Search in sources :

Example 46 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit-oak by apache.

the class UserQueryTest method setUp.

@Override
public void setUp() throws Exception {
    super.setUp();
    Iterator<Authorizable> systemAuthorizables = userMgr.findAuthorizables("rep:principalName", null);
    while (systemAuthorizables.hasNext()) {
        Authorizable authorizable = systemAuthorizables.next();
        if (authorizable.isGroup()) {
            groups.add((Group) authorizable);
        } else {
            users.add((User) authorizable);
        }
        systemDefined.add(authorizable);
    }
    Group animals = createGroup("animals");
    Group invertebrates = createGroup("invertebrates");
    Group arachnids = createGroup("arachnids");
    Group insects = createGroup("insects");
    vertebrates = createGroup("vertebrates");
    mammals = createGroup("mammals");
    apes = createGroup("apes");
    Group reptiles = createGroup("reptiles");
    Group birds = createGroup("birds");
    Group amphibians = createGroup("amphibians");
    animals.addMember(invertebrates);
    animals.addMember(vertebrates);
    invertebrates.addMember(arachnids);
    invertebrates.addMember(insects);
    vertebrates.addMember(mammals);
    vertebrates.addMember(reptiles);
    vertebrates.addMember(birds);
    vertebrates.addMember(amphibians);
    mammals.addMember(apes);
    User blackWidow = createUser("black widow", "flies", 2, false);
    User gardenSpider = createUser("garden spider", "flies", 2, false);
    User jumpingSpider = createUser("jumping spider", "insects", 1, false);
    addMembers(arachnids, blackWidow, gardenSpider, jumpingSpider);
    User ant = createUser("ant", "leaves", 0.5, false);
    User bee = createUser("bee", "honey", 2.5, true);
    User fly = createUser("fly", "dirt", 1.3, false);
    addMembers(insects, ant, bee, fly);
    User jackrabbit = createUser("jackrabbit", "carrots", 2500, true);
    User backslash = createUser("foo\\bar", "characters", 2500, false);
    User deer = createUser("deer", "leaves", 120000, true);
    User opossum = createUser("opossum", "fruit", 1200, true);
    kangaroo = createUser("kangaroo", "grass", 90000, true);
    elephant = createUser("elephant", "leaves", 5000000, true);
    addMembers(mammals, jackrabbit, deer, opossum, kangaroo, elephant);
    User lemur = createUser("lemur", "nectar", 1100, true);
    User gibbon = createUser("gibbon", "meat", 20000, true);
    addMembers(apes, lemur, gibbon);
    User crocodile = createUser("crocodile", "meat", 80000, false);
    User turtle = createUser("turtle", "leaves", 10000, true);
    User lizard = createUser("lizard", "leaves", 1900, false);
    addMembers(reptiles, crocodile, turtle, lizard);
    User kestrel = createUser("kestrel", "mice", 2000, false);
    User goose = createUser("goose", "snails", 13000, true);
    User pelican = createUser("pelican", "fish", 15000, true);
    User dove = createUser("dove", "insects", 1600, false);
    addMembers(birds, kestrel, goose, pelican, dove);
    User salamander = createUser("salamander", "insects", 800, true);
    goldenToad = createUser("golden toad", "insects", 700, false);
    User poisonDartFrog = createUser("poison dart frog", "insects", 40, false);
    addMembers(amphibians, salamander, goldenToad, poisonDartFrog);
    setProperty("canFly", vf.createValue(true), bee, fly, kestrel, goose, pelican, dove);
    setProperty("poisonous", vf.createValue(true), blackWidow, bee, poisonDartFrog);
    setProperty("poisonous", vf.createValue(false), turtle, lemur);
    setProperty("hasWings", vf.createValue(false), blackWidow, gardenSpider, jumpingSpider, ant, jackrabbit, deer, opossum, kangaroo, elephant, lemur, gibbon, crocodile, turtle, lizard, salamander, goldenToad, poisonDartFrog);
    setProperty("color", vf.createValue("black"), blackWidow, gardenSpider, ant, fly, lizard, salamander);
    setProperty("color", vf.createValue("WHITE"), opossum, goose, pelican, dove);
    setProperty("color", vf.createValue("gold"), goldenToad);
    setProperty("numberOfLegs", vf.createValue(2), kangaroo, gibbon, kestrel, goose, dove);
    setProperty("numberOfLegs", vf.createValue(4), jackrabbit, deer, opossum, elephant, lemur, crocodile, turtle, lizard, salamander, goldenToad, poisonDartFrog);
    setProperty("numberOfLegs", vf.createValue(6), ant, bee, fly);
    setProperty("numberOfLegs", vf.createValue(8), blackWidow, gardenSpider, jumpingSpider);
    // testing ignore-case with sort order
    setProperty("continent", vf.createValue("africa"), lemur, gibbon);
    setProperty("continent", vf.createValue("Africa"), elephant);
    setProperty("continent", vf.createValue("australia"), kangaroo);
    setProperty("continent", vf.createValue("America"), opossum);
    elephant.getImpersonation().grantImpersonation(jackrabbit.getPrincipal());
    elephant.getImpersonation().grantImpersonation(backslash.getPrincipal());
    authorizables.addAll(users);
    authorizables.addAll(groups);
    if (!userMgr.isAutoSave()) {
        superuser.save();
    }
}
Also used : Group(org.apache.jackrabbit.api.security.user.Group) User(org.apache.jackrabbit.api.security.user.User) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)

Example 47 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit-oak by apache.

the class UserQueryTest method testImpersonation.

