Example 6 with PrincipalImpl
use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.
the class UserQueryManagerTest method testQueryNameMatchesWithUnderscorePrincipalName.
@Test
public void testQueryNameMatchesWithUnderscorePrincipalName() throws Exception {
Group g = createGroup("g", new PrincipalImpl("group_with_underscore"));
root.commit();
Query q = new Query() {
@Override
public <T> void build(QueryBuilder<T> builder) {
builder.setCondition(builder.nameMatches("group_with_underscore"));
}
};
Iterator<Authorizable> result = queryMgr.findAuthorizables(q);
assertResultContainsAuthorizables(result, g);
}
Also used :
Group(org.apache.jackrabbit.api.security.user.Group)
Query(org.apache.jackrabbit.api.security.user.Query)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
QueryBuilder(org.apache.jackrabbit.api.security.user.QueryBuilder)
PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 7 with PrincipalImpl
use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.
the class UserImportIgnoreTest method testImportInvalidImpersonationIgnore.
@Test
public void testImportInvalidImpersonationIgnore() throws Exception {
List<String> invalid = new ArrayList<String>();
// an non-existing princ-name
invalid.add("anybody");
// a group
invalid.add("administrators");
// principal of the user itself.
invalid.add("t");
for (String principalName : invalid) {
String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + " <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" + " <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + " <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" + " <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property><sv:property sv:name=\"rep:impersonators\" sv:type=\"String\"><sv:value>" + principalName + "</sv:value></sv:property>" + "</sv:node>";
Subject subj = new Subject();
subj.getPrincipals().add(new PrincipalImpl(principalName));
try {
doImport(getTargetPath(), xml);
// no exception during import: no impersonation must be granted
// for the invalid principal name
Authorizable a = getUserManager().getAuthorizable("t");
if (!a.isGroup()) {
Impersonation imp = ((User) a).getImpersonation();
Subject s = new Subject();
s.getPrincipals().add(new PrincipalImpl(principalName));
assertFalse(imp.allows(s));
for (PrincipalIterator it = imp.getImpersonators(); it.hasNext(); ) {
assertFalse(principalName.equals(it.nextPrincipal().getName()));
}
} else {
fail("Importing 't' didn't create a User.");
}
} finally {
getImportSession().refresh(false);
}
}
}
Also used :
Impersonation(org.apache.jackrabbit.api.security.user.Impersonation)
User(org.apache.jackrabbit.api.security.user.User)
ArrayList(java.util.ArrayList)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
PrincipalIterator(org.apache.jackrabbit.api.security.principal.PrincipalIterator)
Subject(javax.security.auth.Subject)
PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)
Test(org.junit.Test)
Example 8 with PrincipalImpl
use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.
the class UserManagerTest method testCreateGroupWithInvalidIdOrPrincipal.
@Test
public void testCreateGroupWithInvalidIdOrPrincipal() throws RepositoryException, NotExecutableException {
Principal p = getTestPrincipal();
String uid = p.getName();
Principal emptyNamePrincipal = new PrincipalImpl("");
Map<String, Principal> fail = new HashMap<String, Principal>();
fail.put(uid, null);
fail.put(uid, emptyNamePrincipal);
fail.put(null, p);
fail.put("", p);
for (String id : fail.keySet()) {
Group g = null;
try {
Principal princ = fail.get(id);
g = userMgr.createGroup(id, princ, null);
fail("Creating group with id '" + id + "' and principal '" + princ.getName() + "' should fail");
} catch (IllegalArgumentException e) {
// success
} finally {
if (g != null) {
g.remove();
superuser.save();
}
}
}
}
Also used :
Group(org.apache.jackrabbit.api.security.user.Group)
HashMap(java.util.HashMap)
Principal(java.security.Principal)
EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)
PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)
Test(org.junit.Test)
Example 9 with PrincipalImpl
use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.
the class PrincipalProviderDeepNestingTest method testFindPrincipalsByHintTypeGroup.
@Override
@Test
public void testFindPrincipalsByHintTypeGroup() throws Exception {
Set<? extends Principal> expected = ImmutableSet.of(new PrincipalImpl("a"), new PrincipalImpl("aa"), new PrincipalImpl("aaa"));
Set<? extends Principal> res = ImmutableSet.copyOf(principalProvider.findPrincipals("a", PrincipalManager.SEARCH_TYPE_GROUP));
assertEquals(expected, res);
}
Also used :
PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)
Test(org.junit.Test)
Example 10 with PrincipalImpl
use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.
the class PrincipalProviderDeepNestingTest method testFindPrincipalsByHintTypeAll.
@Override
@Test
public void testFindPrincipalsByHintTypeAll() throws Exception {
Set<? extends Principal> expected = ImmutableSet.of(new PrincipalImpl("a"), new PrincipalImpl("aa"), new PrincipalImpl("aaa"));
Set<? extends Principal> res = ImmutableSet.copyOf(principalProvider.findPrincipals("a", PrincipalManager.SEARCH_TYPE_ALL));
assertEquals(expected, res);
}
Also used :
PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)
Test(org.junit.Test)
Aggregations
PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)96
Test (org.junit.Test)66
Principal (java.security.Principal)40
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)24
Group (org.apache.jackrabbit.api.security.user.Group)22
User (org.apache.jackrabbit.api.security.user.User)20
EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)20
UserManager (org.apache.jackrabbit.api.security.user.UserManager)16
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)15
JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)12
GroupPrincipal (org.apache.jackrabbit.api.security.principal.GroupPrincipal)11
Session (javax.jcr.Session)9
SimpleCredentials (javax.jcr.SimpleCredentials)7
ContentSession (org.apache.jackrabbit.oak.api.ContentSession)6
ExternalUser (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)6
CugPolicy (org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy)6
HashSet (java.util.HashSet)5
ExternalGroup (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup)5
AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)5
EmptyPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider)5
