use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit by apache.
the class UserImporterTest method testAccessControlActionExecutionForGroup.
public void testAccessControlActionExecutionForGroup() throws Exception {
AccessControlAction a1 = new AccessControlAction();
a1.setGroupPrivilegeNames(Privilege.JCR_READ);
umgr.setAuthorizableActions(new AuthorizableAction[] { a1 });
String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"g\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + " <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Group</sv:value></sv:property>" + " <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>b2f5ff47-4366-31b6-a533-d8dc3614845d</sv:value></sv:property>" + " <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>gPrincipal</sv:value></sv:property>" + "</sv:node>";
NodeImpl target = (NodeImpl) sImpl.getNode(umgr.getGroupsPath());
try {
doImport(target, xml);
Authorizable a = umgr.getAuthorizable("g");
assertNotNull(a);
assertTrue(a.isGroup());
AccessControlManager acMgr = sImpl.getAccessControlManager();
AccessControlPolicy[] policies = acMgr.getPolicies(a.getPath());
assertNotNull(policies);
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof AccessControlList);
AccessControlEntry[] aces = ((AccessControlList) policies[0]).getAccessControlEntries();
assertEquals(1, aces.length);
assertEquals("gPrincipal", aces[0].getPrincipal().getName());
} finally {
sImpl.refresh(false);
}
}
use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit by apache.
the class UserImporterTest method testAccessControlActionExecutionForUser2.
public void testAccessControlActionExecutionForUser2() throws Exception {
AccessControlAction a1 = new AccessControlAction();
a1.setUserPrivilegeNames(Privilege.JCR_ALL);
umgr.setAuthorizableActions(new AuthorizableAction[] { a1 });
String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + " <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" + " <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + " <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>tPrincipal</sv:value></sv:property>" + " <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" + "</sv:node>";
NodeImpl target = (NodeImpl) sImpl.getNode(umgr.getUsersPath());
try {
doImport(target, xml);
Authorizable a = umgr.getAuthorizable("t");
assertNotNull(a);
assertFalse(a.isGroup());
AccessControlManager acMgr = sImpl.getAccessControlManager();
AccessControlPolicy[] policies = acMgr.getPolicies(a.getPath());
assertNotNull(policies);
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof AccessControlList);
AccessControlEntry[] aces = ((AccessControlList) policies[0]).getAccessControlEntries();
assertEquals(1, aces.length);
assertEquals("tPrincipal", aces[0].getPrincipal().getName());
} finally {
sImpl.refresh(false);
}
}
use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit by apache.
the class UserImporterTest method testImportGroupMembersFromNodesBestEffort.
public void testImportGroupMembersFromNodesBestEffort() throws RepositoryException, IOException, SAXException {
String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"s\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:sling=\"http://sling.apache.org/jcr/sling/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AuthorizableFolder</sv:value></sv:property><sv:property sv:name=\"jcr:created\" sv:type=\"Date\"><sv:value>2010-08-17T18:22:20.086+02:00</sv:value></sv:property><sv:property sv:name=\"jcr:createdBy\" sv:type=\"String\"><sv:value>admin</sv:value></sv:property><sv:node sv:name=\"sh\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AuthorizableFolder</sv:value></sv:property><sv:property sv:name=\"jcr:created\" sv:type=\"Date\"><sv:value>2010-08-17T18:22:20.086+02:00</sv:value></sv:property><sv:property sv:name=\"jcr:createdBy\" sv:type=\"String\"><sv:value>admin</sv:value></sv:property><sv:node sv:name=\"shrimps\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Group</sv:value></sv:property><sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>08429aec-6f09-30db-8c83-1a2a57fc760c</sv:value></sv:property><sv:property