use of org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal in project jackrabbit-oak by apache.
the class AdminPrincipalsBaseTest method testAdminPrincipal.
/**
* Test if the ACL code properly deals the creation of ACEs for administrative
* principals which have full access anyway.
*
* @since Oak 1.1.1
* @see <a href="https://issues.apache.org/jira/browse/OAK-2158">OAK-2158</a>
*/
@Test
public void testAdminPrincipal() throws Exception {
try {
boolean success = acl.addAccessControlEntry(new AdminPrincipal() {
@Override
public String getName() {
return "admin";
}
}, privilegesFromNames(PrivilegeConstants.JCR_READ));
assertResult(success);
} catch (AccessControlException e) {
assertException();
}
}
use of org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal in project jackrabbit-oak by apache.
the class CugConfigurationTest method testExcludedPrincipals.
@Test
public void testExcludedPrincipals() {
ConfigurationParameters params = ConfigurationParameters.of(CugConstants.PARAM_CUG_ENABLED, true, CugConstants.PARAM_CUG_SUPPORTED_PATHS, "/content");
CugConfiguration cc = createConfiguration(params);
List<Principal> excluded = ImmutableList.of(SystemPrincipal.INSTANCE, new AdminPrincipal() {
@Override
public String getName() {
return "admin";
}
}, new SystemUserPrincipal() {
@Override
public String getName() {
return "systemUser";
}
});
for (Principal p : excluded) {
Set<Principal> principals = ImmutableSet.of(p, EveryonePrincipal.getInstance());
PermissionProvider pp = cc.getPermissionProvider(root, "default", principals);
assertSame(EmptyPermissionProvider.getInstance(), pp);
}
}
use of org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal in project jackrabbit-oak by apache.
the class ImpersonationTest method testAdminAsImpersonator.
@Test
public void testAdminAsImpersonator() throws RepositoryException, NotExecutableException {
String adminId = superuser.getUserID();
Authorizable admin = userMgr.getAuthorizable(adminId);
if (admin == null || admin.isGroup() || !((User) admin).isAdmin()) {
throw new NotExecutableException(adminId + " is not administators ID");
}
Principal adminPrincipal = admin.getPrincipal();
// admin cannot be add/remove to set of impersonators of 'u' but is
// always allowed to impersonate that user.
Impersonation impersonation = user.getImpersonation();
assertFalse(impersonation.grantImpersonation(adminPrincipal));
assertFalse(impersonation.revokeImpersonation(adminPrincipal));
assertTrue(impersonation.allows(buildSubject(adminPrincipal)));
// same if the impersonation object of the admin itself is used.
Impersonation adminImpersonation = ((User) admin).getImpersonation();
assertFalse(adminImpersonation.grantImpersonation(adminPrincipal));
assertFalse(adminImpersonation.revokeImpersonation(adminPrincipal));
assertTrue(impersonation.allows(buildSubject(adminPrincipal)));
}
use of org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal in project jackrabbit-oak by apache.
the class UserInitializerTest method testAdminUser.
@Test
public void testAdminUser() throws Exception {
Authorizable a = userMgr.getAuthorizable(UserUtil.getAdminId(config));
assertFalse(a.isGroup());
User admin = (User) a;
assertTrue(admin.isAdmin());
assertTrue(admin.getPrincipal() instanceof AdminPrincipal);
assertTrue(admin.getPrincipal() instanceof TreeBasedPrincipal);
assertEquals(admin.getID(), admin.getPrincipal().getName());
}
use of org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal in project sling by apache.
the class OakSlingRepository method createAdministrativeSession.
@Override
protected Session createAdministrativeSession(String workspace) throws RepositoryException {
// TODO: use principal provider to retrieve admin principal
Set<? extends Principal> principals = singleton(new AdminPrincipal() {
@Override
public String getName() {
return OakSlingRepository.this.adminId;
}
});
AuthInfo authInfo = new AuthInfoImpl(this.adminId, Collections.<String, Object>emptyMap(), principals);
Subject subject = new Subject(true, principals, singleton(authInfo), Collections.<Object>emptySet());
Session adminSession;
try {
adminSession = Subject.doAsPrivileged(subject, new PrivilegedExceptionAction<Session>() {
@Override
public Session run() throws Exception {
Map<String, Object> attrs = new HashMap<String, Object>();
attrs.put("oak.refresh-interval", 0);
// TODO OAK-803: Backwards compatibility of long-lived sessions
JackrabbitRepository repo = (JackrabbitRepository) getRepository();
return repo.login(null, null, attrs);
}
}, null);
} catch (PrivilegedActionException e) {
throw new RepositoryException("failed to retrieve admin session.", e);
}
return adminSession;
}
Aggregations