Example 1 with SystemPrincipal
use of org.apache.jackrabbit.core.security.SystemPrincipal in project jackrabbit by apache.
the class SystemSession method create.
/**
* Package private factory method
*
* @param repositoryContext The repository context
* @param wspConfig The workspace configuration
* @return A new instance of <code>SystemSession</code>
* @throws RepositoryException If an error occurs
*/
static SystemSession create(RepositoryContext repositoryContext, WorkspaceConfig wspConfig) throws RepositoryException {
// create subject with SystemPrincipal
Set<SystemPrincipal> principals = Collections.singleton(new SystemPrincipal());
Subject subject = new Subject(true, principals, Collections.emptySet(), Collections.emptySet());
return new SystemSession(repositoryContext, subject, wspConfig);
}
Also used :
SystemPrincipal(org.apache.jackrabbit.core.security.SystemPrincipal)
Subject(javax.security.auth.Subject)
Example 2 with SystemPrincipal
use of org.apache.jackrabbit.core.security.SystemPrincipal in project jackrabbit by apache.
the class DefaultSecurityManager method getUserID.
/**
* @see JackrabbitSecurityManager#getUserID(javax.security.auth.Subject, String)
*/
public String getUserID(Subject subject, String workspaceName) throws RepositoryException {
checkInitialized();
// SystemPrincipal in which cases the userID is already known.
if (!subject.getPrincipals(AdminPrincipal.class).isEmpty()) {
return adminId;
} else if (!subject.getPrincipals(SystemPrincipal.class).isEmpty()) {
// system session does not have a userId
return null;
}
/* if there is a configure principal class that should be used to
determine the UserID -> try this one. */
Class cl = getConfig().getUserIdClass();
if (cl != null) {
Set<Principal> s = subject.getPrincipals(cl);
if (!s.isEmpty()) {
for (Principal p : s) {
if (!GroupPrincipals.isGroup(p)) {
return p.getName();
}
}
// all principals found with the given p-Class were Group principals
log.debug("Only Group principals found with class '" + cl.getName() + "' -> Not used for UserID.");
} else {
log.debug("No principal found with class '" + cl.getName() + "'.");
}
}
/*
Fallback scenario to retrieve userID from the subject:
Since the subject may contain multiple principals and the principal
name may not be equals to the UserID, the id is retrieved by
searching for the corresponding authorizable and if this doesn't
succeed an attempt is made to obtained it from the login-credentials.
*/
String uid = null;
// to determine the userID.
try {
UserManager umgr = getSystemUserManager(workspaceName);
for (Principal p : subject.getPrincipals()) {
if (!(p instanceof Group)) {
Authorizable authorz = umgr.getAuthorizable(p);
if (authorz != null && !authorz.isGroup()) {
uid = authorz.getID();
break;
}
}
}
} catch (RepositoryException e) {
// failed to access userid via user manager -> use fallback 2.
log.error("Unexpected error while retrieving UserID.", e);
}
// SimpleCredentials.
if (uid == null) {
Iterator<SimpleCredentials> creds = subject.getPublicCredentials(SimpleCredentials.class).iterator();
if (creds.hasNext()) {
SimpleCredentials sc = creds.next();
uid = sc.getUserID();
}
}
return uid;
}
Also used :
Group(org.apache.jackrabbit.api.security.user.Group)
SimpleCredentials(javax.jcr.SimpleCredentials)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
RepositoryException(javax.jcr.RepositoryException)
SystemPrincipal(org.apache.jackrabbit.core.security.SystemPrincipal)
Principal(java.security.Principal)
SystemPrincipal(org.apache.jackrabbit.core.security.SystemPrincipal)
AdminPrincipal(org.apache.jackrabbit.core.security.principal.AdminPrincipal)
Example 3 with SystemPrincipal
use of org.apache.jackrabbit.core.security.SystemPrincipal in project jackrabbit by apache.
the class ImpersonationImplTest method testSystemPrincipalAsImpersonator.
public void testSystemPrincipalAsImpersonator() throws RepositoryException {
Principal systemPrincipal = new SystemPrincipal();
assertNull(userMgr.getAuthorizable(systemPrincipal));
// system cannot be add/remove to set of impersonators of 'u' nor
// should it be allowed to impersonate a given user...
User u = (User) userMgr.getAuthorizable(uID);
Impersonation impersonation = u.getImpersonation();
assertFalse(impersonation.grantImpersonation(systemPrincipal));
assertFalse(impersonation.revokeImpersonation(systemPrincipal));
assertFalse(impersonation.allows(buildSubject(systemPrincipal)));
}
Also used :
Impersonation(org.apache.jackrabbit.api.security.user.Impersonation)
User(org.apache.jackrabbit.api.security.user.User)
SystemPrincipal(org.apache.jackrabbit.core.security.SystemPrincipal)
AdminPrincipal(org.apache.jackrabbit.core.security.principal.AdminPrincipal)
SystemPrincipal(org.apache.jackrabbit.core.security.SystemPrincipal)
Principal(java.security.Principal)
Aggregations
SystemPrincipal (org.apache.jackrabbit.core.security.SystemPrincipal)3
Principal (java.security.Principal)2
AdminPrincipal (org.apache.jackrabbit.core.security.principal.AdminPrincipal)2
RepositoryException (javax.jcr.RepositoryException)1
SimpleCredentials (javax.jcr.SimpleCredentials)1
Subject (javax.security.auth.Subject)1
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)1
Group (org.apache.jackrabbit.api.security.user.Group)1
Impersonation (org.apache.jackrabbit.api.security.user.Impersonation)1
User (org.apache.jackrabbit.api.security.user.User)1
UserManager (org.apache.jackrabbit.api.security.user.UserManager)1
