Search in sources :

Example 11 with AdminPrincipal

use of org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal in project jackrabbit-oak by apache.

the class IndexInitializer method createAdministrativeSession.

private Session createAdministrativeSession() throws RepositoryException {
    //Admin ID here can be any string and need not match the actual admin userId
    final String adminId = "admin";
    Principal admin = new AdminPrincipal() {

        @Override
        public String getName() {
            return adminId;
        }
    };
    AuthInfo authInfo = new AuthInfoImpl(adminId, null, singleton(admin));
    Subject subject = new Subject(true, singleton(admin), singleton(authInfo), Collections.emptySet());
    Session adminSession;
    try {
        adminSession = Subject.doAsPrivileged(subject, new PrivilegedExceptionAction<Session>() {

            @Override
            public Session run() throws Exception {
                return repository.login();
            }
        }, null);
    } catch (PrivilegedActionException e) {
        throw new RepositoryException("failed to retrieve admin session.", e);
    }
    return adminSession;
}
Also used : AdminPrincipal(org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal) AuthInfo(org.apache.jackrabbit.oak.api.AuthInfo) AuthInfoImpl(org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl) PrivilegedActionException(java.security.PrivilegedActionException) RepositoryException(javax.jcr.RepositoryException) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) AdminPrincipal(org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal) Principal(java.security.Principal) Subject(javax.security.auth.Subject) Session(javax.jcr.Session)

Example 12 with AdminPrincipal

use of org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal in project jackrabbit-oak by apache.

the class ImpersonationTest method testAdminPrincipalAsImpersonator.

public void testAdminPrincipalAsImpersonator() throws RepositoryException, NotExecutableException {
    Principal adminPrincipal = new AdminPrincipal() {

        @Override
        public String getName() {
            return "some-admin-name";
        }
    };
    // admin cannot be add/remove to set of impersonators of 'u' but is
    // always allowed to impersonate that user.
    Impersonation impersonation = user.getImpersonation();
    assertFalse(impersonation.grantImpersonation(adminPrincipal));
    assertFalse(impersonation.revokeImpersonation(adminPrincipal));
    assertTrue(impersonation.allows(buildSubject(adminPrincipal)));
}
Also used : AdminPrincipal(org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal) Impersonation(org.apache.jackrabbit.api.security.user.Impersonation) Principal(java.security.Principal) AdminPrincipal(org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal)

Aggregations

AdminPrincipal (org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal)12 Test (org.junit.Test)9 Principal (java.security.Principal)7 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)7 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)4 Subject (javax.security.auth.Subject)3 User (org.apache.jackrabbit.api.security.user.User)3 SystemPrincipal (org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal)3 SystemUserPrincipal (org.apache.jackrabbit.oak.spi.security.principal.SystemUserPrincipal)3 PrivilegedActionException (java.security.PrivilegedActionException)2 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)2 RepositoryException (javax.jcr.RepositoryException)2 Session (javax.jcr.Session)2 AccessControlException (javax.jcr.security.AccessControlException)2 Impersonation (org.apache.jackrabbit.api.security.user.Impersonation)2 AuthInfo (org.apache.jackrabbit.oak.api.AuthInfo)2 AuthInfoImpl (org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl)2 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)2 HashMap (java.util.HashMap)1 JackrabbitRepository (org.apache.jackrabbit.api.JackrabbitRepository)1