Author: angela
Date: Fri Feb 24 17:10:56 2017
New Revision: 1784300
URL: http://svn.apache.org/viewvc?rev=1784300&view=rev
Log:
OAK-5793 : Improve coverage for security code in oak-core
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManagerTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ACETest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlListTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java?rev=1784300&r1=1784299&r2=1784300&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java
Fri Feb 24 17:10:56 2017
@@ -26,11 +26,9 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
-
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.AccessDeniedException;
-import javax.jcr.NamespaceRegistry;
import javax.jcr.PathNotFoundException;
import javax.jcr.PropertyType;
import javax.jcr.RepositoryException;
@@ -48,7 +46,6 @@ import com.google.common.base.Function;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
-
import com.google.common.collect.Iterables;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
@@ -56,7 +53,6 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
-import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
@@ -68,7 +64,7 @@ import org.apache.jackrabbit.oak.namepat
import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE;
-import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlTest;
+import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManagerTest;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL;
import
org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
@@ -79,7 +75,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.oak.util.TreeUtil;
-import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -96,22 +91,11 @@ import static org.junit.Assert.fail;
/**
* Tests for the default {@code AccessControlManager} implementation.
*/
-public class AccessControlManagerImplTest extends AbstractAccessControlTest
implements AccessControlConstants {
+public class AccessControlManagerImplTest extends
AbstractAccessControlManagerTest implements AccessControlConstants {
public static final String TEST_LOCAL_PREFIX = "test";
- public static final String TEST_PREFIX = "jr";
- public static final String TEST_URI = "http://jackrabbit.apache.org";;
-
- private final String testName = TEST_PREFIX + ":testRoot";
- private final String testPath = '/' + testName;
-
- private Principal testPrincipal;
- private Privilege[] testPrivileges;
- private Root testRoot;
private NamePathMapper npMapper;
-
- private AccessControlManagerImpl acMgr;
private ValueFactory valueFactory;
@Override
@@ -119,54 +103,30 @@ public class AccessControlManagerImplTes
public void before() throws Exception {
super.before();
- registerNamespace(TEST_PREFIX, TEST_URI);
- NameMapper nameMapper = new GlobalNameMapper(root);
- npMapper = new NamePathMapperImpl(nameMapper);
-
- acMgr = getAccessControlManager(npMapper);
valueFactory = new ValueFactoryImpl(root, npMapper);
-
- NodeUtil rootNode = new NodeUtil(root.getTree("/"), npMapper);
- rootNode.addChild(testName, JcrConstants.NT_UNSTRUCTURED);
- root.commit();
-
- testPrivileges =
privilegesFromNames(PrivilegeConstants.JCR_ADD_CHILD_NODES,
PrivilegeConstants.JCR_READ);
- testPrincipal = getTestPrincipal();
- }
-
- @After
- public void after() throws Exception {
- try {
- root.refresh();
- root.getTree(testPath).remove();
- root.commit();
-
- if (testRoot != null) {
- testRoot.getContentSession().close();
- testRoot = null;
- }
- } finally {
- super.after();
- }
}
@Override
protected NamePathMapper getNamePathMapper() {
+ if (npMapper == null) {
+ try {
+ registerNamespace(TEST_PREFIX, TEST_URI);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ NameMapper nameMapper = new GlobalNameMapper(root);
+ npMapper = new NamePathMapperImpl(nameMapper);
+ }
return npMapper;
}
- private AccessControlManagerImpl getAccessControlManager(NamePathMapper
npMapper) {
- return new AccessControlManagerImpl(root, npMapper,
getSecurityProvider());
- }
-
- private Root getTestRoot() throws Exception {
- if (testRoot == null) {
- testRoot = createTestSession().getLatestRoot();
- }
- return testRoot;
+ @Override
+ protected AccessControlManagerImpl createAccessControlManager(@Nonnull
Root root, @Nonnull NamePathMapper namePathMapper) {
+ return new AccessControlManagerImpl(root, namePathMapper,
getSecurityProvider());
}
- private AccessControlManagerImpl getTestAccessControlManager() throws
Exception {
+ @Override
+ protected AccessControlManagerImpl getTestAccessControlManager() throws
Exception {
return new AccessControlManagerImpl(getTestRoot(),
getNamePathMapper(), getSecurityProvider());
}
@@ -231,17 +191,7 @@ public class AccessControlManagerImplTes
return ImmutableMap.of(REP_GLOB, valueFactory.createValue(value));
}
- private List<String> getInvalidPaths() {
- List<String> invalid = new ArrayList<String>();
- invalid.add("");
- invalid.add("../../jcr:testRoot");
- invalid.add("jcr:testRoot");
- invalid.add("jcr:test/Root");
- invalid.add("./jcr:testRoot");
- return invalid;
- }
-
- private List<String> getAcContentPaths() throws RepositoryException {
+ protected List<String> getAcContentPaths() throws RepositoryException {
ACL policy = getApplicablePolicy(testPath);
policy.addEntry(testPrincipal, testPrivileges, true,
getGlobRestriction("*"));
acMgr.setPolicy(testPath, policy);
@@ -265,75 +215,19 @@ public class AccessControlManagerImplTes
return acContentPath;
}
- private Set<Principal> getPrincipals(ContentSession session) {
- return session.getAuthInfo().getPrincipals();
- }
-
//---------------------------------------------< getSupportedPrivileges
>---
@Test
- public void testGetSupportedPrivileges() throws Exception {
- List<Privilege> allPrivileges =
Arrays.asList(getPrivilegeManager(root).getRegisteredPrivileges());
-
- List<String> testPaths = new ArrayList<String>();
- testPaths.add(null);
- testPaths.add("/");
- testPaths.add("/jcr:system");
- testPaths.add(testPath);
-
- for (String path : testPaths) {
- Privilege[] supported = acMgr.getSupportedPrivileges(path);
-
- assertNotNull(supported);
