Search in sources :

Example 81 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class AbstractImportTest method before.

@Before
public void before() throws Exception {
    ConfigurationParameters config = getConfigurationParameters();
    if (config != null) {
        securityProvider = new SecurityProviderImpl(config);
    } else {
        securityProvider = new SecurityProviderImpl();
    }
    QueryEngineSettings queryEngineSettings = new QueryEngineSettings();
    queryEngineSettings.setFailTraversal(true);
    Jcr jcr = new Jcr();
    jcr.with(securityProvider);
    jcr.with(queryEngineSettings);
    repo = jcr.createRepository();
    adminSession = repo.login(new SimpleCredentials(UserConstants.DEFAULT_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID.toCharArray()));
    if (!(adminSession instanceof JackrabbitSession)) {
        throw new NotExecutableException();
    }
    userMgr = ((JackrabbitSession) adminSession).getUserManager();
    preTestAuthorizables.clear();
    Iterator<Authorizable> iter = userMgr.findAuthorizables("rep:principalName", null);
    while (iter.hasNext()) {
        String id = iter.next().getID();
        preTestAuthorizables.add(id);
    }
    // make sure the target node for group-import exists
    Authorizable administrators = userMgr.getAuthorizable(ADMINISTRATORS);
    if (userMgr.getAuthorizable(ADMINISTRATORS) == null) {
        userMgr.createGroup(new PrincipalImpl(ADMINISTRATORS));
    } else if (!administrators.isGroup()) {
        throw new NotExecutableException("Expected " + administrators.getID() + " to be a group.");
    }
    adminSession.save();
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) NotExecutableException(org.apache.jackrabbit.test.NotExecutableException) QueryEngineSettings(org.apache.jackrabbit.oak.query.QueryEngineSettings) Jcr(org.apache.jackrabbit.oak.jcr.Jcr) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) SecurityProviderImpl(org.apache.jackrabbit.oak.security.SecurityProviderImpl) ConfigurationParameters(org.apache.jackrabbit.oak.spi.security.ConfigurationParameters) JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) Before(org.junit.Before)

Example 82 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class UserQueryTest method testNameMatch2.

/**
     * The name matching condition must not only search for node-name and
     * principal name but also needs to take the new rep:authoriableId into
     * account that has been introduced as of Oak 1.0
     *
     * @see <a href="https://issues.apache.org/jira/browse/OAK-2243">OAK-2243</a>
     */
@Test
public void testNameMatch2() throws RepositoryException {
    // create a user with different id and principal name
    User user = userMgr.createUser("moloch", null, new PrincipalImpl("MolochHorridus"), "reptiles");
    String userPath = user.getPath();
    // move it such that the node name doesn't reveal the id.
    superuser.move(userPath, Text.getRelativeParent(userPath, 1) + "/thorny_dragon");
    superuser.save();
    authorizables.add(user);
    // search for the authorizable ID
    Iterator<Authorizable> result = userMgr.findAuthorizables(new Query() {

        public <T> void build(QueryBuilder<T> builder) {
            builder.setCondition(builder.nameMatches("moloch"));
        }
    });
    assertTrue(result.hasNext());
    Authorizable a = result.next();
    assertEquals("moloch", a.getID());
    assertFalse(result.hasNext());
    // search for the principal name (basically just for backwards compatibility)
    result = userMgr.findAuthorizables(new Query() {

        public <T> void build(QueryBuilder<T> builder) {
            builder.setCondition(builder.nameMatches("MolochHorridus"));
        }
    });
    assertTrue(result.hasNext());
    a = result.next();
    assertEquals("MolochHorridus", a.getPrincipal().getName());
    assertFalse(result.hasNext());
    // search for the node name
    result = userMgr.findAuthorizables(new Query() {

        public <T> void build(QueryBuilder<T> builder) {
            builder.setCondition(builder.nameMatches("thorny_dragon"));
        }
    });
    assertTrue(result.hasNext());
    a = result.next();
    assertEquals("thorny_dragon", Text.getName(a.getPath()));
    assertFalse(result.hasNext());
}
Also used : User(org.apache.jackrabbit.api.security.user.User) Query(org.apache.jackrabbit.api.security.user.Query) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) QueryBuilder(org.apache.jackrabbit.api.security.user.QueryBuilder) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) Test(org.junit.Test)

Example 83 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class PrincipalProviderDeepNestingTest method testGetPrincipalInheritedGroups.

@Override
@Test
public void testGetPrincipalInheritedGroups() throws Exception {
    ExternalUser externalUser = idp.getUser(USER_ID);
    for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) {
        ExternalIdentity externalGroup = idp.getIdentity(ref);
        Principal grPrincipal = principalProvider.getPrincipal(externalGroup.getPrincipalName());
        for (ExternalIdentityRef inheritedGroupRef : externalGroup.getDeclaredGroups()) {
            String inheritedPrincName = idp.getIdentity(inheritedGroupRef).getPrincipalName();
            Principal principal = principalProvider.getPrincipal(inheritedPrincName);
            assertNotNull(principal);
            assertTrue(principal instanceof java.security.acl.Group);
            java.security.acl.Group inheritedGrPrincipal = (java.security.acl.Group) principal;
            assertTrue(inheritedGrPrincipal.isMember(new PrincipalImpl(externalUser.getPrincipalName())));
            assertFalse(inheritedGrPrincipal.isMember(grPrincipal));
        }
    }
}
Also used : ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef) ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser) ExternalIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity) Principal(java.security.Principal) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) Test(org.junit.Test)

Example 84 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class CugPolicyImplTest method testAddContainedPrincipal.

@Test
public void testAddContainedPrincipal() throws Exception {
    CugPolicy cug = new CugPolicyImpl(path, NamePathMapper.DEFAULT, principalManager, ImportBehavior.BESTEFFORT, principals);
    assertFalse(cug.addPrincipals(new PrincipalImpl("test")));
    assertEquals(principals, cug.getPrincipals());
}
Also used : CugPolicy(org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 85 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class CugPolicyImplTest method testAddInvalidPrincipalsIgnore.

@Test
public void testAddInvalidPrincipalsIgnore() throws Exception {
    CugPolicy cug = new CugPolicyImpl(path, NamePathMapper.DEFAULT, principalManager, ImportBehavior.IGNORE, principals);
    assertTrue(cug.addPrincipals(new PrincipalImpl("unknown"), EveryonePrincipal.getInstance()));
    Set<Principal> principalSet = cug.getPrincipals();
    assertEquals(2, principalSet.size());
    assertFalse(principalSet.contains(new PrincipalImpl("unknown")));
    assertFalse(principalSet.contains(new PrincipalImpl("")));
}
Also used : CugPolicy(org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy) PrincipalImpl(org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl) Principal(java.security.Principal) EveryonePrincipal(org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)87 Test (org.junit.Test)59 Principal (java.security.Principal)39 Group (org.apache.jackrabbit.api.security.user.Group)23 User (org.apache.jackrabbit.api.security.user.User)20 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)20 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)19 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)15 UserManager (org.apache.jackrabbit.api.security.user.UserManager)14 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)11 Session (javax.jcr.Session)8 SimpleCredentials (javax.jcr.SimpleCredentials)7 ContentSession (org.apache.jackrabbit.oak.api.ContentSession)6 ExternalUser (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)6 CugPolicy (org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy)6 HashSet (java.util.HashSet)5 Nonnull (javax.annotation.Nonnull)4 SystemPrincipal (org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal)4 ArrayList (java.util.ArrayList)3 AccessControlList (javax.jcr.security.AccessControlList)3