Search in sources :

Example 16 with Impersonation

use of org.apache.jackrabbit.api.security.user.Impersonation in project jackrabbit by apache.

the class GroupAdministratorTest method testImpersonationOfOtherUser.

public void testImpersonationOfOtherUser() throws RepositoryException, NotExecutableException {
    UserManager umgr = getUserManager(uSession);
    Principal selfPrinc = umgr.getAuthorizable(uID).getPrincipal();
    User child = (User) umgr.getAuthorizable(getYetAnotherID());
    Impersonation impers = child.getImpersonation();
    assertFalse(impers.allows(buildSubject(selfPrinc)));
    try {
        assertFalse(impers.grantImpersonation(selfPrinc));
        save(uSession);
    } catch (AccessDeniedException e) {
    // ok.
    }
    assertFalse(impers.allows(buildSubject(selfPrinc)));
    User parent = (User) umgr.getAuthorizable(otherUID);
    impers = parent.getImpersonation();
    assertFalse(impers.allows(buildSubject(selfPrinc)));
    try {
        assertFalse(impers.grantImpersonation(selfPrinc));
        save(uSession);
    } catch (AccessDeniedException e) {
    // ok.
    }
    assertFalse(impers.allows(buildSubject(selfPrinc)));
}
Also used : Impersonation(org.apache.jackrabbit.api.security.user.Impersonation) AccessDeniedException(javax.jcr.AccessDeniedException) User(org.apache.jackrabbit.api.security.user.User) UserManager(org.apache.jackrabbit.api.security.user.UserManager) Principal(java.security.Principal)

Example 17 with Impersonation

use of org.apache.jackrabbit.api.security.user.Impersonation in project jackrabbit by apache.

the class ImpersonationImplTest method testSystemPrincipalAsImpersonator.

public void testSystemPrincipalAsImpersonator() throws RepositoryException {
    Principal systemPrincipal = new SystemPrincipal();
    assertNull(userMgr.getAuthorizable(systemPrincipal));
    // system cannot be add/remove to set of impersonators of 'u' nor
    // should it be allowed to impersonate a given user...
    User u = (User) userMgr.getAuthorizable(uID);
    Impersonation impersonation = u.getImpersonation();
    assertFalse(impersonation.grantImpersonation(systemPrincipal));
    assertFalse(impersonation.revokeImpersonation(systemPrincipal));
    assertFalse(impersonation.allows(buildSubject(systemPrincipal)));
}
Also used : Impersonation(org.apache.jackrabbit.api.security.user.Impersonation) User(org.apache.jackrabbit.api.security.user.User) SystemPrincipal(org.apache.jackrabbit.core.security.SystemPrincipal) AdminPrincipal(org.apache.jackrabbit.core.security.principal.AdminPrincipal) SystemPrincipal(org.apache.jackrabbit.core.security.SystemPrincipal) Principal(java.security.Principal)

Example 18 with Impersonation

use of org.apache.jackrabbit.api.security.user.Impersonation in project jackrabbit by apache.

the class ImpersonationImplTest method testAdminPrincipalAsImpersonator.

public void testAdminPrincipalAsImpersonator() throws RepositoryException, NotExecutableException {
    String adminId = superuser.getUserID();
    Authorizable a = userMgr.getAuthorizable(adminId);
    if (a == null || a.isGroup() || !((User) a).isAdmin()) {
        throw new NotExecutableException(adminId + " is not administators ID");
    }
    Principal adminPrincipal = new AdminPrincipal(adminId);
    // admin cannot be add/remove to set of impersonators of 'u' but is
    // always allowed to impersonate that user.
    User u = (User) userMgr.getAuthorizable(uID);
    Impersonation impersonation = u.getImpersonation();
    assertFalse(impersonation.grantImpersonation(adminPrincipal));
    assertFalse(impersonation.revokeImpersonation(adminPrincipal));
    assertTrue(impersonation.allows(buildSubject(adminPrincipal)));
    // same if the impersonation object of the admin itself is used.
    Impersonation adminImpersonation = ((User) a).getImpersonation();
    assertFalse(adminImpersonation.grantImpersonation(adminPrincipal));
    assertFalse(adminImpersonation.revokeImpersonation(adminPrincipal));
    assertTrue(impersonation.allows(buildSubject(adminPrincipal)));
}
Also used : AdminPrincipal(org.apache.jackrabbit.core.security.principal.AdminPrincipal) Impersonation(org.apache.jackrabbit.api.security.user.Impersonation) User(org.apache.jackrabbit.api.security.user.User) NotExecutableException(org.apache.jackrabbit.test.NotExecutableException) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) AdminPrincipal(org.apache.jackrabbit.core.security.principal.AdminPrincipal) SystemPrincipal(org.apache.jackrabbit.core.security.SystemPrincipal) Principal(java.security.Principal)

Aggregations

Impersonation (org.apache.jackrabbit.api.security.user.Impersonation)18 User (org.apache.jackrabbit.api.security.user.User)14 Principal (java.security.Principal)12 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)10 Subject (javax.security.auth.Subject)7 Test (org.junit.Test)7 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)4 ArrayList (java.util.ArrayList)3 PrincipalIterator (org.apache.jackrabbit.api.security.principal.PrincipalIterator)3 NodeImpl (org.apache.jackrabbit.core.NodeImpl)3 SystemPrincipal (org.apache.jackrabbit.core.security.SystemPrincipal)3 AdminPrincipal (org.apache.jackrabbit.core.security.principal.AdminPrincipal)3 AdminPrincipal (org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal)3 AccessDeniedException (javax.jcr.AccessDeniedException)2 UserManager (org.apache.jackrabbit.api.security.user.UserManager)2 PrincipalImpl (org.apache.jackrabbit.core.security.principal.PrincipalImpl)2 HashMap (java.util.HashMap)1 LinkedList (java.util.LinkedList)1 List (java.util.List)1 Map (java.util.Map)1