Examples with ExternalIdentityRef org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef used on opensource projects

Example 51 with ExternalIdentityRef

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef in project jackrabbit-oak by apache.

the class DefaultSyncContextTest method testSyncMembershipDepthInfinite.

@Test
public void testSyncMembershipDepthInfinite() throws Exception {
    ExternalUser externalUser = idp.listUsers().next();
    Authorizable a = syncCtx.createUser(externalUser);
    syncCtx.syncMembership(externalUser, a, Long.MAX_VALUE);
    assertTrue(root.hasPendingChanges());
    root.commit();
    for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) {
        ExternalIdentity extGr = idp.getIdentity(ref);
        assertNotNull(extGr);
        for (ExternalIdentityRef inheritedGrRef : extGr.getDeclaredGroups()) {
            Group g = userManager.getAuthorizable(inheritedGrRef.getId(), Group.class);
            assertNotNull(g);
            if (Iterables.contains(externalUser.getDeclaredGroups(), inheritedGrRef)) {
                assertTrue(g.isDeclaredMember(a));
            } else {
                assertFalse(g.isDeclaredMember(a));
            }
            assertTrue(g.isMember(a));
        }
    }
}

Example 52 with ExternalIdentityRef

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef in project jackrabbit-oak by apache.

the class DefaultSyncContextTest method testSyncMembershipGroupIsSyncedAsUser.

@Test
public void testSyncMembershipGroupIsSyncedAsUser() throws Exception {
    ExternalUser fromIDP = idp.listUsers().next();
    ExternalIdentityRef groupRef = fromIDP.getDeclaredGroups().iterator().next();
    // sync the the ext-user from the idp (but make it just declare a single group)
    ExternalUser extuser = new ExternalUserWithDeclaredGroup(groupRef, fromIDP);
    Authorizable a = syncCtx.createUser(extuser);
    // create an external-user based on info that the IDP knows as group and sync it
    ExternalUser externalIdentity = new ExternalUserFromGroup(idp.getIdentity(groupRef));
    Authorizable a2 = syncCtx.createUser(externalIdentity);
    assertFalse(a2.isGroup());
    root.commit();
    // now sync-ing the membership should not have any effect as the external
    // group referenced from 'extuser' has already been created in the system
    // as user.
    syncCtx.syncMembership(extuser, a, 1);
    assertFalse(root.hasPendingChanges());
}

Example 53 with ExternalIdentityRef

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef in project jackrabbit-oak by apache.

the class DefaultSyncContextTest method testMembershipForExistingForeignGroup.

/**
     * @see <a href="https://issues.apache.org/jira/browse/OAK-4397">OAK-4397</a>
     */
@Test
public void testMembershipForExistingForeignGroup() throws Exception {
    syncConfig.user().setMembershipNestingDepth(1).setMembershipExpirationTime(-1).setExpirationTime(-1);
    syncConfig.group().setExpirationTime(-1);
    ExternalUser externalUser = idp.getUser(USER_ID);
    ExternalIdentityRef groupRef = externalUser.getDeclaredGroups().iterator().next();
    // create the group as if it had been synced by a foreign IDP
    Group gr = userManager.createGroup(groupRef.getId());
    // but don't set rep:lastSynced :-)
    setExternalID(gr, "foreignIDP");
    root.commit();
    SyncResult result = syncCtx.sync(externalUser);
    assertSame(SyncResult.Status.ADD, result.getStatus());
    User user = userManager.getAuthorizable(externalUser.getId(), User.class);
    assertNotNull(user);
    // synchronizing the user from our IDP must _neither_ change the group
    // members of the group belonging to a different IDP nor synchronizing
    // that foreign group with information retrieved from this IDP (e.g.
    // properties and as such must _not_ set the last-synced property.
    // -> verify group last-synced has not been added
    assertFalse(gr.hasProperty(DefaultSyncContext.REP_LAST_SYNCED));
    // -> verify group membership has not changed
    assertFalse(gr.isDeclaredMember(user));
    Iterator<Group> declared = user.declaredMemberOf();
    while (declared.hasNext()) {
        assertFalse(gr.getID().equals(declared.next().getID()));
    }
}

Example 54 with ExternalIdentityRef

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef in project jackrabbit-oak by apache.

the class DefaultSyncContextTest method testGetIdentityRefEmptyMvProperty.

@Test
public void testGetIdentityRefEmptyMvProperty() throws Exception {
    Group gr = createTestGroup();
    // NOTE: making rep:externalId a multivalue property without any value
    //       not committing the changes as this prop is expected to become
    //       protected to prevent unintentional or malicious modification.
    gr.setProperty(DefaultSyncContext.REP_EXTERNAL_ID, new Value[0]);
    ExternalIdentityRef ref = DefaultSyncContext.getIdentityRef(gr);
    assertNull(ref);
}

Example 55 with ExternalIdentityRef

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef in project jackrabbit-oak by apache.

the class DynamicSyncContextTest method collectGroupPrincipals.

private void collectGroupPrincipals(Set<String> pNames, @Nonnull Iterable<ExternalIdentityRef> declaredGroups, long depth) throws ExternalIdentityException {
    if (depth <= 0) {
        return;
    }
    for (ExternalIdentityRef ref : declaredGroups) {
        ExternalIdentity ei = idp.getIdentity(ref);
        pNames.add(ei.getPrincipalName());
        collectGroupPrincipals(pNames, ei.getDeclaredGroups(), depth - 1);
    }
}