Example 46 with Authorizable
use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit-oak by apache.
the class UserQueryTest method setUp.
@Override
public void setUp() throws Exception {
super.setUp();
Iterator<Authorizable> systemAuthorizables = userMgr.findAuthorizables("rep:principalName", null);
while (systemAuthorizables.hasNext()) {
Authorizable authorizable = systemAuthorizables.next();
if (authorizable.isGroup()) {
groups.add((Group) authorizable);
} else {
users.add((User) authorizable);
}
systemDefined.add(authorizable);
}
Group animals = createGroup("animals");
Group invertebrates = createGroup("invertebrates");
Group arachnids = createGroup("arachnids");
Group insects = createGroup("insects");
vertebrates = createGroup("vertebrates");
mammals = createGroup("mammals");
apes = createGroup("apes");
Group reptiles = createGroup("reptiles");
Group birds = createGroup("birds");
Group amphibians = createGroup("amphibians");
animals.addMember(invertebrates);
animals.addMember(vertebrates);
invertebrates.addMember(arachnids);
invertebrates.addMember(insects);
vertebrates.addMember(mammals);
vertebrates.addMember(reptiles);
vertebrates.addMember(birds);
vertebrates.addMember(amphibians);
mammals.addMember(apes);
User blackWidow = createUser("black widow", "flies", 2, false);
User gardenSpider = createUser("garden spider", "flies", 2, false);
User jumpingSpider = createUser("jumping spider", "insects", 1, false);
addMembers(arachnids, blackWidow, gardenSpider, jumpingSpider);
User ant = createUser("ant", "leaves", 0.5, false);
User bee = createUser("bee", "honey", 2.5, true);
User fly = createUser("fly", "dirt", 1.3, false);
addMembers(insects, ant, bee, fly);
User jackrabbit = createUser("jackrabbit", "carrots", 2500, true);
User backslash = createUser("foo\\bar", "characters", 2500, false);
User deer = createUser("deer", "leaves", 120000, true);
User opossum = createUser("opossum", "fruit", 1200, true);
kangaroo = createUser("kangaroo", "grass", 90000, true);
elephant = createUser("elephant", "leaves", 5000000, true);
addMembers(mammals, jackrabbit, deer, opossum, kangaroo, elephant);
User lemur = createUser("lemur", "nectar", 1100, true);
User gibbon = createUser("gibbon", "meat", 20000, true);
addMembers(apes, lemur, gibbon);
User crocodile = createUser("crocodile", "meat", 80000, false);
User turtle = createUser("turtle", "leaves", 10000, true);
User lizard = createUser("lizard", "leaves", 1900, false);
addMembers(reptiles, crocodile, turtle, lizard);
User kestrel = createUser("kestrel", "mice", 2000, false);
User goose = createUser("goose", "snails", 13000, true);
User pelican = createUser("pelican", "fish", 15000, true);
User dove = createUser("dove", "insects", 1600, false);
addMembers(birds, kestrel, goose, pelican, dove);
User salamander = createUser("salamander", "insects", 800, true);
goldenToad = createUser("golden toad", "insects", 700, false);
User poisonDartFrog = createUser("poison dart frog", "insects", 40, false);
addMembers(amphibians, salamander, goldenToad, poisonDartFrog);
setProperty("canFly", vf.createValue(true), bee, fly, kestrel, goose, pelican, dove);
setProperty("poisonous", vf.createValue(true), blackWidow, bee, poisonDartFrog);
setProperty("poisonous", vf.createValue(false), turtle, lemur);
setProperty("hasWings", vf.createValue(false), blackWidow, gardenSpider, jumpingSpider, ant, jackrabbit, deer, opossum, kangaroo, elephant, lemur, gibbon, crocodile, turtle, lizard, salamander, goldenToad, poisonDartFrog);
setProperty("color", vf.createValue("black"), blackWidow, gardenSpider, ant, fly, lizard, salamander);
setProperty("color", vf.createValue("WHITE"), opossum, goose, pelican, dove);
setProperty("color", vf.createValue("gold"), goldenToad);
setProperty("numberOfLegs", vf.createValue(2), kangaroo, gibbon, kestrel, goose, dove);
setProperty("numberOfLegs", vf.createValue(4), jackrabbit, deer, opossum, elephant, lemur, crocodile, turtle, lizard, salamander, goldenToad, poisonDartFrog);
setProperty("numberOfLegs", vf.createValue(6), ant, bee, fly);
setProperty("numberOfLegs", vf.createValue(8), blackWidow, gardenSpider, jumpingSpider);
// testing ignore-case with sort order
setProperty("continent", vf.createValue("africa"), lemur, gibbon);
setProperty("continent", vf.createValue("Africa"), elephant);
setProperty("continent", vf.createValue("australia"), kangaroo);
setProperty("continent", vf.createValue("America"), opossum);
elephant.getImpersonation().grantImpersonation(jackrabbit.getPrincipal());
elephant.getImpersonation().grantImpersonation(backslash.getPrincipal());
authorizables.addAll(users);
authorizables.addAll(groups);
if (!userMgr.isAutoSave()) {
superuser.save();
}
}
Also used :
Group(org.apache.jackrabbit.api.security.user.Group)
User(org.apache.jackrabbit.api.security.user.User)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
Example 47 with Authorizable
use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit-oak by apache.
the class UserQueryTest method testImpersonation.
@Test
public void testImpersonation() throws RepositoryException {
Iterator<Authorizable> result = userMgr.findAuthorizables(new Query() {
public <T> void build(QueryBuilder<T> builder) {
builder.setCondition(builder.impersonates("jackrabbit"));
}
});
Iterator<User> expected = Iterators.singletonIterator(elephant);
assertTrue(result.hasNext());
assertSameElements(expected, result);
}
Also used :
User(org.apache.jackrabbit.api.security.user.User)
Query(org.apache.jackrabbit.api.security.user.Query)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
Test(org.junit.Test)
Example 48 with Authorizable
use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit-oak by apache.
the class UserImportIgnoreTest method testImportInvalidImpersonationIgnore.
