Example 16 with SecurityProvider
use of org.apache.jackrabbit.oak.spi.security.SecurityProvider in project jackrabbit-oak by apache.
the class AbstractAccessControlManagerTest method before.
@Before
public void before() throws Exception {
testPrivileges = new Privilege[] { mockPrivilege("priv1"), mockPrivilege("priv2") };
allPrivileges = new Privilege[] { mockPrivilege(PrivilegeConstants.JCR_ALL) };
cs = Mockito.mock(ContentSession.class);
when(cs.getWorkspaceName()).thenReturn(WSP_NAME);
when(cs.getAuthInfo()).thenReturn(new AuthInfoImpl(null, ImmutableMap.of(), testPrincipals));
when(root.getContentSession()).thenReturn(cs);
Tree nonExistingTree = Mockito.mock(Tree.class);
when(nonExistingTree.exists()).thenReturn(false);
when(root.getTree(nonExistingPath)).thenReturn(nonExistingTree);
Tree existingTree = Mockito.mock(Tree.class);
when(existingTree.exists()).thenReturn(true);
when(root.getTree(testPath)).thenReturn(existingTree);
Tree rootTree = Mockito.mock(Tree.class);
when(rootTree.exists()).thenReturn(true);
when(root.getTree("/")).thenReturn(rootTree);
privilegeManager = Mockito.mock(PrivilegeManager.class);
when(privilegeManager.getRegisteredPrivileges()).thenReturn(testPrivileges);
when(privilegeManager.getPrivilege("priv1")).thenReturn(testPrivileges[0]);
when(privilegeManager.getPrivilege("priv2")).thenReturn(testPrivileges[1]);
when(privilegeManager.getPrivilege(PrivilegeConstants.JCR_ALL)).thenReturn(allPrivileges[0]);
PrivilegeConfiguration privilegeConfiguration = Mockito.mock(PrivilegeConfiguration.class);
when(privilegeConfiguration.getPrivilegeManager(root, getNamePathMapper())).thenReturn(privilegeManager);
authorizationConfiguration = Mockito.mock(AuthorizationConfiguration.class);
when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, getEveryonePrincipalSet())).thenReturn(EmptyPermissionProvider.getInstance());
when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, testPrincipals)).thenReturn(OpenPermissionProvider.getInstance());
when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, ImmutableSet.of())).thenReturn(EmptyPermissionProvider.getInstance());
when(authorizationConfiguration.getContext()).thenReturn(Context.DEFAULT);
securityProvider = Mockito.mock(SecurityProvider.class);
when(securityProvider.getConfiguration(PrivilegeConfiguration.class)).thenReturn(privilegeConfiguration);
when(securityProvider.getConfiguration(AuthorizationConfiguration.class)).thenReturn(authorizationConfiguration);
acMgr = createAccessControlManager(root, getNamePathMapper());
}
Also used :
AuthInfoImpl(org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl)
AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
SecurityProvider(org.apache.jackrabbit.oak.spi.security.SecurityProvider)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
Tree(org.apache.jackrabbit.oak.api.Tree)
PrivilegeConfiguration(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration)
Before(org.junit.Before)
Example 17 with SecurityProvider
use of org.apache.jackrabbit.oak.spi.security.SecurityProvider in project jackrabbit-oak by apache.
the class UserInitializerTest method testAnonymousConfiguration.
/**
* @since OAK 1.0 The anonymous user is optional.
*/
@Test
public void testAnonymousConfiguration() throws Exception {
Map<String, Object> userParams = new HashMap();
userParams.put(UserConstants.PARAM_ANONYMOUS_ID, "");
ConfigurationParameters params = ConfigurationParameters.of(UserConfiguration.NAME, ConfigurationParameters.of(userParams));
SecurityProvider sp = new SecurityProviderImpl(params);
final ContentRepository repo = new Oak().with(new InitialContent()).with(new PropertyIndexEditorProvider()).with(new PropertyIndexProvider()).with(new TypeEditorProvider()).with(sp).createContentRepository();
ContentSession cs = Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction<ContentSession>() {
@Override
public ContentSession run() throws Exception {
return repo.login(null, null);
}
});
try {
Root root = cs.getLatestRoot();
UserConfiguration uc = sp.getConfiguration(UserConfiguration.class);
UserManager umgr = uc.getUserManager(root, NamePathMapper.DEFAULT);
Authorizable anonymous = umgr.getAuthorizable(UserConstants.DEFAULT_ANONYMOUS_ID);
assertNull(anonymous);
} finally {
cs.close();
}
// login as admin should fail
ContentSession anonymousSession = null;
try {
anonymousSession = repo.login(new GuestCredentials(), null);
fail();
} catch (LoginException e) {
//success
} finally {
if (anonymousSession != null) {
anonymousSession.close();
}
}
}
Also used :
Root(org.apache.jackrabbit.oak.api.Root)
HashMap(java.util.HashMap)
PropertyIndexEditorProvider(org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexEditorProvider)
ConfigurationParameters(org.apache.jackrabbit.oak.spi.security.ConfigurationParameters)
LoginException(javax.security.auth.login.LoginException)
InitialContent(org.apache.jackrabbit.oak.InitialContent)
PropertyIndexProvider(org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexProvider)
TypeEditorProvider(org.apache.jackrabbit.oak.plugins.nodetype.TypeEditorProvider)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
SecurityProvider(org.apache.jackrabbit.oak.spi.security.SecurityProvider)
ContentRepository(org.apache.jackrabbit.oak.api.ContentRepository)
Oak(org.apache.jackrabbit.oak.Oak)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
LoginException(javax.security.auth.login.LoginException)
SecurityProviderImpl(org.apache.jackrabbit.oak.security.SecurityProviderImpl)
GuestCredentials(javax.jcr.GuestCredentials)
UserConfiguration(org.apache.jackrabbit.oak.spi.security.user.UserConfiguration)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 18 with SecurityProvider
use of org.apache.jackrabbit.oak.spi.security.SecurityProvider in project jackrabbit-oak by apache.
the class CugImportBaseTest method before.
