use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit by apache.
the class UserImporter method start.
// ---------------------------------------------< ProtectedNodeImporter >---
/**
* @see ProtectedNodeImporter#start(org.apache.jackrabbit.core.NodeImpl)
*/
public boolean start(NodeImpl protectedParent) throws RepositoryException {
String repMembers = resolver.getJCRName(UserConstants.NT_REP_MEMBERS);
if (repMembers.equals(protectedParent.getPrimaryNodeType().getName())) {
NodeImpl groupNode = protectedParent;
while (groupNode.getDepth() != 0 && repMembers.equals(groupNode.getPrimaryNodeType().getName())) {
groupNode = (NodeImpl) groupNode.getParent();
}
Authorizable auth = userManager.getAuthorizable(groupNode);
if (auth == null) {
log.debug("Cannot handle protected node " + protectedParent + ". It nor one of its parents represent a valid Authorizable.");
return false;
} else {
currentMembership = new Membership(auth.getID());
return true;
}
} else {
return false;
}
}
use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit by apache.
the class UserImporter method handlePropInfo.
// -----------------------------------------< ProtectedPropertyImporter >---
/**
* @see ProtectedPropertyImporter#handlePropInfo(org.apache.jackrabbit.core.NodeImpl, org.apache.jackrabbit.core.xml.PropInfo, org.apache.jackrabbit.spi.QPropertyDefinition)
*/
public boolean handlePropInfo(NodeImpl parent, PropInfo protectedPropInfo, QPropertyDefinition def) throws RepositoryException {
if (!initialized) {
throw new IllegalStateException("Not initialized");
}
/* importer can only handle protected properties below user/group
nodes that are properly stored underneath the configured users/groups
hierarchies (see {@link UserManagerImpl#getAuthorizable(NodeImpl)}.
this prevents from importing user/group nodes somewhere in the
content hierarchy which isn't possible when creating user/groups
using the corresponding API calls {@link UserManager#createUser} or
{@link UserManager#createGroup} respectively. */
Authorizable a = userManager.getAuthorizable(parent);
if (a == null) {
log.warn("Cannot handle protected PropInfo " + protectedPropInfo + ". Node " + parent + " doesn't represent a valid Authorizable.");
return false;
}
// assert that user manager is isn't in auto-save mode
if (userManager.isAutoSave()) {
userManager.autoSave(false);
}
try {
Name propName = protectedPropInfo.getName();
if (UserConstants.P_PRINCIPAL_NAME.equals(propName)) {
// protected rep:principalName property defined by rep:Authorizable.
if (def.isMultiple() || !UserConstants.NT_REP_AUTHORIZABLE.equals(def.getDeclaringNodeType())) {
// some other unexpected property definition -> cannot handle
log.warn("Unexpected definition for property rep:principalName");
return false;
}
Value v = protectedPropInfo.getValues(PropertyType.STRING, resolver)[0];
String princName = v.getString();
userManager.setPrincipal(parent, new PrincipalImpl(princName));
/*
Execute authorizable actions for a NEW group as this is the
same place in the userManager#createGroup that the actions
are called.
In case of a NEW user the actions are executed if the password
has been imported before.
*/
if (parent.isNew()) {
if (a.isGroup()) {
userManager.onCreate((Group) a);
} else if (currentPw.containsKey(a.getID())) {
userManager.onCreate((User) a, currentPw.remove(a.getID()));
}
}
return true;
} else if (UserConstants.P_PASSWORD.equals(propName)) {
if (a.isGroup()) {
log.warn("Expected parent node of type rep:User.");
return false;
}
// minimal validation of the passed definition
if (def.isMultiple() || !UserConstants.NT_REP_USER.equals(def.getDeclaringNodeType())) {
// some other unexpected property definition -> cannot handle
log.warn("Unexpected definition for property rep:password");
return false;
}
Value v = protectedPropInfo.getValues(PropertyType.STRING, resolver)[0];
String pw = v.getString();
userManager.setPassword(parent, pw, false);
/*
Execute authorizable actions for a NEW user at this point after
having set the password if the principal name has already been
processed, otherwise postpone it.
*/
if (parent.isNew()) {
if (parent.hasProperty(UserConstants.P_PRINCIPAL_NAME)) {
userManager.onCreate((User) a, pw);
} else {
// principal name not yet available -> remember the pw
currentPw.clear();
currentPw.put(a.getID(), pw);
}
}
return true;
} else if (UserConstants.P_IMPERSONATORS.equals(propName)) {
if (a.isGroup()) {
// unexpected parent type -> cannot handle
log.warn("Expected parent node of type rep:User.");
return false;
}
// minimal validation of the passed definition
if (!def.isMultiple() || !UserConstants.MIX_REP_IMPERSONATABLE.equals(def.getDeclaringNodeType())) {
// some other unexpected property definition -> cannot handle
log.warn("Unexpected definition for property rep:impersonators");
return false;
}
// since impersonators may be imported later on, postpone processing
// to the end.
