Examples with PrincipalProvider org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider used on opensource projects

Example 21 with PrincipalProvider

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider in project jackrabbit-oak by apache.

the class UserPrincipalProviderWithCacheTest method testGroupPrincipals.

@Test
public void testGroupPrincipals() throws Exception {
    // a) force the cache to be created
    PrincipalProvider pp = createPrincipalProvider(systemRoot);
    Iterable<? extends Principal> principals = Iterables.filter(pp.getPrincipals(userId), new GroupPredicate());
    for (Principal p : principals) {
        String className = p.getClass().getName();
        assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$GroupPrincipal", className);
    }
    Principal testPrincipal = getTestUser().getPrincipal();
    // b) retrieve principals again (this time from the cache)
    // -> verify that they are a different implementation
    Iterable<? extends Principal> principalsAgain = Iterables.filter(pp.getPrincipals(userId), new GroupPredicate());
    for (Principal p : principalsAgain) {
        String className = p.getClass().getName();
        assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$CachedGroupPrincipal", className);
        assertTrue(p instanceof TreeBasedPrincipal);
        assertEquals(testGroup.getPath(), ((TreeBasedPrincipal) p).getPath());
        java.security.acl.Group principalGroup = (java.security.acl.Group) p;
        assertTrue(principalGroup.isMember(testPrincipal));
        Enumeration<? extends Principal> members = principalGroup.members();
        assertTrue(members.hasMoreElements());
        assertEquals(testPrincipal, members.nextElement());
        assertEquals(testGroup2.getPrincipal(), members.nextElement());
        assertFalse(members.hasMoreElements());
    }
}

Example 22 with PrincipalProvider

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider in project jackrabbit-oak by apache.

the class UserPrincipalProviderWithCacheTest method testCachedPrincipalsGroupRemoved.

@Test
public void testCachedPrincipalsGroupRemoved() throws Exception {
    // a) force the cache to be created
    PrincipalProvider pp = createPrincipalProvider(systemRoot);
    Iterable<? extends Principal> principals = Iterables.filter(pp.getPrincipals(userId), new GroupPredicate());
    for (Principal p : principals) {
        String className = p.getClass().getName();
        assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$GroupPrincipal", className);
    }
    testGroup.remove();
    root.commit();
    systemRoot.refresh();
    // b) retrieve principals again (this time from the cache)
    //    principal for 'testGroup' is no longer backed by an user mgt group
    //    verify that this doesn't lead to runtime exceptions
    Iterable<? extends Principal> principalsAgain = Iterables.filter(pp.getPrincipals(userId), new GroupPredicate());
    for (Principal p : principalsAgain) {
        String className = p.getClass().getName();
        assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$CachedGroupPrincipal", className);
        assertTrue(p instanceof TreeBasedPrincipal);
        assertNull(((TreeBasedPrincipal) p).getPath());
        java.security.acl.Group principalGroup = (java.security.acl.Group) p;
        assertFalse(principalGroup.isMember(getTestUser().getPrincipal()));
        Enumeration<? extends Principal> members = principalGroup.members();
        assertFalse(members.hasMoreElements());
    }
}

Example 23 with PrincipalProvider

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider in project jackrabbit-oak by apache.

the class UserPrincipalProviderWithCacheTest method testCacheUpdate.

@Test
public void testCacheUpdate() throws Exception {
    PrincipalProvider pp = createPrincipalProvider(systemRoot);
    // set of principals that read from user + membership-provider -> cache being filled
    Set<? extends Principal> principals = pp.getPrincipals(userId);
    assertTrue(getCacheTree(systemRoot).exists());
    // change the group membership of the test user
    UserManager uMgr = getUserConfiguration().getUserManager(systemRoot, namePathMapper);
    Group gr = uMgr.getAuthorizable(groupId, Group.class);
    assertTrue(gr.removeMember(uMgr.getAuthorizable(userId)));
    systemRoot.commit();
    // force cache expiration by manually setting the expiration time
    Tree cache = getCacheTree(systemRoot);
    cache.setProperty(CacheConstants.REP_EXPIRATION, 2);
    systemRoot.commit(CacheValidatorProvider.asCommitAttributes());
    // retrieve principals again to have cache updated
    pp = createPrincipalProvider(systemRoot);
    Set<? extends Principal> principalsAgain = pp.getPrincipals(userId);
    assertFalse(principals.equals(principalsAgain));
    assertPrincipals(principalsAgain, EveryonePrincipal.getInstance(), getTestUser().getPrincipal());
    // verify that the cache has really been updated
    cache = getCacheTree(systemRoot);
    assertNotSame(2, new NodeUtil(cache).getLong(CacheConstants.REP_EXPIRATION, 2));
    assertEquals("", TreeUtil.getString(cache, CacheConstants.REP_GROUP_PRINCIPAL_NAMES));
}

Example 24 with PrincipalProvider

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider in project jackrabbit-oak by apache.

the class UserPrincipalProviderWithCacheTest method testMembershipChange.

@Test
public void testMembershipChange() throws Exception {
    PrincipalProvider pp = createPrincipalProvider(systemRoot);
    // set of principals that read from user + membership-provider.
    Set<? extends Principal> principals = pp.getPrincipals(userId);
    // change group membership with a different root
    UserManager uMgr = getUserManager(root);
    Group gr = uMgr.getAuthorizable(groupId, Group.class);
    assertTrue(gr.removeMember(uMgr.getAuthorizable(userId)));
    root.commit();
    systemRoot.refresh();
    // system-principal provider must still see the principals from the cache (not the changed onces)
    Set<? extends Principal> principalsAgain = pp.getPrincipals(userId);
    assertEquals(principals, principalsAgain);
    // disable the cache again
    changeUserConfiguration(ConfigurationParameters.EMPTY);
    pp = createPrincipalProvider(systemRoot);
    // now group principals must no longer be retrieved from the cache
    assertPrincipals(pp.getPrincipals(userId), EveryonePrincipal.getInstance(), getTestUser().getPrincipal());
}

Example 25 with PrincipalProvider

use of org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider in project jackrabbit-oak by apache.

the class UserPrincipalProviderWithCacheTest method testGetGroupMembershipPopulatesCache.

@Test
public void testGetGroupMembershipPopulatesCache() throws Exception {
    PrincipalProvider pp = createPrincipalProvider(systemRoot);
    Set<? extends Principal> principals = pp.getGroupMembership(getTestUser().getPrincipal());
    assertPrincipals(principals, EveryonePrincipal.getInstance(), testGroup.getPrincipal());
    root.refresh();
    Tree principalCache = getCacheTree(root);
    assertTrue(principalCache.exists());
    assertEquals(CacheConstants.NT_REP_CACHE, TreeUtil.getPrimaryTypeName(principalCache));
    assertNotNull(principalCache.getProperty(CacheConstants.REP_EXPIRATION));
    PropertyState ps = principalCache.getProperty(CacheConstants.REP_GROUP_PRINCIPAL_NAMES);
    assertNotNull(ps);
    String val = ps.getValue(Type.STRING);
    assertEquals(testGroup.getPrincipal().getName(), val);
}