Author: jvazquez
Date: Fri Mar 20 09:52:01 2009
New Revision: 756393
URL: http://svn.apache.org/viewvc?rev=756393&view=rev
Log:
SLING-879: New Bundle to provide actions for interacting with the jackrabbit
AccessManager
https://issues.apache.org/jira/browse/SLING-879
Applied integration tests about jackrabbit access manager integration
Added:
incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/
incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/
incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/
incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/
incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/ace.html.esp
incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/acl.html.esp
incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/
incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java
incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java
incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/RemoveAcesTest.java
Modified:
incubator/sling/trunk/launchpad/bundles/pom.xml
Modified: incubator/sling/trunk/launchpad/bundles/pom.xml
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/launchpad/bundles/pom.xml?rev=756393&r1=756392&r2=756393&view=diff
==============================================================================
--- incubator/sling/trunk/launchpad/bundles/pom.xml (original)
+++ incubator/sling/trunk/launchpad/bundles/pom.xml Fri Mar 20 09:52:01 2009
@@ -163,6 +163,12 @@
<scope>provided</scope>
</dependency>
<dependency>
+ <groupId>org.apache.sling</groupId>
+
<artifactId>org.apache.sling.jcr.jackrabbit.accessmanager</artifactId>
+ <version>2.0.0-incubator-SNAPSHOT</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
<groupId>org.apache.jackrabbit</groupId>
<artifactId>jackrabbit-jcr-commons</artifactId>
<version>1.5.0</version>
@@ -408,7 +414,7 @@
</goals>
<configuration>
<includeArtifactIds>
-
org.apache.sling.jcr.api,org.apache.sling.jcr.base,jackrabbit-api,org.apache.sling.jcr.jackrabbit.server,org.apache.sling.jcr.jackrabbit.usermanager,jackrabbit-jcr-commons,commons-io,commons-collections,commons-lang,org.apache.sling.commons.osgi,org.apache.sling.commons.mime,org.apache.sling.jcr.webdav
+
org.apache.sling.jcr.api,org.apache.sling.jcr.base,jackrabbit-api,org.apache.sling.jcr.jackrabbit.server,org.apache.sling.jcr.jackrabbit.usermanager,org.apache.sling.jcr.jackrabbit.accessmanager,jackrabbit-jcr-commons,commons-io,commons-collections,commons-lang,org.apache.sling.commons.osgi,org.apache.sling.commons.mime,org.apache.sling.jcr.webdav
</includeArtifactIds>
<excludeTransitive>true</excludeTransitive>
Added:
incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/ace.html.esp
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/ace.html.esp?rev=756393&view=auto
==============================================================================
---
incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/ace.html.esp
(added)
+++
incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/ace.html.esp
Fri Mar 20 09:52:01 2009
@@ -0,0 +1,117 @@
+<%
+ var privilegesInfo = new
Packages.org.apache.sling.jcr.jackrabbit.accessmanager.PrivilegesInfo();
+ if (!privilegesInfo.canReadAccessControl(currentNode)) {
+ //no rights to view the access control of the node, so just return a 404
status
+ response.sendError(404);
+ } else {
+ var principalId = request.getParameter("pid");
+ var isUser = false;
+ var isValidPrincipal = false;
+ if (principalId != null && principalId != "") {
+ var userManager =
Packages.org.apache.sling.jcr.base.util.AccessControlUtil.getUserManager(currentNode.session);