- assertEquals(allPrivileges.size(), supported.length);
- assertTrue(allPrivileges.containsAll(Arrays.asList(supported)));
- }
- }
-
- @Test
- public void testGetSupportedPrivilegesInvalidPath() throws Exception {
- for (String path : getInvalidPaths()) {
- try {
- acMgr.getSupportedPrivileges(path);
- fail("Expects valid node path, found: " + path);
- } catch (RepositoryException e) {
- // success
- }
- }
- }
-
- @Test
- public void testGetSupportedPrivilegesPropertyPath() throws Exception {
- try {
- acMgr.getSupportedPrivileges("/jcr:primaryType");
- fail("Property path -> PathNotFoundException expected.");
- } catch (PathNotFoundException e) {
- // success
- }
- }
-
- @Test
- public void testGetSupportedPrivilegesNonExistingPath() throws Exception {
- try {
- acMgr.getSupportedPrivileges("/non/existing/node");
- fail("Nonexisting node -> PathNotFoundException expected.");
- } catch (PathNotFoundException e) {
- // success
- }
- }
-
- @Test
public void testGetSupportedPrivilegesIncludingPathConversion() throws
Exception {
List<Privilege> allPrivileges =
Arrays.asList(getPrivilegeManager(root).getRegisteredPrivileges());
- List<String> testPaths = new ArrayList<String>();
+ List<String> testPaths = new ArrayList();
testPaths.add('/' + TEST_LOCAL_PREFIX + ":testRoot");
testPaths.add("/{" + TEST_URI + "}testRoot");
NameMapper remapped = new LocalNameMapper(
root, singletonMap(TEST_LOCAL_PREFIX, TEST_URI));
- AccessControlManager acMgr =
- getAccessControlManager(new NamePathMapperImpl(remapped));
+ AccessControlManager acMgr = createAccessControlManager(root, new
NamePathMapperImpl(remapped));
for (String path : testPaths) {
Privilege[] supported = acMgr.getSupportedPrivileges(path);
@@ -356,166 +250,16 @@ public class AccessControlManagerImplTes
}
}
- //--------------------------------------------------< privilegeFromName
>---
- @Test
- public void testPrivilegeFromName() throws Exception {
- List<Privilege> allPrivileges =
Arrays.asList(getPrivilegeManager(root).getRegisteredPrivileges());
- for (Privilege privilege : allPrivileges) {
- Privilege p = acMgr.privilegeFromName(privilege.getName());
- assertEquals(privilege, p);
- }
- }
+ //--------------------------------------------------< privilegeFromName
>---
@Test
public void testPrivilegeFromExpandedName() throws Exception {
Privilege readPriv =
getPrivilegeManager(root).getPrivilege(PrivilegeConstants.JCR_READ);
assertEquals(readPriv, acMgr.privilegeFromName(Privilege.JCR_READ));
}
- @Test
- public void testPrivilegeFromInvalidName() throws Exception {
- List<String> invalid = new ArrayList<String>();
- invalid.add(null);
- invalid.add("");
- invalid.add("test:read");
-
- for (String privilegeName : invalid) {
- try {
- acMgr.privilegeFromName(privilegeName);
- fail("Invalid privilege name " + privilegeName);
- } catch (RepositoryException e) {
- // success
- }
- }
- }
-
- @Test
- public void testPrivilegeFromUnknownName() throws Exception {
- List<String> invalid = new ArrayList<String>();
- invalid.add("unknownPrivilege");
- invalid.add('{' + NamespaceRegistry.NAMESPACE_JCR + "}unknown");
-
- for (String privilegeName : invalid) {
- try {
- acMgr.privilegeFromName(privilegeName);
- fail("Invalid privilege name " + privilegeName);
- } catch (AccessControlException e) {
- // success
- }
- }
- }
-
//------------------------------------------------------< hasPrivileges
>---
@Test
- public void testHasNullPrivileges() throws Exception {
- assertTrue(acMgr.hasPrivileges(testPath, null));
- }
-
- @Test
- public void testHasEmptyPrivileges() throws Exception {
- assertTrue(acMgr.hasPrivileges(testPath, new Privilege[0]));
- }
-
- @Test
- public void testHasPrivilegesForPropertyPath() throws Exception {
- String propertyPath = "/jcr:primaryType";
- Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_ALL);
- try {
- acMgr.hasPrivileges(propertyPath, privs);
- fail("AccessControlManager#hasPrivileges for property should
fail.");
- } catch (PathNotFoundException e) {
- // success
- }
-
- try {
- acMgr.hasPrivileges(propertyPath, getPrincipals(adminSession),
privs);
- fail("AccessControlManager#hasPrivileges for property should
fail.");
- } catch (PathNotFoundException e) {
- // success
- }
- }
-
- @Test
- public void testHasPrivilegesNonExistingNodePath() throws Exception {
- String nonExistingPath = "/not/existing";
- Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_ALL);
- try {
- acMgr.hasPrivileges(nonExistingPath, privs);
- fail("AccessControlManager#hasPrivileges for node that doesn't
exist should fail.");
- } catch (PathNotFoundException e) {
- // success
- }
- try {
- acMgr.hasPrivileges(nonExistingPath, getPrincipals(adminSession),
privs);
- fail("AccessControlManager#hasPrivileges for node that doesn't
exist should fail.");
- } catch (PathNotFoundException e) {
- // success
- }
- }
-
- @Test
- public void testHasPrivilegesInvalidPaths() throws Exception {
- Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_ALL);
- for (String path : getInvalidPaths()) {
- try {
- acMgr.hasPrivileges(path, privs);
- fail("AccessControlManager#hasPrivileges for node that
doesn't exist should fail.");
- } catch (RepositoryException e) {
- // success
- }
- }
- for (String path : getInvalidPaths()) {
- try {
- acMgr.hasPrivileges(path, getPrincipals(adminSession), privs);
- fail("AccessControlManager#hasPrivileges for node that
doesn't exist should fail.");
- } catch (RepositoryException e) {
- // success
- }
- }
- }
-
- @Test
- public void testHasPrivilegesAccessControlledNodePath() throws Exception {
- Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_ALL);
- for (String path : getAcContentPaths()) {
- assertTrue(acMgr.hasPrivileges(path, privs));
- assertTrue(acMgr.hasPrivileges(path, getPrincipals(adminSession),
privs));
- }
- }
-
- /**
- * @since OAK 1.0 As of OAK AccessControlManager#hasPrivilege will throw
- * PathNotFoundException in case the node associated with a given path is
- * not readable to the editing session (compatibility with the
specification
- * which was missing in jackrabbit).
