Return-Path: X-Original-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Delivered-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 692BB1050A for ; Fri, 12 Apr 2013 12:12:22 +0000 (UTC) Received: (qmail 40296 invoked by uid 500); 12 Apr 2013 12:12:22 -0000 Delivered-To: apmail-jackrabbit-oak-commits-archive@jackrabbit.apache.org Received: (qmail 40257 invoked by uid 500); 12 Apr 2013 12:12:21 -0000 Mailing-List: contact oak-commits-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: oak-dev@jackrabbit.apache.org Delivered-To: mailing list oak-commits@jackrabbit.apache.org Received: (qmail 40229 invoked by uid 99); 12 Apr 2013 12:12:20 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 12 Apr 2013 12:12:20 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 12 Apr 2013 12:12:15 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id EDA3E23888E4; Fri, 12 Apr 2013 12:11:53 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1467243 - in /jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization: ./ evaluation/ Date: Fri, 12 Apr 2013 12:11:53 -0000 To: oak-commits@jackrabbit.apache.org From: angela@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130412121153.EDA3E23888E4@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: angela Date: Fri Apr 12 12:11:53 2013 New Revision: 1467243 URL: http://svn.apache.org/r1467243 Log: OAK-708: tests (based on patch provided by antonio sanso) Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java (contents, props changed) - copied, changed from r1467017, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java Removed: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java?rev=1467243&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java (added) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java Fri Apr 12 12:11:53 2013 @@ -0,0 +1,124 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.security.authorization.evaluation; + +import java.security.Principal; +import javax.annotation.Nonnull; +import javax.annotation.Nullable; +import javax.jcr.SimpleCredentials; +import javax.jcr.security.AccessControlManager; + +import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; +import org.apache.jackrabbit.api.security.user.Authorizable; +import org.apache.jackrabbit.api.security.user.User; +import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils; +import org.apache.jackrabbit.oak.AbstractSecurityTest; +import org.apache.jackrabbit.oak.api.ContentSession; +import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.util.NodeUtil; +import org.junit.After; +import org.junit.Before; + +import static com.google.common.base.Preconditions.checkNotNull; +import static org.apache.jackrabbit.JcrConstants.NT_UNSTRUCTURED; + +/** + * Base class for all classes that attempt to test OAK API and OAK core functionality + * in combination with permission evaluation + */ +public abstract class AbstractOakCoreTest extends AbstractSecurityTest { + + protected static final String TEST_USER_ID = "test"; + + protected Principal testPrincipal; + + private ContentSession testSession; + + @Before + @Override + public void before() throws Exception { + super.before(); + + User user = getUserManager().createUser(TEST_USER_ID, TEST_USER_ID); + testPrincipal = user.getPrincipal(); + + NodeUtil rootNode = new NodeUtil(root.getTree("/")); + NodeUtil a = rootNode.addChild("a", NT_UNSTRUCTURED); + a.setString("aProp", "aValue"); + + NodeUtil b = a.addChild("b", NT_UNSTRUCTURED); + b.setString("bProp", "bValue"); + // sibling + NodeUtil bb = a.addChild("bb", NT_UNSTRUCTURED); + bb.setString("bbProp", "bbValue"); + + NodeUtil c = b.addChild("c", NT_UNSTRUCTURED); + c.setString("cProp", "cValue"); + root.commit(); + } + + @After + @Override + public void after() throws Exception { + try { + Authorizable testUser = getUserManager().getAuthorizable(TEST_USER_ID); + if (testUser != null) { + testUser.remove(); + root.commit(); + } + + if (testSession != null) { + testSession.close(); + } + } finally { + super.after(); + } + } + + @Nonnull + protected ContentSession getTestSession() throws Exception { + if (testSession == null) { + testSession = login(new SimpleCredentials(TEST_USER_ID, TEST_USER_ID.toCharArray())); + } + return testSession; + } + + @Nonnull + protected Root getTestRoot() throws Exception { + return getTestSession().getLatestRoot(); + } + + /** + * Setup simple allow/deny permissions (without restrictions). + * + * @param path + * @param isAllow + * @param privilegeNames + * @throws Exception + */ + protected void setupPermission(@Nullable String path, + @Nonnull Principal principal, + boolean isAllow, + @Nonnull String... privilegeNames) throws Exception { + AccessControlManager acMgr = getAccessControlManager(root); + JackrabbitAccessControlList acl = checkNotNull(AccessControlUtils.getAccessControlList(acMgr, path)); + acl.addEntry(principal, AccessControlUtils.privilegesFromNames(acMgr, privilegeNames), isAllow); + acMgr.setPolicy(path, acl); + + root.commit(); + } +} \ No newline at end of file Copied: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java (from r1467017, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java?p2=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java&p1=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java&r1=1467017&r2=1467243&rev=1467243&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java Fri Apr 12 12:11:53 2013 @@ -16,80 +16,30 @@ * specific language governing permissions and limitations * under the License. */ -package org.apache.jackrabbit.oak.security.authorization; - -import java.security.Principal; -import javax.jcr.NoSuchWorkspaceException; -import javax.jcr.RepositoryException; -import javax.jcr.SimpleCredentials; -import javax.jcr.security.AccessControlManager; -import javax.security.auth.login.LoginException; - -import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; -import org.apache.jackrabbit.api.security.user.User; -import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils; -import org.apache.jackrabbit.oak.AbstractSecurityTest; +package org.apache.jackrabbit.oak.security.authorization.evaluation; + import org.apache.jackrabbit.oak.api.CommitFailedException; -import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants; -import org.apache.jackrabbit.oak.util.NodeUtil; -import org.junit.Before; import org.junit.Ignore; import org.junit.Test; -import static org.apache.jackrabbit.JcrConstants.NT_UNSTRUCTURED; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; -public class ShadowInvisibleContentTest extends AbstractSecurityTest { - - private static final String USER_ID = "test"; - - private Principal userPrincipal; - - @Before - @Override - public void before() throws Exception { - super.before(); - - User user = getUserManager().createUser(USER_ID, USER_ID); - userPrincipal = user.getPrincipal(); - - NodeUtil a = new NodeUtil(root.getTree("/")).addChild("a", NT_UNSTRUCTURED); - a.setString("x", "xValue"); - NodeUtil b = a.addChild("b", NT_UNSTRUCTURED); - b.setString("y", "yValue"); - NodeUtil c = b.addChild("c", NT_UNSTRUCTURED); - c.setString("z", "zValue"); - } +public class ShadowInvisibleContentTest extends AbstractOakCoreTest { - private void setupPermission(Principal principal, String path, boolean isAllow, String privilegeName) - throws CommitFailedException, RepositoryException { - - AccessControlManager acMgr = getAccessControlManager(root); - JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, path); - acl.addEntry(principal, privilegesFromNames(privilegeName) , isAllow); - acMgr.setPolicy(path, acl); - root.commit(); - } - - private Root getLatestRoot() throws LoginException, NoSuchWorkspaceException { - ContentSession contentSession = login(new SimpleCredentials(USER_ID, USER_ID.toCharArray())); - return contentSession.getLatestRoot(); - } - @Test - public void testShadowInvisibleNode() throws CommitFailedException, RepositoryException, LoginException { - setupPermission(userPrincipal, "/a", true, PrivilegeConstants.JCR_ALL); - setupPermission(userPrincipal, "/a/b", false, PrivilegeConstants.JCR_ALL); - setupPermission(userPrincipal, "/a/b/c", true, PrivilegeConstants.JCR_ALL); + public void testShadowInvisibleNode() throws Exception { + setupPermission("/a", testPrincipal, true, PrivilegeConstants.JCR_ALL); + setupPermission("/a/b", testPrincipal, false, PrivilegeConstants.JCR_ALL); + setupPermission("/a/b/c", testPrincipal, true, PrivilegeConstants.JCR_ALL); - Root root = getLatestRoot(); - Tree a = root.getTree("/a"); + Root testRoot = getTestRoot(); + Tree a = testRoot.getTree("/a"); // /b not visible to this session assertFalse(a.hasChild("b")); @@ -100,7 +50,7 @@ public class ShadowInvisibleContentTest assertFalse(b.hasChild("c")); try { - root.commit(); + testRoot.commit(); } catch (CommitFailedException e) { assertTrue(e.isAccessViolation()); } @@ -108,12 +58,12 @@ public class ShadowInvisibleContentTest @Test @Ignore // TODO incomplete implementation of PermissionValidator.childNodeChanged() - public void testShadowInvisibleProperty() throws CommitFailedException, RepositoryException, LoginException { - setupPermission(userPrincipal, "/a", true, PrivilegeConstants.JCR_ALL); - setupPermission(userPrincipal, "/a", false, PrivilegeConstants.REP_READ_PROPERTIES); + public void testShadowInvisibleProperty() throws Exception { + setupPermission("/a", testPrincipal, true, PrivilegeConstants.JCR_ALL); + setupPermission("/a", testPrincipal, false, PrivilegeConstants.REP_READ_PROPERTIES); - Root root = getLatestRoot(); - Tree a = root.getTree("/a"); + Root testRoot = getTestRoot(); + Tree a = testRoot.getTree("/a"); // /a/x not visible to this session assertNull(a.getProperty("x")); @@ -123,7 +73,7 @@ public class ShadowInvisibleContentTest assertNotNull(a.getProperty("x")); try { - root.commit(); + testRoot.commit(); } catch (CommitFailedException e) { assertTrue(e.isAccessViolation()); } @@ -131,12 +81,12 @@ public class ShadowInvisibleContentTest @Test @Ignore // FIXME how do we handle the case where the shadowing item is the same as the shadowing item? - public void testShadowInvisibleProperty2() throws CommitFailedException, RepositoryException, LoginException { - setupPermission(userPrincipal, "/a", true, PrivilegeConstants.JCR_ALL); - setupPermission(userPrincipal, "/a", false, PrivilegeConstants.REP_READ_PROPERTIES); + public void testShadowInvisibleProperty2() throws Exception { + setupPermission("/a", testPrincipal, true, PrivilegeConstants.JCR_ALL); + setupPermission("/a", testPrincipal, false, PrivilegeConstants.REP_READ_PROPERTIES); - Root root = getLatestRoot(); - Tree a = root.getTree("/a"); + Root testRoot = getTestRoot(); + Tree a = testRoot.getTree("/a"); // /a/x not visible to this session assertNull(a.getProperty("x")); @@ -146,7 +96,7 @@ public class ShadowInvisibleContentTest assertNotNull(a.getProperty("x")); try { - root.commit(); + testRoot.commit(); } catch (CommitFailedException e) { assertTrue(e.isAccessViolation()); } Propchange: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java ------------------------------------------------------------------------------ svn:keywords = Author Date Id Revision Rev URL Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java?rev=1467243&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java (added) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java Fri Apr 12 12:11:53 2013 @@ -0,0 +1,135 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.security.authorization.evaluation; + +import java.util.List; + +import com.google.common.collect.ImmutableList; +import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.api.Tree; +import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants; +import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants; +import org.junit.Before; +import org.junit.Test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + +public class TreeTest extends AbstractOakCoreTest { + + // TODO: add tests for acls withs restrictions + // TODO: add tests with READ_PROPERTIES and READ_NODES privileges + + private Root testRoot; + + @Before + public void before() throws Exception { + super.before(); + + setupPermission("/", testPrincipal, true, PrivilegeConstants.JCR_READ); + setupPermission("/a/bb", testPrincipal, false, PrivilegeConstants.JCR_READ); + + testRoot = getTestRoot(); + } + + @Test + public void testHasChild() throws Exception { + Tree rootTree = testRoot.getTree("/"); + + assertTrue(rootTree.hasChild("a")); + assertFalse(rootTree.hasChild(AccessControlConstants.REP_POLICY)); + + Tree a = rootTree.getChild("a"); + assertTrue(a.hasChild("b")); + assertFalse(a.hasChild("bb")); + + Tree b = a.getChild("b"); + assertTrue(b.hasChild("c")); + } + + @Test + public void testGetChild() throws Exception { + Tree rootTree = testRoot.getTree("/"); + assertNotNull(rootTree); + + Tree a = rootTree.getChild("a"); + assertNotNull(a); + + Tree b = a.getChild("b"); + assertNotNull(b); + assertNotNull(b.getChild("c")); + + assertNull(a.getChild("bb")); + } + + @Test + public void testPolicyChild() throws Exception { + assertNotNull(root.getTree('/' + AccessControlConstants.REP_POLICY)); + + // 'testUser' must not have access to the policy node + Tree rootTree = testRoot.getTree("/"); + + assertFalse(rootTree.hasChild(AccessControlConstants.REP_POLICY)); + assertNull(rootTree.getChild(AccessControlConstants.REP_POLICY)); + } + + @Test + public void testGetChildrenCount() throws Exception { + long cntRoot = root.getTree("/").getChildrenCount(); + long cntA = root.getTree("/a").getChildrenCount(); + + // 'testUser' may only see 'regular' child nodes -> count must be adjusted. + assertEquals(cntRoot-1, testRoot.getTree("/").getChildrenCount()); + assertEquals(cntA - 1, testRoot.getTree("/a").getChildrenCount()); + + // for the following nodes the cnt must not differ + List paths = ImmutableList.of("/a/b", "/a/b/c"); + for (String path : paths) { + assertEquals( + root.getTree(path).getChildrenCount(), + testRoot.getTree(path).getChildrenCount()); + } + } + + @Test + public void testHasProperty() throws Exception { + // TODO + } + + @Test + public void testGetProperty() throws Exception { + // TODO + } + + @Test + public void testGetPropertyStatus() throws Exception { + // TODO + } + + @Test + public void testGetPropertyCount() throws Exception { + // TODO + } + + @Test + public void testGetProperties() throws Exception { + // TODO + } +}