private static NodeUtil createACE(NodeUtil acl, String aceName, String ntName, String principalName, String... privilegeNames) throws AccessDeniedException { NodeUtil ace = acl.addChild(aceName, ntName); ace.setString(REP_PRINCIPAL_NAME, principalName); ace.setNames(REP_PRIVILEGES, privilegeNames); return ace; }
@Test public void testAddExternalPrincipalNamesAsSystem() throws Exception { Root systemRoot = getSystemRoot(); NodeUtil n = new NodeUtil(systemRoot.getTree(testUserPath)); n.setString(ExternalIdentityConstants.REP_EXTERNAL_ID, "externalId"); n.setStrings(ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES, "principalName"); systemRoot.commit(); }
@Test public void uuidIndexInListQuery() throws Exception{ NodeUtil node = new NodeUtil(root.getTree("/")); String uuid = UUID.randomUUID().toString(); String uuid2 = UUID.randomUUID().toString(); node.setString(JcrConstants.JCR_UUID, uuid); root.commit(); assertQuery("SELECT * FROM [nt:base] WHERE [jcr:uuid] in('" + uuid + "', '" + uuid2 + "')", ImmutableList.of("/")); assertEquals("Test index plan should be invoked", 1, testIndexProvider.index.invocationCount); }
@Test public void testGetTokenInfoFromRegularNode() throws Exception { NodeUtil node = new NodeUtil(root.getTree("/")).addChild("testNode", JcrConstants.NT_UNSTRUCTURED); NodeUtil parent = node.addChild(TokenConstants.TOKENS_NODE_NAME, TokenConstants.TOKENS_NT_NAME); NodeUtil tokenNode = parent.addChild("tokenName", TokenConstants.TOKEN_NT_NAME); String tokenUUID = UUID.randomUUID().toString(); tokenNode.setString(JcrConstants.JCR_UUID, tokenUUID); String token = tokenUUID + "_generatedKey"; tokenNode.setString(TokenConstants.TOKEN_ATTRIBUTE_KEY, token); assertNull(tokenProvider.getTokenInfo(token)); }
@Test public void uuidIndexQuery() throws Exception{ NodeUtil node = new NodeUtil(root.getTree("/")); String uuid = UUID.randomUUID().toString(); node.setString(JcrConstants.JCR_UUID, uuid); root.commit(); assertQuery("SELECT * FROM [nt:base] WHERE [jcr:uuid] = '"+uuid+"' ", ImmutableList.of("/")); assertEquals("Test index plan should not be invoked", 0, testIndexProvider.index.invocationCount); }
@Test public void uuidIndexNotNullQuery() throws Exception{ NodeUtil node = new NodeUtil(root.getTree("/")); String uuid = UUID.randomUUID().toString(); node.setString(JcrConstants.JCR_UUID, uuid); root.commit(); assertQuery("SELECT * FROM [nt:base] WHERE [jcr:uuid] is not null", ImmutableList.of("/")); assertEquals("Test index plan should be invoked", 1, testIndexProvider.index.invocationCount); }
@Before @Override public void before() throws Exception { super.before(); testPrincipal = getTestUser().getPrincipal(); NodeUtil rootNode = new NodeUtil(root.getTree("/")); NodeUtil a = rootNode.addChild("a", NT_UNSTRUCTURED); a.setString("aProp", "aValue"); NodeUtil b = a.addChild("b", NT_UNSTRUCTURED); b.setString("bProp", "bValue"); // sibling NodeUtil bb = a.addChild("bb", NT_UNSTRUCTURED); bb.setString("bbProp", "bbValue"); NodeUtil c = b.addChild("c", NT_UNSTRUCTURED); c.setString("cProp", "cValue"); root.commit(); }
@Test public void testGetTokenInfoFromGroup() throws Exception { Group gr = getUserManager(root).createGroup("gr"); NodeUtil groupNode = new NodeUtil(root.getTree(gr.getPath())); NodeUtil parent = groupNode.addChild(TokenConstants.TOKENS_NODE_NAME, TokenConstants.TOKENS_NT_NAME); NodeUtil tokenNode = parent.addChild("tokenName", TokenConstants.TOKEN_NT_NAME); String tokenUUID = UUID.randomUUID().toString(); tokenNode.setString(JcrConstants.JCR_UUID, tokenUUID); String token = tokenUUID + "_generatedKey"; tokenNode.setString(TokenConstants.TOKEN_ATTRIBUTE_KEY, token); assertNull(tokenProvider.getTokenInfo(token)); }
@Test public void testPlaintextTokenKey() throws Exception { TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap()); NodeUtil tokenTree = new NodeUtil(getTokenTree(info)); try { tokenTree.setString(TOKEN_ATTRIBUTE_KEY, "anotherValue"); root.commit(CommitMarker.asCommitAttributes()); fail("The token key must not be plaintext."); } catch (CommitFailedException e) { assertEquals(66, e.getCode()); } }
@Test public void testChangingTokenKey() throws Exception { TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap()); NodeUtil tokenTree = new NodeUtil(getTokenTree(info)); try { tokenTree.setString(TOKEN_ATTRIBUTE_KEY, PasswordUtil.buildPasswordHash("anotherValue")); root.commit(CommitMarker.asCommitAttributes()); fail("The token key must never be modified."); } catch (CommitFailedException e) { assertEquals(61, e.getCode()); } }
