jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1469845 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authorization/ test/java/org/apache/jackrabbit/oak/security/authorization/
Date Fri, 19 Apr 2013 14:28:55 GMT
Author: angela
Date: Fri Apr 19 14:28:55 2013
New Revision: 1469845

URL: http://svn.apache.org/r1469845
Log:
OAK-51 : Access Control Management (tests, minor improvement)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlInitializer.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlInitializer.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlInitializer.java?rev=1469845&r1=1469844&r2=1469845&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlInitializer.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlInitializer.java
Fri Apr 19 14:28:55 2013
@@ -37,12 +37,13 @@ public class AccessControlInitializer im
     @Override
     public NodeState initialize(NodeState workspaceRoot, String workspaceName, QueryIndexProvider
indexProvider, CommitHook commitHook) {
         NodeBuilder root = workspaceRoot.builder();
+
         // property index for rep:principalName stored in ACEs
         NodeBuilder index = IndexUtils.getOrCreateOakIndex(root);
         if (!index.hasChildNode("acPrincipalName")) {
             IndexUtils.createIndexDefinition(index, "acPrincipalName", true, false,
                     ImmutableList.<String>of(REP_PRINCIPAL_NAME),
-                    ImmutableList.<String>of(NT_REP_DENY_ACE, NT_REP_GRANT_ACE));
+                    ImmutableList.<String>of(NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_ACE));
         }
         return root.getNodeState();
     }

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1469845&r1=1469844&r2=1469845&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
Fri Apr 19 14:28:55 2013
@@ -25,6 +25,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 import javax.jcr.AccessDeniedException;
 import javax.jcr.NamespaceRegistry;
 import javax.jcr.PathNotFoundException;
@@ -55,6 +56,7 @@ import org.apache.jackrabbit.oak.plugins
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
+import org.apache.jackrabbit.oak.spi.security.authorization.TestACL;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.util.NodeUtil;
@@ -150,7 +152,7 @@ public class AccessControlManagerImplTes
         return new NamePathMapperImpl(remapped);
     }
 
-    private ACL getApplicablePolicy(String path) throws RepositoryException {
+    private ACL getApplicablePolicy(@Nullable String path) throws RepositoryException {
         AccessControlPolicyIterator itr = acMgr.getApplicablePolicies(path);
         if (itr.hasNext()) {
             return (ACL) itr.nextAccessControlPolicy();
@@ -159,7 +161,7 @@ public class AccessControlManagerImplTes
         }
     }
 
-    private ACL createPolicy(String path) {
+    private ACL createPolicy(@Nullable String path) {
         final PrincipalManager pm = getPrincipalManager();
         final RestrictionProvider rp = getRestrictionProvider();
         return new ACL(path, getNamePathMapper()) {
@@ -186,7 +188,8 @@ public class AccessControlManagerImplTes
         };
     }
 
-    private void setupPolicy(String path) throws RepositoryException {
+    @Nonnull
+    private ACL setupPolicy(@Nullable String path) throws RepositoryException {
         ACL policy = getApplicablePolicy(path);
         if (path == null) {
             policy.addAccessControlEntry(testPrincipal, testPrivileges);
@@ -194,9 +197,10 @@ public class AccessControlManagerImplTes
             policy.addEntry(testPrincipal, testPrivileges, true, getGlobRestriction("*"));
         }
         acMgr.setPolicy(path, policy);
+        return policy;
     }
 
-    private Map<String, Value> getGlobRestriction(String value) {
+    private Map<String, Value> getGlobRestriction(@Nonnull String value) {
         return ImmutableMap.of(REP_GLOB, valueFactory.createValue(value));
     }
 
@@ -1050,6 +1054,20 @@ public class AccessControlManagerImplTes
     }
 
     @Test
+    public void testSetRepoPolicy() throws Exception {
+        ACL acl = getApplicablePolicy(null);
+        acl.addAccessControlEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_NAMESPACE_MANAGEMENT));
+
+        acMgr.setPolicy(null, acl);
+        root.commit();
+
+        Root root2 = adminSession.getLatestRoot();
+        AccessControlPolicy[] policies = getAccessControlManager(root2).getPolicies((String)
null);
+        assertEquals(1, policies.length);
+        assertArrayEquals(acl.getAccessControlEntries(), ((ACL) policies[0]).getAccessControlEntries());
+    }
+
+    @Test
     public void testSetPolicyWritesAcContent() throws Exception {
         ACL acl = getApplicablePolicy(testPath);
         acl.addAccessControlEntry(testPrincipal, testPrivileges);
@@ -1127,12 +1145,35 @@ public class AccessControlManagerImplTes
 
     @Test
     public void testSetInvalidPolicy() throws Exception {
-        // TODO
-    }
+        try {
+            acMgr.setPolicy(testPath, new TestACL(testPath, getRestrictionProvider()));
+            fail("Setting invalid policy must fail");
+        } catch (AccessControlException e) {
+            // success
+        }
 
-    @Test
-    public void testSetRepoPolicy() throws Exception {
-        // TODO
+        ACL acl = setupPolicy(testPath);
+        try {
+            acMgr.setPolicy(testPath, new TestACL(testPath, getRestrictionProvider()));
+            fail("Setting invalid policy must fail");
+        } catch (AccessControlException e) {
+            // success
+        }
+
+        ACL repoAcl = setupPolicy(null);
+        try {
+            acMgr.setPolicy(testPath, repoAcl);
+            fail("Setting invalid policy must fail");
+        } catch (AccessControlException e) {
+            // success
+        }
+
+        try {
+            acMgr.setPolicy(null, acl);
+            fail("Setting invalid policy must fail");
+        } catch (AccessControlException e) {
+            // success
+        }
     }
 
