Author: angela
Date: Fri Apr 12 12:11:53 2013
New Revision: 1467243
URL: http://svn.apache.org/r1467243
Log:
OAK-708: tests (based on patch provided by antonio sanso)
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java
(contents, props changed)
- copied, changed from r1467017,
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java
Removed:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java?rev=1467243&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java
(added)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java
Fri Apr 12 12:11:53 2013
@@ -0,0 +1,124 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.evaluation;
+
+import java.security.Principal;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+import javax.jcr.SimpleCredentials;
+import javax.jcr.security.AccessControlManager;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.User;
+import
org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.util.NodeUtil;
+import org.junit.After;
+import org.junit.Before;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static org.apache.jackrabbit.JcrConstants.NT_UNSTRUCTURED;
+
+/**
+ * Base class for all classes that attempt to test OAK API and OAK core
functionality
+ * in combination with permission evaluation
+ */
+public abstract class AbstractOakCoreTest extends AbstractSecurityTest {
+
+ protected static final String TEST_USER_ID = "test";
+
+ protected Principal testPrincipal;
+
+ private ContentSession testSession;
+
+ @Before
+ @Override
+ public void before() throws Exception {
+ super.before();
+
+ User user = getUserManager().createUser(TEST_USER_ID, TEST_USER_ID);
+ testPrincipal = user.getPrincipal();
+
+ NodeUtil rootNode = new NodeUtil(root.getTree("/"));
+ NodeUtil a = rootNode.addChild("a", NT_UNSTRUCTURED);
+ a.setString("aProp", "aValue");
+
+ NodeUtil b = a.addChild("b", NT_UNSTRUCTURED);
+ b.setString("bProp", "bValue");
+ // sibling
+ NodeUtil bb = a.addChild("bb", NT_UNSTRUCTURED);
+ bb.setString("bbProp", "bbValue");
+
+ NodeUtil c = b.addChild("c", NT_UNSTRUCTURED);
+ c.setString("cProp", "cValue");
+ root.commit();
+ }
+
+ @After
+ @Override
+ public void after() throws Exception {
+ try {
+ Authorizable testUser =
getUserManager().getAuthorizable(TEST_USER_ID);
+ if (testUser != null) {
+ testUser.remove();
+ root.commit();
+ }
+
+ if (testSession != null) {
+ testSession.close();
+ }
+ } finally {
+ super.after();
+ }
+ }
+
+ @Nonnull
+ protected ContentSession getTestSession() throws Exception {
+ if (testSession == null) {
+ testSession = login(new SimpleCredentials(TEST_USER_ID,
TEST_USER_ID.toCharArray()));
+ }
+ return testSession;
+ }
+
+ @Nonnull
+ protected Root getTestRoot() throws Exception {
+ return getTestSession().getLatestRoot();
+ }
+
+ /**
+ * Setup simple allow/deny permissions (without restrictions).
+ *
+ * @param path
+ * @param isAllow
+ * @param privilegeNames
+ * @throws Exception
+ */
+ protected void setupPermission(@Nullable String path,
+ @Nonnull Principal principal,
+ boolean isAllow,
+ @Nonnull String... privilegeNames) throws
Exception {
+ AccessControlManager acMgr = getAccessControlManager(root);
+ JackrabbitAccessControlList acl =
checkNotNull(AccessControlUtils.getAccessControlList(acMgr, path));
+ acl.addEntry(principal, AccessControlUtils.privilegesFromNames(acMgr,
privilegeNames), isAllow);
+ acMgr.setPolicy(path, acl);
+
+ root.commit();
+ }
+}
\ No newline at end of file
Copied:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java
(from r1467017,
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java)
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java?p2=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java&p1=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java&r1=1467017&r2=1467243&rev=1467243&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ShadowInvisibleContentTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java
Fri Apr 12 12:11:53 2013
@@ -16,80 +16,30 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.jackrabbit.oak.security.authorization;
-
-import java.security.Principal;
-import javax.jcr.NoSuchWorkspaceException;
-import javax.jcr.RepositoryException;
-import javax.jcr.SimpleCredentials;
-import javax.jcr.security.AccessControlManager;
-import javax.security.auth.login.LoginException;