+ if (userManager != null) {
+ var authorizable = userManager.getAuthorizable(principalId);
+ if (authorizable != null) {
+ isUser = !authorizable.isGroup();
+ isValidPrincipal = true;
+ } else {
+ //no user/group matches the supplied principal id
+ }
+ }
+ }
+%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
+<html xml:lang="en" lang="en"
+ xmlns="http://www.w3.org/1999/xhtml";
+>
+<head>
+ <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+ <title>Access Control Entry : <%=currentNode.name%></title>
+
+ <style TYPE="text/css">
+ <!--
+ ul.error-msg {
+ list-style-position: inside;
+ list-style-type: none;
+ }
+ li.error-msg {
+ color: #c00;
+ background-color: #fee;
+ border: 1px solid #c00;
+ margin: 3px;
+ padding: 4px;
+ line-height: 18px;
+ font-weight: bold;
+ }
+ -->
+ </style>
+</head>
+<body>
+ <%
+ if (!isValidPrincipal) {
+ %>
+ <ul class="error-msg">
+ <li class="error-msg">Invalid principal name: "<%=principalId%>"</li>
+ </ul>
+ <%
+ } else {
+ //principal is valid
+ var accessRights =
privilegesInfo.getDeclaredAccessRightsForPrincipal(currentNode, principalId);
+ var granted = accessRights.getGranted();
+ var denied = accessRights.getDenied();
+ var supported = privilegesInfo.getSupportedPrivileges(currentNode);
+ var canModify = privilegesInfo.canModifyAccessControl(currentNode);
+ %>
+
+ <h1>Modify Access Control Entry For: <%=principalId%></h1>
+
+ <form method="POST"
action="<%=request.contextPath%><%=currentNode.path%>.modifyAce.html" >
+ <input type="hidden" name=":redirect"
value="<%=request.contextPath%><%=currentNode.path%>.acl.html" />
+ <input type="hidden" name="principalId" value="<%=principalId%>" />
+
+ <table width="100%">
+ <thead>
+ <tr>
+ <th align="left" width="<%=isUser ? '70%' :
'55%'%>">Privilege</th>
+ <th align="center" width="15%">Ignored</th>
+ <th align="center" width="15%">Granted</th>
+ <% if (isUser) { %>
+ <th align="center" width="15%">Denied</th>
+ <% } %>
+ </tr>
+ </thead>
+ <tbody>
+ <%
+ for (i=0; i < supported.length; i++) {
+ var p = supported[i];
+ %>
+ <tr>
+ <td align="left" width="<%=isUser ? '70%' :
'55%'%>"><%=p.getName()%></td>
+ <td align="center" width="15%"><input type="radio"
name="privilege@<%=p.getName()%>" value="" <%=granted.contains(p) ||
denied.contains(p) ? "" : "checked"%> /></td>
+ <td align="center" width="15%"><input type="radio"
name="privilege@<%=p.getName()%>" value="granted" <%=granted.contains(p) ?
"checked" : ""%> /></td>
+ <% if (isUser) { %>
+ <td align="center" width="15%"><input type="radio"
name="privilege@<%=p.getName()%>" value="denied" <%=denied.contains(p) ?
"checked" : ""%> /></td>
+ <% } %>
+ </tr>
+ <%
+ }
+ %>
+ </tbody>
+ <tfoot>
+ <tr>
+ <td colspan="<%=isUser ? '3' : '2'%>"></td>
+ <td align="center" width="15%">
+ <button accesskey="a" id="applyButton"
class="form-button" type="submit">Apply</button>
+ </td>
+ </tr>
+ </tfoot>
+ </table>
+ </form>
+ <%
+ } //end-if isValidPrincipal
+ %>
+</body>
+</html>
+<%
+ }
+%>
\ No newline at end of file
Added:
incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/acl.html.esp
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/acl.html.esp?rev=756393&view=auto
==============================================================================
---
incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/acl.html.esp
(added)
+++
incubator/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/acl.html.esp
Fri Mar 20 09:52:01 2009
@@ -0,0 +1,93 @@
+<%
+ var privilegesInfo = new
