use of org.xwiki.security.authorization.SecurityAccessEntry in project xwiki-platform by xwiki.
the class DefaultSecurityCacheTest method testAddSecurityAccessEntry.
@Test
public void testAddSecurityAccessEntry() throws Exception {
InsertUsers();
InsertEntities();
final List<SecurityAccessEntry> allEntries = new ArrayList<SecurityAccessEntry>();
// Insert and check insertion individually for simple users
for (UserSecurityReference user : userRefs) {
for (SecurityReference ref : entityRefs) {
assertThat(securityCache.get(user, ref), is(nullValue()));
SecurityAccessEntry entry = mockSecurityAccessEntry(ref, user);
if (AddAccessEntry(entry) != null) {
assertThat(securityCache.get(user, ref), sameInstance(entry));
allEntries.add(entry);
}
}
}
// Insert and check insertion individually for group users
for (UserSecurityReference user : groupUserRefs) {
for (SecurityReference ref : entityRefs) {
assertThat(securityCache.get(user, ref), is(nullValue()));
SecurityAccessEntry entry = mockSecurityAccessEntry(ref, user);
if (AddAccessEntry(entry) != null) {
assertThat(securityCache.get(user, ref), sameInstance(entry));
allEntries.add(entry);
}
}
}
// Check all insertions
for (SecurityAccessEntry entry : allEntries) {
assertThat(securityCache.get(entry.getUserReference(), entry.getReference()), sameInstance(entry));
}
// Check a non-conflicting duplicate insertion
try {
AddAccessEntry(allEntries.get(0));
} catch (ConflictingInsertionException e) {
fail("Inserting the same access entry twice should NOT throw a ConflictingInsertionException.");
}
// Check a conflicting duplicate insertion
try {
final SecurityReference ref = allEntries.get(0).getReference();
final UserSecurityReference user = allEntries.get(0).getUserReference();
SecurityAccessEntry entry = mock(SecurityAccessEntry.class, "Another access for " + allEntries.get(0).getUserReference().toString() + " on " + allEntries.get(0).getReference().toString());
when(entry.getUserReference()).thenReturn(user);
when(entry.getReference()).thenReturn(ref);
AddAccessEntry(entry);
fail("Inserting a different access entry for the same reference should throw" + " a ConflictingInsertionException.");
} catch (ConflictingInsertionException ignore) {
// Expected.
}
// Check insertion of entries without inserting either the entity or the user first
try {
AddAccessEntry(mockSecurityAccessEntry(aMissingEntityRef, xuserRef));
fail("Inserting a access entry without inserting its entity first should throw" + " a ParentEntryEvictedException.");
} catch (ParentEntryEvictedException ignore) {
// Expected.
}
try {
AddAccessEntry(mockSecurityAccessEntry(xdocRef, aMissingUserRef));
fail("Inserting a access entry without inserting its user first should throw" + " a ParentEntryEvictedException.");
} catch (ParentEntryEvictedException ignore) {
// Expected.
}
}
use of org.xwiki.security.authorization.SecurityAccessEntry in project xwiki-platform by xwiki.
the class DefaultSecurityCacheTest method InsertAccess.
private Map<String, SecurityEntry> InsertAccess() throws ConflictingInsertionException, ParentEntryEvictedException {
Map<String, SecurityEntry> entries = new HashMap<String, SecurityEntry>();
// Insert access for simple users
for (UserSecurityReference user : userRefs) {
for (SecurityReference ref : entityRefs) {
SecurityAccessEntry entry = mockSecurityAccessEntry(ref, user);
String key = AddAccessEntry(entry);
if (key != null)
entries.put(key, entry);
}
SecurityAccessEntry entry = mockSecurityAccessEntry(user, user);
String key = AddAccessEntry(entry);
if (key != null)
entries.put(key, entry);
}
// Insert access for group users
for (UserSecurityReference user : groupUserRefs) {
for (SecurityReference ref : entityRefs) {
SecurityAccessEntry entry = mockSecurityAccessEntry(ref, user);
String key = AddAccessEntry(entry);
if (key != null)
entries.put(key, entry);
}
SecurityAccessEntry entry = mockSecurityAccessEntry(user, user);
String key = AddAccessEntry(entry);
if (key != null)
entries.put(key, entry);
}
return entries;
}
use of org.xwiki.security.authorization.SecurityAccessEntry in project xwiki-platform by xwiki.
the class DefaultSecurityCacheLoader method loadAccessEntries.
/**
* Load group entries, and user entries required, to settle the access, settle it,
* add this decision into the cache and return the access.
*
* @param user The user to check access for.
* @param entity The lowest entity providing security rules on the path of the entity to check access for.
* @param ruleEntries The rule entries associated with the above entity.
* @return The access for the user at the entity (equivalent to the one of the entity to check access for).
* @throws ParentEntryEvictedException If one of the parent entries are evicted before the load is completed.
* @throws ConflictingInsertionException When different threads have inserted conflicting entries into the cache.
* @throws org.xwiki.security.authorization.AuthorizationException On error.
