Search in sources :

Example 31 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit-oak by apache.

the class UserImporter method start.

// ---------------------------------------------< ProtectedNodeImporter >---
@Override
public boolean start(@Nonnull Tree protectedParent) throws RepositoryException {
    Authorizable auth = null;
    if (isMemberNode(protectedParent)) {
        Tree groupTree = protectedParent;
        while (isMemberNode(groupTree) && !groupTree.isRoot()) {
            groupTree = groupTree.getParent();
        }
        auth = userManager.getAuthorizable(groupTree);
    } else if (isMemberReferencesListNode(protectedParent)) {
        auth = userManager.getAuthorizable(protectedParent.getParent());
    }
    if (auth == null || !auth.isGroup()) {
        log.debug("Cannot handle protected node " + protectedParent + ". It nor one of its parents represent a valid Group.");
        return false;
    } else {
        currentMembership = getMembership(auth.getPath());
        return true;
    }
}
Also used : Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) Tree(org.apache.jackrabbit.oak.api.Tree)

Example 32 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit-oak by apache.

the class AuthorizableImpl method getMembership.

/**
     * Retrieve the group membership of this authorizable.
     *
     * @param includeInherited Flag indicating whether the resulting iterator only
     * contains groups this authorizable is declared member of or if inherited
     * group membership is respected.
     *
     * @return Iterator of groups this authorizable is (declared) member of.
     * @throws RepositoryException If an error occurs.
     */
@Nonnull
private Iterator<Group> getMembership(boolean includeInherited) throws RepositoryException {
    if (isEveryone()) {
        return Collections.<Group>emptySet().iterator();
    }
    MembershipProvider mMgr = getMembershipProvider();
    Iterator<String> oakPaths = mMgr.getMembership(getTree(), includeInherited);
    Authorizable everyoneGroup = userManager.getAuthorizable(EveryonePrincipal.getInstance());
    if (everyoneGroup instanceof GroupImpl) {
        String everyonePath = ((GroupImpl) everyoneGroup).getTree().getPath();
        oakPaths = Iterators.concat(oakPaths, ImmutableSet.of(everyonePath).iterator());
    }
    if (oakPaths.hasNext()) {
        AuthorizableIterator groups = AuthorizableIterator.create(oakPaths, userManager, AuthorizableType.GROUP);
        return new RangeIteratorAdapter(groups, groups.getSize());
    } else {
        return RangeIteratorAdapter.EMPTY;
    }
}
Also used : Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) RangeIteratorAdapter(org.apache.jackrabbit.commons.iterator.RangeIteratorAdapter) Nonnull(javax.annotation.Nonnull)

Example 33 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit-oak by apache.

the class PrincipalProviderImpl method getPrincipals.

@Nonnull
@Override
public Set<? extends Principal> getPrincipals(@Nonnull String userID) {
    Set<Principal> principals = new HashSet<Principal>();
    try {
        Authorizable authorizable = userManager.getAuthorizable(userID);
        if (authorizable != null && !authorizable.isGroup()) {
            principals.add(authorizable.getPrincipal());
            principals.addAll(getGroupMembership(authorizable));
        }
    } catch (RepositoryException e) {
        log.debug(e.getMessage());
    }
    return principals;
}
Also used : Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) RepositoryException(javax.jcr.RepositoryException) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) Principal(java.security.Principal) HashSet(java.util.HashSet) Nonnull(javax.annotation.Nonnull)

Example 34 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit-oak by apache.

the class UserQueryManagerTest method testQueryNoScope.

@Test
public void testQueryNoScope() throws Exception {
    Group g = createGroup(null, EveryonePrincipal.getInstance());
    g.setProperty(propertyName, v);
    user.setProperty(propertyName, v);
    root.commit();
    Query q = new Query() {

        @Override
        public <T> void build(QueryBuilder<T> builder) {
            builder.setCondition(builder.eq(propertyName, v));
        }
    };
    Iterator<Authorizable> result = queryMgr.findAuthorizables(q);
    assertResultContainsAuthorizables(result, user, g);
}
Also used : Group(org.apache.jackrabbit.api.security.user.Group) Query(org.apache.jackrabbit.api.security.user.Query) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) QueryBuilder(org.apache.jackrabbit.api.security.user.QueryBuilder) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 35 with Authorizable

use of org.apache.jackrabbit.api.security.user.Authorizable in project jackrabbit-oak by apache.

the class UserQueryManagerTest method testQueryNameMatchesWithUnderscorePrincipalName.

@Test
public void testQueryNameMatchesWithUnderscorePrincipalName() throws Exception {
    Group g = createGroup("g", new PrincipalImpl("group_with_underscore"));
    root.commit();
    Query q = new Query() {

        @Override
        public <T> void build(QueryBuilder<T> builder) {
            builder.setCondition(builder.nameMatches("group_with_underscore"));
        }
    };
    Iterator<Authorizable> result = queryMgr.findAuthorizables(q);
    assertResultContainsAuthorizables(result, g);
}
Also used : Group(org.apache.jackrabbit.api.security.user.Group) Query(org.apache.jackrabbit.api.security.user.Query) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) QueryBuilder(org.apache.jackrabbit.api.security.user.QueryBuilder) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)466 Test (org.junit.Test)254 User (org.apache.jackrabbit.api.security.user.User)104 Group (org.apache.jackrabbit.api.security.user.Group)101 UserManager (org.apache.jackrabbit.api.security.user.UserManager)93 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)64 Principal (java.security.Principal)58 Node (javax.jcr.Node)55 RepositoryException (javax.jcr.RepositoryException)55 Query (org.apache.jackrabbit.api.security.user.Query)50 Session (javax.jcr.Session)49 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)45 Value (javax.jcr.Value)29 NodeImpl (org.apache.jackrabbit.core.NodeImpl)29 AbstractExternalAuthTest (org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest)28 ExternalUser (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)24 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)24 SimpleCredentials (javax.jcr.SimpleCredentials)21 HashMap (java.util.HashMap)18 QueryBuilder (org.apache.jackrabbit.api.security.user.QueryBuilder)16