@Test
public void testImportInvalidImpersonationIgnore() throws Exception {
List<String> invalid = new ArrayList<String>();
// an non-existing princ-name
invalid.add("anybody");
// a group
invalid.add("administrators");
// principal of the user itself.
invalid.add("t");
for (String principalName : invalid) {
String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + " <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" + " <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + " <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" + " <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property><sv:property sv:name=\"rep:impersonators\" sv:type=\"String\"><sv:value>" + principalName + "</sv:value></sv:property>" + "</sv:node>";
Subject subj = new Subject();
subj.getPrincipals().add(new PrincipalImpl(principalName));
try {
doImport(getTargetPath(), xml);
// no exception during import: no impersonation must be granted
// for the invalid principal name
Authorizable a = getUserManager().getAuthorizable("t");
if (!a.isGroup()) {
Impersonation imp = ((User) a).getImpersonation();
Subject s = new Subject();
s.getPrincipals().add(new PrincipalImpl(principalName));
assertFalse(imp.allows(s));
for (PrincipalIterator it = imp.getImpersonators(); it.hasNext(); ) {
assertFalse(principalName.equals(it.nextPrincipal().getName()));
}
} else {
fail("Importing 't' didn't create a User.");
}
} finally {
getImportSession().refresh(false);
}
}
}
Also used :
Impersonation(org.apache.jackrabbit.api.security.user.Impersonation)
User(org.apache.jackrabbit.api.security.user.User)
ArrayList(java.util.ArrayList)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
PrincipalIterator(org.apache.jackrabbit.api.security.principal.PrincipalIterator)
Subject(javax.security.auth.Subject)
PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)
Test(org.junit.Test)
Example 49 with Authorizable
use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit-oak by apache.
the class UserImportPwExpiryTest method testImportUserCreatesPasswordLastModified.
/**
* @since Oak 1.1
*/
@Test
public void testImportUserCreatesPasswordLastModified() throws Exception {
// import user
String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"x\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + " <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" + " <sv:value>rep:User</sv:value>" + " </sv:property>" + " <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\">" + " <sv:value>9dd4e461-268c-3034-b5c8-564e155c67a6</sv:value>" + " </sv:property>" + " <sv:property sv:name=\"rep:password\" sv:type=\"String\">" + " <sv:value>pw</sv:value>" + " </sv:property>" + " <sv:property sv:name=\"rep:principalName\" sv:type=\"String\">" + " <sv:value>xPrincipal</sv:value>" + " </sv:property>" + " <sv:node sv:name=\"" + UserConstants.REP_PWD + "\">" + " <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" + " <sv:value>" + UserConstants.NT_REP_PASSWORD + "</sv:value>" + " </sv:property>" + " </sv:node>" + "</sv:node>";
doImport(USERPATH, xml);
Authorizable authorizable = getUserManager().getAuthorizable("x");
Node userNode = getImportSession().getNode(authorizable.getPath());
assertTrue(userNode.hasNode(UserConstants.REP_PWD));
Node pwdNode = userNode.getNode(UserConstants.REP_PWD);
assertTrue(pwdNode.getDefinition().isProtected());
assertTrue(pwdNode.hasProperty(UserConstants.REP_PASSWORD_LAST_MODIFIED));
assertTrue(pwdNode.getProperty(UserConstants.REP_PASSWORD_LAST_MODIFIED).getDefinition().isProtected());
}
Also used :
Node(javax.jcr.Node)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
Test(org.junit.Test)
Example 50 with Authorizable
use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit-oak by apache.
the class UserImportTest method testImportUserWithAuthorizableId.
/**
* @since OAK 1.0 : Importing rep:authorizableId
*/
@Test
public void testImportUserWithAuthorizableId() throws Exception {
String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + " <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" + " <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + " <sv:property sv:name=\"rep:authorizableId\" sv:type=\"String\"><sv:value>t</sv:value></sv:property>" + " <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" + " <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property>" + "</sv:node>";
doImport(getTargetPath(), xml);
Session s = getImportSession();
Authorizable newUser = getUserManager().getAuthorizable("t");
assertNotNull(newUser);
assertFalse(newUser.isGroup());
assertEquals("t", newUser.getID());
assertTrue(s.propertyExists(newUser.getPath() + "/rep:authorizableId"));
assertEquals("t", s.getProperty(newUser.getPath() + "/rep:authorizableId").getString());
s.save();
}
Also used :
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
Session(javax.jcr.Session)
JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)
Test(org.junit.Test)
Aggregations
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)466
Test (org.junit.Test)254
User (org.apache.jackrabbit.api.security.user.User)104
Group (org.apache.jackrabbit.api.security.user.Group)101
UserManager (org.apache.jackrabbit.api.security.user.UserManager)93
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)64
Principal (java.security.Principal)58
Node (javax.jcr.Node)55
RepositoryException (javax.jcr.RepositoryException)55
Query (org.apache.jackrabbit.api.security.user.Query)50
Session (javax.jcr.Session)49
JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)45
Value (javax.jcr.Value)29
NodeImpl (org.apache.jackrabbit.core.NodeImpl)29
AbstractExternalAuthTest (org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest)28
ExternalUser (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)24
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)24
SimpleCredentials (javax.jcr.SimpleCredentials)21
HashMap (java.util.HashMap)18
QueryBuilder (org.apache.jackrabbit.api.security.user.QueryBuilder)16