Packages.org.apache.sling.jcr.jackrabbit.accessmanager.PrivilegesInfo();
+ if (!privilegesInfo.canReadAccessControl(currentNode)) {
+ //no rights to view the access control of the node, so just return a 404
status
+ response.sendError(404);
+ } else {
+ var canModify = privilegesInfo.canModifyAccessControl(currentNode);
+%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
+<html xml:lang="en" lang="en"
+ xmlns="http://www.w3.org/1999/xhtml";
+>
+<head>
+ <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+ <title>Access Control List : <%=currentNode.name%></title>
+</head>
+
+<body>
+
+ <h1>Manage Access Control For: <%=currentNode.path%></h1>
+
+ <% if (canModify) { %>
+ <fieldset>
+ <legend>Add an entry for a user or group</legend>
+ <form method="GET"
action="<%=request.contextPath%><%=currentNode.path%>.ace.html">
+ <label for="addpid">Principal Name:</label>
+ <input id="addpid" type="text" name="pid" value="" />
+ <input type="submit" value="Add"/>
+ </form>
+ </fieldset>
+ <% } %>
+
+ <fieldset>
+ <legend>Current access control entries</legend>
+
+ <form method="POST"
action="<%=request.contextPath%><%=currentNode.path%>.deleteAce.html" >
+ <input type="hidden" name=":redirect"
value="<%=request.contextPath%>" />
+
+ <table width="100%">
+ <thead>
+ <tr>
+ <th align="left" width="60%">Principal</th>
+ <th align="center" width="25%">Privileges</th>
+ <th align="center" width="15%"><% if (canModify) {
%>Remove<% } %></th>
+ </tr>
+ </thead>
+ <tbody>
+ <%
+ var accessMap =
privilegesInfo.getDeclaredAccessRights(currentNode);
+ var entrySet = accessMap.entrySet();
+ var iterator = entrySet.iterator();
+ while (iterator.hasNext()) {
+ var entry = iterator.next();
+ var principal = entry.getKey();
+ var accessrights = entry.getValue();
+ %>
+ <tr>
+ <td align="left" width="60%" >
+ <% if (canModify) { %>
+ <a
href="<%=request.contextPath%><%=currentNode.path%>.ace.html?pid=<%=principal.getName()%>">
+ <%=principal.getName()%>
+ </a>
+ <% } else { %>
+ <%=principal.getName()%>
+ <% } %>
+ </td>
+ <td align="center" width="25%" >
+
<%=accessrights.getPrivilegeSetDisplayName(request.locale)%>
+ </td>
+ <td align="center" width="15%">
+ <% if (canModify) { %>
+ <input type="checkbox" name=":applyTo"
value="<%=principal.getName()%>" />
+ <% } %>
+ </td>
+ </tr>
+ <%
+ }
+ %>
+ </tbody>
+ <tfoot>
+ <tr>
+ <td colspan="2"></td>
+ <td align="center"><input type="submit" value="Remove
Selected" /></td>
+ </tr>
+ </tfoot>
+ </table>
+ </form>
+ </fieldset>
+</body>
+</html>
+<%
+ }
+%>
Added:
incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java?rev=756393&view=auto
==============================================================================
---
incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java
(added)
+++
incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java
Fri Mar 20 09:52:01 2009
@@ -0,0 +1,196 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sling.launchpad.webapp.integrationtest.accessManager;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.httpclient.Credentials;
+import org.apache.commons.httpclient.Header;
+import org.apache.commons.httpclient.HttpException;
+import org.apache.commons.httpclient.NameValuePair;
+import org.apache.commons.httpclient.UsernamePasswordCredentials;
+import org.apache.commons.httpclient.auth.AuthScope;
+import org.apache.commons.httpclient.methods.GetMethod;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.sling.commons.testing.integration.HttpTestBase;
+import org.apache.sling.servlets.post.SlingPostConstants;
+
+/**
+ * Base class for AccessManager tests.
