Search in sources :

Example 1 with ItemBasedPrincipal

use of org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal in project jackrabbit-oak by apache.

the class CugExcludeDefaultTest method testPrincipals.

@Test
public void testPrincipals() {
    Set<Principal> principals = new HashSet<Principal>();
    principals.add(new PrincipalImpl("test"));
    principals.add(new ItemBasedPrincipal() {

        @Override
        public String getPath() {
            return "/path";
        }

        @Override
        public String getName() {
            return "test";
        }
    });
    assertFalse(exclude.isExcluded(principals));
    for (Principal p : principals) {
        assertFalse(exclude.isExcluded(ImmutableSet.of(p)));
    }
}
Also used : ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) SystemPrincipal(org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal) SystemUserPrincipal(org.apache.jackrabbit.oak.spi.security.principal.SystemUserPrincipal) AdminPrincipal(org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal) Principal(java.security.Principal) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 2 with ItemBasedPrincipal

use of org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal in project jackrabbit-oak by apache.

the class AccessControlManagerImpl method getPolicies.

@Nonnull
@Override
public JackrabbitAccessControlPolicy[] getPolicies(@Nonnull Principal principal) throws RepositoryException {
    Util.checkValidPrincipal(principal, principalManager);
    String oakPath = (principal instanceof ItemBasedPrincipal) ? ((ItemBasedPrincipal) principal).getPath() : null;
    JackrabbitAccessControlPolicy policy = createPrincipalACL(oakPath, principal);
    if (policy != null) {
        return new JackrabbitAccessControlPolicy[] { policy };
    } else {
        return new JackrabbitAccessControlPolicy[0];
    }
}
Also used : ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) Nonnull(javax.annotation.Nonnull)

Example 3 with ItemBasedPrincipal

use of org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal in project jackrabbit by apache.

the class UserAccessControlProvider method init.

// ----------------------------------------------< AccessControlProvider >---
/**
 * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#init(Session, Map)
 */
@Override
public void init(Session systemSession, Map configuration) throws RepositoryException {
    super.init(systemSession, configuration);
    if (systemSession instanceof SessionImpl) {
        SessionImpl sImpl = (SessionImpl) systemSession;
        String userAdminName = (configuration.containsKey(USER_ADMIN_GROUP_NAME)) ? configuration.get(USER_ADMIN_GROUP_NAME).toString() : USER_ADMIN_GROUP_NAME;
        String groupAdminName = (configuration.containsKey(GROUP_ADMIN_GROUP_NAME)) ? configuration.get(GROUP_ADMIN_GROUP_NAME).toString() : GROUP_ADMIN_GROUP_NAME;
        // make sure the groups exist (and possibly create them).
        UserManager uMgr = sImpl.getUserManager();
        userAdminGroup = initGroup(uMgr, userAdminName);
        if (userAdminGroup != null && userAdminGroup instanceof ItemBasedPrincipal) {
            userAdminGroupPath = ((ItemBasedPrincipal) userAdminGroup).getPath();
        }
        groupAdminGroup = initGroup(uMgr, groupAdminName);
        if (groupAdminGroup != null && groupAdminGroup instanceof ItemBasedPrincipal) {
            groupAdminGroupPath = ((ItemBasedPrincipal) groupAdminGroup).getPath();
        }
        Principal administrators = initGroup(uMgr, SecurityConstants.ADMINISTRATORS_NAME);
        if (administrators != null && administrators instanceof ItemBasedPrincipal) {
            administratorsGroupPath = ((ItemBasedPrincipal) administrators).getPath();
        }
        usersPath = (uMgr instanceof UserManagerImpl) ? ((UserManagerImpl) uMgr).getUsersPath() : UserConstants.USERS_PATH;
        groupsPath = (uMgr instanceof UserManagerImpl) ? ((UserManagerImpl) uMgr).getGroupsPath() : UserConstants.GROUPS_PATH;
        membersInProperty = !(uMgr instanceof UserManagerImpl) || !((UserManagerImpl) uMgr).hasMemberSplitSize();
        if (configuration.containsKey(PARAM_ANONYMOUS_ID)) {
            anonymousId = (String) configuration.get(PARAM_ANONYMOUS_ID);
        } else {
            anonymousId = SecurityConstants.ANONYMOUS_ID;
        }
        if (configuration.containsKey(PARAM_ANONYMOUS_ACCESS)) {
            anonymousAccess = Boolean.parseBoolean((String) configuration.get(PARAM_ANONYMOUS_ACCESS));
        } else {
            anonymousAccess = true;
        }
    } else {
        throw new RepositoryException("SessionImpl (system session) expected.");
    }
}
Also used : UserManager(org.apache.jackrabbit.api.security.user.UserManager) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) RepositoryException(javax.jcr.RepositoryException) SessionImpl(org.apache.jackrabbit.core.SessionImpl) AnonymousPrincipal(org.apache.jackrabbit.core.security.AnonymousPrincipal) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) Principal(java.security.Principal)

Example 4 with ItemBasedPrincipal

use of org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal in project jackrabbit by apache.

the class WriteTest method testEditor2.

