Examples with PrincipalImpl org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl used on opensource projects

Example 36 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class LoginWithTokensTest method beforeSuite.

@Override
public void beforeSuite() throws Exception {
    super.beforeSuite();
    Session s = loginAdministrative();
    try {
        UserManager userManager = ((JackrabbitSession) s).getUserManager();
        for (int i = 0; i < numberOfUsers; i++) {
            String id = USER + i;
            userManager.createUser(id, id, new PrincipalImpl(id), REL_TEST_PATH);
        }
    } finally {
        s.save();
        s.logout();
    }
    System.out.println("setup done, created " + numberOfUsers + " users.");
}

Example 37 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class ImpersonationImpl method getImpersonators.

// ------------------------------------------------------< Impersonation >---
/**
 * @see org.apache.jackrabbit.api.security.user.Impersonation#getImpersonators()
 */
@Nonnull
@Override
public PrincipalIterator getImpersonators() throws RepositoryException {
    Set<String> impersonators = getImpersonatorNames();
    if (impersonators.isEmpty()) {
        return PrincipalIteratorAdapter.EMPTY;
    } else {
        Set<Principal> s = new HashSet<Principal>();
        for (final String pName : impersonators) {
            Principal p = principalManager.getPrincipal(pName);
            if (p == null) {
                log.debug("Impersonator " + pName + " does not correspond to a known Principal.");
                p = new PrincipalImpl(pName);
            }
            s.add(p);
        }
        return new PrincipalIteratorAdapter(s);
    }
}

Example 38 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class UserImporter method handlePropInfo.

// -----------------------------------------< ProtectedPropertyImporter >---
@Override
public boolean handlePropInfo(@Nonnull Tree parent, @Nonnull PropInfo propInfo, @Nonnull PropertyDefinition def) throws RepositoryException {
    checkInitialized();
    String propName = propInfo.getName();
    if (isPwdNode(parent)) {
        // the XML to be imported. see OAK-1943 for the corresponding discussion.
        return importPwdNodeProperty(parent, propInfo, def);
    } else {
        Authorizable a = userManager.getAuthorizable(parent);
        if (a == null) {
            log.debug("Cannot handle protected PropInfo " + propInfo + ". Node " + parent + " doesn't represent an Authorizable.");
            return false;
        }
        if (REP_AUTHORIZABLE_ID.equals(propName)) {
            if (!isValid(def, NT_REP_AUTHORIZABLE, false)) {
                return false;
            }
            String id = propInfo.getTextValue().getString();
            Authorizable existing = userManager.getAuthorizable(id);
            if (existing == null) {
                String msg = "Cannot handle protected PropInfo " + propInfo + ". Invalid rep:authorizableId.";
                log.warn(msg);
                throw new ConstraintViolationException(msg);
            }
            if (a.getPath().equals(existing.getPath())) {
                parent.setProperty(REP_AUTHORIZABLE_ID, id);
            } else {
                throw new AuthorizableExistsException(id);
            }
            return true;
        } else if (REP_PRINCIPAL_NAME.equals(propName)) {
            if (!isValid(def, NT_REP_AUTHORIZABLE, false)) {
                return false;
            }
            String principalName = propInfo.getTextValue().getString();
            Principal principal = new PrincipalImpl(principalName);
            userManager.checkValidPrincipal(principal, a.isGroup());
            userManager.setPrincipal(parent, principal);
            /*
             Remember principal of new user/group for further processing
             of impersonators
             */
            if (principals == null) {
                principals = new HashMap<String, Principal>();
            }
            principals.put(principalName, a.getPrincipal());
            return true;
        } else if (REP_PASSWORD.equals(propName)) {
            if (a.isGroup() || !isValid(def, NT_REP_USER, false)) {
                log.warn("Unexpected authorizable or definition for property rep:password");
                return false;
            }
            if (((User) a).isSystemUser()) {
                log.warn("System users may not have a password set.");
                return false;
            }
            String pw = propInfo.getTextValue().getString();
            userManager.setPassword(parent, a.getID(), pw, false);
            currentPw = pw;
            return true;
        } else if (REP_IMPERSONATORS.equals(propName)) {
            if (a.isGroup() || !isValid(def, MIX_REP_IMPERSONATABLE, true)) {
                log.warn("Unexpected authorizable or definition for property rep:impersonators");
                return false;
            }
            // since impersonators may be imported later on, postpone processing
            // to the end.
            // see -> process References
            referenceTracker.processedReference(new Impersonators(parent.getPath(), propInfo.getTextValues()));
            return true;
        } else if (REP_DISABLED.equals(propName)) {
            if (a.isGroup() || !isValid(def, NT_REP_USER, false)) {
                log.warn("Unexpected authorizable or definition for property rep:disabled");
                return false;
            }
            ((User) a).disable(propInfo.getTextValue().getString());
            return true;
        } else if (REP_MEMBERS.equals(propName)) {
            if (!a.isGroup() || !isValid(def, NT_REP_MEMBER_REFERENCES, true)) {
                return false;
            }
            // since group-members are references to user/groups that potentially
            // are to be imported later on -> postpone processing to the end.
            // see -> process References
            getMembership(a.getPath()).addMembers(propInfo.getTextValues());
            return true;
        }
    // another protected property -> return false
    }
    // neither rep:pwd nor authorizable node -> not covered by this importer.
    return false;
}

Example 39 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class CugConfigurationOsgiTest method testCugExcludeAnyPrincipal.

@Test
public void testCugExcludeAnyPrincipal() {
    context.registerInjectActivateService(cugExclude, ImmutableMap.of("principalNames", new String[] { EXCLUDED_PRINCIPAL_NAME }));
    context.registerInjectActivateService(cugConfiguration, PROPERTIES);
    AuthorizationConfiguration config = context.getService(AuthorizationConfiguration.class);
    PermissionProvider permissionProvider = config.getPermissionProvider(root, wspName, ImmutableSet.of(new PrincipalImpl(ANY_PRINCIPAL_NAME)));
    assertTrue(permissionProvider instanceof CugPermissionProvider);
}

Example 40 with PrincipalImpl

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl in project jackrabbit-oak by apache.

the class CugConfigurationOsgiTest method testNoSupportedPaths.

@Test
public void testNoSupportedPaths() {
    context.registerInjectActivateService(cugExclude, ImmutableMap.of("principalNames", new String[] { ANY_PRINCIPAL_NAME }));
    context.registerInjectActivateService(cugConfiguration, ImmutableMap.of(CugConstants.PARAM_CUG_ENABLED, true, CugConstants.PARAM_CUG_SUPPORTED_PATHS, new String[0]));
    AuthorizationConfiguration config = context.getService(AuthorizationConfiguration.class);
    PermissionProvider permissionProvider = config.getPermissionProvider(root, wspName, ImmutableSet.of(new PrincipalImpl(ANY_PRINCIPAL_NAME)));
    assertSame(EmptyPermissionProvider.getInstance(), permissionProvider);
}