use of org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal in project jackrabbit-oak by apache.
the class CugExcludeDefaultTest method testPrincipals.
@Test
public void testPrincipals() {
Set<Principal> principals = new HashSet<Principal>();
principals.add(new PrincipalImpl("test"));
principals.add(new ItemBasedPrincipal() {
@Override
public String getPath() {
return "/path";
}
@Override
public String getName() {
return "test";
}
});
assertFalse(exclude.isExcluded(principals));
for (Principal p : principals) {
assertFalse(exclude.isExcluded(ImmutableSet.of(p)));
}
}
use of org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal in project jackrabbit-oak by apache.
the class AccessControlManagerImpl method getPolicies.
@Nonnull
@Override
public JackrabbitAccessControlPolicy[] getPolicies(@Nonnull Principal principal) throws RepositoryException {
Util.checkValidPrincipal(principal, principalManager);
String oakPath = (principal instanceof ItemBasedPrincipal) ? ((ItemBasedPrincipal) principal).getPath() : null;
JackrabbitAccessControlPolicy policy = createPrincipalACL(oakPath, principal);
if (policy != null) {
return new JackrabbitAccessControlPolicy[] { policy };
} else {
return new JackrabbitAccessControlPolicy[0];
}
}
use of org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal in project jackrabbit by apache.
the class UserAccessControlProvider method init.
// ----------------------------------------------< AccessControlProvider >---
/**
* @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#init(Session, Map)
*/
@Override
public void init(Session systemSession, Map configuration) throws RepositoryException {
super.init(systemSession, configuration);
if (systemSession instanceof SessionImpl) {
SessionImpl sImpl = (SessionImpl) systemSession;
String userAdminName = (configuration.containsKey(USER_ADMIN_GROUP_NAME)) ? configuration.get(USER_ADMIN_GROUP_NAME).toString() : USER_ADMIN_GROUP_NAME;
String groupAdminName = (configuration.containsKey(GROUP_ADMIN_GROUP_NAME)) ? configuration.get(GROUP_ADMIN_GROUP_NAME).toString() : GROUP_ADMIN_GROUP_NAME;
// make sure the groups exist (and possibly create them).
UserManager uMgr = sImpl.getUserManager();
userAdminGroup = initGroup(uMgr, userAdminName);
if (userAdminGroup != null && userAdminGroup instanceof ItemBasedPrincipal) {
userAdminGroupPath = ((ItemBasedPrincipal) userAdminGroup).getPath();
}
groupAdminGroup = initGroup(uMgr, groupAdminName);
if (groupAdminGroup != null && groupAdminGroup instanceof ItemBasedPrincipal) {
groupAdminGroupPath = ((ItemBasedPrincipal) groupAdminGroup).getPath();
}
Principal administrators = initGroup(uMgr, SecurityConstants.ADMINISTRATORS_NAME);
if (administrators != null && administrators instanceof ItemBasedPrincipal) {
administratorsGroupPath = ((ItemBasedPrincipal) administrators).getPath();
}
usersPath = (uMgr instanceof UserManagerImpl) ? ((UserManagerImpl) uMgr).getUsersPath() : UserConstants.USERS_PATH;
groupsPath = (uMgr instanceof UserManagerImpl) ? ((UserManagerImpl) uMgr).getGroupsPath() : UserConstants.GROUPS_PATH;
membersInProperty = !(uMgr instanceof UserManagerImpl) || !((UserManagerImpl) uMgr).hasMemberSplitSize();
if (configuration.containsKey(PARAM_ANONYMOUS_ID)) {
anonymousId = (String) configuration.get(PARAM_ANONYMOUS_ID);
} else {
anonymousId = SecurityConstants.ANONYMOUS_ID;
}
if (configuration.containsKey(PARAM_ANONYMOUS_ACCESS)) {
anonymousAccess = Boolean.parseBoolean((String) configuration.get(PARAM_ANONYMOUS_ACCESS));
} else {
anonymousAccess = true;
}
} else {
throw new RepositoryException("SessionImpl (system session) expected.");
}
}
use of org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal in project jackrabbit by apache.
the class WriteTest method testEditor2.
