jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1506550 - in /jackrabbit/oak/trunk/oak-jcr: ./ src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/
Date Wed, 24 Jul 2013 13:44:04 GMT
Author: angela
Date: Wed Jul 24 13:44:03 2013
New Revision: 1506550

URL: http://svn.apache.org/r1506550
Log:
OAK-414 : Importing protected properties and nodes 

- remove version content from XML to import to avoid mixing different concerns (may have cause
test failure)
- fix import test at root node that didn't properly clear changes made during workspace-import
(most probably caused test failure in case test are executed in different order)
- remove test-exclusion again to verify if the problem is solved (couldn't reproduce it on
my checkout)

Modified:
    jackrabbit/oak/trunk/oak-jcr/pom.xml
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlWorkspaceImporterTest.java

Modified: jackrabbit/oak/trunk/oak-jcr/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/pom.xml?rev=1506550&r1=1506549&r2=1506550&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-jcr/pom.xml Wed Jul 24 13:44:03 2013
@@ -17,7 +17,9 @@
    limitations under the License.
   -->
 
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd
">
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd
">
   <modelVersion>4.0.0</modelVersion>
 
   <parent>
@@ -268,8 +270,6 @@
       org.apache.jackrabbit.oak.jcr.security.authorization.CopyTest#testCopyInvisibleProperty
       <!-- OAK-920 -->
       org.apache.jackrabbit.oak.jcr.security.authorization.CopyTest#testCopyInvisibleAcContent
      <!-- OAK-920 -->
 
-      org.apache.jackrabbit.oak.jcr.security.authorization.AccessControlImporterTest#testImportRepoACLAtTestNode
 <!-- OAK-773 -->
-
       org.apache.jackrabbit.oak.jcr.security.user.MemberNodeImportTest                  
     <!-- OAK-414, OAK-482 -->
       org.apache.jackrabbit.oak.jcr.security.user.UserImportTest#testImportGroupIntoUsersTree
<!-- OAK-821 -->
 
@@ -345,7 +345,7 @@
           <groupId>org.apache.rat</groupId>
           <artifactId>apache-rat-plugin</artifactId>
           <configuration>
-            <excludes />
+            <excludes/>
           </configuration>
         </plugin>
       </plugins>

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java?rev=1506550&r1=1506549&r2=1506550&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java
Wed Jul 24 13:44:03 2013
@@ -22,63 +22,45 @@ import java.io.InputStream;
 import java.security.Principal;
 import java.util.Arrays;
 import java.util.List;
+import javax.annotation.Nullable;
 import javax.jcr.ImportUUIDBehavior;
 import javax.jcr.Node;
 import javax.jcr.RepositoryException;
 import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlException;
 import javax.jcr.security.AccessControlList;
 import javax.jcr.security.AccessControlManager;
 import javax.jcr.security.AccessControlPolicy;
 import javax.jcr.security.AccessControlPolicyIterator;
 import javax.jcr.security.Privilege;
 
-import org.apache.jackrabbit.api.JackrabbitSession;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.test.AbstractJCRTest;
 
