jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1478389 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authorization/ test/java/org/apache/jackrabbit/oak/security/authorization/
Date Thu, 02 May 2013 14:35:00 GMT
Author: angela
Date: Thu May  2 14:35:00 2013
New Revision: 1478389

URL: http://svn.apache.org/r1478389
Log:
OAK-51 : Access Control Management (backwards compatible handling of "unknown" principals)

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/InvalidPrincipal.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java?rev=1478389&r1=1478388&r2=1478389&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
Thu May  2 14:35:00 2013
@@ -104,10 +104,7 @@ abstract class ACL extends AbstractAcces
             getPrivilegeManager().getPrivilege(p.getName());
         }
 
-        if (principal == null || !getPrincipalManager().hasPrincipal(principal.getName()))
{
-            String msg = "Unknown principal " + ((principal == null) ? "null" : principal.getName());
-            throw new AccessControlException(msg);
-        }
+        AccessControlUtils.checkValidPrincipal(principal, getPrincipalManager());
 
         for (RestrictionDefinition def : getRestrictionProvider().getSupportedRestrictions(getOakPath()))
{
             if (def.isMandatory() && (restrictions == null || !restrictions.containsKey(def.getJcrName())))
{

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1478389&r1=1478388&r2=1478389&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
Thu May  2 14:35:00 2013
@@ -16,8 +16,6 @@
  */
 package org.apache.jackrabbit.oak.security.authorization;
 
-import static com.google.common.base.Preconditions.checkNotNull;
-
 import java.security.Principal;
 import java.text.ParseException;
 import java.util.ArrayList;
@@ -28,7 +26,6 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
@@ -56,7 +53,6 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.commons.iterator.AccessControlPolicyIteratorAdapter;
-import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.PropertyValue;
 import org.apache.jackrabbit.oak.api.QueryEngine;
@@ -88,6 +84,8 @@ import org.apache.jackrabbit.util.Text;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+
 /**
  * Default implementation of the {@code JackrabbitAccessControlManager} interface.
  * This implementation covers both editing access control content by path and
@@ -204,13 +202,13 @@ public class AccessControlManagerImpl im
         AccessControlPolicy policy = null;
         Tree aclTree = getAclTree(oakPath, tree);
         if (aclTree == null) {
-            if (tree.hasChild(getAclName(oakPath))) {
+            if (tree.hasChild(AccessControlUtils.getAclName(oakPath))) {
                 // policy child node without tree being access controlled
                 log.warn("Colliding policy child without node being access controllable ({}).",
absPath);
             } else {
                 // create an empty acl unless the node is protected or cannot have
                 // mixin set (e.g. due to a lock)
-                String mixinName = getMixinName(oakPath);
+                String mixinName = AccessControlUtils.getMixinName(oakPath);
                 if (ntMgr.isNodeType(tree, mixinName) || ntMgr.getEffectiveNodeType(tree).supportsMixin(mixinName))
{
                     policy = new NodeACL(oakPath);
                 } else {
@@ -229,7 +227,7 @@ public class AccessControlManagerImpl im
     @Override
     public void setPolicy(@Nullable String absPath, @Nonnull AccessControlPolicy policy)
throws RepositoryException {
         String oakPath = getOakPath(absPath);
-        checkValidPolicy(oakPath, policy);
+        AccessControlUtils.checkValidPolicy(oakPath, policy);
 
         if (policy instanceof PrincipalACL) {
             setPrincipalBasedAcl((PrincipalACL) policy);
@@ -301,7 +299,7 @@ public class AccessControlManagerImpl im
     @Override
     public void removePolicy(@Nullable String absPath, @Nonnull AccessControlPolicy policy)
throws RepositoryException {
         String oakPath = getOakPath(absPath);
-        checkValidPolicy(oakPath, policy);
+        AccessControlUtils.checkValidPolicy(oakPath, policy);
 
         if (policy instanceof PrincipalACL) {
             PrincipalACL principalAcl = (PrincipalACL) policy;
@@ -337,7 +335,7 @@ public class AccessControlManagerImpl im
     @Nonnull
     @Override
     public JackrabbitAccessControlPolicy[] getApplicablePolicies(@Nonnull Principal principal)
throws RepositoryException {
-        checkValidPrincipal(principal);
+        AccessControlUtils.checkValidPrincipal(principal, principalManager);
 
