You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2015/06/18 16:30:17 UTC
svn commit: r1686235 [1/6] - in /jackrabbit/oak/trunk: ./
oak-doc/src/site/markdown/ oak-exercise/ oak-exercise/src/
oak-exercise/src/main/ oak-exercise/src/main/java/
oak-exercise/src/main/java/org/ oak-exercise/src/main/java/org/apache/
oak-exercise/...
Author: angela
Date: Thu Jun 18 14:30:16 2015
New Revision: 1686235
URL: http://svn.apache.org/r1686235
Log:
OAK-3008 : Training material for Oak security (WIP: first bunch of exercises; some areas still not covered)
Added:
jackrabbit/oak/trunk/oak-exercise/ (with props)
jackrabbit/oak/trunk/oak-exercise/README.md
jackrabbit/oak/trunk/oak-exercise/pom.xml (with props)
jackrabbit/oak/trunk/oak-exercise/src/
jackrabbit/oak/trunk/oak-exercise/src/main/
jackrabbit/oak/trunk/oak-exercise/src/main/java/
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/CustomCredentials.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/CustomLoginModule.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/CustomLoginModuleFactory.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/UserIDTestLoginModule.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authorization/
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/CustomRestrictionProvider.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/principal/
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/principal/CustomPrincipalConfiguration.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/principal/CustomPrincipalProvider.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/main/resources/
jackrabbit/oak/trunk/oak-exercise/src/test/
jackrabbit/oak/trunk/oak-exercise/src/test/java/
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/ExerciseUtility.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L1_IntroductionTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L2_AuthInfoTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L3_LoginModuleTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L4_UserIDTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L5_GuestLoginTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L6_AnonymousIdTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L7_ImpersonationTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L8_PreAuthTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L9_NullLoginTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/external/
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/external/L1_IntroductionTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/L1_IntroductionTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/L2_TokenLoginTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/L3_TokenProviderTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/IntroductionTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/L1_IntroductionTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/L2_AccessControlManagerTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/L3_AccessControlListTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/L4_EffectivePoliciesTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/L5_AccessControlListImplTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/L6_AccessControlContentTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/L7_RestrictionsTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/L8_GlobRestrictionTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/L1_IntroductionTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/L2_PermissionDiscoveryTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/L3_PrecedenceRulesTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/L4_PrivilegesAndPermissionsTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/L5_SpecialPermissionsTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/L6_AdministratativeAccessTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/L7_PermissionContentTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/general/
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/general/IntroductionTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/principal/
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/principal/L1_IntroductionTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/principal/L2_PrincipalManagerTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/principal/L3_EveryoneTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/principal/L4_PrincipalProviderTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/privilege/
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/privilege/L1_IntroductionTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/privilege/L2_PrivilegeManagementTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/privilege/L3_BuiltInPrivilegesTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/privilege/L4_CustomPrivilegeTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/privilege/L5_PrivilegeContentTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/privilege/L6_JcrAllTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/privilege/L7_PrivilegeDiscoveryTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/L10_RemovalAndMembershipTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/L11_PasswordTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/L12_PasswordExpiryTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/L13_SystemUserTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/L14_AuthorizableNodeNameTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/L15_RepositoryWithoutAnonymousTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/L16_RepositoryWithoutUserManagement.