Example 21 with PrincipalImpl
use of org.apache.jackrabbit.core.security.principal.PrincipalImpl in project jackrabbit by apache.
the class UserImporter method processReferences.
/**
* @see org.apache.jackrabbit.core.xml.ProtectedPropertyImporter#processReferences()
*/
public void processReferences() throws RepositoryException {
if (!initialized) {
throw new IllegalStateException("Not initialized");
}
// assert that user manager is isn't in auto-save mode
if (userManager.isAutoSave()) {
userManager.autoSave(false);
}
try {
List<Object> processed = new ArrayList<Object>();
for (Iterator<Object> it = referenceTracker.getProcessedReferences(); it.hasNext(); ) {
Object reference = it.next();
if (reference instanceof Membership) {
Authorizable a = userManager.getAuthorizable(((Membership) reference).groupId);
if (a == null || !a.isGroup()) {
throw new RepositoryException(((Membership) reference).groupId + " does not represent a valid group.");
}
final Group gr = (Group) a;
// 1. collect members to add and to remove.
Map<String, Authorizable> toRemove = new HashMap<String, Authorizable>();
for (Iterator<Authorizable> declMembers = gr.getDeclaredMembers(); declMembers.hasNext(); ) {
Authorizable dm = declMembers.next();
toRemove.put(dm.getID(), dm);
}
List<Authorizable> toAdd = new ArrayList<Authorizable>();
final List<Membership.Member> nonExisting = new ArrayList<Membership.Member>();
for (Membership.Member member : ((Membership) reference).members) {
NodeId remapped = referenceTracker.getMappedId(member.id);
NodeId id = (remapped == null) ? member.id : remapped;
Authorizable authorz = null;
try {
NodeImpl n = ((SessionImpl) session).getNodeById(id);
authorz = userManager.getAuthorizable(n);
} catch (RepositoryException e) {
// no such node or failed to retrieve authorizable
// warning is logged below.
}
if (authorz != null) {
if (toRemove.remove(authorz.getID()) == null) {
toAdd.add(authorz);
}
// else: no need to remove from rep:members
} else {
handleFailure("New member of " + gr + ": No such authorizable (NodeID = " + id + ")");
if (importBehavior == ImportBehavior.BESTEFFORT) {
log.info("ImportBehavior.BESTEFFORT: Remember non-existing member for processing.");
nonExisting.add(member);
}
}
}
// 2. adjust members of the group
for (Authorizable m : toRemove.values()) {
if (!gr.removeMember(m)) {
handleFailure("Failed remove existing member (" + m + ") from " + gr);
}
}
for (Authorizable m : toAdd) {
if (!gr.addMember(m)) {
handleFailure("Failed add member (" + m + ") to " + gr);
}
}
// handling non-existing members in case of best-effort
if (!nonExisting.isEmpty()) {
log.info("ImportBehavior.BESTEFFORT: Found " + nonExisting.size() + " entries of rep:members pointing to non-existing authorizables. Adding to rep:members.");
final NodeImpl groupNode = ((AuthorizableImpl) gr).getNode();
if (userManager.hasMemberSplitSize()) {
userManager.performProtectedOperation((SessionImpl) session, new SessionWriteOperation<Object>() {
public Boolean perform(SessionContext context) throws RepositoryException {
NodeImpl nMembers = (groupNode.hasNode(UserConstants.N_MEMBERS) ? groupNode.getNode(UserConstants.N_MEMBERS) : groupNode.addNode(UserConstants.N_MEMBERS, UserConstants.NT_REP_MEMBERS, null));
// Create N_MEMBERS node structure for holding member references
for (Membership.Member member : nonExisting) {
PropertySequence properties = GroupImpl.getPropertySequence(nMembers, userManager);
String propName = member.name;
if (propName == null) {
log.debug("Ignoring unnamed user with id {}", member.id);
continue;
}
if (properties.hasItem(propName)) {
log.debug("Overwriting authorizable {} which is already member of {}.", propName, gr);
properties.removeProperty(propName);
}
Value newMember = session.getValueFactory().createValue(member.id.toString(), PropertyType.WEAKREFERENCE);
properties.addProperty(propName, newMember);
}
return null;
}
});
} else {
// Create P_MEMBERS for holding member references
// build list of valid members set before ....
List<Value> memberValues = new ArrayList<Value>();
if (groupNode.hasProperty(UserConstants.P_MEMBERS)) {
Value[] vls = groupNode.getProperty(UserConstants.P_MEMBERS).getValues();
memberValues.addAll(Arrays.asList(vls));
}
// ... and the non-Existing ones.
for (Membership.Member member : nonExisting) {
memberValues.add(session.getValueFactory().createValue(member.id.toString(), PropertyType.WEAKREFERENCE));
}
// and use implementation specific method to set the
// value of rep:members properties which was not possible
// through the API
userManager.setProtectedProperty(groupNode, UserConstants.P_MEMBERS, memberValues.toArray(new Value[memberValues.size()]), PropertyType.WEAKREFERENCE);
}
}
processed.add(reference);
} else if (reference instanceof Impersonators) {
Authorizable a = userManager.getAuthorizable(((Impersonators) reference).userId);
if (a == null || a.isGroup()) {
throw new RepositoryException(((Impersonators) reference).userId + " does not represent a valid user.");
}
Impersonation imp = ((User) a).getImpersonation();
// 1. collect principals to add and to remove.
