Search in sources :

Example 1 with SecurityAccessEntry

use of org.xwiki.security.authorization.SecurityAccessEntry in project xwiki-platform by xwiki.

the class DefaultSecurityCacheTest method testAddSecurityAccessEntry.

@Test
public void testAddSecurityAccessEntry() throws Exception {
    InsertUsers();
    InsertEntities();
    final List<SecurityAccessEntry> allEntries = new ArrayList<SecurityAccessEntry>();
    // Insert and check insertion individually for simple users
    for (UserSecurityReference user : userRefs) {
        for (SecurityReference ref : entityRefs) {
            assertThat(securityCache.get(user, ref), is(nullValue()));
            SecurityAccessEntry entry = mockSecurityAccessEntry(ref, user);
            if (AddAccessEntry(entry) != null) {
                assertThat(securityCache.get(user, ref), sameInstance(entry));
                allEntries.add(entry);
            }
        }
    }
    // Insert and check insertion individually for group users
    for (UserSecurityReference user : groupUserRefs) {
        for (SecurityReference ref : entityRefs) {
            assertThat(securityCache.get(user, ref), is(nullValue()));
            SecurityAccessEntry entry = mockSecurityAccessEntry(ref, user);
            if (AddAccessEntry(entry) != null) {
                assertThat(securityCache.get(user, ref), sameInstance(entry));
                allEntries.add(entry);
            }
        }
    }
    // Check all insertions
    for (SecurityAccessEntry entry : allEntries) {
        assertThat(securityCache.get(entry.getUserReference(), entry.getReference()), sameInstance(entry));
    }
    // Check a non-conflicting duplicate insertion
    try {
        AddAccessEntry(allEntries.get(0));
    } catch (ConflictingInsertionException e) {
        fail("Inserting the same access entry twice should NOT throw a ConflictingInsertionException.");
    }
    // Check a conflicting duplicate insertion
    try {
        final SecurityReference ref = allEntries.get(0).getReference();
        final UserSecurityReference user = allEntries.get(0).getUserReference();
        SecurityAccessEntry entry = mock(SecurityAccessEntry.class, "Another access for " + allEntries.get(0).getUserReference().toString() + " on " + allEntries.get(0).getReference().toString());
        when(entry.getUserReference()).thenReturn(user);
        when(entry.getReference()).thenReturn(ref);
        AddAccessEntry(entry);
        fail("Inserting a different access entry for the same reference should throw" + " a ConflictingInsertionException.");
    } catch (ConflictingInsertionException ignore) {
    // Expected.
    }
    // Check insertion of entries without inserting either the entity or the user first
    try {
        AddAccessEntry(mockSecurityAccessEntry(aMissingEntityRef, xuserRef));
        fail("Inserting a access entry without inserting its entity first should throw" + " a ParentEntryEvictedException.");
    } catch (ParentEntryEvictedException ignore) {
    // Expected.
    }
    try {
        AddAccessEntry(mockSecurityAccessEntry(xdocRef, aMissingUserRef));
        fail("Inserting a access entry without inserting its user first should throw" + " a ParentEntryEvictedException.");
    } catch (ParentEntryEvictedException ignore) {
    // Expected.
    }
}
Also used : SecurityAccessEntry(org.xwiki.security.authorization.SecurityAccessEntry) ArrayList(java.util.ArrayList) GroupSecurityReference(org.xwiki.security.GroupSecurityReference) SecurityReference(org.xwiki.security.SecurityReference) UserSecurityReference(org.xwiki.security.UserSecurityReference) UserSecurityReference(org.xwiki.security.UserSecurityReference) ConflictingInsertionException(org.xwiki.security.authorization.cache.ConflictingInsertionException) ParentEntryEvictedException(org.xwiki.security.authorization.cache.ParentEntryEvictedException) Test(org.junit.Test)

Example 2 with SecurityAccessEntry

use of org.xwiki.security.authorization.SecurityAccessEntry in project xwiki-platform by xwiki.

the class DefaultSecurityCacheTest method InsertAccess.

