Example 71 with ContentSession
use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class ExternalLoginModuleAutoMembershipTest method testLoginAfterSyncSetup3.
@Test
public void testLoginAfterSyncSetup3() throws Exception {
setup3.sync(USER_ID, false);
ContentSession cs = null;
try {
cs = login(new SimpleCredentials(USER_ID, new char[0]));
// the login must set the existing auto-membership principals to the subject
Set<Principal> principals = cs.getAuthInfo().getPrincipals();
assertTrue(principals.contains(setup3.gr.getPrincipal()));
assertFalse(principals.contains(new PrincipalImpl(NON_EXISTING_NAME)));
assertFalse(principals.contains(setup1.gr.getPrincipal()));
assertFalse(principals.contains(setup2.gr.getPrincipal()));
// however, the existing auto-membership group must _not_ have changed
// and the test user must not be a stored member of this group.
root.refresh();
UserManager uMgr = getUserManager(root);
User user = uMgr.getAuthorizable(USER_ID, User.class);
Group gr = uMgr.getAuthorizable(setup3.gr.getID(), Group.class);
assertTrue(gr.isDeclaredMember(user));
assertTrue(gr.isMember(user));
} finally {
options.clear();
if (cs != null) {
cs.close();
}
}
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
Group(org.apache.jackrabbit.api.security.user.Group)
User(org.apache.jackrabbit.api.security.user.User)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)
Principal(java.security.Principal)
PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)
Test(org.junit.Test)
Example 72 with ContentSession
use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class ExternalLoginModuleAutoMembershipTest method testLoginAfterSyncSetup2.
@Test
public void testLoginAfterSyncSetup2() throws Exception {
setup2.sync(USER_ID, false);
ContentSession cs = null;
try {
cs = login(new SimpleCredentials(USER_ID, new char[0]));
// the login must set the existing auto-membership principals to the subject
Set<Principal> principals = cs.getAuthInfo().getPrincipals();
assertTrue(principals.contains(setup2.gr.getPrincipal()));
assertFalse(principals.contains(new PrincipalImpl(NON_EXISTING_NAME)));
assertFalse(principals.contains(setup1.gr.getPrincipal()));
assertFalse(principals.contains(setup3.gr.getPrincipal()));
// however, the existing auto-membership group must _not_ have changed
// and the test user must not be a stored member of this group.
root.refresh();
UserManager uMgr = getUserManager(root);
User user = uMgr.getAuthorizable(USER_ID, User.class);
Group gr = uMgr.getAuthorizable(setup2.gr.getID(), Group.class);
assertFalse(gr.isDeclaredMember(user));
assertFalse(gr.isMember(user));
} finally {
options.clear();
if (cs != null) {
cs.close();
}
}
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
Group(org.apache.jackrabbit.api.security.user.Group)
User(org.apache.jackrabbit.api.security.user.User)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)
Principal(java.security.Principal)
PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)
Test(org.junit.Test)
Example 73 with ContentSession
use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class ExternalLoginModuleAutoMembershipTest method testLoginAfterSyncSetup4.
@Test
public void testLoginAfterSyncSetup4() throws Exception {
setup4.sync(USER_ID, false);
ContentSession cs = null;
try {
cs = login(new SimpleCredentials(USER_ID, new char[0]));
// the login must set the existing auto-membership principals to the subject
Set<Principal> principals = cs.getAuthInfo().getPrincipals();
assertTrue(principals.contains(setup4.gr.getPrincipal()));
assertTrue(principals.contains(setup2.gr.getPrincipal()));
assertFalse(principals.contains(new PrincipalImpl(NON_EXISTING_NAME)));
assertFalse(principals.contains(setup1.gr.getPrincipal()));
assertFalse(principals.contains(setup3.gr.getPrincipal()));
// however, the existing auto-membership group must _not_ have changed
// and the test user must not be a stored member of this group.
root.refresh();
UserManager uMgr = getUserManager(root);
User user = uMgr.getAuthorizable(USER_ID, User.class);
Group gr = uMgr.getAuthorizable(setup4.gr.getID(), Group.class);
assertFalse(gr.isDeclaredMember(user));
assertFalse(gr.isMember(user));
} finally {
options.clear();
if (cs != null) {
cs.close();
}
}
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
Group(org.apache.jackrabbit.api.security.user.Group)
User(org.apache.jackrabbit.api.security.user.User)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)
Principal(java.security.Principal)
PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)
Test(org.junit.Test)
Example 74 with ContentSession
use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class ExternalLoginModuleDynamicMembershipTest method testLoginPopulatesPrincipals.
@Test
public void testLoginPopulatesPrincipals() throws Exception {
ContentSession cs = null;
try {
cs = login(new SimpleCredentials(USER_ID, new char[0]));
Set<String> expectedExternal = new HashSet<String>();
calcExpectedPrincipalNames(idp.getUser(USER_ID), syncConfig.user().getMembershipNestingDepth(), expectedExternal);
Set<Principal> principals = new HashSet<Principal>(cs.getAuthInfo().getPrincipals());
root.refresh();
PrincipalManager principalManager = getPrincipalManager(root);
for (String pName : expectedExternal) {
Principal p = principalManager.getPrincipal(pName);
assertNotNull(p);
assertTrue(principals.remove(p));
}
UserManager uMgr = getUserManager(root);
User u = uMgr.getAuthorizable(USER_ID, User.class);
assertTrue(principals.remove(u.getPrincipal()));
Iterator<Group> it = u.memberOf();
assertFalse(it.hasNext());
assertTrue(principals.remove(EveryonePrincipal.getInstance()));
assertTrue(principals.isEmpty());
} finally {
if (cs != null) {
cs.close();
}
options.clear();
}
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
SimpleCredentials(javax.jcr.SimpleCredentials)
Group(org.apache.jackrabbit.api.security.user.Group)
User(org.apache.jackrabbit.api.security.user.User)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)
Principal(java.security.Principal)
HashSet(java.util.HashSet)
Test(org.junit.Test)
Example 75 with ContentSession
use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class ExternalLoginModuleTest method testSyncCreateGroupNesting.
@Test
public void testSyncCreateGroupNesting() throws Exception {
syncConfig.user().setMembershipNestingDepth(2);
UserManager userManager = getUserManager(root);
ContentSession cs = null;
try {
cs = login(new SimpleCredentials(USER_ID, new char[0]));
root.refresh();
for (String id : new String[] { "a", "b", "c", "aa", "aaa" }) {
assertNotNull(userManager.getAuthorizable(id));
}
} finally {
if (cs != null) {
cs.close();
}
options.clear();
}
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
Test(org.junit.Test)
Aggregations
ContentSession (org.apache.jackrabbit.oak.api.ContentSession)146
Test (org.junit.Test)132
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)66
SimpleCredentials (javax.jcr.SimpleCredentials)60
Root (org.apache.jackrabbit.oak.api.Root)43
LoginException (javax.security.auth.login.LoginException)35
AuthInfo (org.apache.jackrabbit.oak.api.AuthInfo)26
Tree (org.apache.jackrabbit.oak.api.Tree)25
UserManager (org.apache.jackrabbit.api.security.user.UserManager)19
User (org.apache.jackrabbit.api.security.user.User)17
PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)15
GuestCredentials (javax.jcr.GuestCredentials)13
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)12
Principal (java.security.Principal)10
TokenCredentials (org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)10
CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)9
Group (org.apache.jackrabbit.api.security.user.Group)8
EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)8
ImpersonationCredentials (org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)7
PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)6