// see -> process References
Value[] vs = protectedPropInfo.getValues(PropertyType.STRING, resolver);
referenceTracker.processedReference(new Impersonators(a.getID(), vs));
return true;
} else if (UserConstants.P_DISABLED.equals(propName)) {
if (a.isGroup()) {
log.warn("Expected parent node of type rep:User.");
return false;
}
// minimal validation of the passed definition
if (def.isMultiple() || !UserConstants.NT_REP_USER.equals(def.getDeclaringNodeType())) {
// some other unexpected property definition -> cannot handle
log.warn("Unexpected definition for property rep:disabled");
return false;
}
Value v = protectedPropInfo.getValues(PropertyType.STRING, resolver)[0];
((User) a).disable(v.getString());
return true;
} else if (UserConstants.P_MEMBERS.equals(propName)) {
if (!a.isGroup()) {
// unexpected parent type -> cannot handle
log.warn("Expected parent node of type rep:Group.");
return false;
}
// minimal validation of the passed definition
if (!def.isMultiple() || !UserConstants.NT_REP_GROUP.equals(def.getDeclaringNodeType())) {
// some other unexpected property definition -> cannot handle
log.warn("Unexpected definition for property rep:members");
return false;
}
// since group-members are references to user/groups that potentially
// are to be imported later on -> postpone processing to the end.
// see -> process References
Membership membership = new Membership(a.getID());
for (Value v : protectedPropInfo.getValues(PropertyType.WEAKREFERENCE, resolver)) {
membership.addMember(new NodeId(v.getString()));
}
referenceTracker.processedReference(membership);
return true;
}
return false;
} finally {
// the original state.
if (resetAutoSave) {
userManager.autoSave(true);
}
}
}
use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit by apache.
the class XPathQueryEvaluator method eval.
public Iterator<Authorizable> eval() throws RepositoryException {
xPath.append("//element(*,").append(getNtName(builder.getSelector())).append(')');
Value bound = builder.getBound();
long offset = builder.getOffset();
if (bound != null && offset > 0) {
log.warn("Found bound {} and offset {} in limit. Discarding offset.", bound, offset);
offset = 0;
}
Condition condition = builder.getCondition();
String sortCol = builder.getSortProperty();
Direction sortDir = builder.getSortDirection();
if (bound != null) {
if (sortCol == null) {
log.warn("Ignoring bound {} since no sort order is specified");
} else {
Condition boundCondition = builder.property(sortCol, getCollation(sortDir), bound);
condition = condition == null ? boundCondition : builder.and(condition, boundCondition);
}
}
if (condition != null) {
xPath.append('[');
condition.accept(this);
xPath.append(']');
}
if (sortCol != null) {
boolean ignoreCase = builder.getSortIgnoreCase();
xPath.append(" order by ").append(ignoreCase ? "" : "fn:lower-case(").append(sortCol).append(ignoreCase ? " " : ") ").append(sortDir.getDirection());
}
QueryManager queryManager = session.getWorkspace().getQueryManager();
Query query = queryManager.createQuery(xPath.toString(), Query.XPATH);
long maxCount = builder.getMaxCount();
if (maxCount == 0) {
return Iterators.empty();
}
// here (inefficient!) otherwise we can apply the limit in the query
if (builder.getGroupName() == null) {
if (offset > 0) {
query.setOffset(offset);
}
if (maxCount > 0) {
query.setLimit(maxCount);
}
return toAuthorizables(execute(query));
} else {
Iterator<Authorizable> result = toAuthorizables(execute(query));
Iterator<Authorizable> filtered = filter(result, builder.getGroupName(), builder.isDeclaredMembersOnly());
return BoundedIterator.create(offset, maxCount, filtered);
}
}
use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit by apache.
the class UserManagerImpl method setPrincipal.
//--------------------------------------------------------------------------
/**
*
* @param node The new user/group node.
* @param principal A valid non-null principal.
* @throws AuthorizableExistsException If there is already another user/group
* with the same principal name.
* @throws RepositoryException If another error occurs.
*/
void setPrincipal(NodeImpl node, Principal principal) throws AuthorizableExistsException, RepositoryException {
checkValidPrincipal(principal, node.isNodeType(NT_REP_GROUP));
/*
Check if there is *another* authorizable with the same principal.
The additional validation (nodes not be same) is required in order to
circumvent problems with re-importing existing authorizable in which
case the original user/group node is being recreated but the search
used to look for an colliding authorizable still finds the persisted
node.
*/
Authorizable existing = getAuthorizable(principal);
if (existing != null && !((AuthorizableImpl) existing).getNode().isSame(node)) {
throw new AuthorizableExistsException("Authorizable for '" + principal.getName() + "' already exists: ");
}
if (!node.isNew() || node.hasProperty(P_PRINCIPAL_NAME)) {
throw new RepositoryException("rep:principalName can only be set once on a new node.");
}
setProperty(node, P_PRINCIPAL_NAME, getValue(principal.getName()), true);
}
use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit-oak by apache.
the class PrincipalProviderAutoMembershipTest method testGetGroupPrincipals.
@Test
public void testGetGroupPrincipals() throws Exception {
Set<Principal> expected = getExpectedGroupPrincipals(USER_ID);
Authorizable user = getUserManager(root).getAuthorizable(USER_ID);
Set<java.security.acl.Group> result = principalProvider.getGroupMembership(user.getPrincipal());
assertTrue(result.contains(autoMembershipGroup.getPrincipal()));
assertEquals(expected, result);
}
Aggregations