 public class AccessControlImporterTest extends AbstractJCRTest {
 
     public static final String XML_POLICY_TREE = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+
             "<sv:node sv:name=\"test\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\"
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\"
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
-            "<sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
-            "<sv:value>nt:unstructured</sv:value>" +
-            "</sv:property>" +
-            "<sv:property sv:name=\"jcr:mixinTypes\" sv:type=\"Name\">" +
-            "<sv:value>rep:AccessControllable</sv:value>" +
-            "<sv:value>mix:versionable</sv:value>" +
-            "</sv:property>" +
-            "<sv:property sv:name=\"jcr:uuid\" sv:type=\"String\">" +
-            "<sv:value>0a0ca2e9-ab98-4433-a12b-d57283765207</sv:value>" +
-            "</sv:property>" +
-            "<sv:property sv:name=\"jcr:baseVersion\" sv:type=\"Reference\">" +
-            "<sv:value>35d0d137-a3a4-4af3-8cdd-ce565ea6bdc9</sv:value>" +
-            "</sv:property>" +
-            "<sv:property sv:name=\"jcr:isCheckedOut\" sv:type=\"Boolean\">" +
-            "<sv:value>true</sv:value>" +
-            "</sv:property>" +
-            "<sv:property sv:name=\"jcr:predecessors\" sv:type=\"Reference\">" +
-            "<sv:value>35d0d137-a3a4-4af3-8cdd-ce565ea6bdc9</sv:value>" +
-            "</sv:property>" +
-            "<sv:property sv:name=\"jcr:versionHistory\" sv:type=\"Reference\">" +
-            "<sv:value>428c9ef2-78e5-4f1c-95d3-16b4ce72d815</sv:value>" +
-            "</sv:property>" +
-            "<sv:node sv:name=\"rep:policy\">" +
-            "<sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
-            "<sv:value>rep:ACL</sv:value>" +
-            "</sv:property>" +
-            "<sv:node sv:name=\"allow\">" +
-            "<sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
-            "<sv:value>rep:GrantACE</sv:value>" +
-            "</sv:property>" +
-            "<sv:property sv:name=\"rep:principalName\" sv:type=\"String\">" +
-            "<sv:value>everyone</sv:value>" +
-            "</sv:property>" +
-            "<sv:property sv:name=\"rep:privileges\" sv:type=\"Name\">" +
-            "<sv:value>jcr:write</sv:value>" +
-            "</sv:property>" +
-            "</sv:node>" +
-            "</sv:node>" +
+            "  <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>nt:unstructured</sv:value></sv:property>"
+
+            "  <sv:property sv:name=\"jcr:mixinTypes\" sv:type=\"Name\">" +
+            "     <sv:value>rep:AccessControllable</sv:value>" +
+            "  </sv:property>" +
+            "  <sv:node sv:name=\"rep:policy\">" +
+            "     <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:ACL</sv:value></sv:property>"
+
+            "     <sv:node sv:name=\"allow\">" +
+            "         <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
+            "             <sv:value>rep:GrantACE</sv:value>" +
+            "         </sv:property>" +
+            "         <sv:property sv:name=\"rep:principalName\" sv:type=\"String\">"
+
+            "             <sv:value>everyone</sv:value>" +
+            "         </sv:property>" +
+            "         <sv:property sv:name=\"rep:privileges\" sv:type=\"Name\">" +
+            "             <sv:value>jcr:write</sv:value>" +
+            "         </sv:property>" +
+            "     </sv:node>" +
+            "  </sv:node>" +
             "</sv:node>";
 
     public static final String XML_POLICY_TREE_2 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+
@@ -198,7 +180,16 @@ public class AccessControlImporterTest e
             "</sv:node>" +
             "</sv:node>";
 
-    public static final String XML_POLICY_ONLY = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node
sv:name=\"test\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\"
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\"
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>nt:unstructured</sv:value></sv:property><sv:property
sv:name=\"jcr:mixinTypes\" sv:type=\"Name\"><sv:value>rep:AccessControllable</sv:value><sv:value>mix:versionable</sv:value></sv:property><sv:property
sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>0a0ca2e9-ab98-4433-a12b-d57283765207</sv:value></sv:property><sv:property
sv:name=\"jcr:baseVersion\" sv:type=\"Reference\"><sv:value>35d0d137-a3a4-4af3-8cdd-ce565ea6bdc9</sv:value></sv:property><sv:propert
 y sv:name=\"jcr:isCheckedOut\" sv:type=\"Boolean\"><sv:value>true</sv:value></sv:property><sv:property
sv:name=\"jcr:predecessors\" sv:type=\"Reference\"><sv:value>35d0d137-a3a4-4af3-8cdd-ce565ea6bdc9</sv:value></sv:property><sv:property
sv:name=\"jcr:versionHistory\" sv:type=\"Reference\"><sv:value>428c9ef2-78e5-4f1c-95d3-16b4ce72d815</sv:value></sv:property><sv:node
sv:name=\"rep:policy\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:ACL</sv:value></sv:property></sv:node></sv:node>";
+    public static final String XML_POLICY_ONLY = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+
+            "<sv:node sv:name=\"test\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\"
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\"
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+            "  <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>nt:unstructured</sv:value></sv:property>"
+
+            "  <sv:property sv:name=\"jcr:mixinTypes\" sv:type=\"Name\">" +
+            "     <sv:value>rep:AccessControllable</sv:value>" +
+            "  </sv:property>" +
+            "  <sv:node sv:name=\"rep:policy\">" +
+            "     <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:ACL</sv:value></sv:property>"
+
+            "  </sv:node>" +
+            "</sv:node>";
 
     protected void doImport(String parentPath, String xml) throws IOException, RepositoryException
{
         InputStream in = new ByteArrayInputStream(xml.getBytes("UTF-8"));
@@ -214,6 +205,34 @@ public class AccessControlImporterTest e
         return true;
     }
 
