Search in sources :

Example 6 with Impersonation

use of org.apache.jackrabbit.api.security.user.Impersonation in project jackrabbit by apache.

the class UserImporterTest method testImportInvalidImpersonationIgnore.

public void testImportInvalidImpersonationIgnore() throws IOException, RepositoryException, SAXException, NotExecutableException {
    List<String> invalid = new ArrayList<String>();
    // an non-existing princ-name
    invalid.add("anybody");
    // a group
    invalid.add("administrators");
    // principal of the user itself.
    invalid.add("t");
    for (String principalName : invalid) {
        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" + "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" + "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property><sv:property sv:name=\"rep:impersonators\" sv:type=\"String\"><sv:value>" + principalName + "</sv:value></sv:property>" + "</sv:node>";
        Subject subj = new Subject();
        subj.getPrincipals().add(new PrincipalImpl(principalName));
        NodeImpl target = (NodeImpl) sImpl.getNode(umgr.getUsersPath());
        try {
            doImport(target, xml, UserImporter.ImportBehavior.IGNORE);
            // no exception during import: no impersonation must be granted
            // for the invalid principal name
            Authorizable a = umgr.getAuthorizable("t");
            if (!a.isGroup()) {
                Impersonation imp = ((User) a).getImpersonation();
                Subject s = new Subject();
                s.getPrincipals().add(new PrincipalImpl(principalName));
                assertFalse(imp.allows(s));
                for (PrincipalIterator it = imp.getImpersonators(); it.hasNext(); ) {
                    assertFalse(principalName.equals(it.nextPrincipal().getName()));
                }
            } else {
                fail("Importing 't' didn't create a User.");
            }
        } finally {
            sImpl.refresh(false);
        }
    }
}
Also used : Impersonation(org.apache.jackrabbit.api.security.user.Impersonation) User(org.apache.jackrabbit.api.security.user.User) NodeImpl(org.apache.jackrabbit.core.NodeImpl) ArrayList(java.util.ArrayList) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) PrincipalIterator(org.apache.jackrabbit.api.security.principal.PrincipalIterator) Subject(javax.security.auth.Subject) PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)

Example 7 with Impersonation

use of org.apache.jackrabbit.api.security.user.Impersonation in project jackrabbit by apache.

the class ImpersonationImplTest method testModifyOwnImpersonation.

public void testModifyOwnImpersonation() throws RepositoryException, NotExecutableException {
    User u = (User) uMgr.getAuthorizable(uID);
    if (!uSession.hasPermission(((UserImpl) u).getNode().getPath(), "set_property")) {
        throw new NotExecutableException("Users should be able to modify their properties -> Check repository config.");
    }
    Principal otherP = uMgr.getAuthorizable(otherUID).getPrincipal();
    Impersonation impers = u.getImpersonation();
    assertFalse(impers.allows(buildSubject(otherP)));
    assertTrue(impers.grantImpersonation(otherP));
    save(uSession);
    assertTrue(impers.allows(buildSubject(otherP)));
    assertTrue(impers.revokeImpersonation(otherP));
    save(uSession);
    assertFalse(impers.allows(buildSubject(otherP)));
}
Also used : Impersonation(org.apache.jackrabbit.api.security.user.Impersonation) User(org.apache.jackrabbit.api.security.user.User) NotExecutableException(org.apache.jackrabbit.test.NotExecutableException) AdminPrincipal(org.apache.jackrabbit.core.security.principal.AdminPrincipal) SystemPrincipal(org.apache.jackrabbit.core.security.SystemPrincipal) Principal(java.security.Principal)

Example 8 with Impersonation

use of org.apache.jackrabbit.api.security.user.Impersonation in project jackrabbit-oak by apache.

the class AutoSaveEnabledManagerTest method testImpersonation.

@Test
public void testImpersonation() throws Exception {
    User u = mgr.createUser("u", "u");
    Impersonation imp = u.getImpersonation();
    Principal p = mgr.getAuthorizable("anonymous").getPrincipal();
    assertTrue(imp.grantImpersonation(p));
    assertFalse(root.hasPendingChanges());
    assertTrue(imp.revokeImpersonation(p));
    assertFalse(root.hasPendingChanges());
}
Also used : Impersonation(org.apache.jackrabbit.api.security.user.Impersonation) User(org.apache.jackrabbit.api.security.user.User) Principal(java.security.Principal) Test(org.junit.Test)

Example 9 with Impersonation

use of org.apache.jackrabbit.api.security.user.Impersonation in project jackrabbit-oak by apache.

the class L7_ImpersonationTest method testImpersonateTestUser.

public void testImpersonateTestUser() throws RepositoryException {
    // EXERCISE: fill in the correct principal such that the test passes.
    Principal principal = null;
    Impersonation impersonation = anotherUser.getImpersonation();
    impersonation.grantImpersonation(principal);
    superuser.save();
    Session testSession = superuser.getRepository().login(ExerciseUtility.getTestCredentials(testUser.getID()));
    sessionList.add(testSession);
    Session impersonated = testSession.impersonate(new SimpleCredentials(anotherUser.getID(), new char[0]));
    sessionList.add(impersonated);
    assertEquals(anotherUser.getID(), impersonated.getUserID());
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) Impersonation(org.apache.jackrabbit.api.security.user.Impersonation) Principal(java.security.Principal) Session(javax.jcr.Session) JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)

Example 10 with Impersonation

use of org.apache.jackrabbit.api.security.user.Impersonation in project jackrabbit-oak by apache.

the class ImpersonationTest method testAdminPrincipalAsImpersonator.

public void testAdminPrincipalAsImpersonator() throws RepositoryException, NotExecutableException {
    Principal adminPrincipal = new AdminPrincipal() {

        @Override
        public String getName() {
            return "some-admin-name";
        }
    };
    // admin cannot be add/remove to set of impersonators of 'u' but is
    // always allowed to impersonate that user.
    Impersonation impersonation = user.getImpersonation();
    assertFalse(impersonation.grantImpersonation(adminPrincipal));
    assertFalse(impersonation.revokeImpersonation(adminPrincipal));
    assertTrue(impersonation.allows(buildSubject(adminPrincipal)));
}
Also used : AdminPrincipal(org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal) Impersonation(org.apache.jackrabbit.api.security.user.Impersonation) Principal(java.security.Principal) AdminPrincipal(org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal)

Aggregations

Impersonation (org.apache.jackrabbit.api.security.user.Impersonation)18 User (org.apache.jackrabbit.api.security.user.User)14 Principal (java.security.Principal)12 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)10 Subject (javax.security.auth.Subject)7 Test (org.junit.Test)7 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)4 ArrayList (java.util.ArrayList)3 PrincipalIterator (org.apache.jackrabbit.api.security.principal.PrincipalIterator)3 NodeImpl (org.apache.jackrabbit.core.NodeImpl)3 SystemPrincipal (org.apache.jackrabbit.core.security.SystemPrincipal)3 AdminPrincipal (org.apache.jackrabbit.core.security.principal.AdminPrincipal)3 AdminPrincipal (org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal)3 AccessDeniedException (javax.jcr.AccessDeniedException)2 UserManager (org.apache.jackrabbit.api.security.user.UserManager)2 PrincipalImpl (org.apache.jackrabbit.core.security.principal.PrincipalImpl)2 HashMap (java.util.HashMap)1 LinkedList (java.util.LinkedList)1 List (java.util.List)1 Map (java.util.Map)1