@Test public void testInvalidRestriction() throws Exception { NodeUtil restriction = createAcl().getChild(aceName).getChild(REP_RESTRICTIONS); restriction.setString("invalid", "value"); try { root.commit(); fail("Creating an unsupported restriction should fail."); } catch (CommitFailedException e) { // success assertTrue(e.isAccessControlViolation()); assertThat(e.getMessage(), containsString("/testRoot/rep:policy")); } }
@Test public void testReorderAndAddAce() throws Exception { Tree entry = getEntry(testPrincipal, testPath, 0); assertIndex(0, entry); Tree aclTree = root.getTree(testPath + "/rep:policy"); // reorder aclTree.getChildren().iterator().next().orderBefore(null); // add a new entry NodeUtil ace = new NodeUtil(aclTree).addChild("denyEveryoneLockMgt", NT_REP_DENY_ACE); ace.setString(REP_PRINCIPAL_NAME, EveryonePrincipal.NAME); ace.setNames(AccessControlConstants.REP_PRIVILEGES, JCR_LOCK_MANAGEMENT); root.commit(); entry = getEntry(testPrincipal, testPath, 1); assertIndex(1, entry); }
@Test public void testValidateRestrictionsUnsupportedRestriction() throws Exception { Restriction mand = restrictionProvider.createRestriction(testPath, "mandatory", valueFactory.createValue(true)); try { Tree ace = getAceTree(mand); new NodeUtil(ace).getChild(REP_RESTRICTIONS).setString("Unsupported", "value"); restrictionProvider.validateRestrictions(testPath, ace); fail("wrong type with restriction 'rep:glob"); } catch (AccessControlException e) { // success } }
@Test public void testValidateUnsupportedRestriction() throws Exception { RestrictionProvider rp = CompositeRestrictionProvider.newInstance(rp1, rp3); NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE); NodeUtil rNode = aceNode.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS); rNode.setString("unsupported", "value"); try { rp.validateRestrictions("/test", aceNode.getTree()); fail("Validation must detect unsupported restriction"); } catch (AccessControlException e) { // success } }
/** * Creating a tree which is referenceable doesn't require any property * related privilege to be granted as the jcr:uuid property is defined to * be autocreated and protected. */ @Test public void testCreateJcrUuid() throws Exception { setupPermission("/a", testPrincipal, true, PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_ADD_CHILD_NODES); Root testRoot = getTestRoot(); testRoot.refresh(); NodeUtil a = new NodeUtil(testRoot.getTree("/a")); NodeUtil test = a.addChild("referenceable2", NT_NAME); test.setString(JcrConstants.JCR_UUID, UUIDUtils.generateUUID()); testRoot.commit(); }
@Test public void testExternalPrincipalNamesSingle() throws Exception { Root systemRoot = getSystemRoot(); try { NodeUtil n = new NodeUtil(systemRoot.getTree(testUserPath)); n.setString(ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES, "id"); systemRoot.commit(); fail("Creating rep:externalPrincipalNames as single STRING property must be detected."); } catch (CommitFailedException e) { // success assertEquals(71, e.getCode()); } finally { systemRoot.refresh(); } }
@Test public void testValidateRestrictionsAtEntryNode() throws Exception { NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE); aceNode.setBoolean("boolean", true); aceNode.setValues("longs", new Value[] {vf.createValue(10), vf.createValue(290)}); aceNode.setString(REP_GLOB, "*"); aceNode.setNames(REP_NT_NAMES); // empty array provider.validateRestrictions("/test", aceNode.getTree()); }
@Test public void testCreateReservedKeyProperty2() throws Exception { NodeUtil node = new NodeUtil(root.getTree("/")).addChild("testNode", JcrConstants.NT_UNSTRUCTURED); try { node.setString(TOKEN_ATTRIBUTE_KEY, "anyValue"); root.commit(); fail("The reserved token key property must only be created by the TokenProvider."); } catch (CommitFailedException e) { assertEquals(63, e.getCode()); } finally { node.getTree().remove(); root.commit(); } }
@Test public void testCreateReservedKeyProperty() throws Exception { NodeUtil node = new NodeUtil(root.getTree("/")).addChild("testNode", JcrConstants.NT_UNSTRUCTURED); try { node.setString(TOKEN_ATTRIBUTE_KEY, "anyValue"); root.commit(CommitMarker.asCommitAttributes()); fail("The reserved token key property must not used with other node types."); } catch (CommitFailedException e) { assertEquals(60, e.getCode()); } finally { node.getTree().remove(); root.commit(); } }
@Test public void testGetRestrictionPattern() throws Exception { NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE); NodeUtil rNode = aceNode.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS); rNode.setString(REP_GLOB, "*"); assertFalse(provider.getPattern("/test", aceNode.getTree()) instanceof CompositePattern); rNode.setBoolean("boolean", true); rNode.setValues("longs", new Value[]{vf.createValue(10), vf.createValue(290)}); assertTrue(provider.getPattern("/test", rNode.getTree()) instanceof CompositePattern); } }