+    private Node createImportTarget() throws RepositoryException {
+        Node target = testRootNode.addNode(nodeName1);
+        target.addMixin("rep:AccessControllable");
+        if (!isSessionImport()) {
+            superuser.save();
+        }
+        return target;
+    }
+
+    private Node createImportTargetWithPolicy(@Nullable Principal principal) throws RepositoryException
{
+        Node target = testRootNode.addNode("test", "test:sameNameSibsFalseChildNodeDefinition");
+        AccessControlManager acMgr = superuser.getAccessControlManager();
+        for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(target.getPath());
it.hasNext(); ) {
+            AccessControlPolicy policy = it.nextAccessControlPolicy();
+            if (policy instanceof AccessControlList) {
+                if (principal != null) {
+                    Privilege[] privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT)};
+                    ((AccessControlList) policy).addAccessControlEntry(principal, privs);
+                }
+                acMgr.setPolicy(target.getPath(), policy);
+            }
+        }
+        if (!isSessionImport()) {
+            superuser.save();
+        }
+        return target;
+    }
+
     /**
      * Imports a resource-based ACL containing a single entry.
      *
@@ -252,8 +271,7 @@ public class AccessControlImporterTest e
 
     public void testImportACLOnly() throws Exception {
         try {
-            Node target = testRootNode.addNode(nodeName1);
-            target.addMixin("rep:AccessControllable");
+            Node target = createImportTarget();
 
             doImport(target.getPath(), XML_POLICY_TREE_3);
 
@@ -288,8 +306,7 @@ public class AccessControlImporterTest e
 
     public void testImportACLRemoveACE() throws Exception {
         try {
-            Node target = testRootNode.addNode(nodeName1);
-            target.addMixin("rep:AccessControllable");
+            Node target = createImportTarget();
 
             doImport(target.getPath(), XML_POLICY_TREE_3);
             doImport(target.getPath(), XML_POLICY_TREE_5);
@@ -320,8 +337,7 @@ public class AccessControlImporterTest e
 
     public void testImportACLUnknown() throws Exception {
         try {
-            Node target = testRootNode.addNode(nodeName1);
-            target.addMixin("rep:AccessControllable");
+            Node target = createImportTarget();
 
             doImport(target.getPath(), XML_POLICY_TREE_4);
 
@@ -359,22 +375,11 @@ public class AccessControlImporterTest e
      * already exists: expected outcome its that the existing ACE is replaced.
      */
     public void testImportPolicyExists() throws Exception {
-        Principal everyone = ((JackrabbitSession) superuser).getPrincipalManager().getEveryone();
-        Node target = testRootNode;
-        target = target.addNode("test", "test:sameNameSibsFalseChildNodeDefinition");
-        AccessControlManager acMgr = superuser.getAccessControlManager();
-        for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(target.getPath());
it.hasNext(); ) {
-            AccessControlPolicy policy = it.nextAccessControlPolicy();
-            if (policy instanceof AccessControlList) {
-                Privilege[] privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT)};
-                ((AccessControlList) policy).addAccessControlEntry(everyone, privs);
-                acMgr.setPolicy(target.getPath(), policy);
-            }
-        }
-
         try {
+            Node target = createImportTargetWithPolicy(EveryonePrincipal.getInstance());
             doImport(target.getPath(), XML_POLICY_TREE_2);
 
+            AccessControlManager acMgr = superuser.getAccessControlManager();
             AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
             assertEquals(1, policies.length);
             assertTrue(policies[0] instanceof JackrabbitAccessControlList);
@@ -383,7 +388,7 @@ public class AccessControlImporterTest e
             assertEquals(1, entries.length);
 
