Author: angela
Date: Tue Jan 28 15:11:54 2014
New Revision: 1562092
URL: http://svn.apache.org/r1562092
Log:
OAK-1348 : ACE merging not behaving correctly if not using managed principals
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java?rev=1562092&r1=1562091&r2=1562092&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
Tue Jan 28 15:11:54 2014
@@ -190,7 +190,7 @@ abstract class ACL extends AbstractAcces
List<ACE> subList = Lists.newArrayList(Iterables.filter(entries, new
Predicate<ACE>() {
@Override
public boolean apply(@Nullable ACE ace) {
- return (ace != null) && ace.getPrincipal().equals(principal);
+ return (ace != null) &&
ace.getPrincipal().getName().equals(principal.getName());
}
}));
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java?rev=1562092&r1=1562091&r2=1562092&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
Tue Jan 28 15:11:54 2014
@@ -135,7 +135,7 @@ public class ACLTest extends AbstractAcc
}
@Test
- public void testAddInvalidEntry() throws Exception {
+ public void testUnknownPrincipal() throws Exception {
Principal unknownPrincipal = new InvalidTestPrincipal("unknown");
try {
acl.addAccessControlEntry(unknownPrincipal,
privilegesFromNames(JCR_READ));
@@ -146,9 +146,50 @@ public class ACLTest extends AbstractAcc
}
@Test
- public void testAddEntryWithOakPrincipal() throws Exception {
- Principal oakPrincipal = new PrincipalImpl("name");
- acl.addAccessControlEntry(oakPrincipal, privilegesFromNames(JCR_READ));
+ public void testInternalPrincipal() throws RepositoryException {
+ Principal internal = new PrincipalImpl("unknown");
+ acl.addAccessControlEntry(internal, privilegesFromNames(JCR_READ));
+ }
+
+ @Test
+ public void testNullPrincipal() throws Exception {
+
+ try {
+ acl.addAccessControlEntry(null, privilegesFromNames(JCR_READ));
+ fail("Adding an ACE with null principal should fail");
+ } catch (AccessControlException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testEmptyPrincipal() throws Exception {
+
+ try {
+ acl.addAccessControlEntry(new PrincipalImpl(""),
privilegesFromNames(JCR_READ));
+ fail("Adding an ACE with empty-named principal should fail");
+ } catch (AccessControlException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testAddEntriesWithCustomPrincipal() throws Exception {
+ Principal oakPrincipal = new PrincipalImpl("anonymous");
+ Principal principal = new Principal() {
+ @Override
+ public String getName() {
+ return "anonymous";
+ }
+ };
+
+ assertTrue(acl.addAccessControlEntry(oakPrincipal,
privilegesFromNames(JCR_READ)));
+ assertTrue(acl.addAccessControlEntry(principal,
privilegesFromNames(JCR_READ_ACCESS_CONTROL)));
+ assertEquals(1, acl.getAccessControlEntries().length);
+
+ assertTrue(acl.addEntry(principal, privilegesFromNames(JCR_READ),
false));
+ assertEquals(2, acl.getAccessControlEntries().length);
+ assertArrayEquals(privilegesFromNames(JCR_READ_ACCESS_CONTROL),
acl.getAccessControlEntries()[0].getPrivileges());
}
@Test
Modified:
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java?rev=1562092&r1=1562091&r2=1562092&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java
(original)
+++
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java
Tue Jan 28 15:11:54 2014
@@ -172,7 +172,7 @@ public class JackrabbitAccessControlList
}
/**
- * <a href="https://issues.apache.org/jira/browse/OAK-1026";>OAK-1026</a>
+ * @see <a
href="https://issues.apache.org/jira/browse/OAK-1026";>OAK-1026</a>
*/
@Test
public void testEntryWithAggregatePrivileges() throws Exception {
@@ -192,4 +192,21 @@ public class JackrabbitAccessControlList
assertEquals(1, entries.length);
assertArrayEquals(new Privilege[]{write}, entries[0].getPrivileges());
}
+
+ /**
+ * @see <a
href="https://issues.apache.org/jira/browse/OAK-1348";>OAK-1348</a>
+ */
+ @Test
+ public void testAddEntryWithCustomPrincipalImpl() throws Exception {
+ Principal custom = new Principal() {
+ public String getName() {
+ return testPrincipal.getName();
+ }
+ };
+ acl.addEntry(testPrincipal, testPrivileges, true);
+ acl.addEntry(custom, testPrivileges, false);
+ acMgr.setPolicy(acl.getPath(), acl);
+ superuser.save();
+
+ }
}
\ No newline at end of file