private Map<String, SecurityEntry> InsertAccess() throws ConflictingInsertionException, ParentEntryEvictedException {
    Map<String, SecurityEntry> entries = new HashMap<String, SecurityEntry>();
    // Insert access for simple users
    for (UserSecurityReference user : userRefs) {
        for (SecurityReference ref : entityRefs) {
            SecurityAccessEntry entry = mockSecurityAccessEntry(ref, user);
            String key = AddAccessEntry(entry);
            if (key != null)
                entries.put(key, entry);
        }
        SecurityAccessEntry entry = mockSecurityAccessEntry(user, user);
        String key = AddAccessEntry(entry);
        if (key != null)
            entries.put(key, entry);
    }
    // Insert access for group users
    for (UserSecurityReference user : groupUserRefs) {
        for (SecurityReference ref : entityRefs) {
            SecurityAccessEntry entry = mockSecurityAccessEntry(ref, user);
            String key = AddAccessEntry(entry);
            if (key != null)
                entries.put(key, entry);
        }
        SecurityAccessEntry entry = mockSecurityAccessEntry(user, user);
        String key = AddAccessEntry(entry);
        if (key != null)
            entries.put(key, entry);
    }
    return entries;
}
Also used : SecurityAccessEntry(org.xwiki.security.authorization.SecurityAccessEntry) HashMap(java.util.HashMap) SecurityEntry(org.xwiki.security.authorization.SecurityEntry) GroupSecurityReference(org.xwiki.security.GroupSecurityReference) SecurityReference(org.xwiki.security.SecurityReference) UserSecurityReference(org.xwiki.security.UserSecurityReference) UserSecurityReference(org.xwiki.security.UserSecurityReference)

Example 3 with SecurityAccessEntry

use of org.xwiki.security.authorization.SecurityAccessEntry in project xwiki-platform by xwiki.

the class DefaultSecurityCacheLoader method loadAccessEntries.

/**
 * Load group entries, and user entries required, to settle the access, settle it,
 * add this decision into the cache and return the access.
 *
 * @param user The user to check access for.
 * @param entity The lowest entity providing security rules on the path of the entity to check access for.
 * @param ruleEntries The rule entries associated with the above entity.
 * @return The access for the user at the entity (equivalent to the one of the entity to check access for).
 * @throws ParentEntryEvictedException If one of the parent entries are evicted before the load is completed.
 * @throws ConflictingInsertionException When different threads have inserted conflicting entries into the cache.
 * @throws org.xwiki.security.authorization.AuthorizationException On error.
 */
private SecurityAccessEntry loadAccessEntries(UserSecurityReference user, SecurityReference entity, Deque<SecurityRuleEntry> ruleEntries) throws ParentEntryEvictedException, ConflictingInsertionException, AuthorizationException {
    // userWiki is the wiki of the user
    SecurityReference userWiki = user.getWikiReference();
    // entityWiki is the wiki of the entity when the user is global and the entity is local
    SecurityReference entityWiki = user.isGlobal() ? entity.getWikiReference() : null;
    if (entityWiki != null && userWiki.equals(entityWiki)) {
        entityWiki = null;
    }
    // Load user and related groups into the cache (global and shadowed locals) as needed
    Collection<GroupSecurityReference> groups = loadUserEntry(user, userWiki, entityWiki);
    // Settle the access
    SecurityAccessEntry accessEntry = authorizationSettlerProvider.get().settle(user, groups, ruleEntries);
    // Store the result into the cache
    securityCache.add(accessEntry, entityWiki);
    // Return the result
    return accessEntry;
}
Also used : SecurityAccessEntry(org.xwiki.security.authorization.SecurityAccessEntry) GroupSecurityReference(org.xwiki.security.GroupSecurityReference) SecurityReference(org.xwiki.security.SecurityReference) UserSecurityReference(org.xwiki.security.UserSecurityReference) GroupSecurityReference(org.xwiki.security.GroupSecurityReference)

Example 4 with SecurityAccessEntry

use of org.xwiki.security.authorization.SecurityAccessEntry in project xwiki-platform by xwiki.

the class DefaultSecurityCacheLoaderTest method loadWithConflictingInsertionException.

