jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1467243 - in /jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization: ./ evaluation/
Date Fri, 12 Apr 2013 12:11:53 GMT
Author: angela
Date: Fri Apr 12 12:11:53 2013
New Revision: 1467243

URL: http://svn.apache.org/r1467243
Log:
OAK-708: tests (based on patch provided by antonio sanso)

Added:
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java
  (contents, props changed)
      - copied, changed from r1467017, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java
Removed:
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java?rev=1467243&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java
Fri Apr 12 12:11:53 2013
@@ -0,0 +1,124 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.evaluation;
+
+import java.security.Principal;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+import javax.jcr.SimpleCredentials;
+import javax.jcr.security.AccessControlManager;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.util.NodeUtil;
+import org.junit.After;
+import org.junit.Before;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static org.apache.jackrabbit.JcrConstants.NT_UNSTRUCTURED;
+
+/**
+ * Base class for all classes that attempt to test OAK API and OAK core functionality
+ * in combination with permission evaluation
+ */
+public abstract class AbstractOakCoreTest extends AbstractSecurityTest {
+
+    protected static final String TEST_USER_ID = "test";
+
+	protected Principal testPrincipal;
+
+    private ContentSession testSession;
+
+    @Before
+    @Override
+    public void before() throws Exception {
+        super.before();
+
+        User user = getUserManager().createUser(TEST_USER_ID, TEST_USER_ID);
+        testPrincipal = user.getPrincipal();
+
+        NodeUtil rootNode = new NodeUtil(root.getTree("/"));
+        NodeUtil a = rootNode.addChild("a", NT_UNSTRUCTURED);
+        a.setString("aProp", "aValue");
+
+        NodeUtil b = a.addChild("b", NT_UNSTRUCTURED);
+        b.setString("bProp", "bValue");
+        // sibling
+        NodeUtil bb = a.addChild("bb", NT_UNSTRUCTURED);
+        bb.setString("bbProp", "bbValue");
+
+        NodeUtil c = b.addChild("c", NT_UNSTRUCTURED);
+        c.setString("cProp", "cValue");
+        root.commit();
+    }
+
+    @After
+    @Override
+    public void after() throws Exception {
+        try {
+            Authorizable testUser = getUserManager().getAuthorizable(TEST_USER_ID);
+            if (testUser != null) {
+                testUser.remove();
+                root.commit();
+            }
+
+            if (testSession != null) {
+                testSession.close();
+            }
+        } finally {
+            super.after();
+        }
+    }
+
+    @Nonnull
+    protected ContentSession getTestSession() throws Exception {
+        if (testSession == null) {
+            testSession = login(new SimpleCredentials(TEST_USER_ID, TEST_USER_ID.toCharArray()));
+        }
+        return testSession;
+    }
+
+    @Nonnull
+    protected Root getTestRoot() throws Exception {
+        return getTestSession().getLatestRoot();
+    }
+
+    /**
+     * Setup simple allow/deny permissions (without restrictions).
+     *
+     * @param path
+     * @param isAllow
+     * @param privilegeNames
+     * @throws Exception
+     */
+    protected void setupPermission(@Nullable String path,
+                                   @Nonnull Principal principal,
+                                   boolean isAllow,
+                                   @Nonnull String... privilegeNames) throws Exception {
+    	AccessControlManager acMgr = getAccessControlManager(root);
+    	JackrabbitAccessControlList acl = checkNotNull(AccessControlUtils.getAccessControlList(acMgr,
path));
+      	acl.addEntry(principal, AccessControlUtils.privilegesFromNames(acMgr, privilegeNames),
isAllow);
+     	acMgr.setPolicy(path, acl);
+
+        root.commit();
+    }
+}
\ No newline at end of file

Copied: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java
(from r1467017, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java?p2=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java&p1=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java&r1=1467017&r2=1467243&rev=1467243&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java
Fri Apr 12 12:11:53 2013
@@ -16,80 +16,30 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-package org.apache.jackrabbit.oak.security.authorization;
- 
-import java.security.Principal;
-import javax.jcr.NoSuchWorkspaceException;
-import javax.jcr.RepositoryException;
-import javax.jcr.SimpleCredentials;
-import javax.jcr.security.AccessControlManager;
-import javax.security.auth.login.LoginException;
-
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
-import org.apache.jackrabbit.api.security.user.User;
-import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
-import org.apache.jackrabbit.oak.AbstractSecurityTest;
+package org.apache.jackrabbit.oak.security.authorization.evaluation;
+
 import org.apache.jackrabbit.oak.api.CommitFailedException;
-import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
-import org.apache.jackrabbit.oak.util.NodeUtil;
-import org.junit.Before;
 import org.junit.Ignore;
 import org.junit.Test;
 
