Search in sources :

Example 71 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class ExternalLoginModuleAutoMembershipTest method testLoginAfterSyncSetup3.

@Test
public void testLoginAfterSyncSetup3() throws Exception {
    setup3.sync(USER_ID, false);
    ContentSession cs = null;
    try {
        cs = login(new SimpleCredentials(USER_ID, new char[0]));
        // the login must set the existing auto-membership principals to the subject
        Set<Principal> principals = cs.getAuthInfo().getPrincipals();
        assertTrue(principals.contains(setup3.gr.getPrincipal()));
        assertFalse(principals.contains(new PrincipalImpl(NON_EXISTING_NAME)));
        assertFalse(principals.contains(setup1.gr.getPrincipal()));
        assertFalse(principals.contains(setup2.gr.getPrincipal()));
        // however, the existing auto-membership group must _not_ have changed
        // and the test user must not be a stored member of this group.
        root.refresh();
        UserManager uMgr = getUserManager(root);
        User user = uMgr.getAuthorizable(USER_ID, User.class);
        Group gr = uMgr.getAuthorizable(setup3.gr.getID(), Group.class);
        assertTrue(gr.isDeclaredMember(user));
        assertTrue(gr.isMember(user));
    } finally {
        options.clear();
        if (cs != null) {
            cs.close();
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) Group(org.apache.jackrabbit.api.security.user.Group) User(org.apache.jackrabbit.api.security.user.User) UserManager(org.apache.jackrabbit.api.security.user.UserManager) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) Principal(java.security.Principal) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) Test(org.junit.Test)

Example 72 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class ExternalLoginModuleAutoMembershipTest method testLoginAfterSyncSetup2.

@Test
public void testLoginAfterSyncSetup2() throws Exception {
    setup2.sync(USER_ID, false);
    ContentSession cs = null;
    try {
        cs = login(new SimpleCredentials(USER_ID, new char[0]));
        // the login must set the existing auto-membership principals to the subject
        Set<Principal> principals = cs.getAuthInfo().getPrincipals();
        assertTrue(principals.contains(setup2.gr.getPrincipal()));
        assertFalse(principals.contains(new PrincipalImpl(NON_EXISTING_NAME)));
        assertFalse(principals.contains(setup1.gr.getPrincipal()));
        assertFalse(principals.contains(setup3.gr.getPrincipal()));
        // however, the existing auto-membership group must _not_ have changed
        // and the test user must not be a stored member of this group.
        root.refresh();
        UserManager uMgr = getUserManager(root);
        User user = uMgr.getAuthorizable(USER_ID, User.class);
        Group gr = uMgr.getAuthorizable(setup2.gr.getID(), Group.class);
        assertFalse(gr.isDeclaredMember(user));
        assertFalse(gr.isMember(user));
    } finally {
        options.clear();
        if (cs != null) {
            cs.close();
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) Group(org.apache.jackrabbit.api.security.user.Group) User(org.apache.jackrabbit.api.security.user.User) UserManager(org.apache.jackrabbit.api.security.user.UserManager) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) Principal(java.security.Principal) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) Test(org.junit.Test)

Example 73 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class ExternalLoginModuleAutoMembershipTest method testLoginAfterSyncSetup4.

@Test
public void testLoginAfterSyncSetup4() throws Exception {
    setup4.sync(USER_ID, false);
    ContentSession cs = null;
    try {
        cs = login(new SimpleCredentials(USER_ID, new char[0]));
        // the login must set the existing auto-membership principals to the subject
        Set<Principal> principals = cs.getAuthInfo().getPrincipals();
        assertTrue(principals.contains(setup4.gr.getPrincipal()));
        assertTrue(principals.contains(setup2.gr.getPrincipal()));
        assertFalse(principals.contains(new PrincipalImpl(NON_EXISTING_NAME)));
        assertFalse(principals.contains(setup1.gr.getPrincipal()));
        assertFalse(principals.contains(setup3.gr.getPrincipal()));
        // however, the existing auto-membership group must _not_ have changed
        // and the test user must not be a stored member of this group.
        root.refresh();
        UserManager uMgr = getUserManager(root);
        User user = uMgr.getAuthorizable(USER_ID, User.class);
        Group gr = uMgr.getAuthorizable(setup4.gr.getID(), Group.class);
        assertFalse(gr.isDeclaredMember(user));
        assertFalse(gr.isMember(user));
    } finally {
        options.clear();
        if (cs != null) {
            cs.close();
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) Group(org.apache.jackrabbit.api.security.user.Group) User(org.apache.jackrabbit.api.security.user.User) UserManager(org.apache.jackrabbit.api.security.user.UserManager) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) Principal(java.security.Principal) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) Test(org.junit.Test)