+ */
+public abstract class AbstractAccessManagerTest extends HttpTestBase {
+
+ public static final String TEST_BASE_PATH = "/sling-tests";
+
+ /** Execute a POST request and check status */
+ protected void assertAuthenticatedPostStatus(Credentials creds, String
url, int expectedStatusCode, List<NameValuePair> postParams, String
assertMessage)
+ throws IOException {
+ final PostMethod post = new PostMethod(url);
+ post.setFollowRedirects(false);
+
+ URL baseUrl = new URL(HTTP_BASE_URL);
+ AuthScope authScope = new AuthScope(baseUrl.getHost(),
baseUrl.getPort(), AuthScope.ANY_REALM);
+ post.setDoAuthentication(true);
+ Credentials oldCredentials =
httpClient.getState().getCredentials(authScope);
+ try {
+ httpClient.getState().setCredentials(authScope, creds);
+
+ if(postParams!=null) {
+ final NameValuePair [] nvp = {};
+ post.setRequestBody(postParams.toArray(nvp));
+ }
+
+ final int status = httpClient.executeMethod(post);
+ if(assertMessage == null) {
+ assertEquals(expectedStatusCode, status);
+ } else {
+ assertEquals(assertMessage, expectedStatusCode, status);
+ }
+ } finally {
+ httpClient.getState().setCredentials(authScope, oldCredentials);
+ }
+ }
+
+ /** Verify that given URL returns expectedStatusCode
+ * @throws IOException */
+ protected void assertAuthenticatedHttpStatus(Credentials creds, String
urlString, int expectedStatusCode, String assertMessage) throws IOException {
+ URL baseUrl = new URL(HTTP_BASE_URL);
+ AuthScope authScope = new AuthScope(baseUrl.getHost(),
baseUrl.getPort(), AuthScope.ANY_REALM);
+ GetMethod getMethod = new GetMethod(urlString);
+ getMethod.setDoAuthentication(true);
+
+ Credentials oldCredentials =
httpClient.getState().getCredentials(authScope);
+ try {
+ httpClient.getState().setCredentials(authScope, creds);
+
+ final int status = httpClient.executeMethod(getMethod);
+ if(assertMessage == null) {
+ assertEquals(urlString,expectedStatusCode, status);
+ } else {
+ assertEquals(assertMessage, expectedStatusCode, status);
+ }
+ } finally {
+ httpClient.getState().setCredentials(authScope, oldCredentials);
+ }
+ }
+
+
+ /** retrieve the contents of given URL and assert its content type
+ * @param expectedContentType use CONTENT_TYPE_DONTCARE if must not be
checked
+ * @throws IOException
+ * @throws HttpException */
+ protected String getAuthenticatedContent(Credentials creds, String url,
String expectedContentType, List<NameValuePair> params, int expectedStatusCode)
throws IOException {
+ final GetMethod get = new GetMethod(url);
+
+ URL baseUrl = new URL(HTTP_BASE_URL);
+ AuthScope authScope = new AuthScope(baseUrl.getHost(),
baseUrl.getPort(), AuthScope.ANY_REALM);
+ get.setDoAuthentication(true);
+ Credentials oldCredentials =
httpClient.getState().getCredentials(authScope);
+ try {
+ httpClient.getState().setCredentials(authScope, creds);
+
+ if(params != null) {
+ final NameValuePair [] nvp = new NameValuePair[0];
+ get.setQueryString(params.toArray(nvp));
+ }
+ final int status = httpClient.executeMethod(get);
+ final InputStream is = get.getResponseBodyAsStream();
+ final StringBuffer content = new StringBuffer();
+ final String charset = get.getResponseCharSet();
+ final byte [] buffer = new byte[16384];
+ int n = 0;
+ while( (n = is.read(buffer, 0, buffer.length)) > 0) {
+ content.append(new String(buffer, 0, n, charset));
+ }
+ assertEquals("Expected status " + expectedStatusCode + " for "
+ url + " (content=" + content + ")",
+ expectedStatusCode,status);
+ final Header h = get.getResponseHeader("Content-Type");
+ if(expectedContentType == null) {
+ if(h!=null) {
+ fail("Expected null Content-Type, got " + h.getValue());
+ }
+ } else if(CONTENT_TYPE_DONTCARE.equals(expectedContentType)) {
+ // no check
+ } else if(h==null) {
+ fail(
+ "Expected Content-Type that starts with '" +
