Search in sources :

Example 21 with GroupPrincipal

use of org.apache.jackrabbit.api.security.principal.GroupPrincipal in project jackrabbit-oak by apache.

the class PrincipalProviderDeepNestingTest method testGetPrincipalInheritedGroups.

@Override
@Test
public void testGetPrincipalInheritedGroups() throws Exception {
    ExternalUser externalUser = idp.getUser(USER_ID);
    for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) {
        ExternalIdentity externalGroup = idp.getIdentity(ref);
        Principal grPrincipal = principalProvider.getPrincipal(externalGroup.getPrincipalName());
        for (ExternalIdentityRef inheritedGroupRef : externalGroup.getDeclaredGroups()) {
            String inheritedPrincName = idp.getIdentity(inheritedGroupRef).getPrincipalName();
            Principal principal = principalProvider.getPrincipal(inheritedPrincName);
            assertNotNull(principal);
            assertTrue(principal instanceof GroupPrincipal);
            GroupPrincipal inheritedGrPrincipal = (GroupPrincipal) principal;
            assertTrue(inheritedGrPrincipal.isMember(new PrincipalImpl(externalUser.getPrincipalName())));
            assertFalse(inheritedGrPrincipal.isMember(grPrincipal));
        }
    }
}
Also used : ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef) GroupPrincipal(org.apache.jackrabbit.api.security.principal.GroupPrincipal) ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser) ExternalIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity) Principal(java.security.Principal) GroupPrincipal(org.apache.jackrabbit.api.security.principal.GroupPrincipal) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) Test(org.junit.Test)

Example 22 with GroupPrincipal

use of org.apache.jackrabbit.api.security.principal.GroupPrincipal in project jackrabbit-oak by apache.

the class UserPrincipalProviderTest method testEveryoneMembers.

@Test
public void testEveryoneMembers() throws Exception {
    Principal everyone = principalProvider.getPrincipal(EveryonePrincipal.NAME);
    assertTrue(everyone instanceof EveryonePrincipal);
    Group everyoneGroup = null;
    try {
        UserManager userMgr = getUserManager(root);
        everyoneGroup = userMgr.createGroup(EveryonePrincipal.NAME);
        root.commit();
        Principal ep = principalProvider.getPrincipal(EveryonePrincipal.NAME);
        assertTrue(ep instanceof GroupPrincipal);
    // ((GroupPrincipal) ep).members();
    // assertTrue(((GroupPrincipal) ep).isMember(getTestUser().getPrincipal()));
    } finally {
        if (everyoneGroup != null) {
            everyoneGroup.remove();
            root.commit();
        }
    }
}
Also used : Group(org.apache.jackrabbit.api.security.user.Group) GroupPrincipal(org.apache.jackrabbit.api.security.principal.GroupPrincipal) UserManager(org.apache.jackrabbit.api.security.user.UserManager) AdminPrincipal(org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal) Principal(java.security.Principal) GroupPrincipal(org.apache.jackrabbit.api.security.principal.GroupPrincipal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) Test(org.junit.Test) AbstractPrincipalProviderTest(org.apache.jackrabbit.oak.security.principal.AbstractPrincipalProviderTest)

Example 23 with GroupPrincipal

use of org.apache.jackrabbit.api.security.principal.GroupPrincipal in project jackrabbit-oak by apache.

the class UserPrincipalProviderTest method testGroupIsMember.

@Test
public void testGroupIsMember() throws Exception {
    Group group = getUserManager(root).createGroup("testGroup" + UUID.randomUUID());
    group.addMember(getTestUser());
    root.commit();
    try {
        Principal principal = principalProvider.getPrincipal(group.getPrincipal().getName());
        assertTrue(principal instanceof GroupPrincipal);
        assertTrue(((GroupPrincipal) principal).isMember(getTestUser().getPrincipal()));
    } finally {
        group.remove();
        root.commit();
    }
}
Also used : Group(org.apache.jackrabbit.api.security.user.Group) GroupPrincipal(org.apache.jackrabbit.api.security.principal.GroupPrincipal) AdminPrincipal(org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal) Principal(java.security.Principal) GroupPrincipal(org.apache.jackrabbit.api.security.principal.GroupPrincipal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) Test(org.junit.Test) AbstractPrincipalProviderTest(org.apache.jackrabbit.oak.security.principal.AbstractPrincipalProviderTest)

Example 24 with GroupPrincipal

use of org.apache.jackrabbit.api.security.principal.GroupPrincipal in project jackrabbit-oak by apache.

the class UserPrincipalProviderWithCacheTest method testGroupPrincipals.

