Search in sources :

Example 36 with UserManager

use of org.apache.jackrabbit.api.security.user.UserManager in project jackrabbit-oak by apache.

the class ItemNameRestrictionTest method before.

@Override
public void before() throws Exception {
    super.before();
    Tree rootTree = root.getTree("/");
    NodeUtil f = new NodeUtil(rootTree).getOrAddTree("a/d/b/e/c/f", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
    NodeUtil c = f.getParent();
    c.setString("prop", "value");
    c.setString("a", "value");
    testPrincipal = getTestUser().getPrincipal();
    AccessControlManager acMgr = getAccessControlManager(root);
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/a");
    vf = new ValueFactoryImpl(root, NamePathMapper.DEFAULT);
    acl.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_ADD_PROPERTIES, PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_REMOVE_NODE), true, Collections.<String, Value>emptyMap(), ImmutableMap.of(AccessControlConstants.REP_ITEM_NAMES, new Value[] { vf.createValue("a", PropertyType.NAME), vf.createValue("b", PropertyType.NAME), vf.createValue("c", PropertyType.NAME) }));
    acMgr.setPolicy(acl.getPath(), acl);
    UserManager uMgr = getUserManager(root);
    testGroup = uMgr.createGroup("testGroup" + UUID.randomUUID());
    root.commit();
    testSession = createTestSession();
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) UserManager(org.apache.jackrabbit.api.security.user.UserManager) ValueFactoryImpl(org.apache.jackrabbit.oak.plugins.value.jcr.ValueFactoryImpl) Value(javax.jcr.Value) Tree(org.apache.jackrabbit.oak.api.Tree) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil)

Example 37 with UserManager

use of org.apache.jackrabbit.api.security.user.UserManager in project jackrabbit by apache.

the class UserAccessControlProvider method init.

//----------------------------------------------< AccessControlProvider >---
/**
     * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#init(Session, Map)
     */
@Override
public void init(Session systemSession, Map configuration) throws RepositoryException {
    super.init(systemSession, configuration);
    if (systemSession instanceof SessionImpl) {
        SessionImpl sImpl = (SessionImpl) systemSession;
        String userAdminName = (configuration.containsKey(USER_ADMIN_GROUP_NAME)) ? configuration.get(USER_ADMIN_GROUP_NAME).toString() : USER_ADMIN_GROUP_NAME;
        String groupAdminName = (configuration.containsKey(GROUP_ADMIN_GROUP_NAME)) ? configuration.get(GROUP_ADMIN_GROUP_NAME).toString() : GROUP_ADMIN_GROUP_NAME;
        // make sure the groups exist (and possibly create them).
        UserManager uMgr = sImpl.getUserManager();
        userAdminGroup = initGroup(uMgr, userAdminName);
        if (userAdminGroup != null && userAdminGroup instanceof ItemBasedPrincipal) {
            userAdminGroupPath = ((ItemBasedPrincipal) userAdminGroup).getPath();
        }
        groupAdminGroup = initGroup(uMgr, groupAdminName);
        if (groupAdminGroup != null && groupAdminGroup instanceof ItemBasedPrincipal) {
            groupAdminGroupPath = ((ItemBasedPrincipal) groupAdminGroup).getPath();
        }
        Principal administrators = initGroup(uMgr, SecurityConstants.ADMINISTRATORS_NAME);
        if (administrators != null && administrators instanceof ItemBasedPrincipal) {
            administratorsGroupPath = ((ItemBasedPrincipal) administrators).getPath();
        }
        usersPath = (uMgr instanceof UserManagerImpl) ? ((UserManagerImpl) uMgr).getUsersPath() : UserConstants.USERS_PATH;
        groupsPath = (uMgr instanceof UserManagerImpl) ? ((UserManagerImpl) uMgr).getGroupsPath() : UserConstants.GROUPS_PATH;
        membersInProperty = !(uMgr instanceof UserManagerImpl) || !((UserManagerImpl) uMgr).hasMemberSplitSize();
        if (configuration.containsKey(PARAM_ANONYMOUS_ID)) {
            anonymousId = (String) configuration.get(PARAM_ANONYMOUS_ID);
        } else {
            anonymousId = SecurityConstants.ANONYMOUS_ID;
        }
        if (configuration.containsKey(PARAM_ANONYMOUS_ACCESS)) {
            anonymousAccess = Boolean.parseBoolean((String) configuration.get(PARAM_ANONYMOUS_ACCESS));
        } else {
            anonymousAccess = true;
        }
    } else {
        throw new RepositoryException("SessionImpl (system session) expected.");
    }
}
Also used : UserManager(org.apache.jackrabbit.api.security.user.UserManager) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) RepositoryException(javax.jcr.RepositoryException) SessionImpl(org.apache.jackrabbit.core.SessionImpl) AnonymousPrincipal(org.apache.jackrabbit.core.security.AnonymousPrincipal) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) Principal(java.security.Principal)