Example 74 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class ExternalLoginModuleDynamicMembershipTest method testLoginPopulatesPrincipals.

@Test
public void testLoginPopulatesPrincipals() throws Exception {
    ContentSession cs = null;
    try {
        cs = login(new SimpleCredentials(USER_ID, new char[0]));
        Set<String> expectedExternal = new HashSet<String>();
        calcExpectedPrincipalNames(idp.getUser(USER_ID), syncConfig.user().getMembershipNestingDepth(), expectedExternal);
        Set<Principal> principals = new HashSet<Principal>(cs.getAuthInfo().getPrincipals());
        root.refresh();
        PrincipalManager principalManager = getPrincipalManager(root);
        for (String pName : expectedExternal) {
            Principal p = principalManager.getPrincipal(pName);
            assertNotNull(p);
            assertTrue(principals.remove(p));
        }
        UserManager uMgr = getUserManager(root);
        User u = uMgr.getAuthorizable(USER_ID, User.class);
        assertTrue(principals.remove(u.getPrincipal()));
        Iterator<Group> it = u.memberOf();
        assertFalse(it.hasNext());
        assertTrue(principals.remove(EveryonePrincipal.getInstance()));
        assertTrue(principals.isEmpty());
    } finally {
        if (cs != null) {
            cs.close();
        }
        options.clear();
    }
}
Also used : PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager) SimpleCredentials(javax.jcr.SimpleCredentials) Group(org.apache.jackrabbit.api.security.user.Group) User(org.apache.jackrabbit.api.security.user.User) UserManager(org.apache.jackrabbit.api.security.user.UserManager) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) Principal(java.security.Principal) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 75 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class ExternalLoginModuleTest method testSyncCreateGroupNesting.

@Test
public void testSyncCreateGroupNesting() throws Exception {
    syncConfig.user().setMembershipNestingDepth(2);
    UserManager userManager = getUserManager(root);
    ContentSession cs = null;
    try {
        cs = login(new SimpleCredentials(USER_ID, new char[0]));
        root.refresh();
        for (String id : new String[] { "a", "b", "c", "aa", "aaa" }) {
            assertNotNull(userManager.getAuthorizable(id));
        }
    } finally {
        if (cs != null) {
            cs.close();
        }
        options.clear();
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) UserManager(org.apache.jackrabbit.api.security.user.UserManager) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) Test(org.junit.Test)

Aggregations

ContentSession (org.apache.jackrabbit.oak.api.ContentSession)146 Test (org.junit.Test)132 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)66 SimpleCredentials (javax.jcr.SimpleCredentials)60 Root (org.apache.jackrabbit.oak.api.Root)43 LoginException (javax.security.auth.login.LoginException)35 AuthInfo (org.apache.jackrabbit.oak.api.AuthInfo)26 Tree (org.apache.jackrabbit.oak.api.Tree)25 UserManager (org.apache.jackrabbit.api.security.user.UserManager)19 User (org.apache.jackrabbit.api.security.user.User)17 PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)15 GuestCredentials (javax.jcr.GuestCredentials)13 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)12 Principal (java.security.Principal)10 TokenCredentials (org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)10 CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)9 Group (org.apache.jackrabbit.api.security.user.Group)8 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)8 ImpersonationCredentials (org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)7 PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)6