jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1470857 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
Date Tue, 23 Apr 2013 09:07:48 GMT
Author: angela
Date: Tue Apr 23 09:07:48 2013
New Revision: 1470857

URL: http://svn.apache.org/r1470857
Log:
OAK-758: add tests

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1470857&r1=1470856&r2=1470857&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
Tue Apr 23 09:07:48 2013
@@ -306,20 +306,28 @@ public class AccessControlManagerImpl im
     @Nonnull
     @Override
     public JackrabbitAccessControlPolicy[] getApplicablePolicies(@Nonnull Principal principal)
throws RepositoryException {
-        Result aceResult = searchAces(Collections.<Principal>singleton(principal));
-        if (aceResult.getSize() > 0) {
+        checkValidPrincipal(principal);
+
+        String oakPath = (principal instanceof ItemBasedPrincipal) ? ((ItemBasedPrincipal)
principal).getPath() : null;
+        JackrabbitAccessControlPolicy policy = createPrincipalACL(oakPath, principal);
+
+        if (policy != null) {
             return new JackrabbitAccessControlPolicy[0];
         } else {
-            return new JackrabbitAccessControlPolicy[]{createPrincipalACL(principal, null)};
+            return new JackrabbitAccessControlPolicy[]{new PrincipalACL(oakPath, principal)};
         }
     }
 
     @Nonnull
     @Override
     public JackrabbitAccessControlPolicy[] getPolicies(@Nonnull Principal principal) throws
RepositoryException {
-        Result aceResult = searchAces(Collections.<Principal>singleton(principal));
-        if (aceResult.getSize() > 0) {
-            return new JackrabbitAccessControlPolicy[]{createPrincipalACL(principal, aceResult)};
+        checkValidPrincipal(principal);
+
+        String oakPath = (principal instanceof ItemBasedPrincipal) ? ((ItemBasedPrincipal)
principal).getPath() : null;
+        JackrabbitAccessControlPolicy policy = createPrincipalACL(oakPath, principal);
+
+        if (policy != null) {
+            return new JackrabbitAccessControlPolicy[]{policy};
         } else {
             return new JackrabbitAccessControlPolicy[0];
         }
@@ -328,6 +336,7 @@ public class AccessControlManagerImpl im
     @Nonnull
     @Override
     public AccessControlPolicy[] getEffectivePolicies(@Nonnull Set<Principal> principals)
throws RepositoryException {
+        checkValidPrincipals(principals);
         Result aceResult = searchAces(principals);
         List<AccessControlPolicy> effective = new ArrayList<AccessControlPolicy>();
         for (ResultRow row : aceResult.getRows()) {
@@ -424,6 +433,22 @@ public class AccessControlManagerImpl im
         }
     }
 
+    private void checkValidPrincipals(@Nullable Set<Principal> principals) throws AccessControlException
{
+        if (principals == null) {
+            throw new AccessControlException("Valid principals expected. Found null.");
+        }
+        for (Principal principal : principals) {
+            checkValidPrincipal(principal);
+        }
+    }
+
+    private void checkValidPrincipal(@Nullable Principal principal) throws AccessControlException
{
+        String name = (principal == null) ? null : principal.getName();
+        if (name == null || !principalManager.hasPrincipal(name)) {
+            throw new AccessControlException("Unknown principal " + name);
+        }
+    }
+
     private boolean isAccessControlled(@Nonnull Tree tree, @Nonnull String nodeTypeName)
{
         return ntMgr.isNodeType(tree, nodeTypeName);
     }
@@ -481,33 +506,31 @@ public class AccessControlManagerImpl im
         return acl;
     }
 