- */
- @Test
- public void testHasPrivilegesNotAccessiblePath() throws Exception {
- List<String> notAccessible = new ArrayList();
- notAccessible.add("/");
- notAccessible.addAll(getAcContentPaths());
-
- Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_ALL);
- AccessControlManagerImpl testAcMgr = getTestAccessControlManager();
- for (String path : notAccessible) {
- try {
- testAcMgr.hasPrivileges(path, privs);
- fail("AccessControlManager#hasPrivileges for node that is not
accessible should fail.");
- } catch (PathNotFoundException e) {
- // success
- }
- }
- for (String path : notAccessible) {
- try {
- testAcMgr.hasPrivileges(path,
getPrincipals(getTestRoot().getContentSession()), privs);
- fail("AccessControlManager#hasPrivileges for node that is not
accessible should fail.");
- } catch (PathNotFoundException e) {
- // success
- }
- }
- }
-
- @Test
public void testTestSessionHasPrivileges() throws Exception {
setupPolicy(testPath);
root.commit();
@@ -563,136 +307,8 @@ public class AccessControlManagerImplTes
}
}
- @Test
- public void testHasRepoPrivileges() throws Exception {
- assertTrue(acMgr.hasPrivileges(null,
privilegesFromNames(PrivilegeConstants.JCR_ALL)));
- assertTrue(acMgr.hasPrivileges(null, getPrincipals(adminSession),
privilegesFromNames(PrivilegeConstants.JCR_ALL)));
- }
-
- @Test
- public void testTestSessionHasRepoPrivileges() throws Exception {
- AccessControlManagerImpl testAcMgr = getTestAccessControlManager();
-
- assertFalse(testAcMgr.hasPrivileges(null, testPrivileges));
- assertFalse(testAcMgr.hasPrivileges(null,
getPrincipals(getTestRoot().getContentSession()), testPrivileges));
-
- // but for 'admin' the test-session doesn't have sufficient privileges
- try {
- testAcMgr.getPrivileges(null, getPrincipals(adminSession));
- fail("testSession doesn't have sufficient permission to read
access control information");
- } catch (AccessDeniedException e) {
- // success
- }
- }
-
//------------------------------------------------------< getPrivileges
>---
@Test
- public void testGetPrivilegesForPropertyPath() throws Exception {
- String propertyPath = "/jcr:primaryType";
- try {
- acMgr.getPrivileges(propertyPath);
- fail("AccessControlManager#getPrivileges for property should
fail.");
- } catch (PathNotFoundException e) {
- // success
- }
-
- try {
- acMgr.getPrivileges(propertyPath,
Collections.singleton(testPrincipal));
- fail("AccessControlManager#getPrivileges for property should
fail.");
- } catch (PathNotFoundException e) {
- // success
- }
- }
-
- @Test
- public void testGetPrivilegesNonExistingNodePath() throws Exception {
- String nonExistingPath = "/not/existing";
- try {
- acMgr.getPrivileges(nonExistingPath);
- fail("AccessControlManager#getPrivileges for node that doesn't
exist should fail.");
- } catch (PathNotFoundException e) {
- // success
- }
-
- try {
- acMgr.getPrivileges(nonExistingPath,
Collections.singleton(testPrincipal));
- fail("AccessControlManager#getPrivileges for node that doesn't
exist should fail.");
- } catch (PathNotFoundException e) {
- // success
- }
- }
-
- @Test
- public void testGetPrivilegesInvalidPaths() throws Exception {
- for (String path : getInvalidPaths()) {
- try {
- acMgr.getPrivileges(path);
- fail("AccessControlManager#getPrivileges for node that
doesn't exist should fail.");
- } catch (RepositoryException e) {
- // success
- }
- }
-
- for (String path : getInvalidPaths()) {
- try {
- acMgr.getPrivileges(path,
Collections.singleton(testPrincipal));
- fail("AccessControlManager#getPrivileges for node that
doesn't exist should fail.");
- } catch (RepositoryException e) {
- // success
- }
- }
- }
-
- @Test
- public void testGetPrivilegesAccessControlledNodePath() throws Exception {
- Privilege[] expected = privilegesFromNames(PrivilegeConstants.JCR_ALL);
- for (String path : getAcContentPaths()) {
- assertArrayEquals(expected, acMgr.getPrivileges(path));
- assertArrayEquals(expected, acMgr.getPrivileges(path,
getPrincipals(adminSession)));
- }
- }
-
- @Test
- public void testGetPrivilegesForPrincipalsAccessControlledNodePath()
throws Exception {
- Set<Principal> testPrincipals = ImmutableSet.of(testPrincipal);
- Privilege[] expected = new Privilege[0];
- for (String path : getAcContentPaths()) {
- assertArrayEquals(expected, acMgr.getPrivileges(path,
testPrincipals));
- }
- }
-
- /**
- * @since OAK 1.0 As of OAK AccessControlManager#hasPrivilege will throw
- * PathNotFoundException in case the node associated with a given path is
- * not readable to the editing session.