sv:name=\"jcr:created\" sv:type=\"Date\">" + "<sv:value>2010-08-17T18:22:20.086+02:00</sv:value></sv:property><sv:property sv:name=\"jcr:createdBy\" sv:type=\"String\"><sv:value>admin</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>shrimps</sv:value></sv:property><sv:node sv:name=\"rep:members\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:node sv:name=\"adi\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:node sv:name=\"adi\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:property sv:name=\"adi\" sv:type=\"WeakReference\"><sv:value>c46335eb-267e-3e1c-9e5b-017acb4cd799</sv:value></sv:property><sv:property sv:name=\"admin\" sv:type=\"WeakReference\"><sv:value>21232f29-7a57-35a7-8389-4a0e4a801fc3</sv:value></sv:property></sv:node><sv:node sv:name=\"angi\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:property sv:name=\"angi\" sv:type=\"WeakReference\"><sv:value>a468b64f-b1df-377c-b325-20d97aaa1ad9</sv:value></sv:property><sv:property sv:name=\"anonymous\" sv:type=\"WeakReference\"><sv:value>294de355-7d9d-30b3-92d8-a1e6aab028cf</sv:value></sv:property><sv:property sv:name=\"cati\" sv:type=\"WeakReference\"><sv:value>f08910b6-41c8-3cb9-a648-1dddd14b132d</sv:value></sv:property></sv:node></sv:node><sv:n" + "ode sv:name=\"debbi\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:node sv:name=\"debbi\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:property sv:name=\"debbi\" sv:type=\"WeakReference\"><sv:value>d53bedf9-ebb8-3117-a8b8-162d32b4bee2</sv:value></sv:property><sv:property sv:name=\"eddi\" sv:type=\"WeakReference\"><sv:value>1795fa1a-3d20-3a64-996e-eaaeb520a01e</sv:value></sv:property><sv:property sv:name=\"gabi\" sv:type=\"WeakReference\"><sv:value>a0d499c7-5105-3663-8611-a32779a57104</sv:value></sv:property><sv:property sv:name=\"hansi\" sv:type=\"WeakReference\"><sv:value>9ea4d671-8ed1-399a-8401-59487a14d00a</sv:value></sv:property></sv:node><sv:node sv:name=\"hari\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:property sv:name=\"hari\" sv:type=\"WeakReference\"><sv:value>a9bcf1e4-d7b9-3a22-a297-5c812d938889</sv:value></sv:property><sv:property sv:name=\"lisi\" sv:type=\"WeakReference\"><sv:value>dc3a8f16-70d6-3bea-a9b7-b65048a0ac40</sv:value></sv:property></sv:node><sv:node sv:name=\"luzi\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:property sv:name=\"luzi\" sv:type=\"WeakReference\"><sv:value>9ec299fd-3461-3f1a-9749-92a76f2516eb</sv:value></sv:property><sv:property sv:name=\"pipi\" sv:type=" + "\"WeakReference\"><sv:value>16d5d24f-5b09-3199-9bd4-e5f57bf11237</sv:value></sv:property><sv:property sv:name=\"susi\" sv:type=\"WeakReference\"><sv:value>536931d8-0dec-318c-b3db-9612bdd004d4</sv:value></sv:property></sv:node></sv:node></sv:node></sv:node></sv:node></sv:node>";
List<String> createdUsers = new LinkedList<String>();
NodeImpl groupsNode = (NodeImpl) sImpl.getNode(umgr.getGroupsPath());
try {
String[] users = { "angi", "adi", "hansi", "lisi", "luzi", "susi", "pipi", "hari", "gabi", "eddi", "debbi", "cati", "admin", "anonymous" };
doImport(groupsNode, xml, UserImporter.ImportBehavior.BESTEFFORT);
if (!umgr.isAutoSave()) {
sImpl.save();
}
for (String user : users) {
if (umgr.getAuthorizable(user) == null) {
umgr.createUser(user, user);
createdUsers.add(user);
}
}
if (!umgr.isAutoSave()) {
sImpl.save();
}
Authorizable aShrimps = umgr.getAuthorizable("shrimps");
assertNotNull(aShrimps);
assertTrue(aShrimps.isGroup());
Group gShrimps = (Group) aShrimps;
for (String user : users) {
assertTrue(user + " should be member of " + gShrimps, gShrimps.isMember(umgr.getAuthorizable(user)));
}
} finally {
sImpl.refresh(false);
for (String user : createdUsers) {
Authorizable a = umgr.getAuthorizable(user);
if (a != null && !a.isGroup()) {
a.remove();
}
}
if (!umgr.isAutoSave()) {
sImpl.save();
}
for (NodeIterator it = groupsNode.getNodes(); it.hasNext(); ) {
it.nextNode().remove();
}
if (!umgr.isAutoSave()) {
sImpl.save();
}
}
}
use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit by apache.