-    @Nonnull
-    private JackrabbitAccessControlList createPrincipalACL(@Nonnull Principal principal,
-                                                           @Nullable Result aceResult) throws
RepositoryException {
-        if (!(principal instanceof ItemBasedPrincipal)) {
-            throw new IllegalArgumentException("Item based principal expected");
-        }
-        String principalPath = ((ItemBasedPrincipal) principal).getPath();
+    @Nullable
+    private JackrabbitAccessControlList createPrincipalACL(@Nullable String oakPath,
+                                                           @Nonnull Principal principal)
throws RepositoryException {
+        Result aceResult = searchAces(Collections.<Principal>singleton(principal));
         RestrictionProvider restrProvider = new PrincipalRestrictionProvider(restrictionProvider,
namePathMapper);
-
-        List<JackrabbitAccessControlEntry> entries = null;
-        if (aceResult != null) {
-            entries = new ArrayList();
-            for (ResultRow row : aceResult.getRows()) {
-                Tree aceTree = root.getTree(row.getPath());
-                if (isACE(aceTree)) {
-                    String aclPath = Text.getRelativeParent(aceTree.getPath(), 1);
-                    String path;
-                    if (aclPath.endsWith(REP_REPO_POLICY)) {
-                        path = null;
-                    } else {
-                        path = Text.getRelativeParent(aclPath, 1);
-                    }
-                    entries.add(createACE(path, aceTree, restrProvider));
+        List<JackrabbitAccessControlEntry> entries = new ArrayList<JackrabbitAccessControlEntry>();
+        for (ResultRow row : aceResult.getRows()) {
+            Tree aceTree = root.getTree(row.getPath());
+            if (isACE(aceTree)) {
+                String aclPath = Text.getRelativeParent(aceTree.getPath(), 1);
+                String path;
+                if (aclPath.endsWith(REP_REPO_POLICY)) {
+                    path = null;
+                } else {
+                    path = Text.getRelativeParent(aclPath, 1);
                 }
+                entries.add(createACE(path, aceTree, restrProvider));
             }
         }
-        return new PrincipalACL(principalPath, principal, entries, restrProvider);
+        if (entries.isEmpty()) {
+            // nothing found
+            return null;
+        } else {
+            return new PrincipalACL(oakPath, principal, entries, restrProvider);
+        }
     }
 
     @Nonnull
@@ -524,7 +547,7 @@ public class AccessControlManagerImpl im
         // TODO: specify sort order
         StringBuilder stmt = new StringBuilder("/jcr:root");
         stmt.append("//element(*,");
-        stmt.append(namePathMapper.getJcrName(NT_REP_ACE));
+        stmt.append(NT_REP_ACE);
         stmt.append(")[");
         int i = 0;
         for (Principal principal : principals) {
@@ -532,7 +555,7 @@ public class AccessControlManagerImpl im
                 stmt.append(" or ");
             }
             stmt.append('@');
-            stmt.append(ISO9075.encode(namePathMapper.getJcrName(REP_PRINCIPAL_NAME)));
+            stmt.append(ISO9075.encode(REP_PRINCIPAL_NAME));
             stmt.append("='");
             stmt.append(principal.getName().replaceAll("'", "''"));
             stmt.append('\'');
@@ -702,11 +725,11 @@ public class AccessControlManagerImpl im
     // TODO review again
     private class NodeACL extends ACL {
 
-        NodeACL(String oakPath) {
+        NodeACL(@Nullable String oakPath) {
             super(oakPath, namePathMapper);
         }
 
-        NodeACL(String oakPath, List<JackrabbitAccessControlEntry> entries) {
+        NodeACL(@Nullable String oakPath, @Nullable List<JackrabbitAccessControlEntry>
entries) {
             super(oakPath, entries, namePathMapper);
         }
 
@@ -755,9 +778,13 @@ public class AccessControlManagerImpl im
         private final Principal principal;
         private final RestrictionProvider rProvider;
 
-        private PrincipalACL(String oakPath, Principal principal,
-                             List<JackrabbitAccessControlEntry> entries,
-                             RestrictionProvider restrictionProvider) {
+        private PrincipalACL(@Nullable String oakPath, @Nonnull Principal principal) {
+            this(oakPath, principal, null, new PrincipalRestrictionProvider(restrictionProvider,
namePathMapper));
+        }
+
+        private PrincipalACL(@Nullable String oakPath, @Nonnull Principal principal,
+                             @Nullable List<JackrabbitAccessControlEntry> entries,
+                             @Nonnull RestrictionProvider restrictionProvider) {
             super(oakPath, entries, namePathMapper);
             this.principal = principal;
             rProvider = restrictionProvider;

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1470857&r1=1470856&r2=1470857&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
Tue Apr 23 09:07:48 2013
@@ -20,6 +20,7 @@ import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -39,9 +40,11 @@ import javax.jcr.security.AccessControlP
 import javax.jcr.security.AccessControlPolicyIterator;
 import javax.jcr.security.Privilege;
 
+import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import org.apache.jackrabbit.JcrConstants;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
 import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.oak.TestNameMapper;
@@ -53,6 +56,7 @@ import org.apache.jackrabbit.oak.namepat
 import org.apache.jackrabbit.oak.namepath.NamePathMapperImpl;
 import org.apache.jackrabbit.oak.plugins.name.Namespaces;
 import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
+import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
@@ -1317,13 +1321,247 @@ public class AccessControlManagerImplTes
     }
 