             AccessControlEntry entry = entries[0];
-            assertEquals(everyone.getName(), entry.getPrincipal().getName());
+            assertEquals(EveryonePrincipal.getInstance(), entry.getPrincipal());
             List<Privilege> privs = Arrays.asList(entry.getPrivileges());
             assertEquals(1, privs.size());
             assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
@@ -402,24 +407,11 @@ public class AccessControlImporterTest e
      * @throws Exception
      */
     public void testImportEmptyExistingPolicy() throws Exception {
-        if (!isSessionImport()) {
-            return; // FIXME
-        }
-
-        Node target = testRootNode;
-        target = target.addNode("test", "test:sameNameSibsFalseChildNodeDefinition");
-        AccessControlManager acMgr = superuser.getAccessControlManager();
-        for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(target.getPath());
it.hasNext(); ) {
-            AccessControlPolicy policy = it.nextAccessControlPolicy();
-            if (policy instanceof AccessControlList) {
-                acMgr.setPolicy(target.getPath(), policy);
-            }
-        }
-
         try {
+            Node target = createImportTargetWithPolicy(null);
             doImport(target.getPath(), XML_POLICY_ONLY);
 
-            AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
+            AccessControlPolicy[] policies = superuser.getAccessControlManager().getPolicies(target.getPath());
 
             assertEquals(1, policies.length);
             assertTrue(policies[0] instanceof JackrabbitAccessControlList);
@@ -448,6 +440,9 @@ public class AccessControlImporterTest e
             // type of the imported policy nodes will be rep:root (unstructured)
             // and the items will not be detected as being protected.
             target.addMixin("rep:RepoAccessControllable");
+            if (!isSessionImport()) {
+                superuser.save();
+            }
 
             doImport(target.getPath(), XML_REPO_POLICY_TREE);
 
@@ -470,7 +465,12 @@ public class AccessControlImporterTest e
             assertFalse(target.hasNode("rep:repoPolicy/allow"));
 
         } finally {
-            superuser.refresh(false);
+            if (isSessionImport()) {
+                superuser.refresh(false);
+            } else {
+                superuser.save();
+            }
+            assertEquals(0, acMgr.getPolicies(null).length);
         }
     }
 
@@ -481,21 +481,24 @@ public class AccessControlImporterTest e
      * @throws Exception
      */
     public void testImportRepoACLAtTestNode() throws Exception {
-        Node target = testRootNode.addNode("test");
-        target.addMixin("rep:RepoAccessControllable");
-
-        AccessControlManager acMgr = superuser.getAccessControlManager();
         try {
-            doImport(target.getPath(), XML_REPO_POLICY_TREE);
+            Node target = testRootNode.addNode("test");
+            target.addMixin("rep:RepoAccessControllable");
 
-            AccessControlPolicy[] policies = acMgr.getPolicies(null);
-            assertEquals(0, policies.length);
+            doImport(target.getPath(), XML_REPO_POLICY_TREE);
 
             assertTrue(target.hasNode("rep:repoPolicy"));
             assertFalse(target.hasNode("rep:repoPolicy/allow0"));
 
             Node n = target.getNode("rep:repoPolicy");
             assertEquals("rep:RepoAccessControllable", n.getDefinition().getDeclaringNodeType().getName());
+
+            try {
+                superuser.save();
+                fail("Importing repo policy to non-root node must fail");
+            } catch (AccessControlException e) {
+                // success
+            }
         } finally {
             superuser.refresh(false);
         }

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlWorkspaceImporterTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlWorkspaceImporterTest.java?rev=1506550&r1=1506549&r2=1506550&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlWorkspaceImporterTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlWorkspaceImporterTest.java
Wed Jul 24 13:44:03 2013
@@ -16,8 +16,8 @@
  */
 package org.apache.jackrabbit.oak.jcr.security.authorization;
 
-import javax.jcr.security.AccessControlException;
 import javax.jcr.Node;
+import javax.jcr.security.AccessControlException;
 
 public class AccessControlWorkspaceImporterTest extends AccessControlImporterTest {
 
@@ -35,6 +35,7 @@ public class AccessControlWorkspaceImpor
         try {
             Node target = testRootNode.addNode("test");
             target.addMixin("rep:RepoAccessControllable");
+            superuser.save();
 
             doImport(target.getPath(), XML_REPO_POLICY_TREE);
             fail("Importing repo policy to non-root node must fail");



Mime
View raw message