the class UserImporterTest method testImportInvalidImpersonationIgnore.
public void testImportInvalidImpersonationIgnore() throws IOException, RepositoryException, SAXException, NotExecutableException {
List<String> invalid = new ArrayList<String>();
// an non-existing princ-name
invalid.add("anybody");
// a group
invalid.add("administrators");
// principal of the user itself.
invalid.add("t");
for (String principalName : invalid) {
String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + " <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" + " <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + " <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" + " <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property><sv:property sv:name=\"rep:impersonators\" sv:type=\"String\"><sv:value>" + principalName + "</sv:value></sv:property>" + "</sv:node>";
Subject subj = new Subject();
subj.getPrincipals().add(new PrincipalImpl(principalName));
NodeImpl target = (NodeImpl) sImpl.getNode(umgr.getUsersPath());
try {
doImport(target, xml, UserImporter.ImportBehavior.IGNORE);
// no exception during import: no impersonation must be granted
// for the invalid principal name
Authorizable a = umgr.getAuthorizable("t");
if (!a.isGroup()) {
Impersonation imp = ((User) a).getImpersonation();
Subject s = new Subject();
s.getPrincipals().add(new PrincipalImpl(principalName));
assertFalse(imp.allows(s));
for (PrincipalIterator it = imp.getImpersonators(); it.hasNext(); ) {
assertFalse(principalName.equals(it.nextPrincipal().getName()));
}
} else {
fail("Importing 't' didn't create a User.");
}
} finally {
sImpl.refresh(false);
}
}
}
use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit by apache.
the class UserManagerImplTest method testFindAuthorizableByRelativePath.
public void testFindAuthorizableByRelativePath() throws NotExecutableException, RepositoryException {
Principal p = getTestPrincipal();
Authorizable auth = null;
try {
auth = userMgr.createGroup(p);
Value[] vs = new Value[] { superuser.getValueFactory().createValue("v1"), superuser.getValueFactory().createValue("v2") };
String relPath = "relPath/" + propertyName1;
String relPath2 = "another/" + propertyName1;
String relPath3 = "relPath/relPath/" + propertyName1;
auth.setProperty(relPath, vs);
auth.setProperty(relPath2, vs);
auth.setProperty(relPath3, superuser.getValueFactory().createValue("v3"));
save(superuser);
// relPath = "prop1", v = "v1" -> should find the target group
Iterator<Authorizable> result = userMgr.findAuthorizables(propertyName1, "v1");
assertTrue("expected result", result.hasNext());
assertEquals(auth.getID(), result.next().getID());
assertFalse("expected no more results", result.hasNext());
// relPath = "prop1", v = "v1" -> should find the target group
result = userMgr.findAuthorizables(propertyName1, "v3");
assertTrue("expected result", result.hasNext());
assertEquals(auth.getID(), result.next().getID());
assertFalse("expected no more results", result.hasNext());
// relPath = "relPath/prop1", v = "v1" -> should find the target group
result = userMgr.findAuthorizables(relPath, "v1");
assertTrue("expected result", result.hasNext());
assertEquals(auth.getID(), result.next().getID());
assertFalse("expected no more results", result.hasNext());
// relPath : "./prop1", v = "v1" -> should not find the target group
result = userMgr.findAuthorizables("./" + propertyName1, "v1");
assertFalse("expected result", result.hasNext());
} finally {
// remove the create group again.
if (auth != null) {
auth.remove();
save(superuser);
}
}
}
Aggregations