Search in sources :

Example 6 with PrincipalIterator

use of org.apache.jackrabbit.api.security.principal.PrincipalIterator in project jackrabbit by apache.

the class ACLTemplateTest method testMultiplePrincipals.

public void testMultiplePrincipals() throws RepositoryException, NotExecutableException {
    PrincipalManager pMgr = ((JackrabbitSession) superuser).getPrincipalManager();
    Principal everyone = pMgr.getEveryone();
    Principal grPrincipal = null;
    PrincipalIterator it = pMgr.findPrincipals("", PrincipalManager.SEARCH_TYPE_GROUP);
    while (it.hasNext()) {
        Group gr = (Group) it.nextPrincipal();
        if (!everyone.equals(gr)) {
            grPrincipal = gr;
        }
    }
    if (grPrincipal == null || grPrincipal.equals(everyone)) {
        throw new NotExecutableException();
    }
    Privilege[] privs = privilegesFromName(Privilege.JCR_READ);
    JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
    pt.addAccessControlEntry(testPrincipal, privs);
    assertFalse(pt.addAccessControlEntry(testPrincipal, privs));
    // add same privileges for another principal -> must modify as well.
    assertTrue(pt.addAccessControlEntry(everyone, privs));
    // .. 2 entries must be present.
    assertTrue(pt.getAccessControlEntries().length == 2);
}
Also used : PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager) Group(java.security.acl.Group) NotExecutableException(org.apache.jackrabbit.test.NotExecutableException) PrincipalIterator(org.apache.jackrabbit.api.security.principal.PrincipalIterator) JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession) Privilege(javax.jcr.security.Privilege) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Principal(java.security.Principal)

Example 7 with PrincipalIterator

use of org.apache.jackrabbit.api.security.principal.PrincipalIterator in project jackrabbit by apache.

the class UserImporterTest method testImportInvalidImpersonationIgnore.

public void testImportInvalidImpersonationIgnore() throws IOException, RepositoryException, SAXException, NotExecutableException {
    List<String> invalid = new ArrayList<String>();
    // an non-existing princ-name
    invalid.add("anybody");
    // a group
    invalid.add("administrators");
    // principal of the user itself.
    invalid.add("t");
    for (String principalName : invalid) {
        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" + "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property><sv:property sv:name=\"rep:impersonators\" sv:type=\"String\"><sv:value>" + principalName + "</sv:value></sv:property>" + "</sv:node>";
        Subject subj = new Subject();
        subj.getPrincipals().add(new PrincipalImpl(principalName));
        NodeImpl target = (NodeImpl) sImpl.getNode(umgr.getUsersPath());
        try {
            doImport(target, xml, UserImporter.ImportBehavior.IGNORE);
            // no exception during import: no impersonation must be granted
            // for the invalid principal name
            Authorizable a = umgr.getAuthorizable("t");
            if (!a.isGroup()) {
                Impersonation imp = ((User) a).getImpersonation();
                Subject s = new Subject();
                s.getPrincipals().add(new PrincipalImpl(principalName));
                assertFalse(imp.allows(s));
                for (PrincipalIterator it = imp.getImpersonators(); it.hasNext(); ) {
                    assertFalse(principalName.equals(it.nextPrincipal().getName()));
                }
            } else {
                fail("Importing 't' didn't create a User.");
            }
        } finally {
            sImpl.refresh(false);
        }
    }
}
Also used : Impersonation(org.apache.jackrabbit.api.security.user.Impersonation) User(org.apache.jackrabbit.api.security.user.User) NodeImpl(org.apache.jackrabbit.core.NodeImpl) ArrayList(java.util.ArrayList) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) PrincipalIterator(org.apache.jackrabbit.api.security.principal.PrincipalIterator) Subject(javax.security.auth.Subject) PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)

Example 8 with PrincipalIterator

use of org.apache.jackrabbit.api.security.principal.PrincipalIterator in project jackrabbit by apache.

the class PrincipalManagerImpl method getGroupMembership.