     //-----------------------------------< getApplicablePolicies(Principal) >---
-    // TODO
+    @Test
+    public void testGetApplicablePoliciesNullPrincipal() throws Exception {
+        try {
+            acMgr.getApplicablePolicies((Principal) null);
+            fail("Null is not a valid principal");
+        } catch (AccessControlException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testGetApplicablePoliciesInvalidPrincipal() throws Exception {
+        Principal unknown = getPrincipalManager().getPrincipal("unknown");
+        int i = 0;
+        while (unknown != null) {
+            unknown = getPrincipalManager().getPrincipal("unknown"+i);
+        }
+        unknown = new PrincipalImpl("unknown" + i);
+        try {
+            acMgr.getApplicablePolicies(unknown);
+            fail("Unknown principal should be detected.");
+        } catch (AccessControlException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testGetApplicablePoliciesByPrincipal() throws Exception {
+        List<Principal> principals = ImmutableList.of(testPrincipal, EveryonePrincipal.getInstance());
+        for (Principal principal : principals) {
+            AccessControlPolicy[] applicable = acMgr.getApplicablePolicies(principal);
+
+            assertNotNull(applicable);
+            assertEquals(1, applicable.length);
+            assertTrue(applicable[0] instanceof ACL);
+        }
+    }
+
+    @Test
+    public void testGetApplicablePoliciesByPrincipal2() throws Exception {
+        setupPolicy(testPath);
+
+        // changes not yet persisted -> no existing policies found for user
+        AccessControlPolicy[] applicable = acMgr.getApplicablePolicies(testPrincipal);
+        assertNotNull(applicable);
+        assertEquals(1, applicable.length);
+        assertTrue(applicable[0] instanceof ACL);
+
+        // after persisting changes -> no applicable policies present any more.
+        root.commit();
+        applicable = acMgr.getApplicablePolicies(testPrincipal);
+        assertNotNull(applicable);
+        assertEquals(0, applicable.length);
+    }
+
+    @Test
+    public void testTestSessionGetApplicablePolicies() throws Exception {
+        setupPolicy(testPath);
+        root.commit();
+
+        Root testRoot = getTestRoot();
+        testRoot.refresh();
+        JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
+        PrincipalManager testPrincipalMgr = getSecurityProvider().getPrincipalConfiguration().getPrincipalManager(testRoot,
getNamePathMapper());
+
+        List<Principal> principals = ImmutableList.of(testPrincipal, EveryonePrincipal.getInstance());
+        for (Principal principal : principals) {
+            if (testPrincipalMgr.hasPrincipal(principal.getName())) {
+                // testRoot can't read access control content -> doesn't see
+                // the existing policies and creates a new applicable policy.
+                AccessControlPolicy[] applicable = testAcMgr.getApplicablePolicies(principal);
+                assertNotNull(applicable);
+                assertEquals(1, applicable.length);
+                assertTrue(applicable[0] instanceof ACL);
+            } else {
+                // testRoot can't read principal -> exception expected
+                try {
+                    testAcMgr.getApplicablePolicies(principal);
+                    fail();
+                } catch (AccessControlException e) {
+                    // success
+                }
+            }
+        }
+    }
 
     //---------------------------------------------< getPolicies(Principal) >---
-    // TODO
+    @Test
+    public void testGetPoliciesNullPrincipal() throws Exception {
+        try {
+            acMgr.getPolicies((Principal) null);
+            fail("Null is not a valid principal");
+        } catch (AccessControlException e) {
+            // success
+        }
+    }
 
