Search in sources :

Example 21 with PrincipalManager

use of org.apache.jackrabbit.api.security.principal.PrincipalManager in project jackrabbit by apache.

the class ACLProvider method init.

//----------------------------------------------< AccessControlProvider >---
/**
     * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#init(javax.jcr.Session, java.util.Map)
     */
@Override
public void init(Session systemSession, Map configuration) throws RepositoryException {
    super.init(systemSession, configuration);
    NodeImpl root = (NodeImpl) session.getRootNode();
    if (root.hasNode(N_ACCESSCONTROL)) {
        acRoot = root.getNode(N_ACCESSCONTROL);
        if (!acRoot.isNodeType(NT_REP_ACCESS_CONTROL)) {
            throw new RepositoryException("Error while initializing Access Control Provider: Found ac-root to be wrong node type " + acRoot.getPrimaryNodeType().getName());
        }
    } else {
        acRoot = root.addNode(N_ACCESSCONTROL, NT_REP_ACCESS_CONTROL, null);
    }
    editor = new ACLEditor(session, session.getQPath(acRoot.getPath()));
    entriesCache = new EntriesCache(session, editor, acRoot.getPath());
    // TODO: replace by configurable default policy (see JCR-2331)
    if (!configuration.containsKey(PARAM_OMIT_DEFAULT_PERMISSIONS)) {
        try {
            log.debug("Install initial permissions: ...");
            ValueFactory vf = session.getValueFactory();
            Map<String, Value> restrictions = new HashMap<String, Value>();
            restrictions.put(session.getJCRName(ACLTemplate.P_NODE_PATH), vf.createValue(root.getPath(), PropertyType.PATH));
            PrincipalManager pMgr = session.getPrincipalManager();
            AccessControlManager acMgr = session.getAccessControlManager();
            // initial default permissions for the administrators group                
            String pName = SecurityConstants.ADMINISTRATORS_NAME;
            if (pMgr.hasPrincipal(pName)) {
                Principal administrators = pMgr.getPrincipal(pName);
                installDefaultPermissions(administrators, new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_ALL) }, restrictions, editor);
            } else {
                log.info("Administrators principal group is missing -> Not adding default permissions.");
            }
            // initialize default permissions for the everyone group
            installDefaultPermissions(pMgr.getEveryone(), new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ) }, restrictions, editor);
            session.save();
        } catch (RepositoryException e) {
            log.error("Failed to set-up minimal access control for root node of workspace " + session.getWorkspace().getName());
            session.getRootNode().refresh(false);
        }
    }
}
Also used : PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager) AccessControlManager(javax.jcr.security.AccessControlManager) NodeImpl(org.apache.jackrabbit.core.NodeImpl) HashMap(java.util.HashMap) Value(javax.jcr.Value) RepositoryException(javax.jcr.RepositoryException) ValueFactory(javax.jcr.ValueFactory) Principal(java.security.Principal)

Example 22 with PrincipalManager

use of org.apache.jackrabbit.api.security.principal.PrincipalManager in project jackrabbit-oak by apache.

the class ExternalLoginModuleDynamicMembershipTest method testLoginPopulatesPrincipals.

@Test
public void testLoginPopulatesPrincipals() throws Exception {
    ContentSession cs = null;
    try {
        cs = login(new SimpleCredentials(USER_ID, new char[0]));
        Set<String> expectedExternal = new HashSet<String>();
        calcExpectedPrincipalNames(idp.getUser(USER_ID), syncConfig.user().getMembershipNestingDepth(), expectedExternal);
        Set<Principal> principals = new HashSet<Principal>(cs.getAuthInfo().getPrincipals());
        root.refresh();
        PrincipalManager principalManager = getPrincipalManager(root);
        for (String pName : expectedExternal) {
            Principal p = principalManager.getPrincipal(pName);
            assertNotNull(p);
            assertTrue(principals.remove(p));
        }
        UserManager uMgr = getUserManager(root);
        User u = uMgr.getAuthorizable(USER_ID, User.class);
        assertTrue(principals.remove(u.getPrincipal()));
        Iterator<Group> it = u.memberOf();
        assertFalse(it.hasNext());
        assertTrue(principals.remove(EveryonePrincipal.getInstance()));
        assertTrue(principals.isEmpty());
    } finally {
        if (cs != null) {
            cs.close();
        }
        options.clear();
    }
}
Also used : PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager) SimpleCredentials(javax.jcr.SimpleCredentials) Group(org.apache.jackrabbit.api.security.user.Group) User(org.apache.jackrabbit.api.security.user.User) UserManager(org.apache.jackrabbit.api.security.user.UserManager) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) Principal(java.security.Principal) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 23 with PrincipalManager

use of org.apache.jackrabbit.api.security.principal.PrincipalManager in project jackrabbit-oak by apache.

the class GetGroupPrincipalsTest method runTest.

@Override
public void runTest() throws Exception {
    PrincipalManager principalManager = ((JackrabbitSession) session).getPrincipalManager();
    for (int i = 0; i < 1000; i++) {
        Principal p = principalManager.getPrincipal(principalName);
        PrincipalIterator principals = principalManager.getGroupMembership(p);
    //            while (principals.hasNext()) {
    //                Principal groupPrincipal = principals.nextPrincipal();
    //            }
    }
}
Also used : PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager) PrincipalIterator(org.apache.jackrabbit.api.security.principal.PrincipalIterator) JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession) Principal(java.security.Principal)

Example 24 with PrincipalManager

use of org.apache.jackrabbit.api.security.principal.PrincipalManager in project jackrabbit-oak by apache.

the class PrincipalConfigurationImplTest method testGetPrincipalManager3.

@Test
public void testGetPrincipalManager3() {
    PrincipalManager pm = pc2.getPrincipalManager(root, NamePathMapper.DEFAULT);
    assertNotNull(pm);
    assertTrue(pm instanceof PrincipalManagerImpl);
}
Also used : PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager) PrincipalManagerImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalManagerImpl) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 25 with PrincipalManager

use of org.apache.jackrabbit.api.security.principal.PrincipalManager in project jackrabbit-oak by apache.

the class PrincipalConfigurationImplTest method testGetPrincipalManager2.

@Test
public void testGetPrincipalManager2() {
    pc1.setSecurityProvider(getSecurityProvider());
    PrincipalManager pm = pc1.getPrincipalManager(root, NamePathMapper.DEFAULT);
    assertNotNull(pm);
    assertTrue(pm instanceof PrincipalManagerImpl);
}
Also used : PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager) PrincipalManagerImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalManagerImpl) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

PrincipalManager (org.apache.jackrabbit.api.security.principal.PrincipalManager)27 Principal (java.security.Principal)16 Test (org.junit.Test)11 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)9 PrincipalIterator (org.apache.jackrabbit.api.security.principal.PrincipalIterator)9 HashSet (java.util.HashSet)6 RepositoryException (javax.jcr.RepositoryException)6 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)6 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)4 Session (javax.jcr.Session)3 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)3 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)3 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)3 Group (org.apache.jackrabbit.api.security.user.Group)3 NodeImpl (org.apache.jackrabbit.core.NodeImpl)3 PrincipalImpl (org.apache.jackrabbit.core.security.principal.PrincipalImpl)3 AbstractCompositeConfigurationTest (org.apache.jackrabbit.oak.spi.security.AbstractCompositeConfigurationTest)3 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)3 Group (java.security.acl.Group)2 ArrayList (java.util.ArrayList)2