expectedContentType
+ +" but got no Content-Type header at " + url
+ );
+ } else {
+ assertTrue(
+ "Expected Content-Type that starts with '" +
expectedContentType
+ + "' for " + url + ", got '" + h.getValue() + "'",
+ h.getValue().startsWith(expectedContentType)
+ );
+ }
+ return content.toString();
+
+ } finally {
+ httpClient.getState().setCredentials(authScope, oldCredentials);
+ }
+ }
+
+
+ protected static int counter = 1;
+
+ protected String createTestUser() throws IOException {
+ String postUrl = HTTP_BASE_URL +
"/system/userManager/user.create.html";
+
+ String testUserId = "testUser" + (counter++);
+ List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair(":name", testUserId));
+ postParams.add(new NameValuePair("pwd", "testPwd"));
+ postParams.add(new NameValuePair("pwdConfirm", "testPwd"));
+ assertPostStatus(postUrl, HttpServletResponse.SC_OK,
postParams, null);
+
+ return testUserId;
+ }
+
+ protected String createTestGroup() throws IOException {
+ String postUrl = HTTP_BASE_URL +
"/system/userManager/group.create.html";
+
+ String testGroupId = "testGroup" + (counter++);
+ List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair(":name", testGroupId));
+
+ //success would be a redirect to the welcome page of the webapp
+ Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+
+ return testGroupId;
+ }
+
+ protected String createTestFolder() throws IOException {
+ String postUrl = HTTP_BASE_URL + TEST_BASE_PATH + "/" + "testFolder" +
(counter++);
+
+ final String location = testClient.createNode(postUrl +
SlingPostConstants.DEFAULT_CREATE_SUFFIX, null);
+ assertHttpStatus(location + DEFAULT_EXT, HttpServletResponse.SC_OK,
+ "POST must redirect to created resource (" + location + ")");
+ assertTrue("Node (" + location + ") must have generated name",
+ !location.endsWith("/*"));
+ assertTrue("Node (" + location + ") must created be under POST URL ("
+ postUrl + ")",
+ location.contains(postUrl + "/"));
+
+ return location;
+ }
+}
Added:
incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java?rev=756393&view=auto
==============================================================================
---
incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java
(added)
+++
incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java
Fri Mar 20 09:52:01 2009
@@ -0,0 +1,140 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sling.launchpad.webapp.integrationtest.accessManager;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.httpclient.Credentials;
+import org.apache.commons.httpclient.NameValuePair;
+import org.apache.commons.httpclient.UsernamePasswordCredentials;
+import org.apache.sling.commons.json.JSONArray;
+import org.apache.sling.commons.json.JSONException;
+import org.apache.sling.commons.json.JSONObject;
+
+/**
+ * Tests for the 'modifyAce' Sling Post Operation
+ */
+public class ModifyAceTest extends AbstractAccessManagerTest {
+
+ String testUserId = null;
+ String testGroupId = null;
+ String testFolderUrl = null;
+
+ @Override
+ protected void tearDown() throws Exception {
+ super.tearDown();
+
+ Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
+
+ if (testFolderUrl != null) {
+ //remove the test user if it exists.
+ String postUrl = testFolderUrl;
+ List<NameValuePair> postParams = new
ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair(":operation",
"delete"));
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+ }
+ if (testGroupId != null) {
+ //remove the test user if it exists.
+ String postUrl = HTTP_BASE_URL +
"/system/userManager/group/" + testGroupId + ".delete.html";
+ List<NameValuePair> postParams = new
ArrayList<NameValuePair>();
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+ }
+ if (testUserId != null) {
+ //remove the test user if it exists.
