Examples with ExternalIdentity - org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity

Example 26 with ExternalIdentity

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity in project jackrabbit-oak by apache.

the class DefaultSyncContextTest method testSyncMembershipDepthInfinite.

@Test
public void testSyncMembershipDepthInfinite() throws Exception {
    ExternalUser externalUser = idp.listUsers().next();
    Authorizable a = syncCtx.createUser(externalUser);
    syncCtx.syncMembership(externalUser, a, Long.MAX_VALUE);
    assertTrue(root.hasPendingChanges());
    root.commit();
    for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) {
        ExternalIdentity extGr = idp.getIdentity(ref);
        assertNotNull(extGr);
        for (ExternalIdentityRef inheritedGrRef : extGr.getDeclaredGroups()) {
            Group g = userManager.getAuthorizable(inheritedGrRef.getId(), Group.class);
            assertNotNull(g);
            if (Iterables.contains(externalUser.getDeclaredGroups(), inheritedGrRef)) {
                assertTrue(g.isDeclaredMember(a));
            } else {
                assertFalse(g.isDeclaredMember(a));
            }
            assertTrue(g.isMember(a));
        }
    }
}

Also used : Group(org.apache.jackrabbit.api.security.user.Group) ExternalGroup(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup) ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef) ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser) ExternalIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) AbstractExternalAuthTest(org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest) Test(org.junit.Test)

Example 27 with ExternalIdentity

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity in project jackrabbit-oak by apache.

the class DefaultSyncContextTest method testIsSameIDPMissingExternalId.

@Test
public void testIsSameIDPMissingExternalId() throws Exception {
    ExternalIdentity externalUser = idp.listUsers().next();
    sync(externalUser);
    Authorizable a = userManager.getAuthorizable(externalUser.getId());
    a.removeProperty(DefaultSyncContext.REP_EXTERNAL_ID);
    assertFalse(syncCtx.isSameIDP(a));
}

Also used : ExternalIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) AbstractExternalAuthTest(org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest) Test(org.junit.Test)

Example 28 with ExternalIdentity

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity in project jackrabbit-oak by apache.

the class DefaultSyncContextTest method testSyncMembershipGroupIsExternalUser.

@Test
public void testSyncMembershipGroupIsExternalUser() throws Exception {
    // sync the 'wrong' external group into the repository
    ExternalIdentity externalIdentity = idp.listUsers().next();
    sync(externalIdentity);
    // create external user with an synced-ext-user as declared group
    ExternalUser withWrongDeclaredGroup = new ExternalUserWithDeclaredGroup(externalIdentity.getExternalId());
    try {
        Authorizable a = syncCtx.createUser(withWrongDeclaredGroup);
        root.commit();
        syncCtx.syncMembership(withWrongDeclaredGroup, a, 1);
        assertFalse(root.hasPendingChanges());
    } finally {
        Authorizable a = userManager.getAuthorizable(withWrongDeclaredGroup.getId());
        if (a != null) {
            a.remove();
            root.commit();
        }
    }
}

Also used : ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser) ExternalIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) AbstractExternalAuthTest(org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest) Test(org.junit.Test)

Example 29 with ExternalIdentity

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity in project jackrabbit-oak by apache.

the class DynamicSyncContextTest method testSyncUserByIdUpdate.

@Test
public void testSyncUserByIdUpdate() throws Exception {
    ExternalIdentity externalId = idp.listUsers().next();
    Authorizable a = userManager.createUser(externalId.getId(), null);
    a.setProperty(DefaultSyncContext.REP_EXTERNAL_ID, valueFactory.createValue(externalId.getExternalId().getString()));
    syncContext.setForceUserSync(true);
    SyncResult result = syncContext.sync(externalId.getId());
    assertEquals(SyncResult.Status.UPDATE, result.getStatus());
    Tree t = r.getTree(a.getPath());
    assertTrue(t.hasProperty(ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES));
}

Also used : ExternalIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) Tree(org.apache.jackrabbit.oak.api.Tree) SyncResult(org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult) AbstractExternalAuthTest(org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest) Test(org.junit.Test)

Example 30 with ExternalIdentity

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity in project jackrabbit-oak by apache.

the class DynamicSyncContextTest method collectGroupPrincipals.

private void collectGroupPrincipals(Set<String> pNames, @Nonnull Iterable<ExternalIdentityRef> declaredGroups, long depth) throws ExternalIdentityException {
    if (depth <= 0) {
        return;
    }
    for (ExternalIdentityRef ref : declaredGroups) {
        ExternalIdentity ei = idp.getIdentity(ref);
        pNames.add(ei.getPrincipalName());
        collectGroupPrincipals(pNames, ei.getDeclaredGroups(), depth - 1);
    }
}

Also used : ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef) ExternalIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity)

Aggregations

ExternalIdentity (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity)40 Test (org.junit.Test)34 AbstractExternalAuthTest (org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest)20 ExternalIdentityRef (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef)18 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)9 ExternalGroup (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup)7 ExternalUser (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)7 SyncResult (org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult)7 UserManager (org.apache.jackrabbit.api.security.user.UserManager)5 SyncedIdentity (org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity)4 Group (org.apache.jackrabbit.api.security.user.Group)3 HashMap (java.util.HashMap)2 ExternalIdentityException (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException)2 PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)2 Principal (java.security.Principal)1 ArrayList (java.util.ArrayList)1 Nonnull (javax.annotation.Nonnull)1 User (org.apache.jackrabbit.api.security.user.User)1 Tree (org.apache.jackrabbit.oak.api.Tree)1 DebugTimer (org.apache.jackrabbit.oak.commons.DebugTimer)1