-    //------------------------------------< getEffectivePolicies(Principal) >---
-    // TODO
+    @Test
+    public void testGetPoliciesInvalidPrincipal() throws Exception {
+        Principal unknown = getPrincipalManager().getPrincipal("unknown");
+        int i = 0;
+        while (unknown != null) {
+            unknown = getPrincipalManager().getPrincipal("unknown"+i);
+        }
+        unknown = new PrincipalImpl("unknown" + i);
+        try {
+            acMgr.getPolicies(unknown);
+            fail("Unknown principal should be detected.");
+        } catch (AccessControlException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testGetPoliciesByPrincipal() throws Exception {
+        List<Principal> principals = ImmutableList.of(testPrincipal, EveryonePrincipal.getInstance());
+        for (Principal principal : principals) {
+            AccessControlPolicy[] policies = acMgr.getPolicies(principal);
+
+            assertNotNull(policies);
+            assertEquals(0, policies.length);
+        }
+    }
+
+    @Test
+    public void testGetPoliciesByPrincipal2() throws Exception {
+        setupPolicy(testPath);
+
+        // changes not yet persisted -> no existing policies found for user
+        AccessControlPolicy[] policies = acMgr.getPolicies(testPrincipal);
+        assertNotNull(policies);
+        assertEquals(0, policies.length);
+
+        // after persisting changes -> policies must be found
+        root.commit();
+        policies = acMgr.getPolicies(testPrincipal);
+        assertNotNull(policies);
+        assertEquals(1, policies.length);
+    }
+
+    @Test
+    public void testTestSessionGetPolicies() throws Exception {
+        setupPolicy(testPath);
+        root.commit();
+
+        Root testRoot = getTestRoot();
+        testRoot.refresh();
+        JackrabbitAccessControlManager testAcMgr = getTestAccessControlManager();
+        PrincipalManager testPrincipalMgr = getSecurityProvider().getPrincipalConfiguration().getPrincipalManager(testRoot,
getNamePathMapper());
+
+        List<Principal> principals = ImmutableList.of(testPrincipal, EveryonePrincipal.getInstance());
+        for (Principal principal : principals) {
+            if (testPrincipalMgr.hasPrincipal(principal.getName())) {
+                // testRoot can't read access control content -> doesn't see
+                // the existing policies and creates a new applicable policy.
+                AccessControlPolicy[] policies = testAcMgr.getPolicies(principal);
+                assertNotNull(policies);
+                assertEquals(0, policies.length);
+            } else {
+                // testRoot can't read principal -> exception expected
+                try {
+                    testAcMgr.getApplicablePolicies(principal);
+                    fail();
+                } catch (AccessControlException e) {
+                    // success
+                }
+            }
+        }
+    }
+
+    //-------------------------------< getEffectivePolicies(Set<Principal>) >---
+    @Test
+    public void testGetEffectivePoliciesNullPrincipal() throws Exception {
+        try {
+            acMgr.getEffectivePolicies((Set) null);
+            fail("Null principal set not allowed");
+        } catch (AccessControlException e) {
+            // success
+        }
+
+        try {
+            acMgr.getEffectivePolicies(new HashSet<Principal>(Arrays.asList(EveryonePrincipal.getInstance(),
null, testPrincipal)));
+            fail("Null principal set not allowed");
+        } catch (AccessControlException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testGetEffectivePoliciesInvalidPrincipals() throws Exception {
+        Principal unknown = getPrincipalManager().getPrincipal("unknown");
+        int i = 0;
+        while (unknown != null) {
+            unknown = getPrincipalManager().getPrincipal("unknown"+i);
+        }
+        unknown = new PrincipalImpl("unknown" + i);
+        try {
+            acMgr.getEffectivePolicies(Collections.singleton(unknown));
+            fail("Unknown principal should be detected.");
+        } catch (AccessControlException e) {
+            // success
+        }
+        try {
+            acMgr.getEffectivePolicies(ImmutableSet.of(unknown, EveryonePrincipal.getInstance(),
testPrincipal));
+            fail("Unknown principal should be detected.");
+        } catch (AccessControlException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testGetEffectivePoliciesByPrincipal() throws Exception {
+        // no ACLs containing entries for the specified principals
+        // -> no effective policies expected
+        Set<Set<Principal>> principalSets = new HashSet<Set<Principal>>();
+        principalSets.add(Collections.singleton(getTestPrincipal()));
+        principalSets.add(Collections.<Principal>singleton(EveryonePrincipal.getInstance()));
+        principalSets.add(ImmutableSet.of(testPrincipal, EveryonePrincipal.getInstance()));
+
+        for (Set<Principal> principals : principalSets) {
+            AccessControlPolicy[] policies = acMgr.getEffectivePolicies(principals);
+            assertNotNull(policies);
+            assertEquals(0, policies.length);
+        }
+    }
+
+    @Test
+    public void testGetEffectivePoliciesByPrincipal2() throws Exception {
+        setupPolicy(testPath);
+
+        // changes not yet persisted -> no effecitve policies found for testprincipal
+        AccessControlPolicy[] policies = acMgr.getEffectivePolicies(ImmutableSet.of(testPrincipal));
+        assertNotNull(policies);
+        assertEquals(0, policies.length);
+
+        // after persisting changes -> the policy must be found
+        root.commit();
+        policies = acMgr.getEffectivePolicies(ImmutableSet.of(testPrincipal));
+        assertNotNull(policies);
+        assertEquals(1, policies.length);
+    }
 
     //-----------------------------------------------< setPrincipalPolicy() >---
     // TODO



Mime
View raw message