You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by dj...@apache.org on 2015/08/10 10:32:51 UTC
svn commit: r1694986 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/
oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/
Author: dj
Date: Mon Aug 10 08:32:50 2015
New Revision: 1694986
URL: http://svn.apache.org/r1694986
Log:
OAK-2231 - Searching authorizables with ' and ] in authorizable id and/or principal name
- escaping jcr:link/fn:name condition for query
- adding search by special chars tests
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathConditionVisitor.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/FindAuthorizablesTest.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserQueryTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathConditionVisitor.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathConditionVisitor.java?rev=1694986&r1=1694985&r2=1694986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathConditionVisitor.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathConditionVisitor.java Mon Aug 10 08:32:50 2015
@@ -59,7 +59,7 @@ class XPathConditionVisitor implements C
.append("')")
.append(" or ")
.append("jcr:like(fn:name(),'")
- .append(QueryUtil.escapeNodeName(condition.getPattern()))
+ .append(QueryUtil.escapeForQuery(QueryUtil.escapeNodeName(condition.getPattern())))
.append("')")
.append(')');
}
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/FindAuthorizablesTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/FindAuthorizablesTest.java?rev=1694986&r1=1694985&r2=1694986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/FindAuthorizablesTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/FindAuthorizablesTest.java Mon Aug 10 08:32:50 2015
@@ -19,10 +19,12 @@ package org.apache.jackrabbit.oak.jcr.se
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
+import java.util.List;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
+import com.google.common.collect.Lists;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
@@ -32,6 +34,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.util.Text;
import org.junit.Test;
/**
@@ -377,4 +380,29 @@ public class FindAuthorizablesTest exten
assertTrue(it.next().isGroup());
}
}
+
+ @Test
+ public void testFindUserWithSpecialCharIdByPrincipalName() throws RepositoryException {
+ List<String> ids = Lists.newArrayList("'", "]", "']", Text.escapeIllegalJcrChars("']"), Text.escape("']"));
+ for (String id : ids) {
+ User user = null;
+ try {
+ user = userMgr.createUser(id, "pw");
+ superuser.save();
+
+ boolean found = false;
+ Iterator<Authorizable> it = userMgr.findAuthorizables(UserConstants.REP_PRINCIPAL_NAME, id, UserManager.SEARCH_TYPE_USER);
+ while (it.hasNext() && !found) {
+ Authorizable a = it.next();
+ found = id.equals(a.getID());
+ }
+ assertTrue(found);
+ } finally {
+ if (user != null) {
+ user.remove();
+ superuser.save();
+ }
+ }
+ }
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserQueryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserQueryTest.java?rev=1694986&r1=1694985&r2=1694986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserQueryTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserQueryTest.java Mon Aug 10 08:32:50 2015
@@ -30,12 +30,14 @@ import javax.jcr.Value;
import com.google.common.base.Predicate;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterators;
+import com.google.common.collect.Lists;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.Query;
import org.apache.jackrabbit.api.security.user.QueryBuilder;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.commons.jackrabbit.user.AuthorizableQueryManager;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
@@ -975,6 +977,35 @@ public class UserQueryTest extends Abstr
assertFalse(result.hasNext());
}
+ @Test
+ public void testQueryUserWithSpecialCharId() throws Exception {
+ List<String> ids = Lists.newArrayList("'", "]");
+ for (String id : ids) {
+ User user = null;
+ try {
+ user = userMgr.createUser(id, "pw");
+ superuser.save();
+
+ boolean found = false;
+ String query = "{\"condition\":[{\"named\":\"" + id + "\"}]}";
+ AuthorizableQueryManager queryManager = new AuthorizableQueryManager(userMgr, superuser.getValueFactory());
+ Iterator<Authorizable> it = queryManager.execute(query);
+ while (it.hasNext() && !found) {
+ Authorizable a = it.next();
+ found = id.equals(a.getID());
+ }
+ assertTrue(found);
+ } finally {
+ if (user != null) {
+ user.remove();
+ superuser.save();
+ }
+ }
+ }
+ }
+
+
+
//------------------------------------------------------------< private >---
private static void addMembers(Group group, Authorizable... authorizables) throws RepositoryException {