use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.
the class AbstractImportTest method before.
@Before
public void before() throws Exception {
ConfigurationParameters config = getConfigurationParameters();
if (config != null) {
securityProvider = new SecurityProviderImpl(config);
} else {
securityProvider = new SecurityProviderImpl();
}
QueryEngineSettings queryEngineSettings = new QueryEngineSettings();
queryEngineSettings.setFailTraversal(true);
Jcr jcr = new Jcr();
jcr.with(securityProvider);
jcr.with(queryEngineSettings);
repo = jcr.createRepository();
adminSession = repo.login(new SimpleCredentials(UserConstants.DEFAULT_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID.toCharArray()));
if (!(adminSession instanceof JackrabbitSession)) {
throw new NotExecutableException();
}
userMgr = ((JackrabbitSession) adminSession).getUserManager();
preTestAuthorizables.clear();
Iterator<Authorizable> iter = userMgr.findAuthorizables("rep:principalName", null);
while (iter.hasNext()) {
String id = iter.next().getID();
preTestAuthorizables.add(id);
}
// make sure the target node for group-import exists
Authorizable administrators = userMgr.getAuthorizable(ADMINISTRATORS);
if (userMgr.getAuthorizable(ADMINISTRATORS) == null) {
userMgr.createGroup(new PrincipalImpl(ADMINISTRATORS));
} else if (!administrators.isGroup()) {
throw new NotExecutableException("Expected " + administrators.getID() + " to be a group.");
}
adminSession.save();
}
use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.
the class UserQueryTest method testNameMatch2.
/**
* The name matching condition must not only search for node-name and
* principal name but also needs to take the new rep:authoriableId into
* account that has been introduced as of Oak 1.0
*
* @see <a href="https://issues.apache.org/jira/browse/OAK-2243">OAK-2243</a>
*/
@Test
public void testNameMatch2() throws RepositoryException {
// create a user with different id and principal name
User user = userMgr.createUser("moloch", null, new PrincipalImpl("MolochHorridus"), "reptiles");
String userPath = user.getPath();
// move it such that the node name doesn't reveal the id.
superuser.move(userPath, Text.getRelativeParent(userPath, 1) + "/thorny_dragon");
superuser.save();
authorizables.add(user);
// search for the authorizable ID
Iterator<Authorizable> result = userMgr.findAuthorizables(new Query() {
public <T> void build(QueryBuilder<T> builder) {
builder.setCondition(builder.nameMatches("moloch"));
}
});
assertTrue(result.hasNext());
Authorizable a = result.next();
assertEquals("moloch", a.getID());
assertFalse(result.hasNext());
// search for the principal name (basically just for backwards compatibility)
result = userMgr.findAuthorizables(new Query() {
public <T> void build(QueryBuilder<T> builder) {
builder.setCondition(builder.nameMatches("MolochHorridus"));
}
});
assertTrue(result.hasNext());
a = result.next();
assertEquals("MolochHorridus", a.getPrincipal().getName());
assertFalse(result.hasNext());
// search for the node name
result = userMgr.findAuthorizables(new Query() {
public <T> void build(QueryBuilder<T> builder) {
builder.setCondition(builder.nameMatches("thorny_dragon"));
}
});
assertTrue(result.hasNext());
a = result.next();
assertEquals("thorny_dragon", Text.getName(a.getPath()));
assertFalse(result.hasNext());
}
use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.
the class PrincipalProviderDeepNestingTest method testGetPrincipalInheritedGroups.
@Override
@Test
public void testGetPrincipalInheritedGroups() throws Exception {
ExternalUser externalUser = idp.getUser(USER_ID);
for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) {
ExternalIdentity externalGroup = idp.getIdentity(ref);
Principal grPrincipal = principalProvider.getPrincipal(externalGroup.getPrincipalName());
for (ExternalIdentityRef inheritedGroupRef : externalGroup.getDeclaredGroups()) {
String inheritedPrincName = idp.getIdentity(inheritedGroupRef).getPrincipalName();
Principal principal = principalProvider.getPrincipal(inheritedPrincName);
assertNotNull(principal);
assertTrue(principal instanceof java.security.acl.Group);
java.security.acl.Group inheritedGrPrincipal = (java.security.acl.Group) principal;
assertTrue(inheritedGrPrincipal.isMember(new PrincipalImpl(externalUser.getPrincipalName())));
assertFalse(inheritedGrPrincipal.isMember(grPrincipal));
}
}
}
use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.
the class CugPolicyImplTest method testAddContainedPrincipal.
@Test
public void testAddContainedPrincipal() throws Exception {
CugPolicy cug = new CugPolicyImpl(path, NamePathMapper.DEFAULT, principalManager, ImportBehavior.BESTEFFORT, principals);
assertFalse(cug.addPrincipals(new PrincipalImpl("test")));
assertEquals(principals, cug.getPrincipals());
}
use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.
the class CugPolicyImplTest method testAddInvalidPrincipalsIgnore.
@Test
public void testAddInvalidPrincipalsIgnore() throws Exception {
CugPolicy cug = new CugPolicyImpl(path, NamePathMapper.DEFAULT, principalManager, ImportBehavior.IGNORE, principals);
assertTrue(cug.addPrincipals(new PrincipalImpl("unknown"), EveryonePrincipal.getInstance()));
Set<Principal> principalSet = cug.getPrincipals();
assertEquals(2, principalSet.size());
assertFalse(principalSet.contains(new PrincipalImpl("unknown")));
assertFalse(principalSet.contains(new PrincipalImpl("")));
}
Aggregations