### Eclipse Workspace Patch 1.0 #P oak-jcr Index: src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/SimpleAclRandomizedTest.java =================================================================== --- src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/SimpleAclRandomizedTest.java (revision 0) +++ src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/SimpleAclRandomizedTest.java (revision 0) @@ -0,0 +1,289 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.jcr.security.authorization; + +import java.security.Principal; +import java.util.ArrayList; +import java.util.List; +import java.util.Random; + +import javax.jcr.Node; +import javax.jcr.PathNotFoundException; +import javax.jcr.Repository; +import javax.jcr.Session; +import javax.jcr.SimpleCredentials; +import javax.jcr.security.AccessControlManager; +import org.apache.jackrabbit.api.JackrabbitSession; +import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; +import org.apache.jackrabbit.api.security.user.Authorizable; +import org.apache.jackrabbit.api.security.user.Group; +import org.apache.jackrabbit.api.security.user.User; +import org.apache.jackrabbit.api.security.user.UserManager; +import org.apache.jackrabbit.commons.JcrUtils; +import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils; +import org.apache.jackrabbit.oak.jcr.Jcr; +import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; + +import com.google.common.collect.HashBasedTable; +import com.google.common.collect.Table; + +public class SimpleAclRandomizedTest { + + private Table tree = HashBasedTable.create(); + + { + tree.put(0, 0, "/"); + tree.put(1, 0, "/n1"); + tree.put(1, 1, "/n2"); + tree.put(2, 0, "/n1/n3"); + tree.put(2, 1, "/n1/n4"); + tree.put(2, 2, "/n1/n5"); + tree.put(3, 0, "/n1/n3/n6"); + tree.put(3, 1, "/n1/n3/n7"); + tree.put(3, 2, "/n1/n3/n8"); + tree.put(3, 3, "/n1/n3/n9"); + + } + + private static Repository jackrabbitRepository; + private static Repository oakRepository; + + private static Session jackrabbitWriterSession; + private static Session oakWriterSession; + + private static Session jackrabbitReaderSession; + private static Session oakReaderSession; + + private static Principal jackrabbitPrincipal; + private static Principal oakPrincipal; + + private static int depth; + + private static String userId = "testuser"; + + private static List jackrabbitPrincipals = new ArrayList(); + private static List oakPrincipals = new ArrayList(); + + @BeforeClass + public static void beforeClass() throws Exception { + jackrabbitRepository = JcrUtils.getRepository(); + jackrabbitWriterSession = jackrabbitRepository + .login(new SimpleCredentials("admin", "admin".toCharArray())); + oakRepository = new Jcr().createRepository(); + oakWriterSession = oakRepository.login(new SimpleCredentials("admin", + "admin".toCharArray())); + + jackrabbitPrincipal = setUpUser(jackrabbitWriterSession, userId); + jackrabbitPrincipals.add(jackrabbitPrincipal); + + oakPrincipal = setUpUser(oakWriterSession, userId); + oakPrincipals.add(oakPrincipal); + + Principal groupJR = setUpGroups(jackrabbitWriterSession, "group1", + jackrabbitPrincipal); + jackrabbitPrincipals.add(groupJR); + + Principal groupJR2 = setUpGroups(jackrabbitWriterSession, "group2", + jackrabbitPrincipal); + jackrabbitPrincipals.add(groupJR2); + + Principal groupOAK = setUpGroups(oakWriterSession, "group1", + oakPrincipal); + oakPrincipals.add(groupOAK); + + Principal groupOAK2 = setUpGroups(oakWriterSession, "group2", + oakPrincipal); + oakPrincipals.add(groupOAK2); + } + + @AfterClass + public static void afterClass() throws Exception { + removAuthorizable(jackrabbitWriterSession, userId); + removAuthorizable(oakWriterSession, userId); + + removAuthorizable(jackrabbitWriterSession, "group1"); + removAuthorizable(oakWriterSession, "group1"); + removAuthorizable(jackrabbitWriterSession, "group2"); + removAuthorizable(oakWriterSession, "group2"); + + oakPrincipals.clear(); + jackrabbitPrincipals.clear(); + } + + private static void clearTree(Session session) throws Exception { + session.getRootNode().getNode("n1").remove(); + session.getRootNode().getNode("n2").remove(); + session.save(); + } + + private static void setupTree(Session