*/
private SecurityAccessEntry loadAccessEntries(UserSecurityReference user, SecurityReference entity, Deque<SecurityRuleEntry> ruleEntries) throws ParentEntryEvictedException, ConflictingInsertionException, AuthorizationException {
// userWiki is the wiki of the user
SecurityReference userWiki = user.getWikiReference();
// entityWiki is the wiki of the entity when the user is global and the entity is local
SecurityReference entityWiki = user.isGlobal() ? entity.getWikiReference() : null;
if (entityWiki != null && userWiki.equals(entityWiki)) {
entityWiki = null;
}
// Load user and related groups into the cache (global and shadowed locals) as needed
Collection<GroupSecurityReference> groups = loadUserEntry(user, userWiki, entityWiki);
// Settle the access
SecurityAccessEntry accessEntry = authorizationSettlerProvider.get().settle(user, groups, ruleEntries);
// Store the result into the cache
securityCache.add(accessEntry, entityWiki);
// Return the result
return accessEntry;
}
use of org.xwiki.security.authorization.SecurityAccessEntry in project xwiki-platform by xwiki.
the class DefaultSecurityCacheLoaderTest method loadWithConflictingInsertionException.
@Test
public void loadWithConflictingInsertionException() throws Exception {
DocumentReference userReference = new DocumentReference("wiki", "Users", "mflorea");
UserSecurityReference user = securityReferenceFactory.newUserReference(userReference);
DocumentReference documentReference = new DocumentReference("wiki", "Space", "Document");
SecurityReference entity = securityReferenceFactory.newEntityReference(documentReference);
SecurityRuleEntry documentEntry = mock(SecurityRuleEntry.class, "document");
when(documentEntry.getReference()).thenReturn(entity);
when(documentEntry.isEmpty()).thenReturn(true);
SecurityRuleEntry spaceEntry = mock(SecurityRuleEntry.class, "space");
when(spaceEntry.getReference()).thenReturn(entity.getParentSecurityReference());
when(spaceEntry.isEmpty()).thenReturn(true);
SecurityRuleEntry wikiEntry = mock(SecurityRuleEntry.class, "wiki");
when(wikiEntry.getReference()).thenReturn(entity.getParentSecurityReference().getParentSecurityReference());
when(wikiEntry.isEmpty()).thenReturn(true);
SecurityCache securityCache = mocker.getInstance(SecurityCache.class);
when(securityCache.get(entity)).thenReturn(documentEntry);
when(securityCache.get(entity.getParentSecurityReference())).thenReturn(spaceEntry);
when(securityCache.get(entity.getParentSecurityReference().getParentSecurityReference())).thenReturn(wikiEntry);
when(securityCache.getGroupsFor(user, null)).thenReturn(null);
UserBridge userBridge = mocker.getInstance(UserBridge.class);
DocumentReference groupReference = new DocumentReference("wiki", "Groups", "AllGroup");
Set<GroupSecurityReference> groups = Collections.singleton(securityReferenceFactory.newGroupReference(groupReference));
when(userBridge.getAllGroupsFor(user, userReference.getWikiReference())).thenReturn(groups);
SecurityAccessEntry securityAccessEntry = mock(SecurityAccessEntry.class);
AuthorizationSettler authorizationSettler = mocker.getInstance(AuthorizationSettler.class);
Deque<SecurityRuleEntry> securityRuleEntries = new LinkedList<SecurityRuleEntry>(Arrays.asList(documentEntry, spaceEntry, wikiEntry));
when(authorizationSettler.settle(user, groups, securityRuleEntries)).thenReturn(securityAccessEntry);
doThrow(ConflictingInsertionException.class).when(securityCache).add(securityAccessEntry);
doThrow(ConflictingInsertionException.class).when(securityCache).add(securityAccessEntry, null);
try {
securityCacheLoader.load(user, entity);
fail();
} catch (AuthorizationException e) {
assertEquals("Failed to load the cache in 5 attempts. Giving up. when checking " + "access to [wiki:Space.Document] for user [wiki:Users.mflorea]", e.getMessage());
assertTrue(ExceptionUtils.getRootCauseMessage(e).contains("ConflictingInsertionException"));
}
// Assert that we've also emitted a log
assertEquals(1, this.logRule.size());
assertEquals("Failed to load the cache in 5 attempts. Giving up.", this.logRule.getMessage(0));
}
use of org.xwiki.security.authorization.SecurityAccessEntry in project xwiki-platform by xwiki.
the class DefaultSecurityCacheTest method checkEntries.
private void checkEntries(Map<String, SecurityEntry> entries, KeepEntries keeper) {
for (Iterator<Map.Entry<String, SecurityEntry>> it = entries.entrySet().iterator(); it.hasNext(); ) {
Map.Entry<String, SecurityEntry> entry = it.next();
if (entry.getValue() instanceof SecurityRuleEntry) {
SecurityRuleEntry sentry = (SecurityRuleEntry) entry.getValue();
if (keeper.keepRule(sentry)) {
assertThat(((DefaultSecurityCache) securityCache).get(entry.getKey()), sameInstance(entry.getValue()));
} else {
it.remove();
assertThat(((DefaultSecurityCache) securityCache).get(entry.getKey()), nullValue());
}
} else if (entry.getValue() instanceof SecurityAccessEntry) {
SecurityAccessEntry sentry = (SecurityAccessEntry) entry.getValue();
if (keeper.keepAccess(sentry)) {
assertThat(((DefaultSecurityCache) securityCache).get(entry.getKey()), sameInstance(entry.getValue()));
} else {
it.remove();
assertThat(((DefaultSecurityCache) securityCache).get(entry.getKey()), nullValue());
}
} else {
SecurityShadowEntry sentry = (SecurityShadowEntry) entry.getValue();
if (keeper.keepShadow(sentry)) {
assertThat(((DefaultSecurityCache) securityCache).get(entry.getKey()), sameInstance(entry.getValue()));
} else {
it.remove();
assertThat(((DefaultSecurityCache) securityCache).get(entry.getKey()), nullValue());
}
}
}
}
Aggregations