Search in sources :

Example 76 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit by apache.

the class UserImporterTest method testAccessControlActionExecutionForGroup.

public void testAccessControlActionExecutionForGroup() throws Exception {
    AccessControlAction a1 = new AccessControlAction();
    a1.setGroupPrivilegeNames(Privilege.JCR_READ);
    umgr.setAuthorizableActions(new AuthorizableAction[] { a1 });
    String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"g\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Group</sv:value></sv:property>" + "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>b2f5ff47-4366-31b6-a533-d8dc3614845d</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>gPrincipal</sv:value></sv:property>" + "</sv:node>";
    NodeImpl target = (NodeImpl) sImpl.getNode(umgr.getGroupsPath());
    try {
        doImport(target, xml);
        Authorizable a = umgr.getAuthorizable("g");
        assertNotNull(a);
        assertTrue(a.isGroup());
        AccessControlManager acMgr = sImpl.getAccessControlManager();
        AccessControlPolicy[] policies = acMgr.getPolicies(a.getPath());
        assertNotNull(policies);
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof AccessControlList);
        AccessControlEntry[] aces = ((AccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(1, aces.length);
        assertEquals("gPrincipal", aces[0].getPrincipal().getName());
    } finally {
        sImpl.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessControlAction(org.apache.jackrabbit.core.security.user.action.AccessControlAction) NodeImpl(org.apache.jackrabbit.core.NodeImpl) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) AccessControlEntry(javax.jcr.security.AccessControlEntry)

Example 77 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit by apache.

the class UserImporterTest method testAccessControlActionExecutionForUser2.

public void testAccessControlActionExecutionForUser2() throws Exception {
    AccessControlAction a1 = new AccessControlAction();
    a1.setUserPrivilegeNames(Privilege.JCR_ALL);
    umgr.setAuthorizableActions(new AuthorizableAction[] { a1 });
    String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" + "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>tPrincipal</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" + "</sv:node>";
    NodeImpl target = (NodeImpl) sImpl.getNode(umgr.getUsersPath());
    try {
        doImport(target, xml);
        Authorizable a = umgr.getAuthorizable("t");
        assertNotNull(a);
        assertFalse(a.isGroup());
        AccessControlManager acMgr = sImpl.getAccessControlManager();
        AccessControlPolicy[] policies = acMgr.getPolicies(a.getPath());
        assertNotNull(policies);
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof AccessControlList);
        AccessControlEntry[] aces = ((AccessControlList) policies[0]).getAccessControlEntries();
        assertEquals(1, aces.length);
        assertEquals("tPrincipal", aces[0].getPrincipal().getName());
    } finally {
        sImpl.refresh(false);
    }
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) AccessControlAction(org.apache.jackrabbit.core.security.user.action.AccessControlAction) NodeImpl(org.apache.jackrabbit.core.NodeImpl) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) AccessControlEntry(javax.jcr.security.AccessControlEntry)

Example 78 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit by apache.

the class UserImporterTest method testImportGroupMembersFromNodesBestEffort.