- */
- @Test
- public void testGetPrivilegesNotAccessiblePath() throws Exception {
- List<String> notAccessible = new ArrayList();
- notAccessible.add("/");
- notAccessible.addAll(getAcContentPaths());
-
- for (String path : notAccessible) {
- try {
- getTestAccessControlManager().getPrivileges(path);
- fail("AccessControlManager#getPrivileges for node that is not
accessible should fail.");
- } catch (PathNotFoundException e) {
- // success
- }
- }
-
- for (String path : notAccessible) {
- try {
- getTestAccessControlManager().getPrivileges(path,
Collections.singleton(testPrincipal));
- fail("AccessControlManager#getPrivileges for node that is not
accessible should fail.");
- } catch (PathNotFoundException e) {
- // success
- }
- }
-
- }
-
- @Test
public void testTestSessionGetPrivileges() throws Exception {
setupPolicy(testPath);
root.commit();
@@ -719,11 +335,6 @@ public class AccessControlManagerImplTes
}
@Test
- public void testGetRepoPrivileges() throws Exception {
- assertArrayEquals(privilegesFromNames(PrivilegeConstants.JCR_ALL),
acMgr.getPrivileges(null));
- }
-
- @Test
public void testGetPrivilegesForPrincipals() throws Exception {
Set<Principal> adminPrincipals = getPrincipals(adminSession);
Privilege[] expected = privilegesFromNames(PrivilegeConstants.JCR_ALL);
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ACETest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ACETest.java?rev=1784300&r1=1784299&r2=1784300&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ACETest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ACETest.java
Fri Feb 24 17:10:56 2017
@@ -379,7 +379,7 @@ public class ACETest extends AbstractAcc
@Test
public void testGetRestrictionsForMultiValued2() throws Exception {
// single value restriction stored in multi-value property
- Restriction singleNameRestr =
createRestriction(AccessControlConstants.REP_NT_NAMES, new Value[] {nameValue});
+ Restriction singleNameRestr =
createRestriction(AccessControlConstants.REP_NT_NAMES, new Value[]{nameValue});
ACE ace = createEntry(ImmutableSet.of(singleNameRestr));
Value[] vs = ace.getRestrictions(AccessControlConstants.REP_NT_NAMES);
assertEquals(1, vs.length);
@@ -387,6 +387,24 @@ public class ACETest extends AbstractAcc
}
@Test
+ public void testGetRestrictions() throws Exception {
+ Restriction nameRestr =
createRestriction(AccessControlConstants.REP_NT_NAMES, nameValues);
+ Restriction globRestr =
createRestriction(AccessControlConstants.REP_GLOB, globValue);
+
+ Set<Restriction> expected = ImmutableSet.of(nameRestr, globRestr);
+ ACE ace = createEntry(expected);
+
+ assertEquals(expected, ace.getRestrictions());
+ }
+
+ @Test
+ public void testGetRestrictionsNone() throws Exception {
+ ACE ace = createEntry(ImmutableSet.<Restriction>of());
+
+ assertTrue(ace.getRestrictions().isEmpty());
+ }
+
+ @Test
public void testEquals() throws RepositoryException {
Map<AccessControlEntry, AccessControlEntry> equalAces = new
HashMap<AccessControlEntry, AccessControlEntry>();
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlListTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlListTest.java?rev=1784300&r1=1784299&r2=1784300&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlListTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlListTest.java
Fri Feb 24 17:10:56 2017
@@ -31,6 +31,7 @@ import javax.jcr.PropertyType;
import javax.jcr.RepositoryException;
import javax.jcr.security.Privilege;
+import com.google.common.collect.ImmutableList;
import org.apache.jackrabbit.oak.namepath.GlobalNameMapper;
import org.apache.jackrabbit.oak.namepath.LocalNameMapper;
import org.apache.jackrabbit.oak.namepath.NameMapper;
@@ -48,6 +49,7 @@ import static java.util.Collections.sing
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
/**
@@ -77,8 +79,8 @@ public abstract class AbstractAccessCont
}
protected AbstractAccessControlList createACL(@Nullable String jcrPath,
- @Nonnull List<ACE>
entries,
- @Nonnull
NamePathMapper namePathMapper) {
+ @Nonnull List<ACE> entries,
+ @Nonnull NamePathMapper
namePathMapper) {
return createACL(jcrPath, entries, namePathMapper,
getRestrictionProvider());
}
@@ -109,6 +111,12 @@ public abstract class AbstractAccessCont
}
@Test
+ public void testGetNamePathMapper() throws Exception {
+ assertSame(namePathMapper, createEmptyACL().getNamePathMapper());
+ assertSame(NamePathMapper.DEFAULT, createACL(getTestPath(),
ImmutableList.<ACE>of(), NamePathMapper.DEFAULT).getNamePathMapper());
+ }
+
+ @Test
public void testGetPath() {
NameMapper nameMapper = new GlobalNameMapper(
Collections.singletonMap("jr",
"http://jackrabbit.apache.org";));
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManagerTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManagerTest.java?rev=1784300&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManagerTest.java
(added)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManagerTest.java
Fri Feb 24 17:10:56 2017
@@ -0,0 +1,708 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Set;
+import javax.annotation.Nonnull;
+import javax.jcr.AccessDeniedException;
+import javax.jcr.NamespaceRegistry;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.RepositoryException;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.AccessControlPolicy;
+import javax.jcr.security.AccessControlPolicyIterator;
+import javax.jcr.security.Privilege;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