-
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
-import org.apache.jackrabbit.api.security.user.User;
-import
org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
-import org.apache.jackrabbit.oak.AbstractSecurityTest;
+package org.apache.jackrabbit.oak.security.authorization.evaluation;
+
import org.apache.jackrabbit.oak.api.CommitFailedException;
-import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
-import org.apache.jackrabbit.oak.util.NodeUtil;
-import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
-import static org.apache.jackrabbit.JcrConstants.NT_UNSTRUCTURED;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
-public class ShadowInvisibleContentTest extends AbstractSecurityTest {
-
- private static final String USER_ID = "test";
-
- private Principal userPrincipal;
-
- @Before
- @Override
- public void before() throws Exception {
- super.before();
-
- User user = getUserManager().createUser(USER_ID, USER_ID);
- userPrincipal = user.getPrincipal();
-
- NodeUtil a = new NodeUtil(root.getTree("/")).addChild("a",
NT_UNSTRUCTURED);
- a.setString("x", "xValue");
- NodeUtil b = a.addChild("b", NT_UNSTRUCTURED);
- b.setString("y", "yValue");
- NodeUtil c = b.addChild("c", NT_UNSTRUCTURED);
- c.setString("z", "zValue");
- }
+public class ShadowInvisibleContentTest extends AbstractOakCoreTest {
- private void setupPermission(Principal principal, String path, boolean
isAllow, String privilegeName)
- throws CommitFailedException, RepositoryException {
-
- AccessControlManager acMgr = getAccessControlManager(root);
- JackrabbitAccessControlList acl =
AccessControlUtils.getAccessControlList(acMgr, path);
- acl.addEntry(principal, privilegesFromNames(privilegeName) , isAllow);
- acMgr.setPolicy(path, acl);
- root.commit();
- }
-
- private Root getLatestRoot() throws LoginException,
NoSuchWorkspaceException {
- ContentSession contentSession = login(new SimpleCredentials(USER_ID,
USER_ID.toCharArray()));
- return contentSession.getLatestRoot();
- }
-
@Test
- public void testShadowInvisibleNode() throws CommitFailedException,
RepositoryException, LoginException {
- setupPermission(userPrincipal, "/a", true, PrivilegeConstants.JCR_ALL);
- setupPermission(userPrincipal, "/a/b", false,
PrivilegeConstants.JCR_ALL);
- setupPermission(userPrincipal, "/a/b/c", true,
PrivilegeConstants.JCR_ALL);
+ public void testShadowInvisibleNode() throws Exception {
+ setupPermission("/a", testPrincipal, true, PrivilegeConstants.JCR_ALL);
+ setupPermission("/a/b", testPrincipal, false,
PrivilegeConstants.JCR_ALL);
+ setupPermission("/a/b/c", testPrincipal, true,
PrivilegeConstants.JCR_ALL);
- Root root = getLatestRoot();
- Tree a = root.getTree("/a");
+ Root testRoot = getTestRoot();
+ Tree a = testRoot.getTree("/a");
// /b not visible to this session
assertFalse(a.hasChild("b"));
@@ -100,7 +50,7 @@ public class ShadowInvisibleContentTest
assertFalse(b.hasChild("c"));
try {
- root.commit();
+ testRoot.commit();
} catch (CommitFailedException e) {
assertTrue(e.isAccessViolation());
}
@@ -108,12 +58,12 @@ public class ShadowInvisibleContentTest
@Test
@Ignore // TODO incomplete implementation of
PermissionValidator.childNodeChanged()
- public void testShadowInvisibleProperty() throws CommitFailedException,
RepositoryException, LoginException {
- setupPermission(userPrincipal, "/a", true, PrivilegeConstants.JCR_ALL);
- setupPermission(userPrincipal, "/a", false,
PrivilegeConstants.REP_READ_PROPERTIES);
+ public void testShadowInvisibleProperty() throws Exception {
+ setupPermission("/a", testPrincipal, true, PrivilegeConstants.JCR_ALL);
+ setupPermission("/a", testPrincipal, false,
PrivilegeConstants.REP_READ_PROPERTIES);
- Root root = getLatestRoot();
- Tree a = root.getTree("/a");
+ Root testRoot = getTestRoot();
+ Tree a = testRoot.getTree("/a");
// /a/x not visible to this session
assertNull(a.getProperty("x"));
@@ -123,7 +73,7 @@ public class ShadowInvisibleContentTest
assertNotNull(a.getProperty("x"));
try {
- root.commit();
+ testRoot.commit();
} catch (CommitFailedException e) {
assertTrue(e.isAccessViolation());
}
@@ -131,12 +81,12 @@ public class ShadowInvisibleContentTest
@Test
@Ignore // FIXME how do we handle the case where the shadowing item is the
same as the shadowing item?