public void testImportGroupMembersFromNodesBestEffort() throws RepositoryException, IOException, SAXException {
    String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"s\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:sling=\"http://sling.apache.org/jcr/sling/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AuthorizableFolder</sv:value></sv:property><sv:property sv:name=\"jcr:created\" sv:type=\"Date\"><sv:value>2010-08-17T18:22:20.086+02:00</sv:value></sv:property><sv:property sv:name=\"jcr:createdBy\" sv:type=\"String\"><sv:value>admin</sv:value></sv:property><sv:node sv:name=\"sh\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AuthorizableFolder</sv:value></sv:property><sv:property sv:name=\"jcr:created\" sv:type=\"Date\"><sv:value>2010-08-17T18:22:20.086+02:00</sv:value></sv:property><sv:property sv:name=\"jcr:createdBy\" sv:type=\"String\"><sv:value>admin</sv:value></sv:property><sv:node sv:name=\"shrimps\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Group</sv:value></sv:property><sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>08429aec-6f09-30db-8c83-1a2a57fc760c</sv:value></sv:property><sv:property sv:name=\"jcr:created\" sv:type=\"Date\">" + "<sv:value>2010-08-17T18:22:20.086+02:00</sv:value></sv:property><sv:property sv:name=\"jcr:createdBy\" sv:type=\"String\"><sv:value>admin</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>shrimps</sv:value></sv:property><sv:node sv:name=\"rep:members\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:node sv:name=\"adi\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:node sv:name=\"adi\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:property sv:name=\"adi\" sv:type=\"WeakReference\"><sv:value>c46335eb-267e-3e1c-9e5b-017acb4cd799</sv:value></sv:property><sv:property sv:name=\"admin\" sv:type=\"WeakReference\"><sv:value>21232f29-7a57-35a7-8389-4a0e4a801fc3</sv:value></sv:property></sv:node><sv:node sv:name=\"angi\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:property sv:name=\"angi\" sv:type=\"WeakReference\"><sv:value>a468b64f-b1df-377c-b325-20d97aaa1ad9</sv:value></sv:property><sv:property sv:name=\"anonymous\" sv:type=\"WeakReference\"><sv:value>294de355-7d9d-30b3-92d8-a1e6aab028cf</sv:value></sv:property><sv:property sv:name=\"cati\" sv:type=\"WeakReference\"><sv:value>f08910b6-41c8-3cb9-a648-1dddd14b132d</sv:value></sv:property></sv:node></sv:node><sv:n" + "ode sv:name=\"debbi\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:node sv:name=\"debbi\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:property sv:name=\"debbi\" sv:type=\"WeakReference\"><sv:value>d53bedf9-ebb8-3117-a8b8-162d32b4bee2</sv:value></sv:property><sv:property sv:name=\"eddi\" sv:type=\"WeakReference\"><sv:value>1795fa1a-3d20-3a64-996e-eaaeb520a01e</sv:value></sv:property><sv:property sv:name=\"gabi\" sv:type=\"WeakReference\"><sv:value>a0d499c7-5105-3663-8611-a32779a57104</sv:value></sv:property><sv:property sv:name=\"hansi\" sv:type=\"WeakReference\"><sv:value>9ea4d671-8ed1-399a-8401-59487a14d00a</sv:value></sv:property></sv:node><sv:node sv:name=\"hari\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:property sv:name=\"hari\" sv:type=\"WeakReference\"><sv:value>a9bcf1e4-d7b9-3a22-a297-5c812d938889</sv:value></sv:property><sv:property sv:name=\"lisi\" sv:type=\"WeakReference\"><sv:value>dc3a8f16-70d6-3bea-a9b7-b65048a0ac40</sv:value></sv:property></sv:node><sv:node sv:name=\"luzi\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:property sv:name=\"luzi\" sv:type=\"WeakReference\"><sv:value>9ec299fd-3461-3f1a-9749-92a76f2516eb</sv:value></sv:property><sv:property sv:name=\"pipi\" sv:type=" + "\"WeakReference\"><sv:value>16d5d24f-5b09-3199-9bd4-e5f57bf11237</sv:value></sv:property><sv:property sv:name=\"susi\" sv:type=\"WeakReference\"><sv:value>536931d8-0dec-318c-b3db-9612bdd004d4</sv:value></sv:property></sv:node></sv:node></sv:node></sv:node></sv:node></sv:node>";
    List<String> createdUsers = new LinkedList<String>();
    NodeImpl groupsNode = (NodeImpl) sImpl.getNode(umgr.getGroupsPath());
    try {
        String[] users = { "angi", "adi", "hansi", "lisi", "luzi", "susi", "pipi", "hari", "gabi", "eddi", "debbi", "cati", "admin", "anonymous" };
        doImport(groupsNode, xml, UserImporter.ImportBehavior.BESTEFFORT);
        if (!umgr.isAutoSave()) {
            sImpl.save();
        }
        for (String user : users) {
            if (umgr.getAuthorizable(user) == null) {
                umgr.createUser(user, user);
                createdUsers.add(user);
            }
        }
        if (!umgr.isAutoSave()) {
            sImpl.save();
        }
        Authorizable aShrimps = umgr.getAuthorizable("shrimps");
        assertNotNull(aShrimps);
        assertTrue(aShrimps.isGroup());
        Group gShrimps = (Group) aShrimps;
        for (String user : users) {
            assertTrue(user + " should be member of " + gShrimps, gShrimps.isMember(umgr.getAuthorizable(user)));
        }
    } finally {
        sImpl.refresh(false);
        for (String user : createdUsers) {
            Authorizable a = umgr.getAuthorizable(user);
            if (a != null && !a.isGroup()) {
                a.remove();
            }
        }
        if (!umgr.isAutoSave()) {
            sImpl.save();
        }
        for (NodeIterator it = groupsNode.getNodes(); it.hasNext(); ) {
            it.nextNode().remove();
        }
        if (!umgr.isAutoSave()) {
            sImpl.save();
        }
    }
}
Also used : NodeIterator(javax.jcr.NodeIterator) Group(org.apache.jackrabbit.api.security.user.Group) NodeImpl(org.apache.jackrabbit.core.NodeImpl) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) LinkedList(java.util.LinkedList)

Example 79 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit by apache.

the class UserImporterTest method testImportInvalidImpersonationIgnore.