-import static org.apache.jackrabbit.JcrConstants.NT_UNSTRUCTURED;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 
-public class ShadowInvisibleContentTest extends AbstractSecurityTest {
-
-    private static final String USER_ID = "test";
-
-	private Principal userPrincipal;
-  
-    @Before
-    @Override
-    public void before() throws Exception {
-        super.before();
-        
-        User user = getUserManager().createUser(USER_ID, USER_ID);
-        userPrincipal = user.getPrincipal();
-
-        NodeUtil a = new NodeUtil(root.getTree("/")).addChild("a", NT_UNSTRUCTURED);
-        a.setString("x", "xValue");
-        NodeUtil b = a.addChild("b", NT_UNSTRUCTURED);
-        b.setString("y", "yValue");
-        NodeUtil c = b.addChild("c", NT_UNSTRUCTURED);
-        c.setString("z", "zValue");
-    }
+public class ShadowInvisibleContentTest extends AbstractOakCoreTest {
      
-    private void setupPermission(Principal principal, String path, boolean isAllow, String
privilegeName)
-            throws CommitFailedException, RepositoryException {
-
-        AccessControlManager acMgr = getAccessControlManager(root);
-        JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr,
path);
-        acl.addEntry(principal, privilegesFromNames(privilegeName) , isAllow);
-        acMgr.setPolicy(path, acl);
-        root.commit();
-    }
-
-    private Root getLatestRoot() throws LoginException, NoSuchWorkspaceException {
-        ContentSession contentSession = login(new SimpleCredentials(USER_ID, USER_ID.toCharArray()));
-        return contentSession.getLatestRoot();
-    }
-
     @Test
-    public void testShadowInvisibleNode() throws CommitFailedException, RepositoryException,
LoginException {
-        setupPermission(userPrincipal, "/a", true, PrivilegeConstants.JCR_ALL);
-        setupPermission(userPrincipal, "/a/b", false, PrivilegeConstants.JCR_ALL);
-        setupPermission(userPrincipal, "/a/b/c", true, PrivilegeConstants.JCR_ALL);
+    public void testShadowInvisibleNode() throws Exception {
+        setupPermission("/a", testPrincipal, true, PrivilegeConstants.JCR_ALL);
+        setupPermission("/a/b", testPrincipal, false, PrivilegeConstants.JCR_ALL);
+        setupPermission("/a/b/c", testPrincipal, true, PrivilegeConstants.JCR_ALL);
 
-        Root root = getLatestRoot();
-        Tree a = root.getTree("/a");
+        Root testRoot = getTestRoot();
+        Tree a = testRoot.getTree("/a");
 
         // /b not visible to this session
         assertFalse(a.hasChild("b"));
@@ -100,7 +50,7 @@ public class ShadowInvisibleContentTest 
         assertFalse(b.hasChild("c"));
 
         try {
-            root.commit();
+            testRoot.commit();
         } catch (CommitFailedException e) {
             assertTrue(e.isAccessViolation());
         }
@@ -108,12 +58,12 @@ public class ShadowInvisibleContentTest 
 
     @Test
     @Ignore  // TODO incomplete implementation of PermissionValidator.childNodeChanged()
-    public void testShadowInvisibleProperty() throws CommitFailedException, RepositoryException,
LoginException {
-        setupPermission(userPrincipal, "/a", true, PrivilegeConstants.JCR_ALL);
-        setupPermission(userPrincipal, "/a", false, PrivilegeConstants.REP_READ_PROPERTIES);
+    public void testShadowInvisibleProperty() throws Exception {
+        setupPermission("/a", testPrincipal, true, PrivilegeConstants.JCR_ALL);
+        setupPermission("/a", testPrincipal, false, PrivilegeConstants.REP_READ_PROPERTIES);
 
-        Root root = getLatestRoot();
-        Tree a = root.getTree("/a");
+        Root testRoot = getTestRoot();
+        Tree a = testRoot.getTree("/a");
 
         // /a/x not visible to this session
         assertNull(a.getProperty("x"));
@@ -123,7 +73,7 @@ public class ShadowInvisibleContentTest 
         assertNotNull(a.getProperty("x"));
 
         try {
-            root.commit();
+            testRoot.commit();
         } catch (CommitFailedException e) {
             assertTrue(e.isAccessViolation());
         }
@@ -131,12 +81,12 @@ public class ShadowInvisibleContentTest 
 