- public void testShadowInvisibleProperty2() throws CommitFailedException,
RepositoryException, LoginException {
- setupPermission(userPrincipal, "/a", true, PrivilegeConstants.JCR_ALL);
- setupPermission(userPrincipal, "/a", false,
PrivilegeConstants.REP_READ_PROPERTIES);
+ public void testShadowInvisibleProperty2() throws Exception {
+ setupPermission("/a", testPrincipal, true, PrivilegeConstants.JCR_ALL);
+ setupPermission("/a", testPrincipal, false,
PrivilegeConstants.REP_READ_PROPERTIES);
- Root root = getLatestRoot();
- Tree a = root.getTree("/a");
+ Root testRoot = getTestRoot();
+ Tree a = testRoot.getTree("/a");
// /a/x not visible to this session
assertNull(a.getProperty("x"));
@@ -146,7 +96,7 @@ public class ShadowInvisibleContentTest
assertNotNull(a.getProperty("x"));
try {
- root.commit();
+ testRoot.commit();
} catch (CommitFailedException e) {
assertTrue(e.isAccessViolation());
}
Propchange:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision Rev URL
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java?rev=1467243&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java
(added)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java
Fri Apr 12 12:11:53 2013
@@ -0,0 +1,135 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.evaluation;
+
+import java.util.List;
+
+import com.google.common.collect.ImmutableList;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+public class TreeTest extends AbstractOakCoreTest {
+
+ // TODO: add tests for acls withs restrictions
+ // TODO: add tests with READ_PROPERTIES and READ_NODES privileges
+
+ private Root testRoot;
+
+ @Before
+ public void before() throws Exception {
+ super.before();
+
+ setupPermission("/", testPrincipal, true, PrivilegeConstants.JCR_READ);
+ setupPermission("/a/bb", testPrincipal, false,
PrivilegeConstants.JCR_READ);
+
+ testRoot = getTestRoot();
+ }
+
+ @Test
+ public void testHasChild() throws Exception {
+ Tree rootTree = testRoot.getTree("/");
+
+ assertTrue(rootTree.hasChild("a"));
+ assertFalse(rootTree.hasChild(AccessControlConstants.REP_POLICY));
+
+ Tree a = rootTree.getChild("a");
+ assertTrue(a.hasChild("b"));
+ assertFalse(a.hasChild("bb"));
+
+ Tree b = a.getChild("b");
+ assertTrue(b.hasChild("c"));
+ }
+
+ @Test
+ public void testGetChild() throws Exception {
+ Tree rootTree = testRoot.getTree("/");
+ assertNotNull(rootTree);
+
+ Tree a = rootTree.getChild("a");
+ assertNotNull(a);
+
+ Tree b = a.getChild("b");
+ assertNotNull(b);
+ assertNotNull(b.getChild("c"));
+
+ assertNull(a.getChild("bb"));
+ }
+
+ @Test
+ public void testPolicyChild() throws Exception {
+ assertNotNull(root.getTree('/' + AccessControlConstants.REP_POLICY));
+
+ // 'testUser' must not have access to the policy node
+ Tree rootTree = testRoot.getTree("/");
+
+ assertFalse(rootTree.hasChild(AccessControlConstants.REP_POLICY));
+ assertNull(rootTree.getChild(AccessControlConstants.REP_POLICY));
+ }
+
+ @Test
+ public void testGetChildrenCount() throws Exception {
+ long cntRoot = root.getTree("/").getChildrenCount();
+ long cntA = root.getTree("/a").getChildrenCount();
+
+ // 'testUser' may only see 'regular' child nodes -> count must be
adjusted.
+ assertEquals(cntRoot-1, testRoot.getTree("/").getChildrenCount());
+ assertEquals(cntA - 1, testRoot.getTree("/a").getChildrenCount());
+
+ // for the following nodes the cnt must not differ
+ List<String> paths = ImmutableList.of("/a/b", "/a/b/c");
+ for (String path : paths) {
+ assertEquals(
+ root.getTree(path).getChildrenCount(),
+ testRoot.getTree(path).getChildrenCount());
+ }
+ }
+
+ @Test
+ public void testHasProperty() throws Exception {
+ // TODO
+ }
+
+ @Test
+ public void testGetProperty() throws Exception {
+ // TODO
+ }
+
+ @Test
+ public void testGetPropertyStatus() throws Exception {
+ // TODO
+ }
+
+ @Test
+ public void testGetPropertyCount() throws Exception {
+ // TODO
+ }
+
+ @Test
+ public void testGetProperties() throws Exception {
+ // TODO
+ }
+}
