Example 1 with AuthInfoImpl
use of org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl in project jackrabbit-oak by apache.
the class ExternalLoginModule method createAuthInfo.
@Nonnull
private AuthInfo createAuthInfo(@Nonnull String userId, @Nonnull Set<? extends Principal> principals) {
Credentials creds;
if (credentials instanceof ImpersonationCredentials) {
creds = ((ImpersonationCredentials) credentials).getBaseCredentials();
} else {
creds = credentials;
}
Map<String, Object> attributes = new HashMap<String, Object>();
Object shared = sharedState.get(SHARED_KEY_ATTRIBUTES);
if (shared instanceof Map) {
for (Map.Entry entry : ((Map<?, ?>) shared).entrySet()) {
attributes.put(entry.getKey().toString(), entry.getValue());
}
} else if (creds != null) {
attributes.putAll(credentialsSupport.getAttributes(creds));
}
return new AuthInfoImpl(userId, attributes, principals);
}
Also used :
AuthInfoImpl(org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl)
ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)
HashMap(java.util.HashMap)
HashMap(java.util.HashMap)
Map(java.util.Map)
ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)
Credentials(javax.jcr.Credentials)
Nonnull(javax.annotation.Nonnull)
Example 2 with AuthInfoImpl
use of org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl in project jackrabbit-oak by apache.
the class LoginModuleImpl method createAuthInfo.
private AuthInfo createAuthInfo(@Nonnull Set<? extends Principal> principals) {
Credentials creds;
if (credentials instanceof ImpersonationCredentials) {
creds = ((ImpersonationCredentials) credentials).getBaseCredentials();
} else {
creds = credentials;
}
Map<String, Object> attributes = new HashMap<String, Object>();
Object shared = sharedState.get(SHARED_KEY_ATTRIBUTES);
if (shared instanceof Map) {
for (Object key : ((Map) shared).keySet()) {
attributes.put(key.toString(), ((Map) shared).get(key));
}
} else if (creds instanceof SimpleCredentials) {
SimpleCredentials sc = (SimpleCredentials) creds;
for (String attrName : sc.getAttributeNames()) {
attributes.put(attrName, sc.getAttribute(attrName));
}
}
return new AuthInfoImpl(userId, attributes, principals);
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
AuthInfoImpl(org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl)
ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)
HashMap(java.util.HashMap)
HashMap(java.util.HashMap)
Map(java.util.Map)
GuestCredentials(javax.jcr.GuestCredentials)
ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)
SimpleCredentials(javax.jcr.SimpleCredentials)
Credentials(javax.jcr.Credentials)
Example 3 with AuthInfoImpl
use of org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl in project sling by apache.
the class OakSlingRepository method createAdministrativeSession.
@Override
protected Session createAdministrativeSession(String workspace) throws RepositoryException {
// TODO: use principal provider to retrieve admin principal
Set<? extends Principal> principals = singleton(new AdminPrincipal() {
@Override
public String getName() {
return OakSlingRepository.this.adminId;
}
});
AuthInfo authInfo = new AuthInfoImpl(this.adminId, Collections.<String, Object>emptyMap(), principals);
Subject subject = new Subject(true, principals, singleton(authInfo), Collections.<Object>emptySet());
Session adminSession;
try {
adminSession = Subject.doAsPrivileged(subject, new PrivilegedExceptionAction<Session>() {
@Override
public Session run() throws Exception {
Map<String, Object> attrs = new HashMap<String, Object>();
attrs.put("oak.refresh-interval", 0);
// TODO OAK-803: Backwards compatibility of long-lived sessions
JackrabbitRepository repo = (JackrabbitRepository) getRepository();
return repo.login(null, null, attrs);
}
}, null);
} catch (PrivilegedActionException e) {
throw new RepositoryException("failed to retrieve admin session.", e);
}
return adminSession;
}
Also used :
AuthInfo(org.apache.jackrabbit.oak.api.AuthInfo)
HashMap(java.util.HashMap)
PrivilegedActionException(java.security.PrivilegedActionException)
RepositoryException(javax.jcr.RepositoryException)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
Subject(javax.security.auth.Subject)
AdminPrincipal(org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal)
AuthInfoImpl(org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl)
JackrabbitRepository(org.apache.jackrabbit.api.JackrabbitRepository)
Session(javax.jcr.Session)
Example 4 with AuthInfoImpl
use of org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl in project jackrabbit-oak by apache.
the class AbstractAccessControlManagerTest method before.