     @Test
@@ -1185,20 +1226,62 @@ public class AccessControlManagerImplTes
         }
     }
 
+    @Test
+    public void testSetPolicyAtDifferentPath() throws Exception {
+        try {
+            ACL acl = getApplicablePolicy(testPath);
+            acMgr.setPolicy("/", acl);
+            fail("Setting access control policy at a different node path must fail");
+        } catch (AccessControlException e) {
+            // success
+        }
+    }
+
     //--------------------------< removePolicy(String, AccessControlPolicy) >---
     @Test
     public void testRemovePolicy() throws Exception {
-        // TODO
+        ACL acl = setupPolicy(testPath);
+
+        acMgr.removePolicy(testPath, acl);
+
+        assertEquals(0, acMgr.getPolicies(testPath).length);
+        assertTrue(acMgr.getApplicablePolicies(testPath).hasNext());
     }
 
     @Test
-    public void testRemoveInvalidPolicy() throws Exception {
-        // TODO
+    public void testRemoveRepoPolicy() throws Exception {
+        ACL acl = setupPolicy(null);
+
+        acMgr.removePolicy(null, acl);
+
+        assertEquals(0, acMgr.getPolicies((String) null).length);
+        assertTrue(acMgr.getApplicablePolicies((String) null).hasNext());
     }
 
     @Test
-    public void testRemoveRepoPolicy() throws Exception {
-        // TODO
+    public void testRemoveInvalidPolicy() throws Exception {
+        ACL acl = setupPolicy(testPath);
+        try {
+            acMgr.removePolicy(testPath, new TestACL(testPath, getRestrictionProvider()));
+            fail("Invalid policy -> removal must fail");
+        } catch (AccessControlException e) {
+            // success
+        }
+
+        ACL repoAcl = setupPolicy(null);
+        try {
+            acMgr.removePolicy(testPath, repoAcl);
+            fail("Setting invalid policy must fail");
+        } catch (AccessControlException e) {
+            // success
+        }
+
+        try {
+            acMgr.removePolicy(null, acl);
+            fail("Setting invalid policy must fail");
+        } catch (AccessControlException e) {
+            // success
+        }
     }
 
     @Test
@@ -1251,6 +1334,18 @@ public class AccessControlManagerImplTes
         }
     }
 
+    @Test
+    public void testRemovePolicyAtDifferentPath() throws Exception {
+        try {
+            setupPolicy(testPath);
+            ACL acl = getApplicablePolicy("/");
+            acMgr.removePolicy(testPath, acl);
+            fail("Removing access control policy at a different node path must fail");
+        } catch (AccessControlException e) {
+            // success
+        }
+    }
+
     //-----------------------------------< getApplicablePolicies(Principal) >---
     // TODO
 
@@ -1259,4 +1354,10 @@ public class AccessControlManagerImplTes
 
     //------------------------------------< getEffectivePolicies(Principal) >---
     // TODO
+
+    //-----------------------------------------------< setPrincipalPolicy() >---
+    // TODO
+
+    //--------------------------------------------< removePrincipalPolicy() >---
+    // TODO
 }

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java?rev=1469845&r1=1469844&r2=1469845&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java
Fri Apr 19 14:28:55 2013
@@ -22,7 +22,6 @@ import org.apache.jackrabbit.JcrConstant
 import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
 import org.apache.jackrabbit.oak.api.CommitFailedException;
 import org.apache.jackrabbit.oak.api.Tree;
-import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
 import org.apache.jackrabbit.oak.util.NodeUtil;
@@ -34,9 +33,6 @@ import static org.junit.Assert.assertEqu
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
-/**
- * AccessControlValidatorTest... TODO
- */
 public class AccessControlValidatorTest extends AbstractAccessControlTest implements AccessControlConstants
{
 
     private final String testName = "testRoot";
@@ -44,7 +40,6 @@ public class AccessControlValidatorTest 
     private final String aceName = "validAce";
 
     private Principal testPrincipal;
-    private Principal testPrincipal2;
 
     @Before
     public void before() throws Exception {
@@ -55,9 +50,7 @@ public class AccessControlValidatorTest 
 
         root.commit();
 
-        // TODO
-        testPrincipal = new PrincipalImpl("testPrincipal");
-        testPrincipal2 = new PrincipalImpl("anotherPrincipal");
+        testPrincipal = getTestPrincipal();
     }
 
     @After
@@ -282,7 +275,7 @@ public class AccessControlValidatorTest 
         NodeUtil acl = createAcl();
 
         String privName = "invalidPrivilegeName";
-        createACE(acl, "invalid", NT_REP_GRANT_ACE, testPrincipal2.getName(), privName);
+        createACE(acl, "invalid", NT_REP_GRANT_ACE, testPrincipal.getName(), privName);
         try {
             root.commit();
             fail("Creating an ACE with invalid privilege should fail.");
@@ -298,7 +291,7 @@ public class AccessControlValidatorTest 
         pMgr.registerPrivilege("abstractPrivilege", true, new String[0]);
 
         NodeUtil acl = createAcl();
-        createACE(acl, "invalid", NT_REP_GRANT_ACE, testPrincipal2.getName(), "abstractPrivilege");
+        createACE(acl, "invalid", NT_REP_GRANT_ACE, testPrincipal.getName(), "abstractPrivilege");
         try {
             root.commit();
             fail("Creating an ACE with an abstract privilege should fail.");



Mime
View raw message