(value));
+    }
+
     @Test
     public void testGetSupportedPrivileges() throws Exception {
         List<Privilege> allPrivileges = Arrays.asList(privilegeManager.getRegisteredPrivileges());
@@ -391,8 +401,8 @@ public class AccessControlManagerImplTes
 
     @Test
     public void testGetPolicyWithInvalidPrincipal() throws Exception {
-        ACL policy = (ACL) getApplicablePolicy(testPath);
-        policy.addEntry(testPrincipal, testPrivileges, true, Collections.singletonMap(REP_GLOB,
valueFactory.createValue("*")));
+        ACL policy = getApplicablePolicy(testPath);
+        policy.addEntry(testPrincipal, testPrivileges, true, getGlobRestriction("*"));
         acMgr.setPolicy(testPath, policy);
 
         NodeUtil aclNode = new NodeUtil(root.getTree(testPath + '/' + REP_POLICY));
@@ -444,8 +454,8 @@ public class AccessControlManagerImplTes
 
     @Test
     public void testAccessControlContentPaths() throws Exception {
-        ACL policy = (ACL) getApplicablePolicy(testPath);
-        policy.addEntry(testPrincipal, testPrivileges, true, Collections.singletonMap(REP_GLOB,
valueFactory.createValue("*")));
+        ACL policy = getApplicablePolicy(testPath);
+        policy.addEntry(testPrincipal, testPrivileges, true, getGlobRestriction("*"));
         acMgr.setPolicy(testPath, policy);
 
         String aclPath = testPath + '/' + REP_POLICY;
@@ -545,9 +555,56 @@ public class AccessControlManagerImplTes
         // TODO
     }
 
+    @Ignore("OAK-396")
     @Test
     public void testSetPolicy() throws Exception {
-        // TODO
+        ACL acl = getApplicablePolicy(testPath);
+        acl.addAccessControlEntry(testPrincipal, testPrivileges);
+        acl.addEntry(EveryonePrincipal.getInstance(), testPrivileges, false, getGlobRestriction("*/something"));
+
+        acMgr.setPolicy(testPath, acl);
+        root.commit();
+
+        Root root2 = adminSession.getLatestRoot();
+        AccessControlPolicy[] policies = getAccessControlManager(root2).getPolicies(testPath);
+        assertNotNull(policies);
+        assertEquals(1, policies.length);
+
+        ACL acl2 = (ACL) policies[0];
+        assertArrayEquals(acl.getAccessControlEntries(), acl2.getAccessControlEntries());
+    }
+
+    @Ignore("OAK-396")
+    @Test
+    public void testSetPolicyWritesAcContent() throws Exception {
+        ACL acl = getApplicablePolicy(testPath);
+        acl.addAccessControlEntry(testPrincipal, testPrivileges);
+        acl.addEntry(EveryonePrincipal.getInstance(), testPrivileges, false, getGlobRestriction("*/something"));
+
+        acMgr.setPolicy(testPath, acl);
+        root.commit();
+
+        Root root2 = adminSession.getLatestRoot();
+        Tree tree = root2.getTree(testPath);
+        assertTrue(tree.hasChild(REP_POLICY));
+        Tree policyTree = tree.getChild(REP_POLICY);
+        assertEquals(NT_REP_ACL, new NodeUtil(policyTree).getPrimaryNodeTypeName());
+        assertEquals(2, policyTree.getChildrenCount());
+
+        Iterator<Tree> children = policyTree.getChildren().iterator();
+        NodeUtil ace = new NodeUtil(children.next());
+        assertEquals(NT_REP_GRANT_ACE, ace.getPrimaryNodeTypeName());
+        assertEquals(testPrincipal.getName(), ace.getString(REP_PRINCIPAL_NAME, null));
+        assertArrayEquals(testPrivileges, privilegesFromNames(ace.getNames(REP_PRIVILEGES)));
+        assertFalse(ace.hasChild(REP_RESTRICTIONS));
+
+        NodeUtil ace2 = new NodeUtil(children.next());
+        assertEquals(NT_REP_DENY_ACE, ace2.getPrimaryNodeTypeName());
+        assertEquals(EveryonePrincipal.NAME, ace2.getString(REP_PRINCIPAL_NAME, null));
+        assertArrayEquals(testPrivileges, privilegesFromNames(ace2.getNames(REP_PRIVILEGES)));
+        assertTrue(ace2.hasChild(REP_RESTRICTIONS));
+        NodeUtil restr = ace2.getChild(REP_RESTRICTIONS);
+        assertEquals("*/something", restr.getString(REP_GLOB, null));
     }
 
     @Test

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java?rev=1437630&r1=1437629&r2=1437630&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java
Wed Jan 23 19:06:56 2013
@@ -44,6 +44,7 @@ public class AccessControlValidatorTest 
     private final String aceName = "validAce";
 
     private Principal testPrincipal;
+    private Principal testPrincipal2;
 
     @Before
     public void before() throws Exception {
@@ -56,6 +57,7 @@ public class AccessControlValidatorTest 
 
         // TODO
         testPrincipal = new PrincipalImpl("testPrincipal");
+        testPrincipal2 = new PrincipalImpl("anotherPrincipal");
     }
 
     @After
@@ -264,7 +266,7 @@ public class AccessControlValidatorTest 
         NodeUtil acl = createAcl();
 
         String privName = "invalidPrivilegeName";
-        createACE(acl, "invalid", NT_REP_GRANT_ACE, testPrincipal.getName(), privName);
+        createACE(acl, "invalid", NT_REP_GRANT_ACE, testPrincipal2.getName(), privName);
         try {
             root.commit();
             fail("Creating an ACE with invalid privilege should fail.");
@@ -280,7 +282,7 @@ public class AccessControlValidatorTest 
         pMgr.registerPrivilege("abstractPrivilege", true, new String[0]);
 
         NodeUtil acl = createAcl();
-        createACE(acl, "invalid", NT_REP_GRANT_ACE, testPrincipal.getName(), "abstractPrivilege");
+        createACE(acl, "invalid", NT_REP_GRANT_ACE, testPrincipal2.getName(), "abstractPrivilege");
         try {
             root.commit();
             fail("Creating an ACE with an abstract privilege should fail.");



Mime
View raw message