Author: angela
Date: Wed May 3 07:12:31 2017
New Revision: 1793619
URL: http://svn.apache.org/viewvc?rev=1793619&view=rev
Log:
OAK-6152 : AccessControlImporter doesn't handle multivalued restrictions
OAK-5882 : Improve coverage for oak.security code in oak-core (wip)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporter.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBaseTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporter.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporter.java?rev=1793619&r1=1793618&r2=1793619&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporter.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporter.java
Wed May 3 07:12:31 2017
@@ -23,6 +23,7 @@ import java.util.List;
import java.util.Map;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
import javax.jcr.PropertyType;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
@@ -206,7 +207,8 @@ public class AccessControlImporter imple
Tree parent = tree.getParent();
if (AccessControlConstants.REP_POLICY.equals(nodeName)
&& ntMgr.isNodeType(tree,
AccessControlConstants.NT_REP_ACL)) {
- acList = getACL(parent.getPath());
+ String path = parent.getPath();
+ acList = getACL(path);
} else if (AccessControlConstants.REP_REPO_POLICY.equals(nodeName)
&& ntMgr.isNodeType(tree,
AccessControlConstants.NT_REP_ACL)
&& parent.isRoot()) {
@@ -225,7 +227,7 @@ public class AccessControlImporter imple
}
@CheckForNull
- private JackrabbitAccessControlList getACL(String path) throws
RepositoryException {
+ private JackrabbitAccessControlList getACL(@Nullable String path) throws
RepositoryException {
JackrabbitAccessControlList acList = null;
for (AccessControlPolicy p : acMgr.getPolicies(path)) {
if (p instanceof JackrabbitAccessControlList) {
@@ -243,7 +245,8 @@ public class AccessControlImporter imple
private Principal principal;
private List<Privilege> privileges = new ArrayList();
- private Map<String, Value> restrictions = new HashMap<String, Value>();
+ private Map<String, Value> restrictions = new HashMap();
+ private Map<String, Value[]> mvRestrictions = new HashMap();
private boolean ignore;
@@ -278,7 +281,12 @@ public class AccessControlImporter imple
private void addRestriction(PropInfo propInfo) throws
RepositoryException {
String restrictionName = propInfo.getName();
int targetType = acl.getRestrictionType(restrictionName);
- restrictions.put(propInfo.getName(),
propInfo.getValue(targetType));
+ List<Value> values = propInfo.getValues(targetType);
+ if (values.size() == 1) {
+ restrictions.put(propInfo.getName(), values.get(0));
+ } else {
+ mvRestrictions.put(propInfo.getName(), values.toArray(new
Value[values.size()]));
+ }
}
private void addRestrictions(List<PropInfo> propInfos) throws
RepositoryException {
@@ -290,7 +298,7 @@ public class AccessControlImporter imple
private void applyTo(JackrabbitAccessControlList acl) throws
RepositoryException {
checkNotNull(acl);
if (!ignore) {
- acl.addEntry(principal, privileges.toArray(new
Privilege[privileges.size()]), isAllow, restrictions);
+ acl.addEntry(principal, privileges.toArray(new
Privilege[privileges.size()]), isAllow, restrictions, mvRestrictions);
} else {
log.debug("Unknown principal: Ignore ACE based on
ImportBehavior.IGNORE configuration.");
}
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBaseTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBaseTest.java?rev=1793619&r1=1793618&r2=1793619&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBaseTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBaseTest.java
Wed May 3 07:12:31 2017
@@ -29,6 +29,8 @@ import javax.jcr.security.AccessControlE
import javax.jcr.security.AccessControlManager;
import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Lists;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
@@ -52,6 +54,7 @@ import org.apache.jackrabbit.oak.util.Tr
import org.junit.Test;
import org.mockito.Mockito;
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.when;
@@ -71,7 +74,6 @@ public abstract class AccessControlImpor
public void before() throws Exception {
super.before();
-
Tree t = root.getTree(PathUtils.ROOT_PATH).addChild("testNode");
t.setProperty(JcrConstants.JCR_PRIMARYTYPE,
NodeTypeConstants.NT_OAK_UNSTRUCTURED, Type.NAME);
@@ -351,4 +353,89 @@ public abstract class AccessControlImpor
assertFalse(aclTree.getChildren().iterator().hasNext());
