Example 6 with PrincipalImpl
use of org.apache.jackrabbit.core.security.principal.PrincipalImpl in project jackrabbit by apache.
the class UserImporterTest method testImportInvalidImpersonationIgnore.
public void testImportInvalidImpersonationIgnore() throws IOException, RepositoryException, SAXException, NotExecutableException {
List<String> invalid = new ArrayList<String>();
// an non-existing princ-name
invalid.add("anybody");
// a group
invalid.add("administrators");
// principal of the user itself.
invalid.add("t");
for (String principalName : invalid) {
String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + " <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" + " <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + " <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" + " <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property><sv:property sv:name=\"rep:impersonators\" sv:type=\"String\"><sv:value>" + principalName + "</sv:value></sv:property>" + "</sv:node>";
Subject subj = new Subject();
subj.getPrincipals().add(new PrincipalImpl(principalName));
NodeImpl target = (NodeImpl) sImpl.getNode(umgr.getUsersPath());
try {
doImport(target, xml, UserImporter.ImportBehavior.IGNORE);
// no exception during import: no impersonation must be granted
// for the invalid principal name
Authorizable a = umgr.getAuthorizable("t");
if (!a.isGroup()) {
Impersonation imp = ((User) a).getImpersonation();
Subject s = new Subject();
s.getPrincipals().add(new PrincipalImpl(principalName));
assertFalse(imp.allows(s));
for (PrincipalIterator it = imp.getImpersonators(); it.hasNext(); ) {
assertFalse(principalName.equals(it.nextPrincipal().getName()));
}
} else {
fail("Importing 't' didn't create a User.");
}
} finally {
sImpl.refresh(false);
}
}
}
Also used :
Impersonation(org.apache.jackrabbit.api.security.user.Impersonation)
User(org.apache.jackrabbit.api.security.user.User)
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
ArrayList(java.util.ArrayList)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
PrincipalIterator(org.apache.jackrabbit.api.security.principal.PrincipalIterator)
Subject(javax.security.auth.Subject)
PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)
Example 7 with PrincipalImpl
use of org.apache.jackrabbit.core.security.principal.PrincipalImpl in project jackrabbit by apache.
the class UserImporterTest method testImportInvalidImpersonationAbort.
public void testImportInvalidImpersonationAbort() throws IOException, RepositoryException, SAXException, NotExecutableException {
List<String> invalid = new ArrayList<String>();
// an non-existing princ-name
invalid.add("anybody");
// a group
invalid.add("administrators");
// principal of the user itself.
invalid.add("t");
for (String principalName : invalid) {
String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" + " <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" + " <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" + " <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" + " <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property><sv:property sv:name=\"rep:impersonators\" sv:type=\"String\"><sv:value>" + principalName + "</sv:value></sv:property>" + "</sv:node>";
Subject subj = new Subject();
subj.getPrincipals().add(new PrincipalImpl(principalName));
NodeImpl target = (NodeImpl) sImpl.getNode(umgr.getUsersPath());
try {
doImport(target, xml, UserImporter.ImportBehavior.ABORT);
fail("UserImporter.ImportBehavior.ABORT -> importing invalid impersonators must throw.");
} catch (SAXException e) {
// success
} finally {
sImpl.refresh(false);
}
}
}
Also used :
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
ArrayList(java.util.ArrayList)
Subject(javax.security.auth.Subject)
PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)
SAXException(org.xml.sax.SAXException)
Example 8 with PrincipalImpl
use of org.apache.jackrabbit.core.security.principal.PrincipalImpl in project jackrabbit by apache.
the class WriteTest method testInvalidPrincipal.
public void testInvalidPrincipal() throws Exception {
PrincipalManager pMgr = ((JackrabbitSession) superuser).getPrincipalManager();
String unknown = "unknown";
while (pMgr.hasPrincipal(unknown)) {
unknown = unknown + "_";
}
Principal principal = new PrincipalImpl(unknown);
if (acMgr instanceof JackrabbitAccessControlManager) {
// first try applicable policies
try {
AccessControlPolicy[] policies = ((JackrabbitAccessControlManager) acMgr).getApplicablePolicies(principal);
assertNotNull(policies);
assertEquals(0, policies.length);
} catch (AccessControlException e) {
// success
}
// second existing policies
try {
AccessControlPolicy[] policies = ((JackrabbitAccessControlManager) acMgr).getPolicies(principal);
assertNotNull(policies);
assertEquals(0, policies.length);
} catch (AccessControlException e) {
// success
}
} else {
throw new NotExecutableException();
}
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
JackrabbitAccessControlPolicy(org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)
AccessControlPolicy(javax.jcr.security.AccessControlPolicy)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
AccessControlException(javax.jcr.security.AccessControlException)
JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)
ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)
TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal)
Principal(java.security.Principal)
PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)
Example 9 with PrincipalImpl
use of org.apache.jackrabbit.core.security.principal.PrincipalImpl in project jackrabbit by apache.
the class SessionImplTest method testGetSubject.