+ String postUrl = HTTP_BASE_URL +
"/system/userManager/user/" + testUserId + ".delete.html";
+ List<NameValuePair> postParams = new
ArrayList<NameValuePair>();
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+ }
+ }
+
+ public void testModifyAceForUser() throws IOException, JSONException {
+ testUserId = createTestUser();
+
+ testFolderUrl = createTestFolder();
+
+ String postUrl = testFolderUrl + ".modifyAce.html";
+
+ List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair("principalId", testUserId));
+ postParams.add(new NameValuePair("privil...@jcr:read",
"granted"));
+ postParams.add(new NameValuePair("privil...@jcr:write",
"denied"));
+
+ Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+
+
+ //fetch the JSON for the acl to verify the settings.
+ String getUrl = testFolderUrl + ".acl.json";
+
+ String json = getAuthenticatedContent(creds, getUrl,
CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
+ assertNotNull(json);
+ JSONObject jsonObj = new JSONObject(json);
+ String aceString = jsonObj.getString(testUserId);
+ assertNotNull(aceString);
+
+ JSONObject aceObject = new JSONObject(aceString);
+ assertNotNull(aceObject);
+
+ JSONArray grantedArray = aceObject.getJSONArray("granted");
+ assertNotNull(grantedArray);
+ assertEquals("jcr:read", grantedArray.getString(0));
+
+ JSONArray deniedArray = aceObject.getJSONArray("denied");
+ assertNotNull(deniedArray);
+ assertEquals("jcr:write", deniedArray.getString(0));
+ }
+
+ public void testModifyAceForGroup() throws IOException, JSONException {
+ testGroupId = createTestGroup();
+
+ testFolderUrl = createTestFolder();
+
+ String postUrl = testFolderUrl + ".modifyAce.html";
+
+ List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair("principalId", testGroupId));
+ postParams.add(new NameValuePair("privil...@jcr:read",
"granted"));
+ postParams.add(new NameValuePair("privil...@jcr:write",
"denied"));
+
+ Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+
+
+ //fetch the JSON for the acl to verify the settings.
+ String getUrl = testFolderUrl + ".acl.json";
+
+ String json = getAuthenticatedContent(creds, getUrl,
CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
+ assertNotNull(json);
+ JSONObject jsonObj = new JSONObject(json);
+ String aceString = jsonObj.getString(testGroupId);
+ assertNotNull(aceString);
+
+ JSONObject aceObject = new JSONObject(aceString);
+ assertNotNull(aceObject);
+
+ JSONArray grantedArray = aceObject.getJSONArray("granted");
+ assertNotNull(grantedArray);
+ assertEquals("jcr:read", grantedArray.getString(0));
+
+ //denied rights are not applied for groups, so make sure it is
not there
+ assertTrue(aceObject.isNull("denied"));
+ }
+}
Added:
incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/RemoveAcesTest.java
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/RemoveAcesTest.java?rev=756393&view=auto
==============================================================================
---
incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/RemoveAcesTest.java
(added)
+++
incubator/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/RemoveAcesTest.java
Fri Mar 20 09:52:01 2009
@@ -0,0 +1,171 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sling.launchpad.webapp.integrationtest.accessManager;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.httpclient.Credentials;
+import org.apache.commons.httpclient.NameValuePair;
+import org.apache.commons.httpclient.UsernamePasswordCredentials;
+import org.apache.sling.commons.json.JSONArray;
+import org.apache.sling.commons.json.JSONException;
+import org.apache.sling.commons.json.JSONObject;
+
+/**
+ * Tests for the 'removeAce' Sling POST operation
+ */
+public class RemoveAcesTest extends AbstractAccessManagerTest {
+ String testUserId = null;
+ String testGroupId = null;
+ String testFolderUrl = null;
+
+ @Override
+ protected void tearDown() throws Exception {
+ super.tearDown();
+
+ Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
+
+ if (testFolderUrl != null) {
+ //remove the test user if it exists.
+ String postUrl = testFolderUrl;
+ List<NameValuePair> postParams = new
ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair(":operation",
"delete"));
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+ }
+ if (testGroupId != null) {
+ //remove the test user if it exists.