public void testEditor2() throws NotExecutableException, RepositoryException {
UserManager uMgr = getUserManager(superuser);
User u = null;
User u2 = null;
try {
u = uMgr.createUser("t", "t");
u2 = uMgr.createUser("tt", "tt", new TestPrincipal("tt"), "t/tt");
if (!uMgr.isAutoSave()) {
superuser.save();
}
Principal p = u.getPrincipal();
Principal p2 = u2.getPrincipal();
if (p instanceof ItemBasedPrincipal && p2 instanceof ItemBasedPrincipal && Text.isDescendant(((ItemBasedPrincipal) p).getPath(), ((ItemBasedPrincipal) p2).getPath())) {
JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) getAccessControlManager(superuser);
JackrabbitAccessControlPolicy[] acls = acMgr.getApplicablePolicies(p2);
acMgr.setPolicy(acls[0].getPath(), acls[0]);
acls = acMgr.getApplicablePolicies(p);
String path = acls[0].getPath();
Node n = superuser.getNode(path);
assertEquals("rep:PrincipalAccessControl", n.getPrimaryNodeType().getName());
} else {
throw new NotExecutableException();
}
} finally {
superuser.refresh(false);
if (u2 != null)
u2.remove();
if (u != null)
u.remove();
if (!uMgr.isAutoSave()) {
superuser.save();
}
}
}
use of org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal in project jackrabbit by apache.
the class CompatTokenProvider method createToken.
/**
* Create a separate token node underneath a dedicated token store within
* the user home node. That token node contains the hashed token, the
* expiration time and additional mandatory attributes that will be verified
* during login.
*
* @param user
* @param sc The current simple credentials.
* @return A new {@code TokenInfo} or {@code null} if the token could not
* be created.
*/
public TokenInfo createToken(User user, SimpleCredentials sc) throws RepositoryException {
String userPath = null;
Principal pr = user.getPrincipal();
if (pr instanceof ItemBasedPrincipal) {
userPath = ((ItemBasedPrincipal) pr).getPath();
}
TokenCredentials tokenCredentials;
if (userPath != null && session.nodeExists(userPath)) {
Node userNode = session.getNode(userPath);
Node tokenParent;
if (!userNode.hasNode(TOKENS_NODE_NAME)) {
userNode.addNode(TOKENS_NODE_NAME, TOKENS_NT_NAME);
try {
session.save();
} catch (RepositoryException e) {
// may happen when .tokens node is created concurrently
session.refresh(false);
}
}
tokenParent = userNode.getNode(TOKENS_NODE_NAME);
long creationTime = new Date().getTime();
long expirationTime = creationTime + tokenExpiration;
Calendar cal = GregorianCalendar.getInstance();
cal.setTimeInMillis(creationTime);
// generate key part of the login token
String key = generateKey(8);
// create the token node
String tokenName = Text.replace(ISO8601.format(cal), ":", ".");
Node tokenNode;
// avoid usage of sequential nodeIDs
if (System.getProperty(NodeIdFactory.SEQUENTIAL_NODE_ID) == null) {
tokenNode = tokenParent.addNode(tokenName);
} else {
tokenNode = ((NodeImpl) tokenParent).addNodeWithUuid(tokenName, NodeId.randomId().toString());
}
StringBuilder sb = new StringBuilder(tokenNode.getIdentifier());
sb.append(DELIM).append(key);
String token = sb.toString();
tokenCredentials = new TokenCredentials(token);
sc.setAttribute(TOKEN_ATTRIBUTE, token);
// add key property
tokenNode.setProperty(TOKEN_ATTRIBUTE_KEY, getDigestedKey(key));
// add expiration time property
cal.setTimeInMillis(expirationTime);
tokenNode.setProperty(TOKEN_ATTRIBUTE_EXPIRY, session.getValueFactory().createValue(cal));
// add additional attributes passed in by the credentials.
for (String name : sc.getAttributeNames()) {
if (!TOKEN_ATTRIBUTE.equals(name)) {
String value = sc.getAttribute(name).toString();
tokenNode.setProperty(name, value);
tokenCredentials.setAttribute(name, value);
}
}
session.save();
return new CompatModeInfo(token, tokenNode);
} else {
throw new RepositoryException("Cannot create login token: No corresponding node for User " + user.getID() + " in workspace '" + session.getWorkspace().getName() + "'.");
}
}
Aggregations