use of org.apache.jackrabbit.api.security.user.UserManager in project jackrabbit-oak by apache.
the class ItemNameRestrictionTest method before.
@Override
public void before() throws Exception {
super.before();
Tree rootTree = root.getTree("/");
NodeUtil f = new NodeUtil(rootTree).getOrAddTree("a/d/b/e/c/f", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
NodeUtil c = f.getParent();
c.setString("prop", "value");
c.setString("a", "value");
testPrincipal = getTestUser().getPrincipal();
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/a");
vf = new ValueFactoryImpl(root, NamePathMapper.DEFAULT);
acl.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_ADD_PROPERTIES, PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_REMOVE_NODE), true, Collections.<String, Value>emptyMap(), ImmutableMap.of(AccessControlConstants.REP_ITEM_NAMES, new Value[] { vf.createValue("a", PropertyType.NAME), vf.createValue("b", PropertyType.NAME), vf.createValue("c", PropertyType.NAME) }));
acMgr.setPolicy(acl.getPath(), acl);
UserManager uMgr = getUserManager(root);
testGroup = uMgr.createGroup("testGroup" + UUID.randomUUID());
root.commit();
testSession = createTestSession();
}
use of org.apache.jackrabbit.api.security.user.UserManager in project jackrabbit by apache.
the class UserAccessControlProvider method init.
//----------------------------------------------< AccessControlProvider >---
/**
* @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#init(Session, Map)
*/
@Override
public void init(Session systemSession, Map configuration) throws RepositoryException {
super.init(systemSession, configuration);
if (systemSession instanceof SessionImpl) {
SessionImpl sImpl = (SessionImpl) systemSession;
String userAdminName = (configuration.containsKey(USER_ADMIN_GROUP_NAME)) ? configuration.get(USER_ADMIN_GROUP_NAME).toString() : USER_ADMIN_GROUP_NAME;
String groupAdminName = (configuration.containsKey(GROUP_ADMIN_GROUP_NAME)) ? configuration.get(GROUP_ADMIN_GROUP_NAME).toString() : GROUP_ADMIN_GROUP_NAME;
// make sure the groups exist (and possibly create them).
UserManager uMgr = sImpl.getUserManager();
userAdminGroup = initGroup(uMgr, userAdminName);
if (userAdminGroup != null && userAdminGroup instanceof ItemBasedPrincipal) {
userAdminGroupPath = ((ItemBasedPrincipal) userAdminGroup).getPath();
}
groupAdminGroup = initGroup(uMgr, groupAdminName);
if (groupAdminGroup != null && groupAdminGroup instanceof ItemBasedPrincipal) {
groupAdminGroupPath = ((ItemBasedPrincipal) groupAdminGroup).getPath();
}
Principal administrators = initGroup(uMgr, SecurityConstants.ADMINISTRATORS_NAME);
if (administrators != null && administrators instanceof ItemBasedPrincipal) {
administratorsGroupPath = ((ItemBasedPrincipal) administrators).getPath();
}
usersPath = (uMgr instanceof UserManagerImpl) ? ((UserManagerImpl) uMgr).getUsersPath() : UserConstants.USERS_PATH;
groupsPath = (uMgr instanceof UserManagerImpl) ? ((UserManagerImpl) uMgr).getGroupsPath() : UserConstants.GROUPS_PATH;
membersInProperty = !(uMgr instanceof UserManagerImpl) || !((UserManagerImpl) uMgr).hasMemberSplitSize();
if (configuration.containsKey(PARAM_ANONYMOUS_ID)) {
anonymousId = (String) configuration.get(PARAM_ANONYMOUS_ID);
} else {
anonymousId = SecurityConstants.ANONYMOUS_ID;
}
if (configuration.containsKey(PARAM_ANONYMOUS_ACCESS)) {
anonymousAccess = Boolean.parseBoolean((String) configuration.get(PARAM_ANONYMOUS_ACCESS));
} else {
anonymousAccess = true;
}
} else {
throw new RepositoryException("SessionImpl (system session) expected.");
}
}
use of org.apache.jackrabbit.api.security.user.UserManager in project jackrabbit-oak by apache.
the class SyncMBeanImplTest method testSyncAllUsers.
@Test
public void testSyncAllUsers() throws Exception {
// first sync external users into the repo
syncMBean.syncAllExternalUsers();
// verify effect of syncAllUsers
String[] result = syncMBean.syncAllUsers(false);
Map<String, String> expected = getExpectedUserResult("upd", true);
assertResultMessages(result, expected);
UserManager userManager = getUserManager();
for (String id : expected.keySet()) {
ExternalIdentity ei = idp.getUser(id);
if (ei == null) {
ei = idp.getGroup(id);
}
assertSync(ei, userManager);
}
}
use of org.apache.jackrabbit.api.security.user.UserManager in project jackrabbit-oak by apache.
the class SyncMBeanImplTest method testPurgeOrphanedUsersThrowingHandler.
@Test
public void testPurgeOrphanedUsersThrowingHandler() throws Exception {
sync(new TestIdentityProvider.TestUser("thirdUser", idp.getName()), idp);
sync(new TestIdentityProvider.TestGroup("g", idp.getName()), idp);
String[] result = createThrowingSyncMBean(false).purgeOrphanedUsers();
assertEquals(0, result.length);
UserManager userManager = getUserManager();
assertNotNull(userManager.getAuthorizable("thirdUser"));
assertNotNull(userManager.getAuthorizable("g"));
}
use of org.apache.jackrabbit.api.security.user.UserManager in project jackrabbit-oak by apache.
the class SyncMBeanImplTest method testInitialSyncExternalGroup.
@Test
public void testInitialSyncExternalGroup() throws Exception {
ExternalGroup externalGroup = idp.getGroup("a");
String[] externalId = new String[] { externalGroup.getExternalId().getString() };
String[] result = syncMBean.syncExternalUsers(externalId);
assertResultMessages(result, "a", "add");
UserManager userManager = getUserManager();
Group aGroup = userManager.getAuthorizable(externalGroup.getId(), Group.class);
assertNotNull(aGroup);
// membership of groups are not synced (unless imposed by user-sync with membership depth)
for (ExternalIdentityRef groupRef : externalGroup.getDeclaredGroups()) {
assertNull(userManager.getAuthorizable(groupRef.getId()));
}
}
Aggregations