Example 1 with ContentSession
use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class CustomCredentialsSupportTest method testLogin.
@Test
public void testLogin() throws Exception {
TestCredentials creds = new TestCredentials("testUser");
ContentSession cs = login(creds);
try {
AuthInfo info = cs.getAuthInfo();
assertEquals("testUser", info.getUserID());
assertAttributes(getCredentialsSupport().getAttributes(creds), info);
} finally {
cs.close();
}
}
Also used :
AuthInfo(org.apache.jackrabbit.oak.api.AuthInfo)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
Test(org.junit.Test)
Example 2 with ContentSession
use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class TokenExternalLoginModuleTest method testTokenCreation.
@Test
public void testTokenCreation() throws Exception {
Credentials creds = createTestCredentials();
assertTrue(credentialsSupport.setAttributes(creds, ImmutableMap.<String, Object>of(".token", "")));
String expectedUserId = credentialsSupport.getUserId(creds);
ContentSession cs = login(creds);
try {
assertEquals(expectedUserId, cs.getAuthInfo().getUserID());
Map<String, ?> attributes = credentialsSupport.getAttributes(creds);
String token = attributes.get(".token").toString();
assertFalse(token.isEmpty());
root.refresh();
User user = getUserManager(root).getAuthorizable(expectedUserId, User.class);
Tree tokenParent = root.getTree(user.getPath()).getChild(".tokens");
assertTrue(tokenParent.exists());
assertEquals(1, tokenParent.getChildrenCount(100));
} finally {
cs.close();
}
}
Also used :
User(org.apache.jackrabbit.api.security.user.User)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
Tree(org.apache.jackrabbit.oak.api.Tree)
TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)
Credentials(javax.jcr.Credentials)
Test(org.junit.Test)
Example 3 with ContentSession
use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class ClusterPermissionsTest method testPermissionPropagation.
@Test
public void testPermissionPropagation() throws Exception {
// create a "/testNode"
Tree node = root1.getTree("/").addChild("testNode");
node.setProperty(JcrConstants.JCR_PRIMARYTYPE, JcrConstants.NT_UNSTRUCTURED, Type.NAME);
// create 2 users
User user1 = userManager1.createUser("testUser1", "testUser1");
User user2 = userManager1.createUser("testUser2", "testUser2");
JackrabbitAccessControlList acl1 = AccessControlUtils.getAccessControlList(aclMgr1, "/testNode");
// deny jcr:all for everyone on /testNode
acl1.addEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:all"), false);
// allow jcr:read for testUser1 on /testNode
acl1.addEntry(user1.getPrincipal(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:read"), true);
aclMgr1.setPolicy("/testNode", acl1);
root1.commit();
syncClusterNodes();
root2.refresh();
// login with testUser1 and testUser2 (on cluster node 2)
ContentSession session1 = contentRepository2.login(new SimpleCredentials("testUser1", "testUser1".toCharArray()), null);
ContentSession session2 = contentRepository2.login(new SimpleCredentials("testUser2", "testUser2".toCharArray()), null);
// testUser1 can read /testNode
assertTrue(session1.getLatestRoot().getTree("/testNode").exists());
// testUser2 cannot read /testNode
assertFalse(session2.getLatestRoot().getTree("/testNode").exists());
// now, allow jcr:read also for 'everyone' (on cluster node 1)
acl1 = AccessControlUtils.getAccessControlList(aclMgr1, "/testNode");
acl1.addEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:read"), true);
aclMgr1.setPolicy("/testNode", acl1);
root1.commit();
syncClusterNodes();
root2.refresh();
// testUser1 can read /testNode
assertTrue(session1.getLatestRoot().getTree("/testNode").exists());
// testUser2 can also read /testNode
assertTrue(session2.getLatestRoot().getTree("/testNode").exists());
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
User(org.apache.jackrabbit.api.security.user.User)
Tree(org.apache.jackrabbit.oak.api.Tree)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Test(org.junit.Test)
Example 4 with ContentSession
use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class PermissionValidatorTest method testChangePrimaryTypeToPolicyNode.
@Test
public void testChangePrimaryTypeToPolicyNode() throws Exception {
// create a rep:policy node that is not detected as access control content
testRootNode.getChild("child").addChild(AccessControlConstants.REP_POLICY, NT_UNSTRUCTURED);
root.commit();
// grant the test session the ability to read/write that node but don't
// allow to modify access control content
grant(TEST_ROOT_PATH, PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL, PrivilegeConstants.REP_WRITE);
ContentSession testSession = createTestSession();
try {
Root testRoot = testSession.getLatestRoot();
Tree testChild = testRoot.getTree(TEST_CHILD_PATH);
testChild.setProperty(PropertyStates.createProperty(JcrConstants.JCR_MIXINTYPES, ImmutableList.of(AccessControlConstants.MIX_REP_ACCESS_CONTROLLABLE), Type.NAMES));
Tree testPolicy = testChild.getChild(AccessControlConstants.REP_POLICY);
testPolicy.setOrderableChildren(true);
testPolicy.setProperty(JCR_PRIMARYTYPE, AccessControlConstants.NT_REP_ACL, Type.NAME);
testRoot.commit();
fail("Turning a false policy node into access control content requires the ability to write AC content.");
} catch (CommitFailedException e) {
assertTrue(e.isAccessViolation());
assertEquals(0, e.getCode());
} finally {
testSession.close();
}
}
Also used :
Root(org.apache.jackrabbit.oak.api.Root)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
Tree(org.apache.jackrabbit.oak.api.Tree)
CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 5 with ContentSession
use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class TreePermissionImplTest method getTreePermission.
private TreePermission getTreePermission(String path) throws Exception {
ContentSession testSession = createTestSession();
PermissionProvider pp = config.getPermissionProvider(testSession.getLatestRoot(), testSession.getWorkspaceName(), testSession.getAuthInfo().getPrincipals());
return pp.getTreePermission(root.getTree(path), TreePermission.EMPTY);
}
Also used :
PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
Aggregations
ContentSession (org.apache.jackrabbit.oak.api.ContentSession)146
Test (org.junit.Test)132
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)66
SimpleCredentials (javax.jcr.SimpleCredentials)60
Root (org.apache.jackrabbit.oak.api.Root)43
LoginException (javax.security.auth.login.LoginException)35
AuthInfo (org.apache.jackrabbit.oak.api.AuthInfo)26
Tree (org.apache.jackrabbit.oak.api.Tree)25
UserManager (org.apache.jackrabbit.api.security.user.UserManager)19
User (org.apache.jackrabbit.api.security.user.User)17
PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)15
GuestCredentials (javax.jcr.GuestCredentials)13
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)12
Principal (java.security.Principal)10
TokenCredentials (org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)10
CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)9
Group (org.apache.jackrabbit.api.security.user.Group)8
EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)8
ImpersonationCredentials (org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)7
PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)6
