Search in sources :

Example 41 with ExternalUser

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser in project jackrabbit-oak by apache.

the class AbstractJmxTest method assertSync.

static void assertSync(@Nonnull ExternalIdentity ei, @Nonnull UserManager userManager) throws Exception {
    Authorizable authorizable;
    if (ei instanceof ExternalUser) {
        authorizable = userManager.getAuthorizable(ei.getId(), User.class);
    } else {
        authorizable = userManager.getAuthorizable(ei.getId(), Group.class);
    }
    assertNotNull(ei.getId(), authorizable);
    assertEquals(ei.getId(), authorizable.getID());
    assertEquals(ei.getExternalId(), ExternalIdentityRef.fromString(authorizable.getProperty(DefaultSyncContext.REP_EXTERNAL_ID)[0].getString()));
}
Also used : Group(org.apache.jackrabbit.api.security.user.Group) ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser) User(org.apache.jackrabbit.api.security.user.User) ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)

Example 42 with ExternalUser

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser in project jackrabbit-oak by apache.

the class DynamicSyncContextTest method testSyncMembershipWithChangedGroups.

@Test
public void testSyncMembershipWithChangedGroups() throws Exception {
    long nesting = 1;
    syncConfig.user().setMembershipNestingDepth(nesting);
    ExternalUser externalUser = idp.getUser(USER_ID);
    sync(externalUser, SyncResult.Status.ADD);
    Authorizable a = userManager.getAuthorizable(externalUser.getId());
    assertDynamicMembership(a, externalUser, nesting);
    // sync user with modified membership => must be reflected
    // 1. empty set of declared groups
    ExternalUser mod = new TestUserWithGroupRefs(externalUser, ImmutableSet.<ExternalIdentityRef>of());
    syncContext.syncMembership(mod, a, nesting);
    assertDynamicMembership(a, mod, nesting);
    // 2. set with different groups that defined on IDP
    mod = new TestUserWithGroupRefs(externalUser, ImmutableSet.<ExternalIdentityRef>of(idp.getGroup("a").getExternalId(), idp.getGroup("aa").getExternalId(), idp.getGroup("secondGroup").getExternalId()));
    syncContext.syncMembership(mod, a, nesting);
    assertDynamicMembership(a, mod, nesting);
}
Also used : ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef) ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) AbstractExternalAuthTest(org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest) Test(org.junit.Test)

Example 43 with ExternalUser

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser in project jackrabbit-oak by apache.

the class DynamicSyncContextTest method testSyncMembershipWithChangedExistingGroups.

@Test
public void testSyncMembershipWithChangedExistingGroups() throws Exception {
    long nesting = 1;
    syncConfig.user().setMembershipNestingDepth(nesting);
    ExternalUser externalUser = idp.getUser(USER_ID);
    DefaultSyncContext ctx = new DefaultSyncContext(syncConfig, idp, userManager, valueFactory);
    ctx.sync(externalUser);
    ctx.close();
    Authorizable a = userManager.getAuthorizable(externalUser.getId());
    assertSyncedMembership(userManager, a, externalUser);
    // sync user with modified membership => must be reflected
    // 1. empty set of declared groups
    ExternalUser mod = new TestUserWithGroupRefs(externalUser, ImmutableSet.<ExternalIdentityRef>of());
    syncContext.syncMembership(mod, a, nesting);
    assertSyncedMembership(userManager, a, mod);
    // 2. set with different groups that defined on IDP
    mod = new TestUserWithGroupRefs(externalUser, ImmutableSet.<ExternalIdentityRef>of(idp.getGroup("a").getExternalId(), idp.getGroup("aa").getExternalId(), idp.getGroup("secondGroup").getExternalId()));
    syncContext.syncMembership(mod, a, nesting);
    assertSyncedMembership(userManager, a, mod);
}
Also used : DefaultSyncContext(org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext) ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef) ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) AbstractExternalAuthTest(org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest) Test(org.junit.Test)

Example 44 with ExternalUser

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser in project jackrabbit-oak by apache.

the class ExternalGroupPrincipalProviderTest method testFindPrincipalsFiltersDuplicates.

@Test
public void testFindPrincipalsFiltersDuplicates() throws Exception {
    ExternalGroup gr = idp.getGroup("a");
    ExternalUser otherUser = new TestUser("anotherUser", ImmutableSet.of(gr.getExternalId()));
    sync(otherUser);
    Set<Principal> expected = new HashSet();
    expected.add(new PrincipalImpl(gr.getPrincipalName()));
    long depth = syncConfig.user().getMembershipNestingDepth();
    if (depth > 1) {
        collectExpectedPrincipals(expected, gr.getDeclaredGroups(), --depth);
    }
    Iterator<? extends Principal> res = principalProvider.findPrincipals("a", PrincipalManager.SEARCH_TYPE_ALL);
    assertTrue(res.hasNext());
    assertEquals(expected, ImmutableSet.copyOf(res));
}
Also used : ExternalGroup(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup) ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser) Principal(java.security.Principal) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 45 with ExternalUser

use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser in project jackrabbit-oak by apache.

the class LdapProviderTest method testAuthenticateCaseInsensitive.

@Test
public void testAuthenticateCaseInsensitive() throws Exception {
    SimpleCredentials creds = new SimpleCredentials(TEST_USER1_UID.toUpperCase(), "pass".toCharArray());
    ExternalUser user = idp.authenticate(creds);
    assertNotNull("User 1 must authenticate", user);
    assertEquals("User Ref", TEST_USER1_DN, user.getExternalId().getId());
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser) Test(org.junit.Test)

Aggregations

ExternalUser (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)63 Test (org.junit.Test)56 AbstractExternalAuthTest (org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest)28 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)23 ExternalIdentityRef (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef)19 User (org.apache.jackrabbit.api.security.user.User)12 SimpleCredentials (javax.jcr.SimpleCredentials)10 Group (org.apache.jackrabbit.api.security.user.Group)8 ExternalGroup (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup)8 HashMap (java.util.HashMap)7 ExternalIdentity (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity)6 SyncResult (org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult)6 PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)6 Tree (org.apache.jackrabbit.oak.api.Tree)5 Principal (java.security.Principal)4 Nonnull (javax.annotation.Nonnull)4 Value (javax.jcr.Value)4 UserManager (org.apache.jackrabbit.api.security.user.UserManager)4 LdapIdentityProvider (org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider)4 Collection (java.util.Collection)3