}
+ //------------------------------------------------< complete acl import
>---
+ @Test
+ public void testImportSimple() throws Exception {
+ String principalName = getTestUser().getPrincipal().getName();
+ PropInfo principalInfo = new PropInfo(REP_PRINCIPAL_NAME,
PropertyType.STRING, createTextValue(principalName));
+ PropInfo privInfo = new PropInfo(REP_PRIVILEGES, PropertyType.NAME,
createTextValues(PrivilegeConstants.JCR_READ,
PrivilegeConstants.JCR_ADD_CHILD_NODES));
+
+ init();
+ importer.start(aclTree);
+ importer.startChildInfo(aceInfo, ImmutableList.of(principalInfo,
privInfo));
+ importer.endChildInfo();
+ importer.end(aclTree);
+
+ assertTrue(aclTree.getChildren().iterator().hasNext());
+ Tree aceTree = aclTree.getChildren().iterator().next();
+
+ assertEquals(principalName, TreeUtil.getString(aceTree,
REP_PRINCIPAL_NAME));
+ assertEquals(
+ ImmutableSet.of(PrivilegeConstants.JCR_READ,
PrivilegeConstants.JCR_ADD_CHILD_NODES),
+ ImmutableSet.copyOf(TreeUtil.getNames(aceTree,
REP_PRIVILEGES)));
+ assertFalse(aceTree.hasChild(REP_RESTRICTIONS));
+ }
+
+ @Test
+ public void testImportWithRestrictions() throws Exception {
+ String principalName = getTestUser().getPrincipal().getName();
+
+ PropInfo principalInfo = new PropInfo(REP_PRINCIPAL_NAME,
PropertyType.STRING, createTextValue(principalName));
+ PropInfo privInfo = new PropInfo(REP_PRIVILEGES, PropertyType.NAME,
createTextValues(PrivilegeConstants.JCR_READ,
PrivilegeConstants.JCR_ADD_CHILD_NODES));
+ // single value restriction
+ PropInfo globInfo = new PropInfo(REP_GLOB, PropertyType.STRING,
createTextValue("/*"));
+ // mv restriction
+ PropInfo ntNamesInfo = new PropInfo(REP_NT_NAMES, PropertyType.NAME,
createTextValues(NodeTypeConstants.NT_OAK_RESOURCE,
NodeTypeConstants.NT_OAK_RESOURCE));
+ // mv restriction with singular value
+ PropInfo itemNamesInfo = new PropInfo(REP_ITEM_NAMES,
PropertyType.NAME, createTextValue("itemName"));
+
+ init();
+ importer.start(aclTree);
+ importer.startChildInfo(aceInfo, ImmutableList.of(principalInfo,
privInfo, globInfo, ntNamesInfo, itemNamesInfo));
+ importer.endChildInfo();
+ importer.end(aclTree);
+
+ assertImport(aclTree, principalName);
+ }
+
+ @Test
+ public void testImportWithRestrictionNodeInfo() throws Exception {
+ String principalName = getTestUser().getPrincipal().getName();
+
+ PropInfo principalInfo = new PropInfo(REP_PRINCIPAL_NAME,
PropertyType.STRING, createTextValue(principalName));
+ PropInfo privInfo = new PropInfo(REP_PRIVILEGES, PropertyType.NAME,
createTextValues(PrivilegeConstants.JCR_READ,
PrivilegeConstants.JCR_ADD_CHILD_NODES));
+ // single value restriction
+ PropInfo globInfo = new PropInfo(REP_GLOB, PropertyType.STRING,
createTextValue("/*"));
+ // mv restriction
+ PropInfo ntNamesInfo = new PropInfo(REP_NT_NAMES, PropertyType.NAME,
createTextValues(NodeTypeConstants.NT_OAK_RESOURCE,
NodeTypeConstants.NT_OAK_RESOURCE));
+ // mv restriction with singular value
+ PropInfo itemNamesInfo = new PropInfo(REP_ITEM_NAMES,
PropertyType.NAME, createTextValue("itemName"));
+
+ init();
+ importer.start(aclTree);
+ importer.startChildInfo(aceInfo, ImmutableList.of(principalInfo,
privInfo));
+ importer.startChildInfo(restrInfo, ImmutableList.of(globInfo,
ntNamesInfo, itemNamesInfo));
+ importer.endChildInfo();
+ importer.endChildInfo();
+ importer.end(aclTree);
+
+ assertImport(aclTree, principalName);
+ }
+
+ private static void assertImport(@Nonnull Tree aclTree, @Nonnull String
principalName) {
+ assertTrue(aclTree.getChildren().iterator().hasNext());
+ Tree aceTree = aclTree.getChildren().iterator().next();
+
+ assertEquals(principalName, TreeUtil.getString(aceTree,
REP_PRINCIPAL_NAME));
+ assertEquals(
+ ImmutableSet.of(PrivilegeConstants.JCR_READ,
PrivilegeConstants.JCR_ADD_CHILD_NODES),
+ ImmutableSet.copyOf(TreeUtil.getNames(aceTree,
REP_PRIVILEGES)));
+
+ assertTrue(aceTree.hasChild(REP_RESTRICTIONS));
+
+ Tree restrTree = aceTree.getChild(REP_RESTRICTIONS);
+ assertEquals("/*", TreeUtil.getString(restrTree, REP_GLOB));
+ assertEquals(Lists.newArrayList(NodeTypeConstants.NT_OAK_RESOURCE,
NodeTypeConstants.NT_OAK_RESOURCE),
restrTree.getProperty(REP_NT_NAMES).getValue(Type.NAMES));
+ assertEquals(Lists.newArrayList("itemName"),
restrTree.getProperty(REP_ITEM_NAMES).getValue(Type.NAMES));
+ }
}
\ No newline at end of file