+import org.apache.jackrabbit.JcrConstants;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
+import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.util.NodeUtil;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNotSame;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+public class AbstractAccessControlManagerTest extends
AbstractAccessControlTest {
+
+ public static final String TEST_PREFIX = "jr";
+ public static final String TEST_URI = "http://jackrabbit.apache.org";;
+
+ private final String testName = TEST_PREFIX + ":testRoot";
+ protected final String testPath = '/' + testName;
+
+ protected Principal testPrincipal;
+ protected Privilege[] testPrivileges;
+ protected Root testRoot;
+
+ protected AbstractAccessControlManager acMgr;
+
+ @Override
+ @Before
+ public void before() throws Exception {
+ super.before();
+
+ acMgr = createAccessControlManager(root, getNamePathMapper());
+
+ NodeUtil rootNode = new NodeUtil(root.getTree("/"),
getNamePathMapper());
+ rootNode.addChild(testName, JcrConstants.NT_UNSTRUCTURED);
+ root.commit();
+
+ testPrivileges =
privilegesFromNames(PrivilegeConstants.JCR_ADD_CHILD_NODES,
PrivilegeConstants.JCR_READ);
+ testPrincipal = getTestPrincipal();
+ }
+
+ @After
+ public void after() throws Exception {
+ try {
+ root.refresh();
+ root.getTree(testPath).remove();
+ root.commit();
+
+ if (testRoot != null) {
+ testRoot.getContentSession().close();
+ testRoot = null;
+ }
+ } finally {
+ super.after();
+ }
+ }
+
+ protected AbstractAccessControlManager createAccessControlManager(@Nonnull
Root root, @Nonnull NamePathMapper namePathMapper) {
+ return new TestAcMgr(root, namePathMapper, getSecurityProvider());
+ }
+
+ protected AbstractAccessControlManager getTestAccessControlManager()
throws Exception {
+ return new TestAcMgr(getTestRoot(), getNamePathMapper(),
getSecurityProvider());
+ }
+
+ protected List<String> getAcContentPaths() throws RepositoryException {
+ // TODO: create ac-content paths
+ return ImmutableList.of();
+ }
+
+ protected Root getTestRoot() throws Exception {
+ if (testRoot == null) {
+ testRoot = createTestSession().getLatestRoot();
+ }
+ return testRoot;
+ }
+
+ protected List<String> getInvalidPaths() {
+ List<String> invalid = new ArrayList<String>();
+ invalid.add("");
+ invalid.add("../../jcr:testRoot");
+ invalid.add("jcr:testRoot");
+ invalid.add("jcr:test/Root");
+ invalid.add("./jcr:testRoot");
+ return invalid;
+ }
+
+ protected static Set<Principal> getPrincipals(ContentSession session) {
+ return session.getAuthInfo().getPrincipals();
+ }
+
+ protected static Set<Principal> getEveryonePrincipalSet() {
+ return ImmutableSet.<Principal>of(EveryonePrincipal.getInstance());
+ }
+
+ //--------------------------------------------------- protected methods
>---
+ @Test
+ public void testGetConfig() {
+
assertSame(getSecurityProvider().getConfiguration(AuthorizationConfiguration.class),
acMgr.getConfig());
+ }
+
+ @Test
+ public void testGetRoot() throws Exception {
+ assertSame(root, createAccessControlManager(root,
getNamePathMapper()).getRoot());
+ assertSame(getTestRoot(), createAccessControlManager(getTestRoot(),
getNamePathMapper()).getRoot());
+ }
+
+ @Test
+ public void testGetLatestRoot() throws Exception {
+ assertNotSame(root, createAccessControlManager(root,
getNamePathMapper()).getLatestRoot());
+ assertNotSame(getTestRoot(), createAccessControlManager(getTestRoot(),
getNamePathMapper()).getLatestRoot());
+ }
+
+ @Test
+ public void testGetNamePathMapper() throws Exception {
+ assertSame(getNamePathMapper(), createAccessControlManager(root,
getNamePathMapper()).getNamePathMapper());
+ assertSame(getNamePathMapper(),
createAccessControlManager(getTestRoot(),
getNamePathMapper()).getNamePathMapper());
+ }
+
+ @Test
+ public void testGetPrivilegeManager() throws Exception {
+ PrivilegeManager privMgr = getPrivilegeManager(root);
+ assertNotSame(privMgr, acMgr.getPrivilegeManager());
+ assertEquals(privMgr.getClass().getName(),
acMgr.getPrivilegeManager().getClass().getName());
+ }
+
+ @Test
+ public void testGetOakPathNull() throws Exception {
+ assertNull(acMgr.getOakPath(null));
+ }
+
+ @Test(expected = RepositoryException.class)
+ public void testGetOakPathNotAbsolute() throws Exception {
+ acMgr.getOakPath("a/rel/path");
+ }
+
+ @Test(expected = RepositoryException.class)
+ public void testGetOakPathInvalid() throws Exception {
+ NamePathMapper np = new NamePathMapper.Default() {
+ @Override
+ public String getOakPath(String jcrPath) {
+ // mock failing conversion from jcr to oak path
+ return null;
+ }
+ };
+ createAccessControlManager(root, np).getOakPath("/any/abs/path");
+ }
+
+ //---------------------------------------------< getSupportedPrivileges
>---
+ @Test
+ public void testGetSupportedPrivileges() throws Exception {
+ List<Privilege> allPrivileges =
Arrays.asList(getPrivilegeManager(root).getRegisteredPrivileges());
+
+ List<String> testPaths = new ArrayList<String>();
+ testPaths.add(null);
+ testPaths.add("/");
+ testPaths.add("/jcr:system");
+ testPaths.add(testPath);
+
+ for (String path : testPaths) {
+ Privilege[] supported = acMgr.getSupportedPrivileges(path);
+
+ assertNotNull(supported);
+ assertEquals(allPrivileges.size(), supported.length);
+ assertTrue(allPrivileges.containsAll(Arrays.asList(supported)));
+ }
+ }
+
+ @Test
+ public void testGetSupportedPrivilegesInvalidPath() throws Exception {