Map<String, Principal> toRemove = new HashMap<String, Principal>();
for (PrincipalIterator pit = imp.getImpersonators(); pit.hasNext(); ) {
Principal princ = pit.nextPrincipal();
toRemove.put(princ.getName(), princ);
}
List<Principal> toAdd = new ArrayList<Principal>();
Value[] vs = ((Impersonators) reference).values;
for (Value v : vs) {
String princName = v.getString();
if (toRemove.remove(princName) == null) {
// add it to the list of new impersonators to be added.
toAdd.add(new PrincipalImpl(princName));
}
// else: no need to revoke impersonation for the given principal.
}
// 2. adjust set of impersonators
for (Principal princ : toRemove.values()) {
if (!imp.revokeImpersonation(princ)) {
handleFailure("Failed to revoke impersonation for " + princ.getName() + " on " + a);
}
}
for (Principal princ : toAdd) {
if (!imp.grantImpersonation(princ)) {
handleFailure("Failed to grant impersonation for " + princ.getName() + " on " + a);
}
}
// NOTE: no best effort handling so far. (TODO)
processed.add(reference);
}
}
// successfully processed this entry of the reference tracker
// -> remove from the reference tracker.
referenceTracker.removeReferences(processed);
} finally {
// the original state.
if (resetAutoSave) {
userManager.autoSave(true);
}
}
}
Also used :
Group(org.apache.jackrabbit.api.security.user.Group)
Impersonation(org.apache.jackrabbit.api.security.user.Impersonation)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
List(java.util.List)
PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
PrincipalIterator(org.apache.jackrabbit.api.security.principal.PrincipalIterator)
RepositoryException(javax.jcr.RepositoryException)
PropertySequence(org.apache.jackrabbit.commons.flat.PropertySequence)
NodeId(org.apache.jackrabbit.core.id.NodeId)
Value(javax.jcr.Value)
SessionContext(org.apache.jackrabbit.core.session.SessionContext)
SessionImpl(org.apache.jackrabbit.core.SessionImpl)
HashMap(java.util.HashMap)
Map(java.util.Map)
Principal(java.security.Principal)
Example 22 with PrincipalImpl
use of org.apache.jackrabbit.core.security.principal.PrincipalImpl in project jackrabbit by apache.
the class UserImporterTest method setUp.
@Override
protected void setUp() throws Exception {
super.setUp();
if (!(superuser instanceof SessionImpl)) {
throw new NotExecutableException("SessionImpl expected.");
}
sImpl = (SessionImpl) superuser;
UserManager umgr = sImpl.getUserManager();
if (umgr.isAutoSave()) {
try {
umgr.autoSave(false);
} catch (RepositoryException e) {
// -> test not executable
throw new NotExecutableException("Expected user manager that can have its autosave behavior changed to false.");
}
}
this.umgr = (UserManagerImpl) umgr;
// avoid collision with testing a-folders that may have been created
// with another test (but not removed as user/groups got removed)
String path = this.umgr.getUsersPath() + "/t";
if (sImpl.nodeExists(path)) {
sImpl.getNode(path).remove();
}
path = this.umgr.getGroupsPath() + "/g";
if (sImpl.nodeExists(path)) {
sImpl.getNode(path).remove();
}
sImpl.save();
// make sure the target node for group-import exists
Authorizable administrators = umgr.getAuthorizable(SecurityConstants.ADMINISTRATORS_NAME);
if (administrators == null) {
groupIdToRemove = umgr.createGroup(new PrincipalImpl(SecurityConstants.ADMINISTRATORS_NAME)).getID();
sImpl.save();
} else if (!administrators.isGroup()) {
throw new NotExecutableException("Expected " + administrators.getID() + " to be a group.");
}
}
Also used :
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
RepositoryException(javax.jcr.RepositoryException)
SessionImpl(org.apache.jackrabbit.core.SessionImpl)
PrincipalImpl(org.apache.jackrabbit.core.security.principal.PrincipalImpl)
Aggregations
PrincipalImpl (org.apache.jackrabbit.core.security.principal.PrincipalImpl)22
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)13
User (org.apache.jackrabbit.api.security.user.User)11
Principal (java.security.Principal)8
Node (javax.jcr.Node)8
Test (org.junit.Test)8
ConstraintViolationException (javax.jcr.nodetype.ConstraintViolationException)6
ArrayList (java.util.ArrayList)4
ItemBasedPrincipal (org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal)4
NodeImpl (org.apache.jackrabbit.core.NodeImpl)4
RepositoryException (javax.jcr.RepositoryException)3
Value (javax.jcr.Value)3
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)3
Subject (javax.security.auth.Subject)3
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)3
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)3
PrincipalManager (org.apache.jackrabbit.api.security.principal.PrincipalManager)3
UserManager (org.apache.jackrabbit.api.security.user.UserManager)3
SessionImpl (org.apache.jackrabbit.core.SessionImpl)3
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)3
