Examples with SecurityProviderImpl org.apache.jackrabbit.oak.security.SecurityProviderImpl used on opensource projects

Example 1 with SecurityProviderImpl

use of org.apache.jackrabbit.oak.security.SecurityProviderImpl in project jackrabbit-oak by apache.

the class ClusterPermissionsTest method before.

@Before
public void before() throws Exception {
    MemoryDocumentStore ds = new MemoryDocumentStore();
    MemoryBlobStore bs = new MemoryBlobStore();
    DocumentMK.Builder builder;
    builder = new DocumentMK.Builder();
    builder.setDocumentStore(ds).setBlobStore(bs).setAsyncDelay(0);
    ns1 = builder.setClusterId(1).getNodeStore();
    builder = new DocumentMK.Builder();
    builder.setDocumentStore(ds).setBlobStore(bs).setAsyncDelay(0);
    ns2 = builder.setClusterId(2).getNodeStore();
    Oak oak = new Oak(ns1).with(new InitialContent()).with(new ReferenceEditorProvider()).with(new ReferenceIndexProvider()).with(new PropertyIndexEditorProvider()).with(new PropertyIndexProvider()).with(new TypeEditorProvider()).with(securityProvider1 = new SecurityProviderImpl(getSecurityConfigParameters()));
    contentRepository1 = oak.createContentRepository();
    adminSession1 = login1(getAdminCredentials());
    root1 = adminSession1.getLatestRoot();
    userManager1 = securityProvider1.getConfiguration(UserConfiguration.class).getUserManager(root1, namePathMapper);
    aclMgr1 = securityProvider1.getConfiguration(AuthorizationConfiguration.class).getAccessControlManager(root1, namePathMapper);
    // make sure initial content is visible to ns2
    syncClusterNodes();
    oak = new Oak(ns2).with(new InitialContent()).with(new ReferenceEditorProvider()).with(new ReferenceIndexProvider()).with(new PropertyIndexEditorProvider()).with(new PropertyIndexProvider()).with(new TypeEditorProvider()).with(securityProvider2 = new SecurityProviderImpl(getSecurityConfigParameters()));
    contentRepository2 = oak.createContentRepository();
    adminSession2 = login2(getAdminCredentials());
    root2 = adminSession2.getLatestRoot();
    userManager2 = securityProvider2.getConfiguration(UserConfiguration.class).getUserManager(root2, namePathMapper);
    aclMgr2 = securityProvider2.getConfiguration(AuthorizationConfiguration.class).getAccessControlManager(root2, namePathMapper);
}

Example 2 with SecurityProviderImpl

use of org.apache.jackrabbit.oak.security.SecurityProviderImpl in project jackrabbit-oak by apache.

the class InitializerTest method testInitializerMongoAfterInitialContent.

@Test
public void testInitializerMongoAfterInitialContent() throws CommitFailedException {
    NodeBuilder builder = mk.getNodeStore().getRoot().builder();
    // add initial content in separate merge
    new InitialContent().initialize(builder);
    mk.getNodeStore().merge(builder, EmptyHook.INSTANCE, CommitInfo.EMPTY);
    SecurityProviderImpl provider = new SecurityProviderImpl(ConfigurationParameters.of(ImmutableMap.of(UserConfiguration.NAME, ConfigurationParameters.of(ImmutableMap.of("anonymousId", "anonymous", "adminId", "admin", "usersPath", "/home/users", "groupsPath", "/home/groups", "defaultDepth", "1")))));
    provider.getConfiguration(UserConfiguration.class).getWorkspaceInitializer().initialize(builder, "default");
    builder.getNodeState();
}

Example 3 with SecurityProviderImpl

use of org.apache.jackrabbit.oak.security.SecurityProviderImpl in project jackrabbit-oak by apache.

the class AuthenticationConfigurationImplTest method testGetLoginCtxProvider.

@Test
public void testGetLoginCtxProvider() {
    authConfiguration.setSecurityProvider(new SecurityProviderImpl());
    assertNotNull(authConfiguration.getLoginContextProvider(repo));
}

Example 4 with SecurityProviderImpl

use of org.apache.jackrabbit.oak.security.SecurityProviderImpl in project jackrabbit-oak by apache.

the class RepositoryUpgrade method copy.

