Example 16 with SyncedIdentity
use of org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity in project jackrabbit-oak by apache.
the class DefaultSyncContextTest method testSyncExternalToExistingLocalGroup.
@Test
public void testSyncExternalToExistingLocalGroup() throws Exception {
ExternalGroup external = idp.listGroups().next();
syncCtx.sync(external);
Group gr = userManager.getAuthorizable(external.getId(), Group.class);
gr.removeProperty(ExternalIdentityConstants.REP_EXTERNAL_ID);
SyncResult result = syncCtx.sync(external);
assertEquals(SyncResult.Status.FOREIGN, result.getStatus());
SyncedIdentity si = result.getIdentity();
assertNotNull(si);
assertEquals(external.getExternalId(), si.getExternalIdRef());
}
Also used :
Group(org.apache.jackrabbit.api.security.user.Group)
ExternalGroup(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup)
ExternalGroup(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup)
SyncedIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity)
SyncResult(org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult)
AbstractExternalAuthTest(org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest)
Test(org.junit.Test)
Example 17 with SyncedIdentity
use of org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity in project jackrabbit-oak by apache.
the class DefaultSyncHandlerTest method testListIdentitiesAfterSync.
@Test
public void testListIdentitiesAfterSync() throws Exception {
sync(USER_ID, false);
// membership-nesting is 1 => expect only 'USER_ID' plus the declared group-membership
Set<String> expected = Sets.newHashSet(USER_ID);
for (ExternalIdentityRef extRef : idp.getUser(USER_ID).getDeclaredGroups()) {
expected.add(extRef.getId());
}
Iterator<SyncedIdentity> identities = syncHandler.listIdentities(userManager);
while (identities.hasNext()) {
SyncedIdentity si = identities.next();
if (expected.contains(si.getId())) {
expected.remove(si.getId());
assertNotNull(si.getExternalIdRef());
} else {
fail("Sync handler returned unexpected identity: " + si);
}
}
assertTrue(expected.isEmpty());
}
Also used :
ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef)
DefaultSyncedIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncedIdentity)
SyncedIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity)
Test(org.junit.Test)
Example 18 with SyncedIdentity
use of org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity in project jackrabbit-oak by apache.
the class DefaultSyncHandlerTest method testListIdentitiesBeforeSync.
@Test
public void testListIdentitiesBeforeSync() throws Exception {
Iterator<SyncedIdentity> identities = syncHandler.listIdentities(userManager);
if (identities.hasNext()) {
SyncedIdentity si = identities.next();
fail("Sync handler returned unexpected identity: " + si);
}
}
Also used :
DefaultSyncedIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncedIdentity)
SyncedIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity)
Test(org.junit.Test)
Example 19 with SyncedIdentity
use of org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity in project jackrabbit-oak by apache.
the class ExternalLoginModule method login.
@Override
public boolean login() throws LoginException {
if (idp == null || syncHandler == null) {
return false;
}
credentials = getCredentials();
// check if we have a pre authenticated login from a previous login module
final PreAuthenticatedLogin preAuthLogin = getSharedPreAuthLogin();
final String userId = getUserId(preAuthLogin, credentials);
if (userId == null && credentials == null) {
log.debug("No credentials|userId found for external login module. ignoring.");
return false;
}
// remember identification for log-output
Object logId = (userId != null) ? userId : credentials;
try {
// check if there exists a user with the given ID that has been synchronized
// before into the repository.
SyncedIdentity sId = getSyncedIdentity(userId);
// - identity is valid but we have a preAuthLogin and the user doesn't need an updating sync (OAK-3508)
if (ignore(sId, preAuthLogin)) {
return false;
}
if (preAuthLogin != null) {
externalUser = idp.getUser(preAuthLogin.getUserId());
} else {
externalUser = idp.authenticate(credentials);
}
if (externalUser != null) {
log.debug("IDP {} returned valid user {}", idp.getName(), externalUser);
if (credentials != null) {
//noinspection unchecked
sharedState.put(SHARED_KEY_CREDENTIALS, credentials);
}
//noinspection unchecked
sharedState.put(SHARED_KEY_LOGIN_NAME, externalUser.getId());
syncUser(externalUser);
return true;
} else {
debug("IDP {} returned null for {}", idp.getName(), logId.toString());
if (sId != null) {
// invalidate the user if it exists as synced variant
log.debug("local user exists for '{}'. re-validating.", sId.getId());
validateUser(sId.getId());
}
return false;
}
} catch (ExternalIdentityException e) {
log.error("Error while authenticating '{}' with {}", logId, idp.getName(), e);
return false;
} catch (LoginException e) {
log.debug("IDP {} throws login exception for '{}': {}", idp.getName(), logId, e.getMessage());
throw e;
} catch (Exception e) {
log.debug("SyncHandler {} throws sync exception for '{}'", syncHandler.getName(), logId, e);
LoginException le = new LoginException("Error while syncing user.");
le.initCause(e);
throw le;
}
}
Also used :
LoginException(javax.security.auth.login.LoginException)
SyncedIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity)
ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException)
PreAuthenticatedLogin(org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin)
LoginException(javax.security.auth.login.LoginException)
CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException)
RepositoryException(javax.jcr.RepositoryException)
ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException)
SyncException(org.apache.jackrabbit.oak.spi.security.authentication.external.SyncException)
Example 20 with SyncedIdentity
use of org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity in project jackrabbit-oak by apache.
the class Delegatee method syncAllUsers.
/**
* @see SynchronizationMBean#syncAllUsers(boolean)
*/
@Nonnull
String[] syncAllUsers(boolean purge) {
try {
List<String> list = new ArrayList<String>();
context.setKeepMissing(!purge).setForceGroupSync(true).setForceUserSync(true);
Iterator<SyncedIdentity> it = handler.listIdentities(userMgr);
List<SyncResult> results = new ArrayList<SyncResult>(batchSize);
while (it.hasNext()) {
SyncedIdentity id = it.next();
if (isMyIDP(id)) {
results = syncUser(id.getId(), false, results, list);
}
}
commit(list, results, NO_BATCH_SIZE);
return list.toArray(new String[list.size()]);
} catch (RepositoryException e) {
throw new IllegalStateException("Error retrieving users for syncing", e);
}
}
Also used :
ArrayList(java.util.ArrayList)
RepositoryException(javax.jcr.RepositoryException)
DefaultSyncedIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncedIdentity)
SyncedIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity)
SyncResult(org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult)
Nonnull(javax.annotation.Nonnull)
Aggregations
SyncedIdentity (org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity)34
Test (org.junit.Test)30
AbstractExternalAuthTest (org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest)15
DefaultSyncedIdentity (org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncedIdentity)13
SyncResult (org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult)11
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)6
ExternalIdentityRef (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef)6
ExternalGroup (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup)5
Group (org.apache.jackrabbit.api.security.user.Group)4
User (org.apache.jackrabbit.api.security.user.User)4
ExternalIdentity (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity)4
ExternalUser (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)4
SimpleCredentials (javax.jcr.SimpleCredentials)3
RepositoryException (javax.jcr.RepositoryException)2
ArrayList (java.util.ArrayList)1
Calendar (java.util.Calendar)1
Nonnull (javax.annotation.Nonnull)1
Value (javax.jcr.Value)1
LoginException (javax.security.auth.login.LoginException)1
JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)1