         String oakPath = (principal instanceof ItemBasedPrincipal) ? ((ItemBasedPrincipal)
principal).getPath() : null;
         JackrabbitAccessControlPolicy policy = createPrincipalACL(oakPath, principal);
@@ -352,7 +350,7 @@ public class AccessControlManagerImpl im
     @Nonnull
     @Override
     public JackrabbitAccessControlPolicy[] getPolicies(@Nonnull Principal principal) throws
RepositoryException {
-        checkValidPrincipal(principal);
+        AccessControlUtils.checkValidPrincipal(principal, principalManager);
 
         String oakPath = (principal instanceof ItemBasedPrincipal) ? ((ItemBasedPrincipal)
principal).getPath() : null;
         JackrabbitAccessControlPolicy policy = createPrincipalACL(oakPath, principal);
@@ -367,7 +365,7 @@ public class AccessControlManagerImpl im
     @Nonnull
     @Override
     public AccessControlPolicy[] getEffectivePolicies(@Nonnull Set<Principal> principals)
throws RepositoryException {
-        checkValidPrincipals(principals);
+        AccessControlUtils.checkValidPrincipals(principals, principalManager);
         Result aceResult = searchAces(principals);
         List<AccessControlPolicy> effective = new ArrayList<AccessControlPolicy>();
         for (ResultRow row : aceResult.getRows()) {
@@ -453,50 +451,15 @@ public class AccessControlManagerImpl im
         }
     }
 
-    private static void checkValidPolicy(@Nullable String oakPath, @Nonnull AccessControlPolicy
policy) throws AccessControlException {
-        if (policy instanceof ACL) {
-            String path = ((ACL) policy).getOakPath();
-            if ((path == null && oakPath != null) || (path != null && !path.equals(oakPath)))
{
-                throw new AccessControlException("Invalid access control policy " + policy
+ ": path mismatch " + oakPath);
-            }
-        } else {
-            throw new AccessControlException("Invalid access control policy " + policy);
-        }
-    }
-
-    private void checkValidPrincipals(@Nullable Set<Principal> principals) throws AccessControlException
{
-        if (principals == null) {
-            throw new AccessControlException("Valid principals expected. Found null.");
-        }
-        for (Principal principal : principals) {
-            checkValidPrincipal(principal);
-        }
-    }
-
-    private void checkValidPrincipal(@Nullable Principal principal) throws AccessControlException
{
-        String name = (principal == null) ? null : principal.getName();
-        if (name == null || !principalManager.hasPrincipal(name)) {
-            throw new AccessControlException("Unknown principal " + name);
-        }
-    }
-
-    private boolean isAccessControlled(@Nonnull Tree tree, @Nonnull String nodeTypeName)
{
-        return ntMgr.isNodeType(tree, nodeTypeName);
-    }
-
-    private boolean isACE(@Nonnull Tree tree) {
-        return tree.exists() && ntMgr.isNodeType(tree, NT_REP_ACE);
-    }
-
     @CheckForNull
     private Tree getAclTree(@Nullable String oakPath, @Nonnull Tree accessControlledTree)
{
-        if (isAccessControlled(accessControlledTree, getMixinName(oakPath))) {
-            Tree policyTree = accessControlledTree.getChild(getAclName(oakPath));
+        if (AccessControlUtils.isAccessControlled(oakPath, accessControlledTree, ntMgr))
{
+            String aclName = AccessControlUtils.getAclName(oakPath);
+            Tree policyTree = accessControlledTree.getChild(aclName);
             if (policyTree.exists()) {
                 return policyTree;
             }
         }
-
         return null;
     }
 
@@ -508,10 +471,9 @@ public class AccessControlManagerImpl im
      */
     @Nonnull
     private Tree createAclTree(@Nullable String oakPath, @Nonnull Tree tree) {
-        String mixinName = getMixinName(oakPath);
-
-        if (!isAccessControlled(tree, mixinName)) {
+        if (!AccessControlUtils.isAccessControlled(oakPath, tree, ntMgr)) {
             PropertyState mixins = tree.getProperty(JcrConstants.JCR_MIXINTYPES);
+            String mixinName = AccessControlUtils.getMixinName(oakPath);
             if (mixins == null) {
                 tree.setProperty(JcrConstants.JCR_MIXINTYPES, Collections.singleton(mixinName),
Type.NAMES);
             } else {
@@ -520,7 +482,8 @@ public class AccessControlManagerImpl im
                 tree.setProperty(pb.getPropertyState());
             }
         }
-        return new NodeUtil(tree).addChild(getAclName(oakPath), NT_REP_ACL).getTree();
+        String aclName = AccessControlUtils.getAclName(oakPath);
+        return new NodeUtil(tree).addChild(aclName, NT_REP_ACL).getTree();
     }
 