@Before
public void before() throws Exception {
testPrivileges = new Privilege[] { mockPrivilege("priv1"), mockPrivilege("priv2") };
allPrivileges = new Privilege[] { mockPrivilege(PrivilegeConstants.JCR_ALL) };
cs = Mockito.mock(ContentSession.class);
when(cs.getWorkspaceName()).thenReturn(WSP_NAME);
when(cs.getAuthInfo()).thenReturn(new AuthInfoImpl(null, ImmutableMap.of(), testPrincipals));
when(root.getContentSession()).thenReturn(cs);
Tree nonExistingTree = Mockito.mock(Tree.class);
when(nonExistingTree.exists()).thenReturn(false);
when(root.getTree(nonExistingPath)).thenReturn(nonExistingTree);
Tree existingTree = Mockito.mock(Tree.class);
when(existingTree.exists()).thenReturn(true);
when(root.getTree(testPath)).thenReturn(existingTree);
Tree rootTree = Mockito.mock(Tree.class);
when(rootTree.exists()).thenReturn(true);
when(root.getTree("/")).thenReturn(rootTree);
privilegeManager = Mockito.mock(PrivilegeManager.class);
when(privilegeManager.getRegisteredPrivileges()).thenReturn(testPrivileges);
when(privilegeManager.getPrivilege("priv1")).thenReturn(testPrivileges[0]);
when(privilegeManager.getPrivilege("priv2")).thenReturn(testPrivileges[1]);
when(privilegeManager.getPrivilege(PrivilegeConstants.JCR_ALL)).thenReturn(allPrivileges[0]);
PrivilegeConfiguration privilegeConfiguration = Mockito.mock(PrivilegeConfiguration.class);
when(privilegeConfiguration.getPrivilegeManager(root, getNamePathMapper())).thenReturn(privilegeManager);
authorizationConfiguration = Mockito.mock(AuthorizationConfiguration.class);
when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, getEveryonePrincipalSet())).thenReturn(EmptyPermissionProvider.getInstance());
when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, testPrincipals)).thenReturn(OpenPermissionProvider.getInstance());
when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, ImmutableSet.of())).thenReturn(EmptyPermissionProvider.getInstance());
when(authorizationConfiguration.getContext()).thenReturn(Context.DEFAULT);
securityProvider = Mockito.mock(SecurityProvider.class);
when(securityProvider.getConfiguration(PrivilegeConfiguration.class)).thenReturn(privilegeConfiguration);
when(securityProvider.getConfiguration(AuthorizationConfiguration.class)).thenReturn(authorizationConfiguration);
acMgr = createAccessControlManager(root, getNamePathMapper());
}
Also used :
AuthInfoImpl(org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl)
AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
SecurityProvider(org.apache.jackrabbit.oak.spi.security.SecurityProvider)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
Tree(org.apache.jackrabbit.oak.api.Tree)
PrivilegeConfiguration(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration)
Before(org.junit.Before)
Example 5 with AuthInfoImpl
use of org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl in project jackrabbit-oak by apache.
the class AbstractAccessControlManagerTest method testGetTreeDefinesNoAccess.
@Test(expected = AccessDeniedException.class)
public void testGetTreeDefinesNoAccess() throws Exception {
when(cs.getAuthInfo()).thenReturn(new AuthInfoImpl(null, ImmutableMap.of(), getEveryonePrincipalSet()));
AbstractAccessControlManager mgr = createAccessControlManager(root, getNamePathMapper());
mgr.getTree(testPath, Permissions.ALL, true);
}
Also used :
AuthInfoImpl(org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl)
Test(org.junit.Test)
Aggregations
AuthInfoImpl (org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl)11
AuthInfo (org.apache.jackrabbit.oak.api.AuthInfo)5
Principal (java.security.Principal)4
ContentSession (org.apache.jackrabbit.oak.api.ContentSession)4
ImpersonationCredentials (org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)4
Test (org.junit.Test)4
HashMap (java.util.HashMap)3
SimpleCredentials (javax.jcr.SimpleCredentials)3
Subject (javax.security.auth.Subject)3
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)3
PrivilegedActionException (java.security.PrivilegedActionException)2
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)2
Map (java.util.Map)2
Credentials (javax.jcr.Credentials)2
RepositoryException (javax.jcr.RepositoryException)2
Session (javax.jcr.Session)2
AdminPrincipal (org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal)2
Nonnull (javax.annotation.Nonnull)1
GuestCredentials (javax.jcr.GuestCredentials)1
LoginException (javax.security.auth.login.LoginException)1