/**
* JCR-2895 : SessionImpl#getSubject() should return an unmodifiable subject
*
* @see <a href="https://issues.apache.org/jira/browse/JCR-2895">JCR-2895</a>
*/
public void testGetSubject() {
Subject subject = ((SessionImpl) superuser).getSubject();
assertFalse(subject.getPublicCredentials().isEmpty());
assertFalse(subject.getPublicCredentials(Credentials.class).isEmpty());
assertFalse(subject.getPrincipals().isEmpty());
assertTrue(subject.isReadOnly());
try {
subject.getPublicCredentials().add(new SimpleCredentials("test", new char[0]));
fail("Subject expected to be readonly");
} catch (IllegalStateException e) {
// success
}
try {
subject.getPrincipals().add(new PrincipalImpl("test"));
fail("Subject expected to be readonly");
} catch (IllegalStateException e) {
// success
}
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
SessionImpl(org.apache.jackrabbit.core.SessionImpl)
Subject(javax.security.auth.Subject)
PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)
Example 10 with PrincipalImpl
use of org.apache.jackrabbit.core.security.principal.PrincipalImpl in project jackrabbit by apache.
the class AccessControlImporterTest method testImportPrincipalBasedACL.
/**
* Imports a principal-based ACL containing a single entry mist fail with
* the default configuration.
*
* @throws Exception
*/
public void testImportPrincipalBasedACL() throws Exception {
JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) sImpl.getAccessControlManager();
if (acMgr.getApplicablePolicies(EveryonePrincipal.getInstance()).length > 0 || acMgr.getPolicies(EveryonePrincipal.getInstance()).length > 0) {
// test expects that only resource-based acl is supported
throw new NotExecutableException();
}
PrincipalManager pmgr = sImpl.getPrincipalManager();
if (!pmgr.hasPrincipal(SecurityConstants.ADMINISTRATORS_NAME)) {
UserManager umgr = sImpl.getUserManager();
umgr.createGroup(new PrincipalImpl(SecurityConstants.ADMINISTRATORS_NAME));
if (!umgr.isAutoSave()) {
sImpl.save();
}
if (pmgr.hasPrincipal(SecurityConstants.ADMINISTRATORS_NAME)) {
throw new NotExecutableException();
}
}
NodeImpl target;
NodeImpl root = (NodeImpl) sImpl.getRootNode();
if (!root.hasNode(AccessControlConstants.N_ACCESSCONTROL)) {
target = root.addNode(AccessControlConstants.N_ACCESSCONTROL, AccessControlConstants.NT_REP_ACCESS_CONTROL, null);
} else {
target = root.getNode(AccessControlConstants.N_ACCESSCONTROL);
if (!target.isNodeType(AccessControlConstants.NT_REP_ACCESS_CONTROL)) {
target.setPrimaryType(sImpl.getJCRName(AccessControlConstants.NT_REP_ACCESS_CONTROL));
}
}
try {
InputStream in = new ByteArrayInputStream(XML_AC_TREE.getBytes("UTF-8"));
SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW, new PseudoConfig());
ImportHandler ih = new ImportHandler(importer, sImpl);
new ParsingContentHandler(ih).parse(in);
fail("Default config only allows resource-based ACL -> protected import must fail");
} catch (SAXException e) {
if (e.getException() instanceof ConstraintViolationException) {
// success
} else {
throw e;
}
} finally {
superuser.refresh(false);
}
}
Also used :
JackrabbitAccessControlManager(org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ParsingContentHandler(org.apache.jackrabbit.commons.xml.ParsingContentHandler)
SAXException(org.xml.sax.SAXException)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
ConstraintViolationException(javax.jcr.nodetype.ConstraintViolationException)
PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)
Aggregations
PrincipalImpl (org.apache.jackrabbit.core.security.principal.PrincipalImpl)22
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)13
User (org.apache.jackrabbit.api.security.user.User)11
Principal (java.security.Principal)8
Node (javax.jcr.Node)8
Test (org.junit.Test)8
ConstraintViolationException (javax.jcr.nodetype.ConstraintViolationException)6
ArrayList (java.util.ArrayList)4
ItemBasedPrincipal (org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)4
NodeImpl (org.apache.jackrabbit.core.NodeImpl)4
RepositoryException (javax.jcr.RepositoryException)3
Value (javax.jcr.Value)3
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)3
Subject (javax.security.auth.Subject)3
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)3
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)3
PrincipalManager (org.apache.jackrabbit.api.security.principal.PrincipalManager)3
UserManager (org.apache.jackrabbit.api.security.user.UserManager)3
SessionImpl (org.apache.jackrabbit.core.SessionImpl)3
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)3
