Return-Path: X-Original-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Delivered-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7680A1074E for ; Tue, 28 Jan 2014 15:12:23 +0000 (UTC) Received: (qmail 87169 invoked by uid 500); 28 Jan 2014 15:12:23 -0000 Delivered-To: apmail-jackrabbit-oak-commits-archive@jackrabbit.apache.org Received: (qmail 87120 invoked by uid 500); 28 Jan 2014 15:12:20 -0000 Mailing-List: contact oak-commits-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: oak-dev@jackrabbit.apache.org Delivered-To: mailing list oak-commits@jackrabbit.apache.org Received: (qmail 87107 invoked by uid 99); 28 Jan 2014 15:12:19 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Jan 2014 15:12:19 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Jan 2014 15:12:16 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 1BF3223889E2; Tue, 28 Jan 2014 15:11:55 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1562092 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ oak-jcr/src/test/java/org/apa... Date: Tue, 28 Jan 2014 15:11:54 -0000 To: oak-commits@jackrabbit.apache.org From: angela@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20140128151155.1BF3223889E2@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: angela Date: Tue Jan 28 15:11:54 2014 New Revision: 1562092 URL: http://svn.apache.org/r1562092 Log: OAK-1348 : ACE merging not behaving correctly if not using managed principals Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java?rev=1562092&r1=1562091&r2=1562092&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java Tue Jan 28 15:11:54 2014 @@ -190,7 +190,7 @@ abstract class ACL extends AbstractAcces List subList = Lists.newArrayList(Iterables.filter(entries, new Predicate() { @Override public boolean apply(@Nullable ACE ace) { - return (ace != null) && ace.getPrincipal().equals(principal); + return (ace != null) && ace.getPrincipal().getName().equals(principal.getName()); } })); Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java?rev=1562092&r1=1562091&r2=1562092&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java Tue Jan 28 15:11:54 2014 @@ -135,7 +135,7 @@ public class ACLTest extends AbstractAcc } @Test - public void testAddInvalidEntry() throws Exception { + public void testUnknownPrincipal() throws Exception { Principal unknownPrincipal = new InvalidTestPrincipal("unknown"); try { acl.addAccessControlEntry(unknownPrincipal, privilegesFromNames(JCR_READ)); @@ -146,9 +146,50 @@ public class ACLTest extends AbstractAcc } @Test - public void testAddEntryWithOakPrincipal() throws Exception { - Principal oakPrincipal = new PrincipalImpl("name"); - acl.addAccessControlEntry(oakPrincipal, privilegesFromNames(JCR_READ)); + public void testInternalPrincipal() throws RepositoryException { + Principal internal = new PrincipalImpl("unknown"); + acl.addAccessControlEntry(internal, privilegesFromNames(JCR_READ)); + } + + @Test + public void testNullPrincipal() throws Exception { + + try { + acl.addAccessControlEntry(null, privilegesFromNames(JCR_READ)); + fail("Adding an ACE with null principal should fail"); + } catch (AccessControlException e) { + // success + } + } + + @Test + public void testEmptyPrincipal() throws Exception { + + try { + acl.addAccessControlEntry(new PrincipalImpl(""), privilegesFromNames(JCR_READ)); + fail("Adding an ACE with empty-named principal should fail"); + } catch (AccessControlException e) { + // success + } + } + + @Test + public void testAddEntriesWithCustomPrincipal() throws Exception { + Principal oakPrincipal = new PrincipalImpl("anonymous"); + Principal principal = new Principal() { + @Override + public String getName() { + return "anonymous"; + } + }; + + assertTrue(acl.addAccessControlEntry(oakPrincipal, privilegesFromNames(JCR_READ))); + assertTrue(acl.addAccessControlEntry(principal, privilegesFromNames(JCR_READ_ACCESS_CONTROL))); + assertEquals(1, acl.getAccessControlEntries().length); + + assertTrue(acl.addEntry(principal, privilegesFromNames(JCR_READ), false)); + assertEquals(2, acl.getAccessControlEntries().length); + assertArrayEquals(privilegesFromNames(JCR_READ_ACCESS_CONTROL), acl.getAccessControlEntries()[0].getPrivileges()); } @Test Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java?rev=1562092&r1=1562091&r2=1562092&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java (original) +++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java Tue Jan 28 15:11:54 2014 @@ -172,7 +172,7 @@ public class JackrabbitAccessControlList } /** - * OAK-1026 + * @see OAK-1026 */ @Test public void testEntryWithAggregatePrivileges() throws Exception { @@ -192,4 +192,21 @@ public class JackrabbitAccessControlList assertEquals(1, entries.length); assertArrayEquals(new Privilege[]{write}, entries[0].getPrivileges()); } + + /** + * @see OAK-1348 + */ + @Test + public void testAddEntryWithCustomPrincipalImpl() throws Exception { + Principal custom = new Principal() { + public String getName() { + return testPrincipal.getName(); + } + }; + acl.addEntry(testPrincipal, testPrivileges, true); + acl.addEntry(custom, testPrivileges, false); + acMgr.setPolicy(acl.getPath(), acl); + superuser.save(); + + } } \ No newline at end of file