@Test
public void testImpersonation() throws RepositoryException {
    Iterator<Authorizable> result = userMgr.findAuthorizables(new Query() {

        public <T> void build(QueryBuilder<T> builder) {
            builder.setCondition(builder.impersonates("jackrabbit"));
        }
    });
    Iterator<User> expected = Iterators.singletonIterator(elephant);
    assertTrue(result.hasNext());
    assertSameElements(expected, result);
}
Also used : User(org.apache.jackrabbit.api.security.user.User) Query(org.apache.jackrabbit.api.security.user.Query) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) Test(org.junit.Test)

Example 48 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit-oak by apache.

the class UserImportIgnoreTest method testImportInvalidImpersonationIgnore.

@Test
public void testImportInvalidImpersonationIgnore() throws Exception {
    List<String> invalid = new ArrayList<String>();
    // an non-existing princ-name
    invalid.add("anybody");
    // a group
    invalid.add("administrators");
    // principal of the user itself.
    invalid.add("t");
    for (String principalName : invalid) {
        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" + "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property><sv:property sv:name=\"rep:impersonators\" sv:type=\"String\"><sv:value>" + principalName + "</sv:value></sv:property>" + "</sv:node>";
        Subject subj = new Subject();
        subj.getPrincipals().add(new PrincipalImpl(principalName));
        try {
            doImport(getTargetPath(), xml);
            // no exception during import: no impersonation must be granted
            // for the invalid principal name
            Authorizable a = getUserManager().getAuthorizable("t");
            if (!a.isGroup()) {
                Impersonation imp = ((User) a).getImpersonation();
                Subject s = new Subject();
                s.getPrincipals().add(new PrincipalImpl(principalName));
                assertFalse(imp.allows(s));
                for (PrincipalIterator it = imp.getImpersonators(); it.hasNext(); ) {
                    assertFalse(principalName.equals(it.nextPrincipal().getName()));
                }
            } else {
                fail("Importing 't' didn't create a User.");
            }
        } finally {
            getImportSession().refresh(false);
        }
    }
}
Also used : Impersonation(org.apache.jackrabbit.api.security.user.Impersonation) User(org.apache.jackrabbit.api.security.user.User) ArrayList(java.util.ArrayList) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) PrincipalIterator(org.apache.jackrabbit.api.security.principal.PrincipalIterator) Subject(javax.security.auth.Subject) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) Test(org.junit.Test)

Example 49 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit-oak by apache.

the class UserImportPwExpiryTest method testImportUserCreatesPasswordLastModified.

/**
     * @since Oak 1.1
     */
@Test
public void testImportUserCreatesPasswordLastModified() throws Exception {
    // import user
    String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"x\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" + "      <sv:value>rep:User</sv:value>" + "   </sv:property>" + "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\">" + "      <sv:value>9dd4e461-268c-3034-b5c8-564e155c67a6</sv:value>" + "   </sv:property>" + "   <sv:property sv:name=\"rep:password\" sv:type=\"String\">" + "      <sv:value>pw</sv:value>" + "   </sv:property>" + "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\">" + "      <sv:value>xPrincipal</sv:value>" + "   </sv:property>" + "   <sv:node sv:name=\"" + UserConstants.REP_PWD + "\">" + "      <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" + "         <sv:value>" + UserConstants.NT_REP_PASSWORD + "</sv:value>" + "      </sv:property>" + "   </sv:node>" + "</sv:node>";
    doImport(USERPATH, xml);
    Authorizable authorizable = getUserManager().getAuthorizable("x");
    Node userNode = getImportSession().getNode(authorizable.getPath());
    assertTrue(userNode.hasNode(UserConstants.REP_PWD));
    Node pwdNode = userNode.getNode(UserConstants.REP_PWD);
    assertTrue(pwdNode.getDefinition().isProtected());
    assertTrue(pwdNode.hasProperty(UserConstants.REP_PASSWORD_LAST_MODIFIED));
    assertTrue(pwdNode.getProperty(UserConstants.REP_PASSWORD_LAST_MODIFIED).getDefinition().isProtected());
}
Also used : Node(javax.jcr.Node) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) Test(org.junit.Test)

Example 50 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit-oak by apache.

the class UserImportTest method testImportUserWithAuthorizableId.

/**
     * @since OAK 1.0 : Importing rep:authorizableId
     */
@Test
public void testImportUserWithAuthorizableId() throws Exception {
    String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" + "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:authorizableId\" sv:type=\"String\"><sv:value>t</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property>" + "</sv:node>";
    doImport(getTargetPath(), xml);
    Session s = getImportSession();
    Authorizable newUser = getUserManager().getAuthorizable("t");
    assertNotNull(newUser);
    assertFalse(newUser.isGroup());
    assertEquals("t", newUser.getID());
    assertTrue(s.propertyExists(newUser.getPath() + "/rep:authorizableId"));
    assertEquals("t", s.getProperty(newUser.getPath() + "/rep:authorizableId").getString());
    s.save();
}
Also used : Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) Session(javax.jcr.Session) JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession) Test(org.junit.Test)

Aggregations

Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)466 Test (org.junit.Test)254 User (org.apache.jackrabbit.api.security.user.User)104 Group (org.apache.jackrabbit.api.security.user.Group)101 UserManager (org.apache.jackrabbit.api.security.user.UserManager)93 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)64 Principal (java.security.Principal)58 Node (javax.jcr.Node)55 RepositoryException (javax.jcr.RepositoryException)55 Query (org.apache.jackrabbit.api.security.user.Query)50 Session (javax.jcr.Session)49 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)45 Value (javax.jcr.Value)29 NodeImpl (org.apache.jackrabbit.core.NodeImpl)29 AbstractExternalAuthTest (org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest)28 ExternalUser (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)24 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)24 SimpleCredentials (javax.jcr.SimpleCredentials)21 HashMap (java.util.HashMap)18 QueryBuilder (org.apache.jackrabbit.api.security.user.QueryBuilder)16