+ String postUrl = HTTP_BASE_URL +
"/system/userManager/group/" + testGroupId + ".delete.html";
+ List<NameValuePair> postParams = new
ArrayList<NameValuePair>();
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+ }
+ if (testUserId != null) {
+ //remove the test user if it exists.
+ String postUrl = HTTP_BASE_URL +
"/system/userManager/user/" + testUserId + ".delete.html";
+ List<NameValuePair> postParams = new
ArrayList<NameValuePair>();
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+ }
+ //todo delete test folder
+ }
+
+ private String createFolderWithAces(boolean addGroupAce) throws
IOException, JSONException {
+ testUserId = createTestUser();
+ testFolderUrl = createTestFolder();
+
+ String postUrl = testFolderUrl + ".modifyAce.html";
+
+ List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair("principalId", testUserId));
+ postParams.add(new NameValuePair("privil...@jcr:read",
"granted"));
+ postParams.add(new NameValuePair("privil...@jcr:write",
"denied"));
+
+ Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+
+ if (addGroupAce) {
+ testGroupId = createTestGroup();
+
+ postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair("principalId",
testGroupId));
+ postParams.add(new NameValuePair("privil...@jcr:read",
"granted"));
+
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+ }
+
+ //fetch the JSON for the acl to verify the settings.
+ String getUrl = testFolderUrl + ".acl.json";
+
+ String json = getAuthenticatedContent(creds, getUrl,
CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
+ assertNotNull(json);
+
+ JSONObject jsonObj = new JSONObject(json);
+ String aceString = jsonObj.getString(testUserId);
+ assertNotNull(aceString);
+
+ JSONObject aceObject = new JSONObject(aceString);
+ assertNotNull(aceObject);
+
+ JSONArray grantedArray = aceObject.getJSONArray("granted");
+ assertNotNull(grantedArray);
+ assertEquals("jcr:read", grantedArray.getString(0));
+
+ JSONArray deniedArray = aceObject.getJSONArray("denied");
+ assertNotNull(deniedArray);
+ assertEquals("jcr:write", deniedArray.getString(0));
+
+ if (addGroupAce) {
+ aceString = jsonObj.getString(testGroupId);
+ assertNotNull(aceString);
+
+ aceObject = new JSONObject(aceString);
+ assertNotNull(aceObject);
+
+ grantedArray = aceObject.getJSONArray("granted");
+ assertNotNull(grantedArray);
+ assertEquals("jcr:read", grantedArray.getString(0));
+ }
+
+ return testFolderUrl;
+ }
+
+ //test removing a single ace
+ public void testRemoveAce() throws IOException, JSONException {
+ String folderUrl = createFolderWithAces(false);
+
+ //remove the ace for the testUser principal
+ String postUrl = folderUrl + ".deleteAce.html";
+ List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair(":applyTo", testUserId));
+ Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+
+ //fetch the JSON for the acl to verify the settings.
+ String getUrl = folderUrl + ".acl.json";
+
+ String json = getAuthenticatedContent(creds, getUrl,
CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
+ assertNotNull(json);
+
+ JSONObject jsonObj = new JSONObject(json);
+ assertTrue(jsonObj.isNull(testUserId));
+ }
+
+ //test removing multiple aces
+ public void testRemoveAces() throws IOException, JSONException {
+ String folderUrl = createFolderWithAces(true);
+
+ //remove the ace for the testUser principal
+ String postUrl = folderUrl + ".deleteAce.html";
+ List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair(":applyTo", testUserId));
+ postParams.add(new NameValuePair(":applyTo", testGroupId));
+ Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+
+ //fetch the JSON for the acl to verify the settings.
+ String getUrl = folderUrl + ".acl.json";
+
+ String json = getAuthenticatedContent(creds, getUrl,
CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
+ assertNotNull(json);
+
+ JSONObject jsonObj = new JSONObject(json);
+ assertTrue(jsonObj.isNull(testUserId));
+ assertTrue(jsonObj.isNull(testGroupId));
+ }
+}