+ for (String path : getInvalidPaths()) {
+ try {
+ acMgr.getSupportedPrivileges(path);
+ fail("Expects valid node path, found: " + path);
+ } catch (RepositoryException e) {
+ // success
+ }
+ }
+ }
+
+ @Test
+ public void testGetSupportedPrivilegesPropertyPath() throws Exception {
+ try {
+ acMgr.getSupportedPrivileges("/jcr:primaryType");
+ fail("Property path -> PathNotFoundException expected.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testGetSupportedPrivilegesNonExistingPath() throws Exception {
+ try {
+ acMgr.getSupportedPrivileges("/non/existing/node");
+ fail("Nonexisting node -> PathNotFoundException expected.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ }
+
+ //--------------------------------------------------< privilegeFromName
>---
+ @Test
+ public void testPrivilegeFromName() throws Exception {
+ List<Privilege> allPrivileges =
Arrays.asList(getPrivilegeManager(root).getRegisteredPrivileges());
+ for (Privilege privilege : allPrivileges) {
+ Privilege p = acMgr.privilegeFromName(privilege.getName());
+ assertEquals(privilege, p);
+ }
+ }
+
+ @Test
+ public void testPrivilegeFromInvalidName() throws Exception {
+ List<String> invalid = new ArrayList<String>();
+ invalid.add(null);
+ invalid.add("");
+ invalid.add("test:read");
+
+ for (String privilegeName : invalid) {
+ try {
+ acMgr.privilegeFromName(privilegeName);
+ fail("Invalid privilege name " + privilegeName);
+ } catch (RepositoryException e) {
+ // success
+ }
+ }
+ }
+
+ @Test
+ public void testPrivilegeFromUnknownName() throws Exception {
+ List<String> invalid = new ArrayList<String>();
+ invalid.add("unknownPrivilege");
+ invalid.add('{' + NamespaceRegistry.NAMESPACE_JCR + "}unknown");
+
+ for (String privilegeName : invalid) {
+ try {
+ acMgr.privilegeFromName(privilegeName);
+ fail("Invalid privilege name " + privilegeName);
+ } catch (AccessControlException e) {
+ // success
+ }
+ }
+ }
+
+ //------------------------------------------------------< hasPrivileges
>---
+ @Test
+ public void testHasNullPrivileges() throws Exception {
+ assertTrue(acMgr.hasPrivileges(testPath, null));
+ }
+
+ @Test
+ public void testHasEmptyPrivileges() throws Exception {
+ assertTrue(acMgr.hasPrivileges(testPath, new Privilege[0]));
+ }
+
+ @Test
+ public void testHasPrivilegesForPropertyPath() throws Exception {
+ String propertyPath = "/jcr:primaryType";
+ Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_ALL);
+ try {
+ acMgr.hasPrivileges(propertyPath, privs);
+ fail("AccessControlManager#hasPrivileges for property should
fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+
+ try {
+ acMgr.hasPrivileges(propertyPath, getPrincipals(adminSession),
privs);
+ fail("AccessControlManager#hasPrivileges for property should
fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testHasPrivilegesNonExistingNodePath() throws Exception {
+ String nonExistingPath = "/not/existing";
+ Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_ALL);
+ try {
+ acMgr.hasPrivileges(nonExistingPath, privs);
+ fail("AccessControlManager#hasPrivileges for node that doesn't
exist should fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ try {
+ acMgr.hasPrivileges(nonExistingPath, getPrincipals(adminSession),
privs);
+ fail("AccessControlManager#hasPrivileges for node that doesn't
exist should fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ try {
+ acMgr.hasPrivileges(nonExistingPath, getEveryonePrincipalSet(),
privs);
+ fail("AccessControlManager#hasPrivileges for node that doesn't
exist should fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ try {
+ acMgr.hasPrivileges(nonExistingPath, ImmutableSet.<Principal>of(),
privs);
+ fail("AccessControlManager#hasPrivileges for node that doesn't
exist should fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testHasPrivilegesInvalidPaths() throws Exception {
+ Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_ALL);
+ for (String path : getInvalidPaths()) {
+ try {
+ acMgr.hasPrivileges(path, privs);
+ fail("AccessControlManager#hasPrivileges for node that doesn't
exist should fail.");
+ } catch (RepositoryException e) {
+ // success
+ }
+ }
+ for (String path : getInvalidPaths()) {
+ try {
+ acMgr.hasPrivileges(path, getPrincipals(adminSession), privs);
+ fail("AccessControlManager#hasPrivileges for node that doesn't
exist should fail.");
+ } catch (RepositoryException e) {
+ // success
+ }
+ }
+ for (String path : getInvalidPaths()) {
+ try {
+ acMgr.hasPrivileges(path,
ImmutableSet.<Principal>of(EveryonePrincipal.getInstance()), privs);
+ fail("AccessControlManager#hasPrivileges for node that doesn't
exist should fail.");
+ } catch (RepositoryException e) {
+ // success
+ }
+ }
+ }
+
+ @Test
+ public void testHasPrivilegesAccessControlledNodePath() throws Exception {
+ Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_ALL);
+ for (String path : getAcContentPaths()) {
+ assertTrue(acMgr.hasPrivileges(path, privs));
+ assertTrue(acMgr.hasPrivileges(path, getPrincipals(adminSession),
privs));
+ assertFalse(acMgr.hasPrivileges(path,
ImmutableSet.<Principal>of(EveryonePrincipal.getInstance()), privs));
+ }
+ }
+
+ /**
+ * @since OAK 1.0 As of OAK AccessControlManager#hasPrivilege will throw
+ * PathNotFoundException in case the node associated with a given path is
+ * not readable to the editing session (compatibility with the
specification
+ * which was missing in jackrabbit).