     @CheckForNull
@@ -528,15 +491,15 @@ public class AccessControlManagerImpl im
                                                   @Nonnull Tree accessControlledTree,
                                                   boolean isReadOnly) throws RepositoryException
{
         JackrabbitAccessControlList acl = null;
-        String aclName = getAclName(oakPath);
-        String mixinName = getMixinName(oakPath);
+        String aclName = AccessControlUtils.getAclName(oakPath);
+        String mixinName = AccessControlUtils.getMixinName(oakPath);
 
-        if (accessControlledTree.exists() && isAccessControlled(accessControlledTree,
mixinName)) {
+        if (accessControlledTree.exists() && AccessControlUtils.isAccessControlled(oakPath,
accessControlledTree, ntMgr)) {
             Tree aclTree = accessControlledTree.getChild(aclName);
             if (aclTree.exists()) {
                 List<JackrabbitAccessControlEntry> entries = new ArrayList<JackrabbitAccessControlEntry>();
                 for (Tree child : aclTree.getChildren()) {
-                    if (isACE(child)) {
+                    if (AccessControlUtils.isACE(child, ntMgr)) {
                         entries.add(createACE(oakPath, child, restrictionProvider));
                     }
                 }
@@ -558,7 +521,7 @@ public class AccessControlManagerImpl im
         List<JackrabbitAccessControlEntry> entries = new ArrayList<JackrabbitAccessControlEntry>();
         for (ResultRow row : aceResult.getRows()) {
             Tree aceTree = root.getTree(row.getPath());
-            if (isACE(aceTree)) {
+            if (AccessControlUtils.isACE(aceTree, ntMgr)) {
                 String aclPath = Text.getRelativeParent(aceTree.getPath(), 1);
                 String path;
                 if (aclPath.endsWith(REP_REPO_POLICY)) {
@@ -621,7 +584,7 @@ public class AccessControlManagerImpl im
                                  @Nonnull JackrabbitAccessControlEntry ace,
                                  @Nonnull RestrictionProvider rProvider) throws RepositoryException
{
         boolean isAllow = ace.isAllow();
-        String nodeName = generateAceName(aclTree, isAllow);
+        String nodeName = AccessControlUtils.generateAceName(aclTree, isAllow);
         String ntName = (isAllow) ? NT_REP_GRANT_ACE : NT_REP_DENY_ACE;
 
         NodeUtil aceNode = new NodeUtil(aclTree).addChild(nodeName, ntName);
@@ -724,35 +687,6 @@ public class AccessControlManagerImpl im
         }
     }
 
-    @Nonnull
-    private static String getMixinName(@Nullable String oakPath) {
-        return (oakPath == null) ? MIX_REP_REPO_ACCESS_CONTROLLABLE : MIX_REP_ACCESS_CONTROLLABLE;
-    }
-
-    @Nonnull
-    private static String getAclName(@Nullable String oakPath) {
-        return (oakPath == null) ? REP_REPO_POLICY : REP_POLICY;
-    }
-
-    /**
-     * Create a unique valid name for the Permission nodes to be save.
-     *
-     * @param aclTree The acl for which a new ACE name should be generated.
-     * @param isAllow If the ACE is allowing or denying.
-     * @return the name of the ACE node.
-     */
-    @Nonnull
-    private static String generateAceName(@Nonnull Tree aclTree, boolean isAllow) {
-        int i = 0;
-        String hint = (isAllow) ? "allow" : "deny";
-        String aceName = hint;
-        while (aclTree.hasChild(aceName)) {
-            aceName = hint + i;
-            i++;
-        }
-        return aceName;
-    }
-
     //--------------------------------------------------------------------------
     // TODO review again
     private class NodeACL extends ACL {

