diff --git oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java index e596eac..2e959cf 100644 --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java @@ -17,6 +17,8 @@ package org.apache.jackrabbit.oak.security.authorization.accesscontrol; import java.security.Principal; +import java.security.SecureRandom; +import java.util.Random; import java.util.Set; import javax.annotation.Nonnull; import javax.annotation.Nullable; @@ -121,13 +123,13 @@ final class Util implements AccessControlConstants { */ @Nonnull public static String generateAceName(@Nonnull Tree aclTree, boolean isAllow) { - int i = 0; - String hint = (isAllow) ? "allow" : "deny"; - String aceName = hint; - while (aclTree.hasChild(aceName)) { - aceName = hint + i; - i++; - } + String aceName; + Random random = new Random(); + + do { + aceName = ((isAllow) ? "allow" : "deny") + random.nextInt(); + } while (aclTree.hasChild(aceName)); + return aceName; } diff --git oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContextTest.java oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContextTest.java index bc88c73..d297dbd 100644 --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContextTest.java +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContextTest.java @@ -115,9 +115,12 @@ public class AuthorizationContextTest extends AbstractSecurityTest { Context ctx = AuthorizationContext.getInstance(); String policyPath = "/rep:policy"; - assertTrue(ctx.definesLocation(TreeLocation.create(root, policyPath + "/allow"))); - assertTrue(ctx.definesLocation(TreeLocation.create(root, policyPath + "/allow/" + AccessControlConstants.REP_PRINCIPAL_NAME))); - assertTrue(ctx.definesLocation(TreeLocation.create(root, policyPath + "/allow/" + AccessControlConstants.REP_PRIVILEGES))); + + String acePath = policyPath + "/" + root.getTree(policyPath).getChildren().iterator().next().getName(); + + assertTrue(ctx.definesLocation(TreeLocation.create(root, acePath))); + assertTrue(ctx.definesLocation(TreeLocation.create(root, acePath + "/" + AccessControlConstants.REP_PRINCIPAL_NAME))); + assertTrue(ctx.definesLocation(TreeLocation.create(root, acePath + "/" + AccessControlConstants.REP_PRIVILEGES))); List existingRegular = ImmutableList.of( "/", diff --git oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/UtilTest.java oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/UtilTest.java new file mode 100644 index 0000000..aa98b83 --- /dev/null +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/UtilTest.java @@ -0,0 +1,56 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.security.authorization.accesscontrol; + +import org.apache.jackrabbit.oak.AbstractSecurityTest; +import org.apache.jackrabbit.oak.api.Tree; +import org.junit.Before; +import org.junit.Test; +import static org.junit.Assert.*; + +public class UtilTest extends AbstractSecurityTest { + + private static final String DENY = "deny"; + private static final String ALLOW = "allow"; + + private Tree tree; + + @Override + @Before + public void before() throws Exception { + super.before(); + + tree = root.getTree("/"); + } + + @Test + public void testGenerateAllowAceName() { + String name = Util.generateAceName(tree, true); + + assertTrue(name.startsWith(ALLOW)); + assertNotEquals(ALLOW, name); + } + + @Test + public void testGenerateDenyAceName() { + String name = Util.generateAceName(tree, false); + + assertTrue(name.startsWith(DENY)); + assertNotEquals(DENY, name); + } + +} diff --git oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java index 8b989fc..9388b12 100644 --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java @@ -190,7 +190,7 @@ public class RestrictionProviderImplTest extends AbstractAccessControlTest imple acMgr.setPolicy(path, acl); try { - provider.validateRestrictions(path, t.getChild(REP_POLICY).getChild("allow")); + provider.validateRestrictions(path, t.getChild(REP_POLICY).getChildren().iterator().next()); fail("AccessControlException expected."); } catch (AccessControlException e) { // success