Search in sources :

Example 51 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class ExternalLoginModuleAutoMembershipTest method testLoginSyncAutoMembershipSetup1.

@Test
public void testLoginSyncAutoMembershipSetup1() throws Exception {
    ContentSession cs = null;
    try {
        cs = login(new SimpleCredentials(USER_ID, new char[0]));
        // the login must set the existing auto-membership principals to the subject
        Set<Principal> principals = cs.getAuthInfo().getPrincipals();
        assertTrue(principals.contains(setup1.gr.getPrincipal()));
        assertFalse(principals.contains(new PrincipalImpl(NON_EXISTING_NAME)));
        assertFalse(principals.contains(setup2.gr.getPrincipal()));
        assertFalse(principals.contains(setup3.gr.getPrincipal()));
        // however, the existing auto-membership group must _not_ have changed
        // and the test user must not be a stored member of this group.
        root.refresh();
        UserManager uMgr = getUserManager(root);
        User user = uMgr.getAuthorizable(USER_ID, User.class);
        Group gr = uMgr.getAuthorizable(setup1.gr.getID(), Group.class);
        assertFalse(gr.isDeclaredMember(user));
        assertFalse(gr.isMember(user));
    } finally {
        options.clear();
        if (cs != null) {
            cs.close();
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) Group(org.apache.jackrabbit.api.security.user.Group) User(org.apache.jackrabbit.api.security.user.User) UserManager(org.apache.jackrabbit.api.security.user.UserManager) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) Principal(java.security.Principal) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) Test(org.junit.Test)

Example 52 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class ExternalLoginModuleAutoMembershipTest method testLoginAfterSyncSetup3.

@Test
public void testLoginAfterSyncSetup3() throws Exception {
    setup3.sync(USER_ID, false);
    ContentSession cs = null;
    try {
        cs = login(new SimpleCredentials(USER_ID, new char[0]));
        // the login must set the existing auto-membership principals to the subject
        Set<Principal> principals = cs.getAuthInfo().getPrincipals();
        assertTrue(principals.contains(setup3.gr.getPrincipal()));
        assertFalse(principals.contains(new PrincipalImpl(NON_EXISTING_NAME)));
        assertFalse(principals.contains(setup1.gr.getPrincipal()));
        assertFalse(principals.contains(setup2.gr.getPrincipal()));
        // however, the existing auto-membership group must _not_ have changed
        // and the test user must not be a stored member of this group.
        root.refresh();
        UserManager uMgr = getUserManager(root);
        User user = uMgr.getAuthorizable(USER_ID, User.class);
        Group gr = uMgr.getAuthorizable(setup3.gr.getID(), Group.class);
        assertTrue(gr.isDeclaredMember(user));
        assertTrue(gr.isMember(user));
    } finally {
        options.clear();
        if (cs != null) {
            cs.close();
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) Group(org.apache.jackrabbit.api.security.user.Group) User(org.apache.jackrabbit.api.security.user.User) UserManager(org.apache.jackrabbit.api.security.user.UserManager) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) Principal(java.security.Principal) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) Test(org.junit.Test)

Example 53 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class ExternalLoginModuleAutoMembershipTest method testLoginAfterSyncSetup2.

@Test
public void testLoginAfterSyncSetup2() throws Exception {
    setup2.sync(USER_ID, false);
    ContentSession cs = null;
    try {
        cs = login(new SimpleCredentials(USER_ID, new char[0]));
        // the login must set the existing auto-membership principals to the subject
        Set<Principal> principals = cs.getAuthInfo().getPrincipals();
        assertTrue(principals.contains(setup2.gr.getPrincipal()));
        assertFalse(principals.contains(new PrincipalImpl(NON_EXISTING_NAME)));
        assertFalse(principals.contains(setup1.gr.getPrincipal()));
        assertFalse(principals.contains(setup3.gr.getPrincipal()));
        // however, the existing auto-membership group must _not_ have changed
        // and the test user must not be a stored member of this group.
        root.refresh();
        UserManager uMgr = getUserManager(root);
        User user = uMgr.getAuthorizable(USER_ID, User.class);
        Group gr = uMgr.getAuthorizable(setup2.gr.getID(), Group.class);
        assertFalse(gr.isDeclaredMember(user));
        assertFalse(gr.isMember(user));
    } finally {
        options.clear();
        if (cs != null) {
            cs.close();
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) Group(org.apache.jackrabbit.api.security.user.Group) User(org.apache.jackrabbit.api.security.user.User) UserManager(org.apache.jackrabbit.api.security.user.UserManager) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) Principal(java.security.Principal) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) Test(org.junit.Test)

