Search in sources :

Example 36 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class LdapLoginTestBase method testReLogin.

@Test
public void testReLogin() throws Exception {
    ContentSession cs = null;
    try {
        cs = login(new SimpleCredentials(USER_ID, USER_PWD.toCharArray()));
        root.refresh();
        Authorizable user = userManager.getAuthorizable(USER_ID);
        assertNotNull(user);
        assertFalse(root.getTree(user.getPath()).hasProperty(UserConstants.REP_PASSWORD));
        cs.close();
        // login again
        cs = login(new SimpleCredentials(USER_ID, USER_PWD.toCharArray()));
        root.refresh();
        assertEquals(USER_ID, cs.getAuthInfo().getUserID());
    } finally {
        if (cs != null) {
            cs.close();
        }
        options.clear();
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) Test(org.junit.Test)

Example 37 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class LdapLoginTestBase method testLoginSetsAuthInfo.

@Test
public void testLoginSetsAuthInfo() throws Exception {
    ContentSession cs = null;
    try {
        SimpleCredentials sc = new SimpleCredentials(USER_ID, USER_PWD.toCharArray());
        sc.setAttribute("attr", "val");
        cs = login(sc);
        AuthInfo ai = cs.getAuthInfo();
        assertEquals(USER_ID, ai.getUserID());
        assertEquals("val", ai.getAttribute("attr"));
    } finally {
        if (cs != null) {
            cs.close();
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) AuthInfo(org.apache.jackrabbit.oak.api.AuthInfo) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) Test(org.junit.Test)

Example 38 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class CustomCredentialsSupportTest method testLogin.

@Test
public void testLogin() throws Exception {
    TestCredentials creds = new TestCredentials("testUser");
    ContentSession cs = login(creds);
    try {
        AuthInfo info = cs.getAuthInfo();
        assertEquals("testUser", info.getUserID());
        assertAttributes(getCredentialsSupport().getAttributes(creds), info);
    } finally {
        cs.close();
    }
}
Also used : AuthInfo(org.apache.jackrabbit.oak.api.AuthInfo) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) Test(org.junit.Test)

Example 39 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class TokenExternalLoginModuleTest method testTokenCreation.

@Test
public void testTokenCreation() throws Exception {
    Credentials creds = createTestCredentials();
    assertTrue(credentialsSupport.setAttributes(creds, ImmutableMap.<String, Object>of(".token", "")));
    String expectedUserId = credentialsSupport.getUserId(creds);
    ContentSession cs = login(creds);
    try {
        assertEquals(expectedUserId, cs.getAuthInfo().getUserID());
        Map<String, ?> attributes = credentialsSupport.getAttributes(creds);
        String token = attributes.get(".token").toString();
        assertFalse(token.isEmpty());
        root.refresh();
        User user = getUserManager(root).getAuthorizable(expectedUserId, User.class);
        Tree tokenParent = root.getTree(user.getPath()).getChild(".tokens");
        assertTrue(tokenParent.exists());
        assertEquals(1, tokenParent.getChildrenCount(100));
    } finally {
        cs.close();
    }
}
Also used : User(org.apache.jackrabbit.api.security.user.User) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) Tree(org.apache.jackrabbit.oak.api.Tree) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials) Credentials(javax.jcr.Credentials) Test(org.junit.Test)

Example 40 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class ClusterPermissionsTest method testPermissionPropagation.

@Test
public void testPermissionPropagation() throws Exception {
    // create a "/testNode"
    Tree node = root1.getTree("/").addChild("testNode");
    node.setProperty(JcrConstants.JCR_PRIMARYTYPE, JcrConstants.NT_UNSTRUCTURED, Type.NAME);
    // create 2 users
    User user1 = userManager1.createUser("testUser1", "testUser1");
    User user2 = userManager1.createUser("testUser2", "testUser2");
    JackrabbitAccessControlList acl1 = AccessControlUtils.getAccessControlList(aclMgr1, "/testNode");
    // deny jcr:all for everyone on /testNode
    acl1.addEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:all"), false);
    // allow jcr:read for testUser1 on /testNode
    acl1.addEntry(user1.getPrincipal(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:read"), true);
    aclMgr1.setPolicy("/testNode", acl1);
    root1.commit();
    syncClusterNodes();
    root2.refresh();
    // login with testUser1 and testUser2 (on cluster node 2)
    ContentSession session1 = contentRepository2.login(new SimpleCredentials("testUser1", "testUser1".toCharArray()), null);
    ContentSession session2 = contentRepository2.login(new SimpleCredentials("testUser2", "testUser2".toCharArray()), null);
    // testUser1 can read /testNode
    assertTrue(session1.getLatestRoot().getTree("/testNode").exists());
    // testUser2 cannot read /testNode
    assertFalse(session2.getLatestRoot().getTree("/testNode").exists());
    // now, allow jcr:read also for 'everyone' (on cluster node 1)
    acl1 = AccessControlUtils.getAccessControlList(aclMgr1, "/testNode");
    acl1.addEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(aclMgr1, "jcr:read"), true);
    aclMgr1.setPolicy("/testNode", acl1);
    root1.commit();
    syncClusterNodes();
    root2.refresh();
    // testUser1 can read /testNode
    assertTrue(session1.getLatestRoot().getTree("/testNode").exists());
    // testUser2 can also read /testNode
    assertTrue(session2.getLatestRoot().getTree("/testNode").exists());
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) User(org.apache.jackrabbit.api.security.user.User) Tree(org.apache.jackrabbit.oak.api.Tree) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) Test(org.junit.Test)

Aggregations

ContentSession (org.apache.jackrabbit.oak.api.ContentSession)146 Test (org.junit.Test)132 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)66 SimpleCredentials (javax.jcr.SimpleCredentials)60 Root (org.apache.jackrabbit.oak.api.Root)43 LoginException (javax.security.auth.login.LoginException)35 AuthInfo (org.apache.jackrabbit.oak.api.AuthInfo)26 Tree (org.apache.jackrabbit.oak.api.Tree)25 UserManager (org.apache.jackrabbit.api.security.user.UserManager)19 User (org.apache.jackrabbit.api.security.user.User)17 PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)15 GuestCredentials (javax.jcr.GuestCredentials)13 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)12 Principal (java.security.Principal)10 TokenCredentials (org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)10 CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)9 Group (org.apache.jackrabbit.api.security.user.Group)8 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)8 ImpersonationCredentials (org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)7 PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)6