Author: olli
Date: Tue Oct 11 14:50:07 2016
New Revision: 1764259
URL: http://svn.apache.org/viewvc?rev=1764259&view=rev
Log:
SLING-6130 Restrict access for principal everyone and move configuration to
repoinit
* change path from / to /content in OakSlingRepositoryManager
* adjust test
Modified:
sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/OakSlingRepositoryManager.java
sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/it/OakServerIT.java
sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/it/OakServerTestSupport.java
Modified:
sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/OakSlingRepositoryManager.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/OakSlingRepositoryManager.java?rev=1764259&r1=1764258&r2=1764259&view=diff
==============================================================================
---
sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/OakSlingRepositoryManager.java
(original)
+++
sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/jcr/oak/server/internal/OakSlingRepositoryManager.java
Tue Oct 11 14:50:07 2016
@@ -30,6 +30,7 @@ import javax.jcr.security.Privilege;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.api.JackrabbitRepository;
+import org.apache.jackrabbit.commons.JcrUtils;
import
org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.Oak;
import org.apache.jackrabbit.oak.jcr.Jcr;
@@ -194,10 +195,11 @@ public class OakSlingRepositoryManager e
try {
// TODO do we need to go via PrivilegeManager for the names?
See OAK-1016 example.
session =
repository.loginAdministrative(getDefaultWorkspace());
+ JcrUtils.getOrAddNode(session.getRootNode(), "content",
"sling:Folder");
final String[] privileges = new String[]{Privilege.JCR_READ};
AccessControlUtils.addAccessControlEntry(
session,
- "/",
+ "/content",
EveryonePrincipal.getInstance(),
privileges,
true);
Modified:
sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/it/OakServerIT.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/it/OakServerIT.java?rev=1764259&r1=1764258&r2=1764259&view=diff
==============================================================================
---
sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/it/OakServerIT.java
(original)
+++
sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/it/OakServerIT.java
Tue Oct 11 14:50:07 2016
@@ -35,6 +35,7 @@ import javax.jcr.query.Query;
import org.apache.jackrabbit.commons.cnd.CndImporter;
import org.apache.sling.api.SlingConstants;
+import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.ops4j.pax.exam.junit.PaxExam;
@@ -105,7 +106,7 @@ public class OakServerIT extends OakServ
@Test
public void testAnonymousHasReadAccess() throws RepositoryException {
- final String path = assertCreateRetrieveNode(null);
+ final String path = assertCreateRetrieveNode(null, "content/foo");
final Session s = repository.login();
try {
assertTrue("Expecting anonymous to see " + path,
s.itemExists(path));
@@ -117,6 +118,12 @@ public class OakServerIT extends OakServ
}
@Test
+ @Ignore
+ public void testAnonymousHasNoReadAccess() throws RepositoryException {
+ // TODO
+ }
+
+ @Test
public void testSqlQuery() throws RepositoryException {
final Session s = repository.loginAdministrative(null);
final String id = "ID_" + System.currentTimeMillis();
Modified:
sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/it/OakServerTestSupport.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/it/OakServerTestSupport.java?rev=1764259&r1=1764258&r2=1764259&view=diff
==============================================================================
---
sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/it/OakServerTestSupport.java
(original)
+++
sling/trunk/bundles/jcr/oak-server/src/test/java/org/apache/sling/jcr/oak/server/it/OakServerTestSupport.java
Tue Oct 11 14:50:07 2016
@@ -31,6 +31,7 @@ import javax.jcr.observation.EventIterat
import javax.jcr.observation.EventListener;
import javax.jcr.observation.ObservationManager;
+import org.apache.jackrabbit.commons.JcrUtils;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.jcr.api.SlingRepository;
import org.apache.sling.testing.paxexam.SlingOptions;
@@ -115,24 +116,30 @@ public abstract class OakServerTestSuppo
* @return the path of the test node that was created.
*/
protected String assertCreateRetrieveNode(String nodeType) throws
RepositoryException {
- Session s = repository.loginAdministrative(null);
+ return assertCreateRetrieveNode(nodeType, null);
+ }
+
+ protected String assertCreateRetrieveNode(String nodeType, String
relParentPath) throws RepositoryException {
+ Session session = repository.loginAdministrative(null);
try {
- final Node root = s.getRootNode();
+ final Node root = session.getRootNode();
final String name = uniqueName("assertCreateRetrieveNode");
final String propName = "PN_" + name;
final String propValue = "PV_" + name;
- final Node child = nodeType == null ? root.addNode(name) :
root.addNode(name, nodeType);
+ final Node parent = relParentPath == null ? root :
JcrUtils.getOrAddNode(root, relParentPath);
+ final Node child = nodeType == null ? parent.addNode(name) :
parent.addNode(name, nodeType);
child.setProperty(propName, propValue);
child.setProperty("foo", child.getPath());
- s.save();
- s.logout();
- s = repository.loginAdministrative(null);
- final Node n = s.getNode("/" + name);
+ session.save();
+ session.logout();
+ session = repository.loginAdministrative(null);
+ final String path = relParentPath == null ? "/" + name : "/" +
relParentPath + "/" + name;
+ final Node n = session.getNode(path);
assertNotNull(n);
assertEquals(propValue, n.getProperty(propName).getString());
return n.getPath();
} finally {
- s.logout();
+ session.logout();
}
}