+ */
+ @Test
+ public void testHasPrivilegesNotAccessiblePath() throws Exception {
+ List<String> notAccessible = new ArrayList();
+ notAccessible.add("/");
+ notAccessible.addAll(getAcContentPaths());
+
+ Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_ALL);
+ AbstractAccessControlManager testAcMgr = getTestAccessControlManager();
+ for (String path : notAccessible) {
+ try {
+ testAcMgr.hasPrivileges(path, privs);
+ fail("AccessControlManager#hasPrivileges for node that is not
accessible should fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ }
+ for (String path : notAccessible) {
+ try {
+ testAcMgr.hasPrivileges(path,
getPrincipals(root.getContentSession()), privs);
+ fail("AccessControlManager#hasPrivileges for node that is not
accessible should fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ }
+ for (String path : notAccessible) {
+ try {
+ testAcMgr.hasPrivileges(path,
getPrincipals(getTestRoot().getContentSession()), privs);
+ fail("AccessControlManager#hasPrivileges for node that is not
accessible should fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ }
+ for (String path : notAccessible) {
+ try {
+ testAcMgr.hasPrivileges(path, ImmutableSet.<Principal>of(),
privs);
+ fail("AccessControlManager#hasPrivileges for node that is not
accessible should fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ }
+ }
+
+ @Test
+ public void testHasRepoPrivileges() throws Exception {
+ assertTrue(acMgr.hasPrivileges(null,
privilegesFromNames(PrivilegeConstants.JCR_ALL)));
+ assertTrue(acMgr.hasPrivileges(null, getPrincipals(adminSession),
privilegesFromNames(PrivilegeConstants.JCR_ALL)));
+ }
+
+ @Test
+ public void testHasRepoPrivilegesEmptyPrincipalSet() throws Exception {
+ assertFalse(acMgr.hasPrivileges(null, ImmutableSet.<Principal>of(),
privilegesFromNames(PrivilegeConstants.JCR_ALL)));
+ }
+
+ @Test
+ public void testTestSessionHasRepoPrivileges() throws Exception {
+ AbstractAccessControlManager testAcMgr = getTestAccessControlManager();
+
+ assertFalse(testAcMgr.hasPrivileges(null, testPrivileges));
+ assertFalse(testAcMgr.hasPrivileges(null,
getPrincipals(getTestRoot().getContentSession()), testPrivileges));
+ }
+
+ @Test
+ public void testHasRepoPrivilegesNoAccessToPrincipals() throws Exception {
+ AbstractAccessControlManager testAcMgr = getTestAccessControlManager();
+ // the test-session doesn't have sufficient permissions to read
privilege set for admin session.
+ try {
+ testAcMgr.getPrivileges(null, getPrincipals(adminSession));
+ fail("testSession doesn't have sufficient permission to read
access control information");
+ } catch (AccessDeniedException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testHasRepoPrivilegesForEmptyPrincipalSet() throws Exception {
+ AbstractAccessControlManager testAcMgr = getTestAccessControlManager();
+ // the test-session doesn't have sufficient permissions to read
privilege set.
+ try {
+ testAcMgr.getPrivileges(null, ImmutableSet.<Principal>of());
+ fail("testSession doesn't have sufficient permission to read
access control information");
+ } catch (AccessDeniedException e) {
+ // success
+ }
+ }
+
+ //------------------------------------------------------< getPrivileges
>---
+ @Test
+ public void testGetPrivilegesForPropertyPath() throws Exception {
+ String propertyPath = "/jcr:primaryType";
+ try {
+ acMgr.getPrivileges(propertyPath);
+ fail("AccessControlManager#getPrivileges for property should
fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+
+ try {
+ acMgr.getPrivileges(propertyPath,
Collections.singleton(testPrincipal));
+ fail("AccessControlManager#getPrivileges for property should
fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+
+ try {
+ acMgr.getPrivileges(propertyPath, getPrincipals(adminSession));
+ fail("AccessControlManager#getPrivileges for property should
fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testGetPrivilegesNonExistingNodePath() throws Exception {
+ String nonExistingPath = "/not/existing";
+ try {
+ acMgr.getPrivileges(nonExistingPath);
+ fail("AccessControlManager#getPrivileges for node that doesn't
exist should fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+
+ try {
+ acMgr.getPrivileges(nonExistingPath, getPrincipals(adminSession));
+ fail("AccessControlManager#getPrivileges for node that doesn't
exist should fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+
+ try {
+ acMgr.getPrivileges(nonExistingPath,
Collections.singleton(testPrincipal));
+ fail("AccessControlManager#getPrivileges for node that doesn't
exist should fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+
+ try {
+ acMgr.getPrivileges(nonExistingPath, ImmutableSet.<Principal>of());
+ fail("AccessControlManager#getPrivileges for node that doesn't
exist should fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testGetPrivilegesInvalidPaths() throws Exception {
+ for (String path : getInvalidPaths()) {
+ try {
+ acMgr.getPrivileges(path);
+ fail("AccessControlManager#getPrivileges for node that
doesn't exist should fail.");
+ } catch (RepositoryException e) {
+ // success
+ }
+ }
+
+ for (String path : getInvalidPaths()) {
+ try {
+ acMgr.getPrivileges(path, getPrincipals(adminSession));
+ fail("AccessControlManager#getPrivileges for node that
doesn't exist should fail.");
+ } catch (RepositoryException e) {
+ // success
+ }
+ }
+
+ for (String path : getInvalidPaths()) {
+ try {
+ acMgr.getPrivileges(path,
Collections.singleton(testPrincipal));
+ fail("AccessControlManager#getPrivileges for node that
doesn't exist should fail.");
+ } catch (RepositoryException e) {
+ // success
+ }
+ }
+
+ for (String path : getInvalidPaths()) {
+ try {
+ acMgr.getPrivileges(path, ImmutableSet.<Principal>of());
+ fail("AccessControlManager#getPrivileges for node that
doesn't exist should fail.");
+ } catch (RepositoryException e) {
+ // success
+ }
+ }
+ }
+
+ /**
+ * @since OAK 1.0 As of OAK AccessControlManager#hasPrivilege will throw
+ * PathNotFoundException in case the node associated with a given path is
+ * not readable to the editing session.