Example 38 with UserManager

use of org.apache.jackrabbit.api.security.user.UserManager in project jackrabbit-oak by apache.

the class SyncMBeanImplTest method testSyncAllUsers.

@Test
public void testSyncAllUsers() throws Exception {
    // first sync external users into the repo
    syncMBean.syncAllExternalUsers();
    // verify effect of syncAllUsers
    String[] result = syncMBean.syncAllUsers(false);
    Map<String, String> expected = getExpectedUserResult("upd", true);
    assertResultMessages(result, expected);
    UserManager userManager = getUserManager();
    for (String id : expected.keySet()) {
        ExternalIdentity ei = idp.getUser(id);
        if (ei == null) {
            ei = idp.getGroup(id);
        }
        assertSync(ei, userManager);
    }
}
Also used : UserManager(org.apache.jackrabbit.api.security.user.UserManager) ExternalIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity) Test(org.junit.Test)

Example 39 with UserManager

use of org.apache.jackrabbit.api.security.user.UserManager in project jackrabbit-oak by apache.

the class SyncMBeanImplTest method testPurgeOrphanedUsersThrowingHandler.

@Test
public void testPurgeOrphanedUsersThrowingHandler() throws Exception {
    sync(new TestIdentityProvider.TestUser("thirdUser", idp.getName()), idp);
    sync(new TestIdentityProvider.TestGroup("g", idp.getName()), idp);
    String[] result = createThrowingSyncMBean(false).purgeOrphanedUsers();
    assertEquals(0, result.length);
    UserManager userManager = getUserManager();
    assertNotNull(userManager.getAuthorizable("thirdUser"));
    assertNotNull(userManager.getAuthorizable("g"));
}
Also used : UserManager(org.apache.jackrabbit.api.security.user.UserManager) TestIdentityProvider(org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider) Test(org.junit.Test)

Example 40 with UserManager

use of org.apache.jackrabbit.api.security.user.UserManager in project jackrabbit-oak by apache.

the class SyncMBeanImplTest method testInitialSyncExternalGroup.

@Test
public void testInitialSyncExternalGroup() throws Exception {
    ExternalGroup externalGroup = idp.getGroup("a");
    String[] externalId = new String[] { externalGroup.getExternalId().getString() };
    String[] result = syncMBean.syncExternalUsers(externalId);
    assertResultMessages(result, "a", "add");
    UserManager userManager = getUserManager();
    Group aGroup = userManager.getAuthorizable(externalGroup.getId(), Group.class);
    assertNotNull(aGroup);
    // membership of groups are not synced (unless imposed by user-sync with membership depth)
    for (ExternalIdentityRef groupRef : externalGroup.getDeclaredGroups()) {
        assertNull(userManager.getAuthorizable(groupRef.getId()));
    }
}
Also used : Group(org.apache.jackrabbit.api.security.user.Group) ExternalGroup(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup) ExternalGroup(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup) ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef) UserManager(org.apache.jackrabbit.api.security.user.UserManager) Test(org.junit.Test)

Aggregations

UserManager (org.apache.jackrabbit.api.security.user.UserManager)234 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)93 Test (org.junit.Test)90 Group (org.apache.jackrabbit.api.security.user.Group)81 User (org.apache.jackrabbit.api.security.user.User)72 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)52 Session (javax.jcr.Session)45 RepositoryException (javax.jcr.RepositoryException)40 Principal (java.security.Principal)38 SimpleCredentials (javax.jcr.SimpleCredentials)34 AccessDeniedException (javax.jcr.AccessDeniedException)19 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)19 ContentSession (org.apache.jackrabbit.oak.api.ContentSession)19 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)17 Node (javax.jcr.Node)15 PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)14 Value (javax.jcr.Value)11 Root (org.apache.jackrabbit.oak.api.Root)11 AccessControlManager (javax.jcr.security.AccessControlManager)9 ItemBasedPrincipal (org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)9