Example 51 with ExternalUser
use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser in project jackrabbit-oak by apache.
the class DefaultSyncContextTest method testSyncPropertiesMappingRemovesExisting.
@Test
public void testSyncPropertiesMappingRemovesExisting() throws Exception {
ExternalUser externalUser = idp.getUser(TestIdentityProvider.ID_SECOND_USER);
sync(externalUser);
Authorizable a = userManager.getAuthorizable(externalUser.getId());
// create mapping that doesn't match to names in the external-properties
// -> previously synced properties must be removed
Map<String, String> mapping = new HashMap();
Map<String, ?> extProps = externalUser.getProperties();
for (String propName : extProps.keySet()) {
mapping.put(propName, "any");
}
syncCtx.syncProperties(externalUser, a, mapping);
for (String propName : extProps.keySet()) {
assertFalse(a.hasProperty(propName));
}
}
Also used :
HashMap(java.util.HashMap)
ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
AbstractExternalAuthTest(org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest)
Test(org.junit.Test)
Example 52 with ExternalUser
use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser in project jackrabbit-oak by apache.
the class DefaultSyncContextTest method testSyncMembershipDepthInfinite.
@Test
public void testSyncMembershipDepthInfinite() throws Exception {
ExternalUser externalUser = idp.listUsers().next();
Authorizable a = syncCtx.createUser(externalUser);
syncCtx.syncMembership(externalUser, a, Long.MAX_VALUE);
assertTrue(root.hasPendingChanges());
root.commit();
for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) {
ExternalIdentity extGr = idp.getIdentity(ref);
assertNotNull(extGr);
for (ExternalIdentityRef inheritedGrRef : extGr.getDeclaredGroups()) {
Group g = userManager.getAuthorizable(inheritedGrRef.getId(), Group.class);
assertNotNull(g);
if (Iterables.contains(externalUser.getDeclaredGroups(), inheritedGrRef)) {
assertTrue(g.isDeclaredMember(a));
} else {
assertFalse(g.isDeclaredMember(a));
}
assertTrue(g.isMember(a));
}
}
}
Also used :
Group(org.apache.jackrabbit.api.security.user.Group)
ExternalGroup(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup)
ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef)
ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)
ExternalIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
AbstractExternalAuthTest(org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest)
Test(org.junit.Test)
Example 53 with ExternalUser
use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser in project jackrabbit-oak by apache.
the class DefaultSyncContextTest method testSyncMembershipGroupIsSyncedAsUser.
@Test
public void testSyncMembershipGroupIsSyncedAsUser() throws Exception {
ExternalUser fromIDP = idp.listUsers().next();
ExternalIdentityRef groupRef = fromIDP.getDeclaredGroups().iterator().next();
// sync the the ext-user from the idp (but make it just declare a single group)
ExternalUser extuser = new ExternalUserWithDeclaredGroup(groupRef, fromIDP);
Authorizable a = syncCtx.createUser(extuser);
// create an external-user based on info that the IDP knows as group and sync it
ExternalUser externalIdentity = new ExternalUserFromGroup(idp.getIdentity(groupRef));
Authorizable a2 = syncCtx.createUser(externalIdentity);
assertFalse(a2.isGroup());
root.commit();
// now sync-ing the membership should not have any effect as the external
// group referenced from 'extuser' has already been created in the system
// as user.
syncCtx.syncMembership(extuser, a, 1);
assertFalse(root.hasPendingChanges());
}
Also used :
ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef)
ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
AbstractExternalAuthTest(org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest)
Test(org.junit.Test)
Example 54 with ExternalUser
use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser in project jackrabbit-oak by apache.
the class DefaultSyncContextTest method testMembershipForExistingForeignGroup.
/**
* @see <a href="https://issues.apache.org/jira/browse/OAK-4397">OAK-4397</a>
*/
@Test
public void testMembershipForExistingForeignGroup() throws Exception {
syncConfig.user().setMembershipNestingDepth(1).setMembershipExpirationTime(-1).setExpirationTime(-1);
syncConfig.group().setExpirationTime(-1);
ExternalUser externalUser = idp.getUser(USER_ID);
ExternalIdentityRef groupRef = externalUser.getDeclaredGroups().iterator().next();
// create the group as if it had been synced by a foreign IDP
Group gr = userManager.createGroup(groupRef.getId());
// but don't set rep:lastSynced :-)
setExternalID(gr, "foreignIDP");
root.commit();
SyncResult result = syncCtx.sync(externalUser);
assertSame(SyncResult.Status.ADD, result.getStatus());
User user = userManager.getAuthorizable(externalUser.getId(), User.class);
assertNotNull(user);
// synchronizing the user from our IDP must _neither_ change the group
// members of the group belonging to a different IDP nor synchronizing
// that foreign group with information retrieved from this IDP (e.g.
// properties and as such must _not_ set the last-synced property.
// -> verify group last-synced has not been added
assertFalse(gr.hasProperty(DefaultSyncContext.REP_LAST_SYNCED));
// -> verify group membership has not changed
assertFalse(gr.isDeclaredMember(user));
Iterator<Group> declared = user.declaredMemberOf();
while (declared.hasNext()) {
assertFalse(gr.getID().equals(declared.next().getID()));
}
}
Also used :
Group(org.apache.jackrabbit.api.security.user.Group)
ExternalGroup(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup)
User(org.apache.jackrabbit.api.security.user.User)
ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)
ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef)
ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)
SyncResult(org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult)
AbstractExternalAuthTest(org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest)
Test(org.junit.Test)
Example 55 with ExternalUser
use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser in project jackrabbit-oak by apache.
the class DefaultSyncContextTest method testSyncPropertiesMappingDQuoteName.
@Test
public void testSyncPropertiesMappingDQuoteName() throws Exception {
ExternalUser externalUser = idp.getUser(TestIdentityProvider.ID_SECOND_USER);
sync(externalUser);
Authorizable a = userManager.getAuthorizable(externalUser.getId());
// mapping to '"' (i.e. name size = 1) which doesn't qualify as constant
// -> same behavior expected as with 'testSyncPropertiesMappingRemovesExisting'
Map<String, String> mapping = new HashMap();
Map<String, ?> extProps = externalUser.getProperties();
for (String propName : extProps.keySet()) {
mapping.put(propName, "\"");
}
syncCtx.syncProperties(externalUser, a, mapping);
for (String propName : extProps.keySet()) {
assertFalse(a.hasProperty(propName));
}
}
Also used :
HashMap(java.util.HashMap)
ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
AbstractExternalAuthTest(org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest)
Test(org.junit.Test)
Aggregations
ExternalUser (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)63
Test (org.junit.Test)56
AbstractExternalAuthTest (org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest)28
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)23
ExternalIdentityRef (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef)19
User (org.apache.jackrabbit.api.security.user.User)12
SimpleCredentials (javax.jcr.SimpleCredentials)10
Group (org.apache.jackrabbit.api.security.user.Group)8
ExternalGroup (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup)8
HashMap (java.util.HashMap)7
ExternalIdentity (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity)6
SyncResult (org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult)6
PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)6
Tree (org.apache.jackrabbit.oak.api.Tree)5
Principal (java.security.Principal)4
Nonnull (javax.annotation.Nonnull)4
Value (javax.jcr.Value)4
UserManager (org.apache.jackrabbit.api.security.user.UserManager)4
LdapIdentityProvider (org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider)4
Collection (java.util.Collection)3
