Examples with AdminPrincipal org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal used on opensource projects

Example 1 with AdminPrincipal

use of org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal in project jackrabbit-oak by apache.

the class AdminPrincipalsBaseTest method testAdminPrincipal.

/**
     * Test if the ACL code properly deals the creation of ACEs for administrative
     * principals which have full access anyway.
     *
     * @since Oak 1.1.1
     * @see <a href="https://issues.apache.org/jira/browse/OAK-2158">OAK-2158</a>
     */
@Test
public void testAdminPrincipal() throws Exception {
    try {
        boolean success = acl.addAccessControlEntry(new AdminPrincipal() {

            @Override
            public String getName() {
                return "admin";
            }
        }, privilegesFromNames(PrivilegeConstants.JCR_READ));
        assertResult(success);
    } catch (AccessControlException e) {
        assertException();
    }
}

Example 2 with AdminPrincipal

use of org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal in project jackrabbit-oak by apache.

the class CugConfigurationTest method testExcludedPrincipals.

@Test
public void testExcludedPrincipals() {
    ConfigurationParameters params = ConfigurationParameters.of(CugConstants.PARAM_CUG_ENABLED, true, CugConstants.PARAM_CUG_SUPPORTED_PATHS, "/content");
    CugConfiguration cc = createConfiguration(params);
    List<Principal> excluded = ImmutableList.of(SystemPrincipal.INSTANCE, new AdminPrincipal() {

        @Override
        public String getName() {
            return "admin";
        }
    }, new SystemUserPrincipal() {

        @Override
        public String getName() {
            return "systemUser";
        }
    });
    for (Principal p : excluded) {
        Set<Principal> principals = ImmutableSet.of(p, EveryonePrincipal.getInstance());
        PermissionProvider pp = cc.getPermissionProvider(root, "default", principals);
        assertSame(EmptyPermissionProvider.getInstance(), pp);
    }
}

Example 3 with AdminPrincipal

use of org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal in project jackrabbit-oak by apache.

the class ImpersonationTest method testAdminAsImpersonator.

@Test
public void testAdminAsImpersonator() throws RepositoryException, NotExecutableException {
    String adminId = superuser.getUserID();
    Authorizable admin = userMgr.getAuthorizable(adminId);
    if (admin == null || admin.isGroup() || !((User) admin).isAdmin()) {
        throw new NotExecutableException(adminId + " is not administators ID");
    }
    Principal adminPrincipal = admin.getPrincipal();
    // admin cannot be add/remove to set of impersonators of 'u' but is
    // always allowed to impersonate that user.
    Impersonation impersonation = user.getImpersonation();
    assertFalse(impersonation.grantImpersonation(adminPrincipal));
    assertFalse(impersonation.revokeImpersonation(adminPrincipal));
    assertTrue(impersonation.allows(buildSubject(adminPrincipal)));
    // same if the impersonation object of the admin itself is used.
    Impersonation adminImpersonation = ((User) admin).getImpersonation();
    assertFalse(adminImpersonation.grantImpersonation(adminPrincipal));
    assertFalse(adminImpersonation.revokeImpersonation(adminPrincipal));
    assertTrue(impersonation.allows(buildSubject(adminPrincipal)));
}

Example 4 with AdminPrincipal

use of org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal in project jackrabbit-oak by apache.

the class UserInitializerTest method testAdminUser.

@Test
public void testAdminUser() throws Exception {
    Authorizable a = userMgr.getAuthorizable(UserUtil.getAdminId(config));
    assertFalse(a.isGroup());
    User admin = (User) a;
    assertTrue(admin.isAdmin());
    assertTrue(admin.getPrincipal() instanceof AdminPrincipal);
    assertTrue(admin.getPrincipal() instanceof TreeBasedPrincipal);
    assertEquals(admin.getID(), admin.getPrincipal().getName());
}

Example 5 with AdminPrincipal

use of org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal in project sling by apache.

the class OakSlingRepository method createAdministrativeSession.

@Override
protected Session createAdministrativeSession(String workspace) throws RepositoryException {
    // TODO: use principal provider to retrieve admin principal
    Set<? extends Principal> principals = singleton(new AdminPrincipal() {

        @Override
        public String getName() {
            return OakSlingRepository.this.adminId;
        }
    });
    AuthInfo authInfo = new AuthInfoImpl(this.adminId, Collections.<String, Object>emptyMap(), principals);
    Subject subject = new Subject(true, principals, singleton(authInfo), Collections.<Object>emptySet());
    Session adminSession;
    try {
        adminSession = Subject.doAsPrivileged(subject, new PrivilegedExceptionAction<Session>() {

            @Override
            public Session run() throws Exception {
                Map<String, Object> attrs = new HashMap<String, Object>();
                attrs.put("oak.refresh-interval", 0);
                // TODO OAK-803: Backwards compatibility of long-lived sessions
                JackrabbitRepository repo = (JackrabbitRepository) getRepository();
                return repo.login(null, null, attrs);
            }
        }, null);
    } catch (PrivilegedActionException e) {
        throw new RepositoryException("failed to retrieve admin session.", e);
    }
    return adminSession;
}