@Before
public void before() throws Exception {
ConfigurationParameters config = getConfigurationParameters();
SecurityProvider securityProvider = new CugSecurityProvider(config);
QueryEngineSettings queryEngineSettings = new QueryEngineSettings();
queryEngineSettings.setFailTraversal(true);
Jcr jcr = new Jcr();
jcr.with(securityProvider);
jcr.with(queryEngineSettings);
repo = jcr.createRepository();
adminSession = repo.login(new SimpleCredentials(UserConstants.DEFAULT_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID.toCharArray()));
adminSession.getRootNode().addNode(TEST_NODE_NAME, NodeTypeConstants.NT_OAK_UNSTRUCTURED);
adminSession.save();
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
QueryEngineSettings(org.apache.jackrabbit.oak.query.QueryEngineSettings)
SecurityProvider(org.apache.jackrabbit.oak.spi.security.SecurityProvider)
Jcr(org.apache.jackrabbit.oak.jcr.Jcr)
ConfigurationParameters(org.apache.jackrabbit.oak.spi.security.ConfigurationParameters)
Before(org.junit.Before)
Example 19 with SecurityProvider
use of org.apache.jackrabbit.oak.spi.security.SecurityProvider in project jackrabbit-oak by apache.
the class TokenLoginModule method getTokenProvider.
//------------------------------------------------------------< private >---
/**
* Retrieve the token provider
* @return the token provider or {@code null}.
*/
@CheckForNull
private TokenProvider getTokenProvider() {
TokenProvider provider = null;
SecurityProvider securityProvider = getSecurityProvider();
Root root = getRoot();
if (root != null && securityProvider != null) {
TokenConfiguration tokenConfig = securityProvider.getConfiguration(TokenConfiguration.class);
provider = tokenConfig.getTokenProvider(root);
}
if (provider == null && callbackHandler != null) {
try {
TokenProviderCallback tcCallback = new TokenProviderCallback();
callbackHandler.handle(new Callback[] { tcCallback });
provider = tcCallback.getTokenProvider();
} catch (IOException e) {
log.warn(e.getMessage());
} catch (UnsupportedCallbackException e) {
log.warn(e.getMessage());
}
}
return provider;
}
Also used :
TokenConfiguration(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration)
TokenProvider(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider)
Root(org.apache.jackrabbit.oak.api.Root)
SecurityProvider(org.apache.jackrabbit.oak.spi.security.SecurityProvider)
TokenProviderCallback(org.apache.jackrabbit.oak.spi.security.authentication.callback.TokenProviderCallback)
IOException(java.io.IOException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
CheckForNull(javax.annotation.CheckForNull)
Example 20 with SecurityProvider
use of org.apache.jackrabbit.oak.spi.security.SecurityProvider in project jackrabbit-oak by apache.
the class AbstractLoginModule method getUserManager.
/**
* Retrieves the {@link UserManager} that should be used to handle
* this authentication. If no user manager has been configure this
* method returns {@code null}.
*
* @return A instance of {@code UserManager} or {@code null}.
*/
@CheckForNull
protected UserManager getUserManager() {
UserManager userManager = null;
SecurityProvider sp = getSecurityProvider();
Root r = getRoot();
if (r != null && sp != null) {
UserConfiguration uc = securityProvider.getConfiguration(UserConfiguration.class);
userManager = uc.getUserManager(r, NamePathMapper.DEFAULT);
}
if (userManager == null && callbackHandler != null) {
try {
UserManagerCallback userCallBack = new UserManagerCallback();
callbackHandler.handle(new Callback[] { userCallBack });
userManager = userCallBack.getUserManager();
} catch (IOException | UnsupportedCallbackException e) {
log.debug(e.getMessage());
}
}
return userManager;
}
Also used :
UserManagerCallback(org.apache.jackrabbit.oak.spi.security.authentication.callback.UserManagerCallback)
Root(org.apache.jackrabbit.oak.api.Root)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
SecurityProvider(org.apache.jackrabbit.oak.spi.security.SecurityProvider)
IOException(java.io.IOException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
UserConfiguration(org.apache.jackrabbit.oak.spi.security.user.UserConfiguration)
CheckForNull(javax.annotation.CheckForNull)
Aggregations
SecurityProvider (org.apache.jackrabbit.oak.spi.security.SecurityProvider)33
Test (org.junit.Test)19
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)15
Root (org.apache.jackrabbit.oak.api.Root)8
Nonnull (javax.annotation.Nonnull)6
ConfigurationParameters (org.apache.jackrabbit.oak.spi.security.ConfigurationParameters)6
WhiteboardRestrictionProvider (org.apache.jackrabbit.oak.security.authorization.restriction.WhiteboardRestrictionProvider)5
AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)5
RestrictionProvider (org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)5
UserConfiguration (org.apache.jackrabbit.oak.spi.security.user.UserConfiguration)5
AuthorizableActionProvider (org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableActionProvider)5
CheckForNull (javax.annotation.CheckForNull)4
AuthorizationConfigurationImpl (org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl)4
IOException (java.io.IOException)3
HashMap (java.util.HashMap)3
SimpleCredentials (javax.jcr.SimpleCredentials)3
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)3
UserManager (org.apache.jackrabbit.api.security.user.UserManager)3
ContentSession (org.apache.jackrabbit.oak.api.ContentSession)3
SecurityProviderImpl (org.apache.jackrabbit.oak.security.SecurityProviderImpl)3