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java?rev=1478389&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java
Thu May  2 14:35:00 2013
@@ -0,0 +1,110 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization;
+
+import java.security.Principal;
+import java.util.Set;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.AccessControlPolicy;
+
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * AccessControlUtils... TODO
+ */
+public final class AccessControlUtils extends org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils
implements AccessControlConstants {
+
+    /**
+     * logger instance
+     */
+    private static final Logger log = LoggerFactory.getLogger(AccessControlUtils.class);
+
+    public static void checkValidPrincipal(Principal principal, PrincipalManager principalManager)
throws AccessControlException {
+        String name = (principal == null) ? null : principal.getName();
+        if (name == null || name.isEmpty()) {
+            throw new AccessControlException("Invalid principal " + name);
+        }
+        if (!(principal instanceof PrincipalImpl) && !principalManager.hasPrincipal(name))
{
+            throw new AccessControlException("Unknown principal " + name);
+        }
+    }
+
+    public static void checkValidPrincipals(@Nullable Set<Principal> principals, PrincipalManager
principalManager) throws AccessControlException {
+        if (principals == null) {
+            throw new AccessControlException("Valid principals expected. Found null.");
+        }
+        for (Principal principal : principals) {
+            AccessControlUtils.checkValidPrincipal(principal, principalManager);
+        }
+    }
+
+    public static void checkValidPolicy(@Nullable String oakPath, @Nonnull AccessControlPolicy
policy) throws AccessControlException {
+        if (policy instanceof ACL) {
+            String path = ((ACL) policy).getOakPath();
+            if ((path == null && oakPath != null) || (path != null && !path.equals(oakPath)))
{
+                throw new AccessControlException("Invalid access control policy " + policy
+ ": path mismatch " + oakPath);
+            }
+        } else {
+            throw new AccessControlException("Invalid access control policy " + policy);
+        }
+    }
+
+    public static boolean isAccessControlled(String oakPath, @Nonnull Tree tree, @Nonnull
ReadOnlyNodeTypeManager ntMgr) {
+        String mixinName = getMixinName(oakPath);
+        return ntMgr.isNodeType(tree, mixinName);
+    }
+
+    public static boolean isACE(@Nonnull Tree tree, @Nonnull ReadOnlyNodeTypeManager ntMgr)
{
+        return tree.exists() && ntMgr.isNodeType(tree, NT_REP_ACE);
+    }
+
+    @Nonnull
+    public static String getMixinName(@Nullable String oakPath) {
+        return (oakPath == null) ? MIX_REP_REPO_ACCESS_CONTROLLABLE : MIX_REP_ACCESS_CONTROLLABLE;
+    }
+
+    @Nonnull
+    public static String getAclName(@Nullable String oakPath) {
+        return (oakPath == null) ? REP_REPO_POLICY : REP_POLICY;
+    }
+
+    /**
+     * Create a unique valid name for the Permission nodes to be save.
+     *
+     * @param aclTree The acl for which a new ACE name should be generated.
+     * @param isAllow If the ACE is allowing or denying.
+     * @return the name of the ACE node.
+     */
+    @Nonnull
+    public static String generateAceName(@Nonnull Tree aclTree, boolean isAllow) {
+        int i = 0;
+        String hint = (isAllow) ? "allow" : "deny";
+        String aceName = hint;
+        while (aclTree.hasChild(aceName)) {
+            aceName = hint + i;
+            i++;
+        }
+        return aceName;
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java?rev=1478389&r1=1478388&r2=1478389&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
Thu May  2 14:35:00 2013
@@ -132,7 +132,7 @@ public class ACLTest extends AbstractAcc
 
     @Test
     public void testAddInvalidEntry() throws Exception {
-        Principal unknownPrincipal = new PrincipalImpl("unknown");
+        Principal unknownPrincipal = new InvalidPrincipal("unknown");
         try {
             acl.addAccessControlEntry(unknownPrincipal, privilegesFromNames(JCR_READ));
             fail("Adding an ACE with an unknown principal should fail");
@@ -142,6 +142,12 @@ public class ACLTest extends AbstractAcc
     }
 
     @Test
+    public void testAddEntryWithOakPrincipal() throws Exception {
+        Principal oakPrincipal = new PrincipalImpl("name");
+        acl.addAccessControlEntry(oakPrincipal, privilegesFromNames(JCR_READ));
+    }
+
+    @Test
     public void testAddEntryWithoutPrivilege() throws Exception {
         try {
             acl.addAccessControlEntry(testPrincipal, new Privilege[0]);

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1478389&r1=1478388&r2=1478389&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
Thu May  2 14:35:00 2013
@@ -16,14 +16,6 @@
  */
 package org.apache.jackrabbit.oak.security.authorization;
 
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -34,7 +26,6 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 import javax.jcr.AccessDeniedException;
@@ -81,6 +72,14 @@ import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
 /**
  * Tests for the default {@code AccessControlManager} implementation.
  */
@@ -1340,7 +1339,7 @@ public class AccessControlManagerImplTes
         while (unknown != null) {
             unknown = getPrincipalManager().getPrincipal("unknown"+i);
         }
-        unknown = new PrincipalImpl("unknown" + i);
+        unknown = new InvalidPrincipal("unknown" + i);
         try {
             acMgr.getApplicablePolicies(unknown);
             fail("Unknown principal should be detected.");
@@ -1350,6 +1349,18 @@ public class AccessControlManagerImplTes
     }
 