/**
     * Copies the full content from the source to the target repository.
     * <p>
     * The source repository <strong>must not be modified</strong> while
     * the copy operation is running to avoid an inconsistent copy.
     * <p>
     * Note that both the source and the target repository must be closed
     * during the copy operation as this method requires exclusive access
     * to the repositories.
     *
     * @param initializer optional extra repository initializer to use
     * @throws RepositoryException if the copy operation fails
     */
public void copy(RepositoryInitializer initializer) throws RepositoryException {
    if (checkLongNames) {
        assertNoLongNames();
    }
    RepositoryConfig config = source.getRepositoryConfig();
    logger.info("Copying repository content from {} to Oak", config.getHomeDir());
    try {
        NodeBuilder targetBuilder = target.getRoot().builder();
        if (VersionHistoryUtil.getVersionStorage(targetBuilder).exists() && !versionCopyConfiguration.skipOrphanedVersionsCopy()) {
            logger.warn("The version storage on destination already exists. Orphaned version histories will be skipped.");
            versionCopyConfiguration.setCopyOrphanedVersions(null);
        }
        final Root upgradeRoot = new UpgradeRoot(targetBuilder);
        String workspaceName = source.getRepositoryConfig().getDefaultWorkspaceName();
        SecurityProviderImpl security = new SecurityProviderImpl(mapSecurityConfig(config.getSecurityConfig()));
        if (skipInitialization) {
            logger.info("Skipping the repository initialization");
        } else {
            // init target repository first
            logger.info("Initializing initial repository content from {}", config.getHomeDir());
            new InitialContent().initialize(targetBuilder);
            if (initializer != null) {
                initializer.initialize(targetBuilder);
            }
            logger.debug("InitialContent completed from {}", config.getHomeDir());
            for (SecurityConfiguration sc : security.getConfigurations()) {
                RepositoryInitializer ri = sc.getRepositoryInitializer();
                ri.initialize(targetBuilder);
                logger.debug("Repository initializer '" + ri.getClass().getName() + "' completed", config.getHomeDir());
            }
            for (SecurityConfiguration sc : security.getConfigurations()) {
                WorkspaceInitializer wi = sc.getWorkspaceInitializer();
                wi.initialize(targetBuilder, workspaceName);
                logger.debug("Workspace initializer '" + wi.getClass().getName() + "' completed", config.getHomeDir());
            }
        }
        HashBiMap<String, String> uriToPrefix = HashBiMap.create();
        logger.info("Copying registered namespaces");
        copyNamespaces(targetBuilder, uriToPrefix);
        logger.debug("Namespace registration completed.");
        if (skipInitialization) {
            logger.info("Skipping registering node types and privileges");
        } else {
            logger.info("Copying registered node types");
            NodeTypeManager ntMgr = new ReadWriteNodeTypeManager() {

                @Override
                protected Tree getTypes() {
                    return upgradeRoot.getTree(NODE_TYPES_PATH);
                }