@Test
public void loadWithConflictingInsertionException() throws Exception {
    DocumentReference userReference = new DocumentReference("wiki", "Users", "mflorea");
    UserSecurityReference user = securityReferenceFactory.newUserReference(userReference);
    DocumentReference documentReference = new DocumentReference("wiki", "Space", "Document");
    SecurityReference entity = securityReferenceFactory.newEntityReference(documentReference);
    SecurityRuleEntry documentEntry = mock(SecurityRuleEntry.class, "document");
    when(documentEntry.getReference()).thenReturn(entity);
    when(documentEntry.isEmpty()).thenReturn(true);
    SecurityRuleEntry spaceEntry = mock(SecurityRuleEntry.class, "space");
    when(spaceEntry.getReference()).thenReturn(entity.getParentSecurityReference());
    when(spaceEntry.isEmpty()).thenReturn(true);
    SecurityRuleEntry wikiEntry = mock(SecurityRuleEntry.class, "wiki");
    when(wikiEntry.getReference()).thenReturn(entity.getParentSecurityReference().getParentSecurityReference());
    when(wikiEntry.isEmpty()).thenReturn(true);
    SecurityCache securityCache = mocker.getInstance(SecurityCache.class);
    when(securityCache.get(entity)).thenReturn(documentEntry);
    when(securityCache.get(entity.getParentSecurityReference())).thenReturn(spaceEntry);
    when(securityCache.get(entity.getParentSecurityReference().getParentSecurityReference())).thenReturn(wikiEntry);
    when(securityCache.getGroupsFor(user, null)).thenReturn(null);
    UserBridge userBridge = mocker.getInstance(UserBridge.class);
    DocumentReference groupReference = new DocumentReference("wiki", "Groups", "AllGroup");
    Set<GroupSecurityReference> groups = Collections.singleton(securityReferenceFactory.newGroupReference(groupReference));
    when(userBridge.getAllGroupsFor(user, userReference.getWikiReference())).thenReturn(groups);
    SecurityAccessEntry securityAccessEntry = mock(SecurityAccessEntry.class);
    AuthorizationSettler authorizationSettler = mocker.getInstance(AuthorizationSettler.class);
    Deque<SecurityRuleEntry> securityRuleEntries = new LinkedList<SecurityRuleEntry>(Arrays.asList(documentEntry, spaceEntry, wikiEntry));
    when(authorizationSettler.settle(user, groups, securityRuleEntries)).thenReturn(securityAccessEntry);
    doThrow(ConflictingInsertionException.class).when(securityCache).add(securityAccessEntry);
    doThrow(ConflictingInsertionException.class).when(securityCache).add(securityAccessEntry, null);
    try {
        securityCacheLoader.load(user, entity);
        fail();
    } catch (AuthorizationException e) {
        assertEquals("Failed to load the cache in 5 attempts. Giving up. when checking  " + "access to [wiki:Space.Document] for user [wiki:Users.mflorea]", e.getMessage());
        assertTrue(ExceptionUtils.getRootCauseMessage(e).contains("ConflictingInsertionException"));
    }
    // Assert that we've also emitted a log
    assertEquals(1, this.logRule.size());
    assertEquals("Failed to load the cache in 5 attempts. Giving up.", this.logRule.getMessage(0));
}
Also used : UserBridge(org.xwiki.security.internal.UserBridge) SecurityRuleEntry(org.xwiki.security.authorization.SecurityRuleEntry) AuthorizationException(org.xwiki.security.authorization.AuthorizationException) AuthorizationSettler(org.xwiki.security.authorization.AuthorizationSettler) GroupSecurityReference(org.xwiki.security.GroupSecurityReference) LinkedList(java.util.LinkedList) SecurityAccessEntry(org.xwiki.security.authorization.SecurityAccessEntry) GroupSecurityReference(org.xwiki.security.GroupSecurityReference) SecurityReference(org.xwiki.security.SecurityReference) UserSecurityReference(org.xwiki.security.UserSecurityReference) UserSecurityReference(org.xwiki.security.UserSecurityReference) DocumentReference(org.xwiki.model.reference.DocumentReference) Test(org.junit.Test)