/**
     * {@inheritDoc}
     */
public PrincipalIterator getGroupMembership(Principal principal) {
    checkIsValid();
    List<CheckedIteratorEntry> entries = new ArrayList<CheckedIteratorEntry>(providers.length + 1);
    for (PrincipalProvider pp : providers) {
        PrincipalIterator groups = pp.getGroupMembership(principal);
        if (groups.hasNext()) {
            entries.add(new CheckedIteratorEntry(groups, pp));
        }
    }
    // additional entry for the 'everyone' group
    if (!(principal instanceof EveryonePrincipal)) {
        Iterator<Principal> it = Collections.singletonList(getEveryone()).iterator();
        entries.add(new CheckedIteratorEntry(it, null));
    }
    return new CheckedPrincipalIterator(entries);
}
Also used : ArrayList(java.util.ArrayList) PrincipalIterator(org.apache.jackrabbit.api.security.principal.PrincipalIterator) Principal(java.security.Principal) JackrabbitPrincipal(org.apache.jackrabbit.api.security.principal.JackrabbitPrincipal) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)

Example 9 with PrincipalIterator

use of org.apache.jackrabbit.api.security.principal.PrincipalIterator in project jackrabbit by apache.

the class PrincipalManagerImpl method findPrincipals.

/**
     * {@inheritDoc}
     */
public PrincipalIterator findPrincipals(String simpleFilter) {
    checkIsValid();
    List<CheckedIteratorEntry> entries = new ArrayList<CheckedIteratorEntry>(providers.length);
    for (PrincipalProvider pp : providers) {
        PrincipalIterator it = pp.findPrincipals(simpleFilter);
        if (it.hasNext()) {
            entries.add(new CheckedIteratorEntry(it, pp));
        }
    }
    return new CheckedPrincipalIterator(entries);
}
Also used : ArrayList(java.util.ArrayList) PrincipalIterator(org.apache.jackrabbit.api.security.principal.PrincipalIterator)

Example 10 with PrincipalIterator

use of org.apache.jackrabbit.api.security.principal.PrincipalIterator in project jackrabbit by apache.

the class PrincipalManagerImpl method getPrincipals.

/**
     * {@inheritDoc}
     * @param searchType
     */
public PrincipalIterator getPrincipals(int searchType) {
    checkIsValid();
    List<CheckedIteratorEntry> entries = new ArrayList<CheckedIteratorEntry>(providers.length);
    for (PrincipalProvider pp : providers) {
        PrincipalIterator it = pp.getPrincipals(searchType);
        if (it.hasNext()) {
            entries.add(new CheckedIteratorEntry(it, pp));
        }
    }
    return new CheckedPrincipalIterator(entries);
}
Also used : ArrayList(java.util.ArrayList) PrincipalIterator(org.apache.jackrabbit.api.security.principal.PrincipalIterator)

Aggregations

PrincipalIterator (org.apache.jackrabbit.api.security.principal.PrincipalIterator)61 Principal (java.security.Principal)40 Test (org.junit.Test)35 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)15 AbstractJCRTest (org.apache.jackrabbit.test.AbstractJCRTest)11 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)9 PrincipalManager (org.apache.jackrabbit.api.security.principal.PrincipalManager)9 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)9 ArrayList (java.util.ArrayList)8 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)7 Group (java.security.acl.Group)5 RepositoryException (javax.jcr.RepositoryException)4 Group (org.apache.jackrabbit.api.security.user.Group)4 TestPrincipal (org.apache.jackrabbit.core.security.TestPrincipal)4 EveryonePrincipal (org.apache.jackrabbit.core.security.principal.EveryonePrincipal)4 HashSet (java.util.HashSet)3 Impersonation (org.apache.jackrabbit.api.security.user.Impersonation)3 User (org.apache.jackrabbit.api.security.user.User)3 Session (javax.jcr.Session)2 Subject (javax.security.auth.Subject)2