@Test
public void testGroupPrincipals() throws Exception {
    // a) force the cache to be created
    PrincipalProvider pp = createPrincipalProvider(systemRoot);
    Iterable<? extends Principal> principals = Iterables.filter(pp.getPrincipals(userId), new GroupPredicate());
    for (Principal p : principals) {
        String className = p.getClass().getName();
        assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$GroupPrincipalImpl", className);
    }
    Principal testPrincipal = getTestUser().getPrincipal();
    // b) retrieve principals again (this time from the cache)
    // -> verify that they are a different implementation
    Iterable<? extends Principal> principalsAgain = Iterables.filter(pp.getPrincipals(userId), new GroupPredicate());
    for (Principal p : principalsAgain) {
        String className = p.getClass().getName();
        assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$CachedGroupPrincipal", className);
        assertTrue(p instanceof TreeBasedPrincipal);
        assertEquals(testGroup.getPath(), ((TreeBasedPrincipal) p).getPath());
        GroupPrincipal principalGroup = (GroupPrincipal) p;
        assertTrue(principalGroup.isMember(testPrincipal));
        Enumeration<? extends Principal> members = principalGroup.members();
        assertTrue(members.hasMoreElements());
        assertEquals(testPrincipal, members.nextElement());
        assertEquals(testGroup2.getPrincipal(), members.nextElement());
        assertFalse(members.hasMoreElements());
    }
}
Also used : PrincipalProvider(org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider) GroupPrincipal(org.apache.jackrabbit.api.security.principal.GroupPrincipal) GroupPrincipal(org.apache.jackrabbit.api.security.principal.GroupPrincipal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) Principal(java.security.Principal) AbstractPrincipalProviderTest(org.apache.jackrabbit.oak.security.principal.AbstractPrincipalProviderTest) Test(org.junit.Test)

Example 25 with GroupPrincipal

use of org.apache.jackrabbit.api.security.principal.GroupPrincipal in project jackrabbit-oak by apache.

the class UserPrincipalProviderWithCacheTest method testCachedPrincipalsGroupRemoved.

@Test
public void testCachedPrincipalsGroupRemoved() throws Exception {
    // a) force the cache to be created
    PrincipalProvider pp = createPrincipalProvider(systemRoot);
    Iterable<? extends Principal> principals = Iterables.filter(pp.getPrincipals(userId), new GroupPredicate());
    for (Principal p : principals) {
        String className = p.getClass().getName();
        assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$GroupPrincipalImpl", className);
    }
    testGroup.remove();
    root.commit();
    systemRoot.refresh();
    // b) retrieve principals again (this time from the cache)
    // principal for 'testGroup' is no longer backed by an user mgt group
    // verify that this doesn't lead to runtime exceptions
    Iterable<? extends Principal> principalsAgain = Iterables.filter(pp.getPrincipals(userId), new GroupPredicate());
    for (Principal p : principalsAgain) {
        String className = p.getClass().getName();
        assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$CachedGroupPrincipal", className);
        assertTrue(p instanceof TreeBasedPrincipal);
        assertNull(((TreeBasedPrincipal) p).getPath());
        GroupPrincipal principalGroup = (GroupPrincipal) p;
        assertFalse(principalGroup.isMember(getTestUser().getPrincipal()));
        Enumeration<? extends Principal> members = principalGroup.members();
        assertFalse(members.hasMoreElements());
    }
}
Also used : PrincipalProvider(org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider) GroupPrincipal(org.apache.jackrabbit.api.security.principal.GroupPrincipal) GroupPrincipal(org.apache.jackrabbit.api.security.principal.GroupPrincipal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) Principal(java.security.Principal) AbstractPrincipalProviderTest(org.apache.jackrabbit.oak.security.principal.AbstractPrincipalProviderTest) Test(org.junit.Test)

Aggregations

GroupPrincipal (org.apache.jackrabbit.api.security.principal.GroupPrincipal)33 Principal (java.security.Principal)25 Test (org.junit.Test)23 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)12 Group (org.apache.jackrabbit.api.security.user.Group)9 PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)8 PrincipalIterator (org.apache.jackrabbit.api.security.principal.PrincipalIterator)6 AbstractPrincipalProviderTest (org.apache.jackrabbit.oak.security.principal.AbstractPrincipalProviderTest)6 ItemBasedPrincipal (org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)4 AdminPrincipal (org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal)4 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)3 EveryonePrincipal (org.apache.jackrabbit.core.security.principal.EveryonePrincipal)3 ExternalIdentityRef (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef)3 PrincipalProvider (org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider)3 AbstractJCRTest (org.apache.jackrabbit.test.AbstractJCRTest)3 Privilege (javax.jcr.security.Privilege)2 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)2 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)2 User (org.apache.jackrabbit.api.security.user.User)2 UserManager (org.apache.jackrabbit.api.security.user.UserManager)2