public void testImportInvalidImpersonationIgnore() throws IOException, RepositoryException, SAXException, NotExecutableException {
    List<String> invalid = new ArrayList<String>();
    // an non-existing princ-name
    invalid.add("anybody");
    // a group
    invalid.add("administrators");
    // principal of the user itself.
    invalid.add("t");
    for (String principalName : invalid) {
        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" + "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property><sv:property sv:name=\"rep:impersonators\" sv:type=\"String\"><sv:value>" + principalName + "</sv:value></sv:property>" + "</sv:node>";
        Subject subj = new Subject();
        subj.getPrincipals().add(new PrincipalImpl(principalName));
        NodeImpl target = (NodeImpl) sImpl.getNode(umgr.getUsersPath());
        try {
            doImport(target, xml, UserImporter.ImportBehavior.IGNORE);
            // no exception during import: no impersonation must be granted
            // for the invalid principal name
            Authorizable a = umgr.getAuthorizable("t");
            if (!a.isGroup()) {
                Impersonation imp = ((User) a).getImpersonation();
                Subject s = new Subject();
                s.getPrincipals().add(new PrincipalImpl(principalName));
                assertFalse(imp.allows(s));
                for (PrincipalIterator it = imp.getImpersonators(); it.hasNext(); ) {
                    assertFalse(principalName.equals(it.nextPrincipal().getName()));
                }
            } else {
                fail("Importing 't' didn't create a User.");
            }
        } finally {
            sImpl.refresh(false);
        }
    }
}
Also used : Impersonation(org.apache.jackrabbit.api.security.user.Impersonation) User(org.apache.jackrabbit.api.security.user.User) NodeImpl(org.apache.jackrabbit.core.NodeImpl) ArrayList(java.util.ArrayList) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) PrincipalIterator(org.apache.jackrabbit.api.security.principal.PrincipalIterator) Subject(javax.security.auth.Subject) PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)

Example 80 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit by apache.

the class UserManagerImplTest method testFindAuthorizableByRelativePath.

public void testFindAuthorizableByRelativePath() throws NotExecutableException, RepositoryException {
    Principal p = getTestPrincipal();
    Authorizable auth = null;
    try {
        auth = userMgr.createGroup(p);
        Value[] vs = new Value[] { superuser.getValueFactory().createValue("v1"), superuser.getValueFactory().createValue("v2") };
        String relPath = "relPath/" + propertyName1;
        String relPath2 = "another/" + propertyName1;
        String relPath3 = "relPath/relPath/" + propertyName1;
        auth.setProperty(relPath, vs);
        auth.setProperty(relPath2, vs);
        auth.setProperty(relPath3, superuser.getValueFactory().createValue("v3"));
        save(superuser);
        // relPath = "prop1", v = "v1" -> should find the target group
        Iterator<Authorizable> result = userMgr.findAuthorizables(propertyName1, "v1");
        assertTrue("expected result", result.hasNext());
        assertEquals(auth.getID(), result.next().getID());
        assertFalse("expected no more results", result.hasNext());
        // relPath = "prop1", v = "v1" -> should find the target group
        result = userMgr.findAuthorizables(propertyName1, "v3");
        assertTrue("expected result", result.hasNext());
        assertEquals(auth.getID(), result.next().getID());
        assertFalse("expected no more results", result.hasNext());
        // relPath = "relPath/prop1", v = "v1" -> should find the target group
        result = userMgr.findAuthorizables(relPath, "v1");
        assertTrue("expected result", result.hasNext());
        assertEquals(auth.getID(), result.next().getID());
        assertFalse("expected no more results", result.hasNext());
        // relPath : "./prop1", v = "v1" -> should not find the target group
        result = userMgr.findAuthorizables("./" + propertyName1, "v1");
        assertFalse("expected result", result.hasNext());
    } finally {
        // remove the create group again.
        if (auth != null) {
            auth.remove();
            save(superuser);
        }
    }
}
Also used : Value(javax.jcr.Value) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal) TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal) Principal(java.security.Principal)

Aggregations

Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)466 Test (org.junit.Test)254 User (org.apache.jackrabbit.api.security.user.User)104 Group (org.apache.jackrabbit.api.security.user.Group)101 UserManager (org.apache.jackrabbit.api.security.user.UserManager)93 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)64 Principal (java.security.Principal)58 Node (javax.jcr.Node)55 RepositoryException (javax.jcr.RepositoryException)55 Query (org.apache.jackrabbit.api.security.user.Query)50 Session (javax.jcr.Session)49 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)45 Value (javax.jcr.Value)29 NodeImpl (org.apache.jackrabbit.core.NodeImpl)29 AbstractExternalAuthTest (org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest)28 ExternalUser (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)24 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)24 SimpleCredentials (javax.jcr.SimpleCredentials)21 HashMap (java.util.HashMap)18 QueryBuilder (org.apache.jackrabbit.api.security.user.QueryBuilder)16