Search in sources :

Example 11 with PrincipalProvider

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider in project jackrabbit-oak by apache.

the class UserPrincipalProviderWithCacheTest method testInvalidExpiry.

@Test
public void testInvalidExpiry() throws Exception {
    long[] noCache = new long[] { 0, -1, Long.MIN_VALUE };
    for (long exp : noCache) {
        changeUserConfiguration(ConfigurationParameters.of(UserPrincipalProvider.PARAM_CACHE_EXPIRATION, exp));
        PrincipalProvider pp = createPrincipalProvider(systemRoot);
        pp.getPrincipals(userId);
        root.refresh();
        Tree userTree = root.getTree(getTestUser().getPath());
        assertFalse(userTree.hasChild(CacheConstants.REP_CACHE));
    }
}
Also used : PrincipalProvider(org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider) Tree(org.apache.jackrabbit.oak.api.Tree) AbstractPrincipalProviderTest(org.apache.jackrabbit.oak.security.principal.AbstractPrincipalProviderTest) Test(org.junit.Test)

Example 12 with PrincipalProvider

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider in project jackrabbit-oak by apache.

the class UserPrincipalProviderWithCacheTest method testGetPrincipalsForGroups.

@Test
public void testGetPrincipalsForGroups() throws Exception {
    PrincipalProvider pp = createPrincipalProvider(systemRoot);
    Set<? extends Principal> principals = pp.getPrincipals(testGroup.getID());
    assertTrue(principals.isEmpty());
    principals = pp.getPrincipals(testGroup2.getID());
    assertTrue(principals.isEmpty());
    root.refresh();
    Tree principalCache = getCacheTree(root, testGroup.getPath());
    assertFalse(principalCache.exists());
    principalCache = getCacheTree(root, testGroup2.getPath());
    assertFalse(principalCache.exists());
}
Also used : PrincipalProvider(org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider) Tree(org.apache.jackrabbit.oak.api.Tree) AbstractPrincipalProviderTest(org.apache.jackrabbit.oak.security.principal.AbstractPrincipalProviderTest) Test(org.junit.Test)

Example 13 with PrincipalProvider

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider in project jackrabbit-oak by apache.

the class UserPrincipalProviderWithCacheTest method testMissingExpiration.

@Test
public void testMissingExpiration() throws Exception {
    PrincipalProvider pp = createPrincipalProvider(systemRoot);
    // set of principals that read from user + membership-provider -> cache being filled
    Set<? extends Principal> principals = pp.getPrincipals(userId);
    assertTrue(getCacheTree(systemRoot).exists());
    // manually remove rep:expiration property to verify this doesn't cause NPE
    Tree cache = getCacheTree(systemRoot);
    cache.removeProperty(CacheConstants.REP_EXPIRATION);
    systemRoot.commit(CacheValidatorProvider.asCommitAttributes());
    assertFalse(getCacheTree(systemRoot).hasProperty(CacheConstants.REP_EXPIRATION));
    // retrieve principals again: the cache must be treated as expired and
    // not causing NPE although the property is missing
    pp = createPrincipalProvider(systemRoot);
    Set<? extends Principal> principalsAgain = pp.getPrincipals(userId);
    assertTrue(principals.equals(principalsAgain));
    // verify that the cache has really been updated
    cache = getCacheTree(systemRoot);
    assertTrue(cache.hasProperty(CacheConstants.REP_EXPIRATION));
}
Also used : PrincipalProvider(org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider) Tree(org.apache.jackrabbit.oak.api.Tree) AbstractPrincipalProviderTest(org.apache.jackrabbit.oak.security.principal.AbstractPrincipalProviderTest) Test(org.junit.Test)

Example 14 with PrincipalProvider

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider in project jackrabbit-oak by apache.

the class AbstractLoginModule method getPrincipals.

@Nonnull
protected Set<? extends Principal> getPrincipals(@Nonnull Principal userPrincipal) {
    PrincipalProvider principalProvider = getPrincipalProvider();
    if (principalProvider == null) {
        log.debug("Cannot retrieve principals. No principal provider configured.");
        return Collections.emptySet();
    } else {
        Set<Principal> principals = new HashSet();
        principals.add(userPrincipal);
        principals.addAll(principalProvider.getGroupMembership(userPrincipal));
        return principals;
    }
}
Also used : PrincipalProvider(org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider) Principal(java.security.Principal) HashSet(java.util.HashSet) Nonnull(javax.annotation.Nonnull)

Example 15 with PrincipalProvider

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider in project jackrabbit-oak by apache.

the class AbstractLoginModule method getPrincipalProvider.

/**
     * Retrieves the {@link PrincipalProvider} that should be used to handle
     * this authentication. If no principal provider has been configure this
     * method returns {@code null}.
     *
     * @return A instance of {@code PrincipalProvider} or {@code null}.
     */
@CheckForNull
protected PrincipalProvider getPrincipalProvider() {
    PrincipalProvider principalProvider = null;
    SecurityProvider sp = getSecurityProvider();
    Root r = getRoot();
    if (r != null && sp != null) {
        PrincipalConfiguration pc = sp.getConfiguration(PrincipalConfiguration.class);
        principalProvider = pc.getPrincipalProvider(r, NamePathMapper.DEFAULT);
    }
    if (principalProvider == null && callbackHandler != null) {
        try {
            PrincipalProviderCallback principalCallBack = new PrincipalProviderCallback();
            callbackHandler.handle(new Callback[] { principalCallBack });
            principalProvider = principalCallBack.getPrincipalProvider();
        } catch (IOException | UnsupportedCallbackException e) {
            log.debug(e.getMessage());
        }
    }
    return principalProvider;
}
Also used : PrincipalProvider(org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider) Root(org.apache.jackrabbit.oak.api.Root) PrincipalConfiguration(org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration) PrincipalProviderCallback(org.apache.jackrabbit.oak.spi.security.authentication.callback.PrincipalProviderCallback) SecurityProvider(org.apache.jackrabbit.oak.spi.security.SecurityProvider) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) CheckForNull(javax.annotation.CheckForNull)

Aggregations

PrincipalProvider (org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider)30 Test (org.junit.Test)26 AbstractPrincipalProviderTest (org.apache.jackrabbit.oak.security.principal.AbstractPrincipalProviderTest)16 Tree (org.apache.jackrabbit.oak.api.Tree)10 Principal (java.security.Principal)6 Group (org.apache.jackrabbit.api.security.user.Group)5 PropertyState (org.apache.jackrabbit.oak.api.PropertyState)4 Nonnull (javax.annotation.Nonnull)3 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)3 Root (org.apache.jackrabbit.oak.api.Root)3 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)3 TestPrincipalProvider (org.apache.jackrabbit.oak.spi.security.principal.TestPrincipalProvider)3 HashSet (java.util.HashSet)2 UserManager (org.apache.jackrabbit.api.security.user.UserManager)2 SecurityProvider (org.apache.jackrabbit.oak.spi.security.SecurityProvider)2 AbstractExternalAuthTest (org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest)2 PrincipalConfiguration (org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration)2 IOException (java.io.IOException)1 ArrayList (java.util.ArrayList)1 CheckForNull (javax.annotation.CheckForNull)1