session) throws Exception { + depth = 4; + Node n1 = session.getRootNode().addNode("n1"); + session.getRootNode().addNode("n2"); + Node n3 = n1.addNode("n3"); + n1.addNode("n4"); + n1.addNode("n5"); + n3.addNode("n6"); + n3.addNode("n7"); + n3.addNode("n8"); + n3.addNode("n9"); + session.save(); + } + + private static Principal setUpUser(Session session, String userId) + throws Exception { + UserManager userManager = ((JackrabbitSession) session) + .getUserManager(); + User user = userManager.createUser(userId, userId); + session.save(); + return user.getPrincipal(); + } + + private static Principal setUpGroups(Session session, String groupId, + Principal userPrincipal) throws Exception { + UserManager userManager = ((JackrabbitSession) session) + .getUserManager(); + Group group = userManager.createGroup(groupId); + session.save(); + group.addMember(userManager.getAuthorizable(userPrincipal)); + return group.getPrincipal(); + + } + + private void setPolicy(Session session, Principal principal, String path, + boolean allow) throws Exception { + AccessControlManager acm = session.getAccessControlManager(); + JackrabbitAccessControlList acl = AccessControlUtils + .getAccessControlList(acm, path); + acl.addEntry(principal, AccessControlUtils.privilegesFromNames(acm, + PrivilegeConstants.JCR_READ), allow); + acm.setPolicy(path, acl); + session.save(); + } + + private static void removAuthorizable(Session session, String id) + throws Exception { + UserManager userManager = ((JackrabbitSession) session) + .getUserManager(); + Authorizable authorizable = userManager.getAuthorizable(id); + if (id != null) { + authorizable.remove(); + } + session.save(); + } + + @Test + public void testReadAcl() throws Exception { + + + for (int j = 0; j < 1; j++) { + setPolicy(jackrabbitWriterSession, jackrabbitPrincipal, "/", true); + setPolicy(oakWriterSession, oakPrincipal, "/", true); + + setupTree(jackrabbitWriterSession); + setupTree(oakWriterSession); + + Random r = new Random(j); + int operations = 1000; + int depthToApply; + int index; + boolean allow; + int principalIndex; + + for (int i = 0; i < operations; i++) { + allow = r.nextBoolean(); + depthToApply = r.nextInt(depth); + String path; + principalIndex = r.nextInt(jackrabbitPrincipals.size()); + + if (depthToApply == 0) { + path = "/"; + continue; + } else { + index = r.nextInt(depthToApply + 1); + path = getPath(depthToApply, index); + } + + setPolicy(jackrabbitWriterSession, + jackrabbitPrincipals.get(principalIndex), path, allow); + setPolicy(oakWriterSession, oakPrincipals.get(principalIndex), + path, allow); + + check(); + } + clearTree(jackrabbitWriterSession); + clearTree(oakWriterSession); + } + } + + private String getPath(int depth, int index) throws Exception { + if (depth == 0) { + return "/"; + } + return tree.get(depth, index); + } + + public void check() throws Exception { + boolean mustThrow; + boolean thrown; + try { + oakReaderSession = oakRepository.login(new SimpleCredentials( + userId, userId.toCharArray())); + jackrabbitReaderSession = jackrabbitRepository + .login(new SimpleCredentials(userId, userId.toCharArray())); + try { + for (String path : tree.values()) { + mustThrow = false; + thrown = false; + Node njr = null, noak = null; + try { + njr = jackrabbitReaderSession.getNode(path); + } catch (PathNotFoundException pnf) { + mustThrow = true; + } + + try { + noak = oakReaderSession.getNode(path); + } catch (PathNotFoundException pnf) { + thrown = true; + } + + if (mustThrow != thrown) { + Assert.fail("did not throw for both for path " + path); + } + + if (!mustThrow) { + if (!path.equals(njr.getPath()) + || !njr.getPath().equals(noak.getPath())) { + Assert.fail("did not resolved the same node"); + } + } + } + } finally { + jackrabbitReaderSession.logout(); + oakReaderSession.logout(); + } + } catch (Exception e) { + throw new Exception(e); + } + } + +} Index: pom.xml =================================================================== --- pom.xml (revision 1543023) +++ pom.xml (working copy) @@ -331,5 +331,17 @@ 1.0.1 test + + org.apache.jackrabbit + jackrabbit-jcr-server + ${jackrabbit.version} + test + + + org.apache.jackrabbit + jackrabbit-core + ${jackrabbit.version} + test +