Example 54 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class ExternalLoginModuleAutoMembershipTest method testLoginAfterSyncSetup4.

@Test
public void testLoginAfterSyncSetup4() throws Exception {
    setup4.sync(USER_ID, false);
    ContentSession cs = null;
    try {
        cs = login(new SimpleCredentials(USER_ID, new char[0]));
        // the login must set the existing auto-membership principals to the subject
        Set<Principal> principals = cs.getAuthInfo().getPrincipals();
        assertTrue(principals.contains(setup4.gr.getPrincipal()));
        assertTrue(principals.contains(setup2.gr.getPrincipal()));
        assertFalse(principals.contains(new PrincipalImpl(NON_EXISTING_NAME)));
        assertFalse(principals.contains(setup1.gr.getPrincipal()));
        assertFalse(principals.contains(setup3.gr.getPrincipal()));
        // however, the existing auto-membership group must _not_ have changed
        // and the test user must not be a stored member of this group.
        root.refresh();
        UserManager uMgr = getUserManager(root);
        User user = uMgr.getAuthorizable(USER_ID, User.class);
        Group gr = uMgr.getAuthorizable(setup4.gr.getID(), Group.class);
        assertFalse(gr.isDeclaredMember(user));
        assertFalse(gr.isMember(user));
    } finally {
        options.clear();
        if (cs != null) {
            cs.close();
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) Group(org.apache.jackrabbit.api.security.user.Group) User(org.apache.jackrabbit.api.security.user.User) UserManager(org.apache.jackrabbit.api.security.user.UserManager) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) Principal(java.security.Principal) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) Test(org.junit.Test)

Example 55 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class DefaultSyncContext method createGroup.

/**
     * Creates a new repository group for the given external one.
     * Note that this method only creates the authorizable but does not perform any synchronization.
     *
     * @param externalGroup the external group
     * @return the repository group
     * @throws RepositoryException if an error occurs
     */
@Nonnull
protected Group createGroup(@Nonnull ExternalGroup externalGroup) throws RepositoryException {
    Principal principal = new PrincipalImpl(externalGroup.getPrincipalName());
    Group group = userManager.createGroup(externalGroup.getId(), principal, PathUtils.concatRelativePaths(config.group().getPathPrefix(), externalGroup.getIntermediatePath()));
    setExternalId(group, externalGroup);
    return group;
}
Also used : Group(org.apache.jackrabbit.api.security.user.Group) ExternalGroup(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup) Principal(java.security.Principal) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) Nonnull(javax.annotation.Nonnull)

Aggregations

PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)87 Test (org.junit.Test)59 Principal (java.security.Principal)39 Group (org.apache.jackrabbit.api.security.user.Group)23 User (org.apache.jackrabbit.api.security.user.User)20 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)20 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)19 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)15 UserManager (org.apache.jackrabbit.api.security.user.UserManager)14 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)11 Session (javax.jcr.Session)8 SimpleCredentials (javax.jcr.SimpleCredentials)7 ContentSession (org.apache.jackrabbit.oak.api.ContentSession)6 ExternalUser (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)6 CugPolicy (org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy)6 HashSet (java.util.HashSet)5 Nonnull (javax.annotation.Nonnull)4 SystemPrincipal (org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal)4 ArrayList (java.util.ArrayList)3 AccessControlList (javax.jcr.security.AccessControlList)3