Example 81 with PrincipalImpl
use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.
the class AbstractImportTest method before.
@Before
public void before() throws Exception {
ConfigurationParameters config = getConfigurationParameters();
if (config != null) {
securityProvider = new SecurityProviderImpl(config);
} else {
securityProvider = new SecurityProviderImpl();
}
QueryEngineSettings queryEngineSettings = new QueryEngineSettings();
queryEngineSettings.setFailTraversal(true);
Jcr jcr = new Jcr();
jcr.with(securityProvider);
jcr.with(queryEngineSettings);
repo = jcr.createRepository();
adminSession = repo.login(new SimpleCredentials(UserConstants.DEFAULT_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID.toCharArray()));
if (!(adminSession instanceof JackrabbitSession)) {
throw new NotExecutableException();
}
userMgr = ((JackrabbitSession) adminSession).getUserManager();
preTestAuthorizables.clear();
Iterator<Authorizable> iter = userMgr.findAuthorizables("rep:principalName", null);
while (iter.hasNext()) {
String id = iter.next().getID();
preTestAuthorizables.add(id);
}
// make sure the target node for group-import exists
Authorizable administrators = userMgr.getAuthorizable(ADMINISTRATORS);
if (userMgr.getAuthorizable(ADMINISTRATORS) == null) {
userMgr.createGroup(new PrincipalImpl(ADMINISTRATORS));
} else if (!administrators.isGroup()) {
throw new NotExecutableException("Expected " + administrators.getID() + " to be a group.");
}
adminSession.save();
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
QueryEngineSettings(org.apache.jackrabbit.oak.query.QueryEngineSettings)
Jcr(org.apache.jackrabbit.oak.jcr.Jcr)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
SecurityProviderImpl(org.apache.jackrabbit.oak.security.SecurityProviderImpl)
ConfigurationParameters(org.apache.jackrabbit.oak.spi.security.ConfigurationParameters)
JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)
PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)
Before(org.junit.Before)
Example 82 with PrincipalImpl
use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.
the class UserQueryTest method testNameMatch2.
/**
* The name matching condition must not only search for node-name and
* principal name but also needs to take the new rep:authoriableId into
* account that has been introduced as of Oak 1.0
*
* @see <a href="https://issues.apache.org/jira/browse/OAK-2243">OAK-2243</a>
*/
@Test
public void testNameMatch2() throws RepositoryException {
// create a user with different id and principal name
User user = userMgr.createUser("moloch", null, new PrincipalImpl("MolochHorridus"), "reptiles");
String userPath = user.getPath();
// move it such that the node name doesn't reveal the id.
superuser.move(userPath, Text.getRelativeParent(userPath, 1) + "/thorny_dragon");
superuser.save();
authorizables.add(user);
// search for the authorizable ID
Iterator<Authorizable> result = userMgr.findAuthorizables(new Query() {
public <T> void build(QueryBuilder<T> builder) {
builder.setCondition(builder.nameMatches("moloch"));
}
});
assertTrue(result.hasNext());
Authorizable a = result.next();
assertEquals("moloch", a.getID());
assertFalse(result.hasNext());
// search for the principal name (basically just for backwards compatibility)
result = userMgr.findAuthorizables(new Query() {
public <T> void build(QueryBuilder<T> builder) {
builder.setCondition(builder.nameMatches("MolochHorridus"));
}
});
assertTrue(result.hasNext());
a = result.next();
assertEquals("MolochHorridus", a.getPrincipal().getName());
assertFalse(result.hasNext());
// search for the node name
result = userMgr.findAuthorizables(new Query() {
public <T> void build(QueryBuilder<T> builder) {
builder.setCondition(builder.nameMatches("thorny_dragon"));
}
});
assertTrue(result.hasNext());
a = result.next();
assertEquals("thorny_dragon", Text.getName(a.getPath()));
assertFalse(result.hasNext());
}
Also used :
User(org.apache.jackrabbit.api.security.user.User)
Query(org.apache.jackrabbit.api.security.user.Query)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
QueryBuilder(org.apache.jackrabbit.api.security.user.QueryBuilder)
PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)
Test(org.junit.Test)
Example 83 with PrincipalImpl
use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.
the class PrincipalProviderDeepNestingTest method testGetPrincipalInheritedGroups.
@Override
@Test
public void testGetPrincipalInheritedGroups() throws Exception {
ExternalUser externalUser = idp.getUser(USER_ID);
for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) {
ExternalIdentity externalGroup = idp.getIdentity(ref);
Principal grPrincipal = principalProvider.getPrincipal(externalGroup.getPrincipalName());
for (ExternalIdentityRef inheritedGroupRef : externalGroup.getDeclaredGroups()) {
String inheritedPrincName = idp.getIdentity(inheritedGroupRef).getPrincipalName();
Principal principal = principalProvider.getPrincipal(inheritedPrincName);
assertNotNull(principal);
assertTrue(principal instanceof java.security.acl.Group);
java.security.acl.Group inheritedGrPrincipal = (java.security.acl.Group) principal;
assertTrue(inheritedGrPrincipal.isMember(new PrincipalImpl(externalUser.getPrincipalName())));
assertFalse(inheritedGrPrincipal.isMember(grPrincipal));
}
}
}
Also used :
ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef)
ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)
ExternalIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity)
Principal(java.security.Principal)
PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)
Test(org.junit.Test)
Example 84 with PrincipalImpl
use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.
the class CugPolicyImplTest method testAddContainedPrincipal.
@Test
public void testAddContainedPrincipal() throws Exception {
CugPolicy cug = new CugPolicyImpl(path, NamePathMapper.DEFAULT, principalManager, ImportBehavior.BESTEFFORT, principals);
assertFalse(cug.addPrincipals(new PrincipalImpl("test")));
assertEquals(principals, cug.getPrincipals());
}
Also used :
CugPolicy(org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy)
PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 85 with PrincipalImpl
use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.
the class CugPolicyImplTest method testAddInvalidPrincipalsIgnore.
@Test
public void testAddInvalidPrincipalsIgnore() throws Exception {
CugPolicy cug = new CugPolicyImpl(path, NamePathMapper.DEFAULT, principalManager, ImportBehavior.IGNORE, principals);
assertTrue(cug.addPrincipals(new PrincipalImpl("unknown"), EveryonePrincipal.getInstance()));
Set<Principal> principalSet = cug.getPrincipals();
assertEquals(2, principalSet.size());
assertFalse(principalSet.contains(new PrincipalImpl("unknown")));
assertFalse(principalSet.contains(new PrincipalImpl("")));
}
Also used :
CugPolicy(org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy)
PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)
Principal(java.security.Principal)
EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Aggregations
PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)87
Test (org.junit.Test)59
Principal (java.security.Principal)39
Group (org.apache.jackrabbit.api.security.user.Group)23
User (org.apache.jackrabbit.api.security.user.User)20
EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)20
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)19
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)15
UserManager (org.apache.jackrabbit.api.security.user.UserManager)14
JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)11
Session (javax.jcr.Session)8
SimpleCredentials (javax.jcr.SimpleCredentials)7
ContentSession (org.apache.jackrabbit.oak.api.ContentSession)6
ExternalUser (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)6
CugPolicy (org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy)6
HashSet (java.util.HashSet)5
Nonnull (javax.annotation.Nonnull)4
SystemPrincipal (org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal)4
ArrayList (java.util.ArrayList)3
AccessControlList (javax.jcr.security.AccessControlList)3
