Search in sources :

Example 71 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit-oak by apache.

the class XPathConditionVisitor method visit.

@Override
public void visit(Condition.Impersonation condition) {
    String principalName = condition.getName();
    boolean isAdmin = false;
    try {
        Authorizable authorizable = userMgr.getAuthorizable(new PrincipalImpl(principalName));
        isAdmin = authorizable != null && !authorizable.isGroup() && ((User) authorizable).isAdmin();
    } catch (RepositoryException e) {
    // unable to retrieve authorizable
    }
    if (isAdmin) {
        statement.append('@').append(QueryUtil.escapeForQuery(JcrConstants.JCR_PRIMARYTYPE, namePathMapper)).append("='").append(QueryUtil.escapeForQuery(UserConstants.NT_REP_USER, namePathMapper)).append('\'');
    } else {
        statement.append('@').append(QueryUtil.escapeForQuery(UserConstants.REP_IMPERSONATORS, namePathMapper)).append("='").append(condition.getName()).append('\'');
    }
}
Also used : User(org.apache.jackrabbit.api.security.user.User) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) RepositoryException(javax.jcr.RepositoryException) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)

Example 72 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit-oak by apache.

the class UserManagerImpl method getAuthorizable.

//--------------------------------------------------------< UserManager >---
@Override
public Authorizable getAuthorizable(String id) throws RepositoryException {
    Authorizable authorizable = null;
    Tree tree = (Strings.isNullOrEmpty(id)) ? null : userProvider.getAuthorizable(id);
    if (tree != null) {
        authorizable = getAuthorizable(UserUtil.getAuthorizableId(tree), tree);
    }
    return authorizable;
}
Also used : Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) Tree(org.apache.jackrabbit.oak.api.Tree)

Example 73 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit by apache.

the class DefaultSecurityManager method createSystemUsers.

/**
     * Make sure the system users (admin and anonymous) exist.
     *
     * @param userManager Manager to create users/groups.
     * @param session The editing session.
     * @param adminId UserID of the administrator.
     * @param anonymousId UserID of the anonymous user.
     * @throws RepositoryException If an error occurs.
     */
static void createSystemUsers(UserManager userManager, SystemSession session, String adminId, String anonymousId) throws RepositoryException {
    Authorizable admin;
    if (adminId != null) {
        admin = userManager.getAuthorizable(adminId);
        if (admin == null) {
            userManager.createUser(adminId, adminId);
            if (!userManager.isAutoSave()) {
                session.save();
            }
            log.info("... created admin-user with id \'" + adminId + "\' ...");
        }
    }
    if (anonymousId != null) {
        Authorizable anonymous = userManager.getAuthorizable(anonymousId);
        if (anonymous == null) {
            try {
                userManager.createUser(anonymousId, "");
                if (!userManager.isAutoSave()) {
                    session.save();
                }
                log.info("... created anonymous user with id \'" + anonymousId + "\' ...");
            } catch (RepositoryException e) {
                // exception while creating the anonymous user.
                // log an error but don't abort the repository start-up
                log.error("Failed to create anonymous user.", e);
            }
        }
    }
}
Also used : Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) RepositoryException(javax.jcr.RepositoryException)

Example 74 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit by apache.

the class UserImporterTest method testPlainTextPassword.

public void testPlainTextPassword() throws RepositoryException, IOException, SAXException, NotExecutableException {
    String plainPw = "myPassword";
    String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" + "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>" + plainPw + "</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property>" + "</sv:node>";
    NodeImpl target = (NodeImpl) sImpl.getNode(umgr.getUsersPath());
    try {
        doImport(target, xml);
        assertTrue(target.isModified());
        assertTrue(sImpl.hasPendingChanges());
        Authorizable newUser = umgr.getAuthorizable("t");
        NodeImpl n = ((UserImpl) newUser).getNode();
        String pwValue = n.getProperty(UserConstants.P_PASSWORD).getString();
        assertFalse(plainPw.equals(pwValue));
        assertTrue(pwValue.startsWith("{sha1}"));
    } finally {
        sImpl.refresh(false);
    }
}
Also used : NodeImpl(org.apache.jackrabbit.core.NodeImpl) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)

Example 75 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit by apache.

the class UserImporterTest method testImportGroup.

public void testImportGroup() throws RepositoryException, IOException, SAXException, NotExecutableException {
    String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"g\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Group</sv:value></sv:property>" + "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>b2f5ff47-4366-31b6-a533-d8dc3614845d</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>g</sv:value></sv:property>" + "</sv:node>";
    NodeImpl target = (NodeImpl) sImpl.getNode(umgr.getGroupsPath());
    try {
        doImport(target, xml);
        assertTrue(target.isModified());
        assertTrue(sImpl.hasPendingChanges());
        Authorizable newGroup = umgr.getAuthorizable("g");
        assertNotNull(newGroup);
        assertTrue(newGroup.isGroup());
        assertEquals("g", newGroup.getPrincipal().getName());
        assertEquals("g", newGroup.getID());
        NodeImpl n = ((GroupImpl) newGroup).getNode();
        assertTrue(n.isNew());
        assertTrue(n.getParent().isSame(target));
        assertEquals("g", n.getName());
        assertEquals("g", n.getProperty(UserConstants.P_PRINCIPAL_NAME).getString());
        // saving changes of the import -> must succeed. add mandatory
        // props should have been created.
        sImpl.save();
    } finally {
        sImpl.refresh(false);
        if (target.hasNode("g")) {
            target.getNode("g").remove();
            sImpl.save();
        }
    }
}
Also used : NodeImpl(org.apache.jackrabbit.core.NodeImpl) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)

Aggregations

Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)466 Test (org.junit.Test)254 User (org.apache.jackrabbit.api.security.user.User)104 Group (org.apache.jackrabbit.api.security.user.Group)101 UserManager (org.apache.jackrabbit.api.security.user.UserManager)93 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)64 Principal (java.security.Principal)58 Node (javax.jcr.Node)55 RepositoryException (javax.jcr.RepositoryException)55 Query (org.apache.jackrabbit.api.security.user.Query)50 Session (javax.jcr.Session)49 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)45 Value (javax.jcr.Value)29 NodeImpl (org.apache.jackrabbit.core.NodeImpl)29 AbstractExternalAuthTest (org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest)28 ExternalUser (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)24 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)24 SimpleCredentials (javax.jcr.SimpleCredentials)21 HashMap (java.util.HashMap)18 QueryBuilder (org.apache.jackrabbit.api.security.user.QueryBuilder)16