Example 5 with SecurityAccessEntry

use of org.xwiki.security.authorization.SecurityAccessEntry in project xwiki-platform by xwiki.

the class DefaultSecurityCacheTest method checkEntries.

private void checkEntries(Map<String, SecurityEntry> entries, KeepEntries keeper) {
    for (Iterator<Map.Entry<String, SecurityEntry>> it = entries.entrySet().iterator(); it.hasNext(); ) {
        Map.Entry<String, SecurityEntry> entry = it.next();
        if (entry.getValue() instanceof SecurityRuleEntry) {
            SecurityRuleEntry sentry = (SecurityRuleEntry) entry.getValue();
            if (keeper.keepRule(sentry)) {
                assertThat(((DefaultSecurityCache) securityCache).get(entry.getKey()), sameInstance(entry.getValue()));
            } else {
                it.remove();
                assertThat(((DefaultSecurityCache) securityCache).get(entry.getKey()), nullValue());
            }
        } else if (entry.getValue() instanceof SecurityAccessEntry) {
            SecurityAccessEntry sentry = (SecurityAccessEntry) entry.getValue();
            if (keeper.keepAccess(sentry)) {
                assertThat(((DefaultSecurityCache) securityCache).get(entry.getKey()), sameInstance(entry.getValue()));
            } else {
                it.remove();
                assertThat(((DefaultSecurityCache) securityCache).get(entry.getKey()), nullValue());
            }
        } else {
            SecurityShadowEntry sentry = (SecurityShadowEntry) entry.getValue();
            if (keeper.keepShadow(sentry)) {
                assertThat(((DefaultSecurityCache) securityCache).get(entry.getKey()), sameInstance(entry.getValue()));
            } else {
                it.remove();
                assertThat(((DefaultSecurityCache) securityCache).get(entry.getKey()), nullValue());
            }
        }
    }
}
Also used : SecurityAccessEntry(org.xwiki.security.authorization.SecurityAccessEntry) SecurityRuleEntry(org.xwiki.security.authorization.SecurityRuleEntry) SecurityShadowEntry(org.xwiki.security.authorization.cache.SecurityShadowEntry) SecurityEntry(org.xwiki.security.authorization.SecurityEntry) SecurityAccessEntry(org.xwiki.security.authorization.SecurityAccessEntry) SecurityRuleEntry(org.xwiki.security.authorization.SecurityRuleEntry) SecurityEntry(org.xwiki.security.authorization.SecurityEntry) SecurityShadowEntry(org.xwiki.security.authorization.cache.SecurityShadowEntry) HashMap(java.util.HashMap) Map(java.util.Map)

Aggregations

SecurityAccessEntry (org.xwiki.security.authorization.SecurityAccessEntry)6 GroupSecurityReference (org.xwiki.security.GroupSecurityReference)4 SecurityReference (org.xwiki.security.SecurityReference)4 UserSecurityReference (org.xwiki.security.UserSecurityReference)4 HashMap (java.util.HashMap)2 Test (org.junit.Test)2 SecurityEntry (org.xwiki.security.authorization.SecurityEntry)2 SecurityRuleEntry (org.xwiki.security.authorization.SecurityRuleEntry)2 ArrayList (java.util.ArrayList)1 LinkedList (java.util.LinkedList)1 Map (java.util.Map)1 DocumentReference (org.xwiki.model.reference.DocumentReference)1 AuthorizationException (org.xwiki.security.authorization.AuthorizationException)1 AuthorizationSettler (org.xwiki.security.authorization.AuthorizationSettler)1 ConflictingInsertionException (org.xwiki.security.authorization.cache.ConflictingInsertionException)1 ParentEntryEvictedException (org.xwiki.security.authorization.cache.ParentEntryEvictedException)1 SecurityShadowEntry (org.xwiki.security.authorization.cache.SecurityShadowEntry)1 UserBridge (org.xwiki.security.internal.UserBridge)1