                @Nonnull
                @Override
                protected Root getWriteRoot() {
                    return upgradeRoot;
                }
            };
            copyNodeTypes(ntMgr, new ValueFactoryImpl(upgradeRoot, NamePathMapper.DEFAULT));
            logger.debug("Node type registration completed.");
            // migrate privileges
            logger.info("Copying registered privileges");
            PrivilegeConfiguration privilegeConfiguration = security.getConfiguration(PrivilegeConfiguration.class);
            copyCustomPrivileges(privilegeConfiguration.getPrivilegeManager(upgradeRoot, NamePathMapper.DEFAULT));
            logger.debug("Privilege registration completed.");
            // Triggers compilation of type information, which we need for
            // the type predicates used by the bulk  copy operations below.
            new TypeEditorProvider(false).getRootEditor(targetBuilder.getBaseState(), targetBuilder.getNodeState(), targetBuilder, null);
        }
        final NodeState reportingSourceRoot = ReportingNodeState.wrap(JackrabbitNodeState.createRootNodeState(source, workspaceName, targetBuilder.getNodeState(), uriToPrefix, copyBinariesByReference, skipOnError), new LoggingReporter(logger, "Migrating", LOG_NODE_COPY, -1));
        final NodeState sourceRoot;
        if (filterLongNames) {
            sourceRoot = NameFilteringNodeState.wrap(reportingSourceRoot);
        } else {
            sourceRoot = reportingSourceRoot;
        }
        final Stopwatch watch = Stopwatch.createStarted();
        logger.info("Copying workspace content");
        copyWorkspace(sourceRoot, targetBuilder, workspaceName);
        // on TarMK this does call triggers the actual copy
        targetBuilder.getNodeState();
        logger.info("Upgrading workspace content completed in {}s ({})", watch.elapsed(TimeUnit.SECONDS), watch);
        if (!versionCopyConfiguration.skipOrphanedVersionsCopy()) {
            logger.info("Copying version storage");
            watch.reset().start();
            copyVersionStorage(targetBuilder, getVersionStorage(sourceRoot), getVersionStorage(targetBuilder), versionCopyConfiguration);
            // on TarMK this does call triggers the actual copy
            targetBuilder.getNodeState();
            logger.info("Version storage copied in {}s ({})", watch.elapsed(TimeUnit.SECONDS), watch);
        } else {
            logger.info("Skipping the version storage as the copyOrphanedVersions is set to false");
        }
        watch.reset().start();
        logger.info("Applying default commit hooks");
        // TODO: default hooks?
        List<CommitHook> hooks = newArrayList();
        UserConfiguration userConf = security.getConfiguration(UserConfiguration.class);
        String groupsPath = userConf.getParameters().getConfigValue(UserConstants.PARAM_GROUP_PATH, UserConstants.DEFAULT_GROUP_PATH);
        String usersPath = userConf.getParameters().getConfigValue(UserConstants.PARAM_USER_PATH, UserConstants.DEFAULT_USER_PATH);
        // hooks specific to the upgrade, need to run first
        hooks.add(new EditorHook(new CompositeEditorProvider(new RestrictionEditorProvider(), new GroupEditorProvider(groupsPath), // copy referenced version histories
        new VersionableEditor.Provider(sourceRoot, workspaceName, versionCopyConfiguration), new SameNameSiblingsEditor.Provider(), AuthorizableFolderEditor.provider(groupsPath, usersPath))));
        // this editor works on the VersionableEditor output, so it can't be
        // a part of the same EditorHook
        hooks.add(new EditorHook(new VersionablePropertiesEditor.Provider()));
        // security-related hooks
        for (SecurityConfiguration sc : security.getConfigurations()) {
            hooks.addAll(sc.getCommitHooks(workspaceName));
        }
        if (customCommitHooks != null) {
            hooks.addAll(customCommitHooks);
        }
        // type validation, reference and indexing hooks
        hooks.add(new EditorHook(new CompositeEditorProvider(createTypeEditorProvider(), createIndexEditorProvider())));
        target.merge(targetBuilder, new LoggingCompositeHook(hooks, source, overrideEarlyShutdown()), CommitInfo.EMPTY);
        logger.info("Processing commit hooks completed in {}s ({})", watch.elapsed(TimeUnit.SECONDS), watch);
        logger.debug("Repository upgrade completed.");
    } catch (Exception e) {
        throw new RepositoryException("Failed to copy content", e);
    }
}

Example 5 with SecurityProviderImpl

use of org.apache.jackrabbit.oak.security.SecurityProviderImpl in project jackrabbit-oak by apache.

the class UserInitializerTest method testAnonymousConfiguration.

/**
     * @since OAK 1.0 The anonymous user is optional.
     */
@Test
public void testAnonymousConfiguration() throws Exception {
    Map<String, Object> userParams = new HashMap();
    userParams.put(UserConstants.PARAM_ANONYMOUS_ID, "");
    ConfigurationParameters params = ConfigurationParameters.of(UserConfiguration.NAME, ConfigurationParameters.of(userParams));
    SecurityProvider sp = new SecurityProviderImpl(params);
    final ContentRepository repo = new Oak().with(new InitialContent()).with(new PropertyIndexEditorProvider()).with(new PropertyIndexProvider()).with(new TypeEditorProvider()).with(sp).createContentRepository();
    ContentSession cs = Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction<ContentSession>() {

        @Override
        public ContentSession run() throws Exception {
            return repo.login(null, null);
        }
    });
    try {
        Root root = cs.getLatestRoot();
        UserConfiguration uc = sp.getConfiguration(UserConfiguration.class);
        UserManager umgr = uc.getUserManager(root, NamePathMapper.DEFAULT);
        Authorizable anonymous = umgr.getAuthorizable(UserConstants.DEFAULT_ANONYMOUS_ID);
        assertNull(anonymous);
    } finally {
        cs.close();
    }
    // login as admin should fail
    ContentSession anonymousSession = null;
    try {
        anonymousSession = repo.login(new GuestCredentials(), null);
        fail();
    } catch (LoginException e) {
    //success
    } finally {
        if (anonymousSession != null) {
            anonymousSession.close();
        }
    }
}