     @Test
+    public void testGetApplicablePoliciesInternalPrincipal() throws Exception {
+        Principal unknown = getPrincipalManager().getPrincipal("unknown");
+        int i = 0;
+        while (unknown != null) {
+            unknown = getPrincipalManager().getPrincipal("unknown"+i);
+        }
+        unknown = new PrincipalImpl("unknown" + i);
+
+        assertEquals(1, acMgr.getApplicablePolicies(unknown).length);
+    }
+
+    @Test
     public void testGetApplicablePoliciesByPrincipal() throws Exception {
         List<Principal> principals = ImmutableList.of(testPrincipal, EveryonePrincipal.getInstance());
         for (Principal principal : principals) {
@@ -1390,22 +1401,12 @@ public class AccessControlManagerImplTes
 
         List<Principal> principals = ImmutableList.of(testPrincipal, EveryonePrincipal.getInstance());
         for (Principal principal : principals) {
-            if (testPrincipalMgr.hasPrincipal(principal.getName())) {
-                // testRoot can't read access control content -> doesn't see
-                // the existing policies and creates a new applicable policy.
-                AccessControlPolicy[] applicable = testAcMgr.getApplicablePolicies(principal);
-                assertNotNull(applicable);
-                assertEquals(1, applicable.length);
-                assertTrue(applicable[0] instanceof ACL);
-            } else {
-                // testRoot can't read principal -> exception expected
-                try {
-                    testAcMgr.getApplicablePolicies(principal);
-                    fail();
-                } catch (AccessControlException e) {
-                    // success
-                }
-            }
+            // testRoot can't read access control content -> doesn't see
+            // the existing policies and creates a new applicable policy.
+            AccessControlPolicy[] applicable = testAcMgr.getApplicablePolicies(principal);
+            assertNotNull(applicable);
+            assertEquals(1, applicable.length);
+            assertTrue(applicable[0] instanceof ACL);
         }
     }
 
@@ -1427,7 +1428,7 @@ public class AccessControlManagerImplTes
         while (unknown != null) {
             unknown = getPrincipalManager().getPrincipal("unknown"+i);
         }
-        unknown = new PrincipalImpl("unknown" + i);
+        unknown = new InvalidPrincipal("unknown" + i);
         try {
             acMgr.getPolicies(unknown);
             fail("Unknown principal should be detected.");
@@ -1437,6 +1438,17 @@ public class AccessControlManagerImplTes
     }
 
     @Test
+    public void testGetPoliciesInternalPrincipal() throws Exception {
+        Principal unknown = getPrincipalManager().getPrincipal("unknown");
+        int i = 0;
+        while (unknown != null) {
+            unknown = getPrincipalManager().getPrincipal("unknown"+i);
+        }
+        unknown = new PrincipalImpl("unknown" + i);
+        assertEquals(0, acMgr.getPolicies(unknown).length);
+    }
+
+    @Test
     public void testGetPoliciesByPrincipal() throws Exception {
         List<Principal> principals = ImmutableList.of(testPrincipal, EveryonePrincipal.getInstance());
         for (Principal principal : principals) {
@@ -1482,13 +1494,8 @@ public class AccessControlManagerImplTes
                 assertNotNull(policies);
                 assertEquals(0, policies.length);
             } else {
-                // testRoot can't read principal -> exception expected
-                try {
-                    testAcMgr.getApplicablePolicies(principal);
-                    fail();
-                } catch (AccessControlException e) {
-                    // success
-                }
+                // testRoot can't read principal -> no policies for that principal
+                assertEquals(0, testAcMgr.getPolicies(principal).length);
             }
         }
     }
@@ -1518,7 +1525,7 @@ public class AccessControlManagerImplTes
         while (unknown != null) {
             unknown = getPrincipalManager().getPrincipal("unknown"+i);
         }
-        unknown = new PrincipalImpl("unknown" + i);
+        unknown = new InvalidPrincipal("unknown" + i);
         try {
             acMgr.getEffectivePolicies(Collections.singleton(unknown));
             fail("Unknown principal should be detected.");

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/InvalidPrincipal.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/InvalidPrincipal.java?rev=1478389&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/InvalidPrincipal.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/InvalidPrincipal.java
Thu May  2 14:35:00 2013
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization;
+
+import java.security.Principal;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * InvalidPrincipal... TODO
+ */
+public final class InvalidPrincipal implements Principal {
+
+    private final String name;
+
+    public InvalidPrincipal(String name) {
+        this.name = name;
+    }
+
+    @Override
+    public String getName() {
+        return name;
+    }
+}
\ No newline at end of file



Mime
View raw message