jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mdue...@apache.org
Subject svn commit: r1466922 - in /jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak: AbstractSecurityTest.java security/authorization/ShadowInvisibleContentTest.java spi/security/authorization/AbstractAccessControlTest.java
Date Thu, 11 Apr 2013 15:28:23 GMT
Author: mduerig
Date: Thu Apr 11 15:28:23 2013
New Revision: 1466922

URL: http://svn.apache.org/r1466922
Log:
OAK-709: Consider moving permission evaluation to the node state level
test: shadow invisible node should result on access violation on commit

Added:
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java
  (with props)
Modified:
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java?rev=1466922&r1=1466921&r2=1466922&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java
Thu Apr 11 15:28:23 2013
@@ -20,9 +20,11 @@ import javax.annotation.Nullable;
 import javax.jcr.Credentials;
 import javax.jcr.NoSuchWorkspaceException;
 import javax.jcr.SimpleCredentials;
+import javax.jcr.security.AccessControlManager;
 import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginException;
 
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.api.ContentRepository;
 import org.apache.jackrabbit.oak.api.ContentSession;
@@ -36,6 +38,7 @@ import org.apache.jackrabbit.oak.securit
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
 import org.junit.After;
@@ -108,4 +111,14 @@ public abstract class AbstractSecurityTe
         }
         return userManager;
     }
+    
+    protected JackrabbitAccessControlManager getAccessControlManager(Root root) {
+        PermissionProvider pp = null; // TODO
+        AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root,
NamePathMapper.DEFAULT, pp);
+        if (acMgr instanceof JackrabbitAccessControlManager) {
+            return (JackrabbitAccessControlManager) acMgr;
+        } else {
+            throw new UnsupportedOperationException("Expected JackrabbitAccessControlManager
found " + acMgr.getClass());
+        }
+    }
 }

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java?rev=1466922&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java
Thu Apr 11 15:28:23 2013
@@ -0,0 +1,100 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization;
+ 
+import static org.apache.jackrabbit.JcrConstants.NT_UNSTRUCTURED;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import java.security.Principal;
+
+import javax.jcr.NoSuchWorkspaceException;
+import javax.jcr.RepositoryException;
+import javax.jcr.SimpleCredentials;
+import javax.jcr.security.AccessControlManager;
+import javax.security.auth.login.LoginException;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.CommitFailedException;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.util.NodeUtil;
+import org.junit.Before;
+import org.junit.Test;
+
+public class ShadowInvisibleContentTest extends AbstractSecurityTest {
+	private static final String USER_ID = "test";
+
+	private Principal userPrincipal;
+  
+    @Before
+    @Override
+    public void before() throws Exception {
+        super.before();
+        
+        User user = getUserManager().createUser(USER_ID, USER_ID);
+        userPrincipal = user.getPrincipal();
+
+        NodeUtil a = new NodeUtil(root.getTree("/")).addChild("a", NT_UNSTRUCTURED);
+        a.setString("x", "xValue");
+        NodeUtil b = a.addChild("b", NT_UNSTRUCTURED);
+        b.setString("y", "yValue");
+        NodeUtil c = b.addChild("c", NT_UNSTRUCTURED);
+        c.setString("propName3", "strValue");
+    }
+     
+    private void setupPermission(Principal principal, String path, boolean isAllow, String
privilegeName)
+            throws CommitFailedException, RepositoryException {
+
+        AccessControlManager acMgr = getAccessControlManager(root);
+        JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr,
path);
+        acl.addEntry(principal,AccessControlUtils.privilegesFromNames(acMgr, privilegeName)
, isAllow);
+        acMgr.setPolicy(path, acl);
+        root.commit();
+    }
+
+    private Root getLatestRoot() throws LoginException, NoSuchWorkspaceException {
+        ContentSession contentSession = login(new SimpleCredentials(USER_ID, USER_ID.toCharArray()));
+        return contentSession.getLatestRoot();
+    }
+
+    @Test
+    public void testShadowInvisibleNode() throws CommitFailedException, RepositoryException,
LoginException {
+        setupPermission(userPrincipal, "/a", true, PrivilegeConstants.JCR_ALL);
+        setupPermission(userPrincipal, "/a/b", false, PrivilegeConstants.JCR_ALL);
+        setupPermission(userPrincipal, "/a/b/c", true, PrivilegeConstants.JCR_ALL);
+
+        Root root = getLatestRoot();
+        Tree a = root.getTree("/a");
+        Tree b = a.addChild("b");
+        assertFalse(b.hasChild("c"));
+
+        try {
+            root.commit();
+        } catch (CommitFailedException e) {
+            assertTrue(e.isAccessViolation());
+        }
+    }
+
+}

Propchange: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev URL

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java?rev=1466922&r1=1466921&r2=1466922&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java
Thu Apr 11 15:28:23 2013
@@ -17,10 +17,8 @@
 package org.apache.jackrabbit.oak.spi.security.authorization;
 
 import javax.jcr.NamespaceRegistry;
-import javax.jcr.security.AccessControlManager;
 import javax.jcr.security.Privilege;
 
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
 import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
@@ -28,7 +26,6 @@ import org.apache.jackrabbit.oak.api.Roo
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.name.ReadWriteNamespaceRegistry;
-import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
 
 /**
@@ -66,16 +63,6 @@ public abstract class AbstractAccessCont
         return privs;
     }
 
-    protected JackrabbitAccessControlManager getAccessControlManager(Root root) {
-        PermissionProvider pp = null; // TODO
-        AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root,
NamePathMapper.DEFAULT, pp);
-        if (acMgr instanceof JackrabbitAccessControlManager) {
-            return (JackrabbitAccessControlManager) acMgr;
-        } else {
-            throw new UnsupportedOperationException("Expected JackrabbitAccessControlManager
found " + acMgr.getClass());
-        }
-    }
-
     protected RestrictionProvider getRestrictionProvider() {
         if (restrictionProvider == null) {
             restrictionProvider = getSecurityProvider().getAccessControlConfiguration().getRestrictionProvider(getNamePathMapper());
@@ -93,4 +80,4 @@ public abstract class AbstractAccessCont
         }
         return privMgr;
     }
-}
\ No newline at end of file
+}



Mime
View raw message