     @Test
     @Ignore // FIXME how do we handle the case where the shadowing item is the same as the
shadowing item?
-    public void testShadowInvisibleProperty2() throws CommitFailedException, RepositoryException,
LoginException {
-        setupPermission(userPrincipal, "/a", true, PrivilegeConstants.JCR_ALL);
-        setupPermission(userPrincipal, "/a", false, PrivilegeConstants.REP_READ_PROPERTIES);
+    public void testShadowInvisibleProperty2() throws Exception {
+        setupPermission("/a", testPrincipal, true, PrivilegeConstants.JCR_ALL);
+        setupPermission("/a", testPrincipal, false, PrivilegeConstants.REP_READ_PROPERTIES);
 
-        Root root = getLatestRoot();
-        Tree a = root.getTree("/a");
+        Root testRoot = getTestRoot();
+        Tree a = testRoot.getTree("/a");
 
         // /a/x not visible to this session
         assertNull(a.getProperty("x"));
@@ -146,7 +96,7 @@ public class ShadowInvisibleContentTest 
         assertNotNull(a.getProperty("x"));
 
         try {
-            root.commit();
+            testRoot.commit();
         } catch (CommitFailedException e) {
             assertTrue(e.isAccessViolation());
         }

Propchange: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev URL

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java?rev=1467243&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java
Fri Apr 12 12:11:53 2013
@@ -0,0 +1,135 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.evaluation;
+
+import java.util.List;
+
+import com.google.common.collect.ImmutableList;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+public class TreeTest extends AbstractOakCoreTest {
+
+    // TODO: add tests for acls withs restrictions
+    // TODO: add tests with READ_PROPERTIES and READ_NODES privileges
+
+    private Root testRoot;
+
+    @Before
+    public void before() throws Exception {
+        super.before();
+
+        setupPermission("/", testPrincipal, true, PrivilegeConstants.JCR_READ);
+        setupPermission("/a/bb", testPrincipal, false, PrivilegeConstants.JCR_READ);
+
+        testRoot = getTestRoot();
+    }
+
+    @Test
+    public void testHasChild() throws Exception {
+        Tree rootTree = testRoot.getTree("/");
+
+        assertTrue(rootTree.hasChild("a"));
+        assertFalse(rootTree.hasChild(AccessControlConstants.REP_POLICY));
+
+        Tree a = rootTree.getChild("a");
+        assertTrue(a.hasChild("b"));
+        assertFalse(a.hasChild("bb"));
+
+        Tree b = a.getChild("b");
+        assertTrue(b.hasChild("c"));
+    }
+
+    @Test
+    public void testGetChild() throws Exception {
+        Tree rootTree = testRoot.getTree("/");
+        assertNotNull(rootTree);
+
+        Tree a = rootTree.getChild("a");
+        assertNotNull(a);
+
+        Tree b = a.getChild("b");
+        assertNotNull(b);
+        assertNotNull(b.getChild("c"));
+
+        assertNull(a.getChild("bb"));
+    }
+
+    @Test
+    public void testPolicyChild() throws Exception {
+        assertNotNull(root.getTree('/' + AccessControlConstants.REP_POLICY));
+
+        // 'testUser' must not have access to the policy node
+        Tree rootTree = testRoot.getTree("/");
+
+        assertFalse(rootTree.hasChild(AccessControlConstants.REP_POLICY));
+        assertNull(rootTree.getChild(AccessControlConstants.REP_POLICY));
+    }
+
+    @Test
+	public void testGetChildrenCount() throws Exception {
+        long cntRoot = root.getTree("/").getChildrenCount();
+        long cntA = root.getTree("/a").getChildrenCount();
+
+        // 'testUser' may only see 'regular' child nodes -> count must be adjusted.
+        assertEquals(cntRoot-1, testRoot.getTree("/").getChildrenCount());
+        assertEquals(cntA - 1, testRoot.getTree("/a").getChildrenCount());
+
+        // for the following nodes the cnt must not differ
+        List<String> paths = ImmutableList.of("/a/b", "/a/b/c");
+        for (String path : paths) {
+            assertEquals(
+                    root.getTree(path).getChildrenCount(),
+                    testRoot.getTree(path).getChildrenCount());
+        }
+    }
+
+    @Test
+    public void testHasProperty() throws Exception {
+        // TODO
+    }
+
+    @Test
+    public void testGetProperty() throws Exception {
+        // TODO
+    }
+
+    @Test
+    public void testGetPropertyStatus() throws Exception {
+        // TODO
+    }
+
+    @Test
+    public void testGetPropertyCount() throws Exception {
+        // TODO
+    }
+
+    @Test
+    public void testGetProperties() throws Exception {
+        // TODO
+    }
+}



Mime
View raw message