public void testEditor2() throws NotExecutableException, RepositoryException {
    UserManager uMgr = getUserManager(superuser);
    User u = null;
    User u2 = null;
    try {
        u = uMgr.createUser("t", "t");
        u2 = uMgr.createUser("tt", "tt", new TestPrincipal("tt"), "t/tt");
        if (!uMgr.isAutoSave()) {
            superuser.save();
        }
        Principal p = u.getPrincipal();
        Principal p2 = u2.getPrincipal();
        if (p instanceof ItemBasedPrincipal && p2 instanceof ItemBasedPrincipal && Text.isDescendant(((ItemBasedPrincipal) p).getPath(), ((ItemBasedPrincipal) p2).getPath())) {
            JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) getAccessControlManager(superuser);
            JackrabbitAccessControlPolicy[] acls = acMgr.getApplicablePolicies(p2);
            acMgr.setPolicy(acls[0].getPath(), acls[0]);
            acls = acMgr.getApplicablePolicies(p);
            String path = acls[0].getPath();
            Node n = superuser.getNode(path);
            assertEquals("rep:PrincipalAccessControl", n.getPrimaryNodeType().getName());
        } else {
            throw new NotExecutableException();
        }
    } finally {
        superuser.refresh(false);
        if (u2 != null)
            u2.remove();
        if (u != null)
            u.remove();
        if (!uMgr.isAutoSave()) {
            superuser.save();
        }
    }
}
Also used : JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager) User(org.apache.jackrabbit.api.security.user.User) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) NotExecutableException(org.apache.jackrabbit.test.NotExecutableException) UserManager(org.apache.jackrabbit.api.security.user.UserManager) Node(javax.jcr.Node) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) Principal(java.security.Principal)

Example 5 with ItemBasedPrincipal

use of org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal in project jackrabbit by apache.

the class CompatTokenProvider method createToken.

/**
 * Create a separate token node underneath a dedicated token store within
 * the user home node. That token node contains the hashed token, the
 * expiration time and additional mandatory attributes that will be verified
 * during login.
 *
 * @param user
 * @param sc The current simple credentials.
 * @return A new {@code TokenInfo} or {@code null} if the token could not
 *         be created.
 */
public TokenInfo createToken(User user, SimpleCredentials sc) throws RepositoryException {
    String userPath = null;
    Principal pr = user.getPrincipal();
    if (pr instanceof ItemBasedPrincipal) {
        userPath = ((ItemBasedPrincipal) pr).getPath();
    }
    TokenCredentials tokenCredentials;
    if (userPath != null && session.nodeExists(userPath)) {
        Node userNode = session.getNode(userPath);
        Node tokenParent;
        if (!userNode.hasNode(TOKENS_NODE_NAME)) {
            userNode.addNode(TOKENS_NODE_NAME, TOKENS_NT_NAME);
            try {
                session.save();
            } catch (RepositoryException e) {
                // may happen when .tokens node is created concurrently
                session.refresh(false);
            }
        }
        tokenParent = userNode.getNode(TOKENS_NODE_NAME);
        long creationTime = new Date().getTime();
        long expirationTime = creationTime + tokenExpiration;
        Calendar cal = GregorianCalendar.getInstance();
        cal.setTimeInMillis(creationTime);
        // generate key part of the login token
        String key = generateKey(8);
        // create the token node
        String tokenName = Text.replace(ISO8601.format(cal), ":", ".");
        Node tokenNode;
        // avoid usage of sequential nodeIDs
        if (System.getProperty(NodeIdFactory.SEQUENTIAL_NODE_ID) == null) {
            tokenNode = tokenParent.addNode(tokenName);
        } else {
            tokenNode = ((NodeImpl) tokenParent).addNodeWithUuid(tokenName, NodeId.randomId().toString());
        }
        StringBuilder sb = new StringBuilder(tokenNode.getIdentifier());
        sb.append(DELIM).append(key);
        String token = sb.toString();
        tokenCredentials = new TokenCredentials(token);
        sc.setAttribute(TOKEN_ATTRIBUTE, token);
        // add key property
        tokenNode.setProperty(TOKEN_ATTRIBUTE_KEY, getDigestedKey(key));
        // add expiration time property
        cal.setTimeInMillis(expirationTime);
        tokenNode.setProperty(TOKEN_ATTRIBUTE_EXPIRY, session.getValueFactory().createValue(cal));
        // add additional attributes passed in by the credentials.
        for (String name : sc.getAttributeNames()) {
            if (!TOKEN_ATTRIBUTE.equals(name)) {
                String value = sc.getAttribute(name).toString();
                tokenNode.setProperty(name, value);
                tokenCredentials.setAttribute(name, value);
            }
        }
        session.save();
        return new CompatModeInfo(token, tokenNode);
    } else {
        throw new RepositoryException("Cannot create login token: No corresponding node for User " + user.getID() + " in workspace '" + session.getWorkspace().getName() + "'.");
    }
}
Also used : Node(javax.jcr.Node) Calendar(java.util.Calendar) GregorianCalendar(java.util.GregorianCalendar) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) RepositoryException(javax.jcr.RepositoryException) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) Principal(java.security.Principal) Date(java.util.Date) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)

Aggregations

ItemBasedPrincipal (org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)18 Principal (java.security.Principal)10 UserManager (org.apache.jackrabbit.api.security.user.UserManager)7 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)6 RepositoryException (javax.jcr.RepositoryException)5 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)5 User (org.apache.jackrabbit.api.security.user.User)5 NodeImpl (org.apache.jackrabbit.core.NodeImpl)4 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)4 HashSet (java.util.HashSet)3 Node (javax.jcr.Node)3 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)3 Nonnull (javax.annotation.Nonnull)2 Session (javax.jcr.Session)2 SimpleCredentials (javax.jcr.SimpleCredentials)2 GroupPrincipal (org.apache.jackrabbit.api.security.principal.GroupPrincipal)2 SessionImpl (org.apache.jackrabbit.core.SessionImpl)2 Test (org.junit.Test)2 ArrayList (java.util.ArrayList)1 Calendar (java.util.Calendar)1