+ */
+ @Test
+ public void testGetPrivilegesNotAccessiblePath() throws Exception {
+ List<String> notAccessible = new ArrayList();
+ notAccessible.add("/");
+ notAccessible.addAll(getAcContentPaths());
+
+ for (String path : notAccessible) {
+ try {
+ getTestAccessControlManager().getPrivileges(path);
+ fail("AccessControlManager#getPrivileges for node that is not
accessible should fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ }
+
+ for (String path : notAccessible) {
+ try {
+ getTestAccessControlManager().getPrivileges(path,
getPrincipals(adminSession));
+ fail("AccessControlManager#getPrivileges for node that is not
accessible should fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ }
+
+ for (String path : notAccessible) {
+ try {
+ getTestAccessControlManager().getPrivileges(path,
Collections.singleton(testPrincipal));
+ fail("AccessControlManager#getPrivileges for node that is not
accessible should fail.");
+ } catch (PathNotFoundException e) {
+ // success
+ }
+ }
+
+ }
+
+ @Test
+ public void testGetPrivilegesAccessControlledNodePath() throws Exception {
+ Privilege[] expected = privilegesFromNames(PrivilegeConstants.JCR_ALL);
+ for (String path : getAcContentPaths()) {
+ assertArrayEquals(expected, acMgr.getPrivileges(path));
+ assertArrayEquals(expected, acMgr.getPrivileges(path,
getPrincipals(adminSession)));
+ }
+ }
+
+ @Test
+ public void testGetPrivilegesForPrincipalsAccessControlledNodePath()
throws Exception {
+ Set<Principal> testPrincipals = ImmutableSet.of(testPrincipal);
+ Privilege[] expected = new Privilege[0];
+ for (String path : getAcContentPaths()) {
+ assertArrayEquals(expected, acMgr.getPrivileges(path,
testPrincipals));
+ }
+ }
+
+ @Test
+ public void testGetPrivilegesForNoPrincipalsAccessControlledNodePath()
throws Exception {
+ Privilege[] expected = new Privilege[0];
+ for (String path : getAcContentPaths()) {
+ assertArrayEquals(expected, acMgr.getPrivileges(path,
ImmutableSet.<Principal>of()));
+ }
+ }
+
+ @Test
+ public void testGetRepoPrivileges() throws Exception {
+ assertArrayEquals(privilegesFromNames(PrivilegeConstants.JCR_ALL),
acMgr.getPrivileges(null));
+ assertArrayEquals(privilegesFromNames(PrivilegeConstants.JCR_ALL),
acMgr.getPrivileges(null, getPrincipals(adminSession)));
+ }
+
+ @Test
+ public void testGetRepoPrivilegesEveryonePrincipalSet() throws Exception {
+ assertArrayEquals(new Privilege[0], acMgr.getPrivileges(null,
getEveryonePrincipalSet()));
+ }
+
+ @Test
+ public void testGetRepoPrivilegesEmptyPrincipalSet() throws Exception {
+ assertArrayEquals(new Privilege[0], acMgr.getPrivileges(null,
ImmutableSet.<Principal>of()));
+ }
+
+ private final class TestAcMgr extends AbstractAccessControlManager {
+
+ protected TestAcMgr(@Nonnull Root root, @Nonnull NamePathMapper
namePathMapper, @Nonnull SecurityProvider securityProvider) {
+ super(root, namePathMapper, securityProvider);
+ }
+
+ @Override
+ public JackrabbitAccessControlPolicy[] getApplicablePolicies(Principal
principal) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public JackrabbitAccessControlPolicy[] getPolicies(Principal
principal) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public AccessControlPolicy[] getEffectivePolicies(Set<Principal> set) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public AccessControlPolicy[] getPolicies(String absPath) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public AccessControlPolicy[] getEffectivePolicies(String absPath) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public AccessControlPolicyIterator getApplicablePolicies(String
absPath) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public void setPolicy(String absPath, AccessControlPolicy policy) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public void removePolicy(String absPath, AccessControlPolicy policy) {
+ throw new UnsupportedOperationException();
+ }
+ }
+}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlTest.java?rev=1784300&r1=1784299&r2=1784300&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlTest.java
Fri Feb 24 17:10:56 2017
@@ -82,13 +82,13 @@ public abstract class AbstractAccessCont
private final class TestACE extends ACE {
- private TestACE(Principal principal, PrivilegeBits privilegeBits, boolean
isAllow, Set<Restriction> restrictions) throws AccessControlException {
- super(principal, privilegeBits, isAllow, restrictions,
getNamePathMapper());
- }
+ private TestACE(Principal principal, PrivilegeBits privilegeBits,
boolean isAllow, Set<Restriction> restrictions) throws AccessControlException {
+ super(principal, privilegeBits, isAllow, restrictions,
getNamePathMapper());
+ }
- @Override
- public Privilege[] getPrivileges() {
- Set<Privilege> privileges = new HashSet<Privilege>();
+ @Override
+ public Privilege[] getPrivileges() {
+ Set<Privilege> privileges = new HashSet<Privilege>();
for (String name :
bitsProvider.getPrivilegeNames(getPrivilegeBits())) {
try {
privileges.add(getPrivilegeManager(root).getPrivilege(name));
@@ -97,7 +97,6 @@ public abstract class AbstractAccessCont
}
}
return privileges.toArray(new Privilege[privileges.size()]);
+ }
}
}
-
-}
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java?rev=1784300&r1=1784299&r2=1784300&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java
Fri Feb 24 17:10:56 2017
@@ -163,7 +163,12 @@ public class ImmutableACLTest extends Ab
ACE ace2b = createEntry(testPrincipal,
getAggregatedPrivileges(testPrivileges), true);
JackrabbitAccessControlList acl = createACL(ace1, ace2);
+ assertTrue(acl instanceof ImmutableACL);
+ assertEquals(acl, acl);
+
JackrabbitAccessControlList repoAcl = createACL((String) null, ace1,
ace2);
+ assertTrue(repoAcl instanceof ImmutableACL);
+ assertEquals(repoAcl, repoAcl);
assertEquals(acl, createACL(ace1, ace2));
assertEquals(acl, createACL(ace1, ace2b));