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/L1_IntroductionTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/L2_CreateAndGetTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/L3_UserVsPrincipalTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/L4_AuthorizableIdTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/L5_UuidTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/L6_AuthorizableContentTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/L7_AuthorizablePropertiesTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/L8_MembershipTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/L9_RemoveAuthorizableTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/action/
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/action/L1_IntroductionTest.java (with props)
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/user/action/L2_AuthorizableActionTest.java (with props)
Modified:
jackrabbit/oak/trunk/README.md
jackrabbit/oak/trunk/oak-doc/src/site/markdown/dev_getting_started.md
jackrabbit/oak/trunk/pom.xml
Modified: jackrabbit/oak/trunk/README.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/README.md?rev=1686235&r1=1686234&r2=1686235&view=diff
==============================================================================
--- jackrabbit/oak/trunk/README.md (original)
+++ jackrabbit/oak/trunk/README.md Thu Jun 18 14:30:16 2015
@@ -63,8 +63,10 @@ The build consists of the following main
- oak-upgrade - tooling for upgrading Jackrabbit repositories to Oak
- oak-it - integration tests
- oak-it/osgi - integration tests for OSGi
+ - [oak-exercise][2] - Oak training material
[1]: oak-core/README.md
+ [2]: oak-exercise/README.md
Archive
-------
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/dev_getting_started.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/dev_getting_started.md?rev=1686235&r1=1686234&r2=1686235&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/dev_getting_started.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/dev_getting_started.md Thu Jun 18 14:30:16 2015
@@ -74,6 +74,7 @@ The build consists of the following main
- oak-upgrade - tooling for upgrading Jackrabbit repositories to Oak
- oak-it - integration tests
- oak-it/osgi - integration tests for OSGi
+ - [oak-exercise][3] - Oak training material
Archive
@@ -90,4 +91,5 @@ The following components have been moved
[1]: https://github.com/apache/jackrabbit-oak/blob/trunk/oak-core/README.md
[2]: https://issues.apache.org/jira/browse/OAK-2693
+ [3]: https://github.com/apache/jackrabbit-oak/blob/trunk/oak-exercise/README.md
Propchange: jackrabbit/oak/trunk/oak-exercise/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Thu Jun 18 14:30:16 2015
@@ -0,0 +1,5 @@
+target
+.*
+*.iml
+*.ipr
+*.iws
Added: jackrabbit/oak/trunk/oak-exercise/README.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/README.md?rev=1686235&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-exercise/README.md (added)
+++ jackrabbit/oak/trunk/oak-exercise/README.md Thu Jun 18 14:30:16 2015
@@ -0,0 +1,109 @@
+=======================================================
+Jackrabbit Oak - Exercise
+=======================================================
+
+Oak module providing exercises for developers who wish to become familar with
+the Oak code base and understand the design principals and implementation
+details.
+
+NOTE: This module is not suited as reference for 'best-practises' for JCR
+and Jackrabbit API consumers. Instead it often uses low-level implementation
+access to illustrate a particular pattern or detail.
+
+Mandatory Preparation
+---------------------
+
+Apart from the exercise code, you need have to following source packges
+installed
+
+Please make sure you have the following source code on your computer and setup in your preferred IDE
+
+- Oak (http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/, https://github.com/apache/jackrabbit-oak)
+- JCR 2.0 (https://svn.java.net/svn/jsr-283~svn/trunk/src/)
+- Jackrabbit API (http://svn.apache.org/repos/asf/jackrabbit/trunk/jackrabbit-api/, https://github.com/apache/jackrabbit)
+- Jackrabbit Commons (http://svn.apache.org/repos/asf/jackrabbit/trunk/jackrabbit-jcr-commons/, https://github.com/apache/jackrabbit)
+
+
+Recommended Reading
+-------------------
+
+As preparation of the introduction it is recommended to take a look at security related sections of the JSR283 and to make yourself familiar with the security related areas of the API as well with the extensions defined in Apache Jackrabbit.
+JSR 283 : Content Repository for Java Technology API Specification v2.0
+
+The following sections of the specification deal with security in particular with authentication and authorization.
+
+- 4.2 Login (http://www.day.com/specs/jcr/2.0/4_Connecting.html#4.2%20Login)
+- 4.3 Impersonate (http://www.day.com/specs/jcr/2.0/4_Connecting.html#4.3%20Impersonate)
+- 4.4.1 User (http://www.day.com/specs/jcr/2.0/4_Connecting.html#4.4.1%20User)
+- 9 Permissions and Capabilities (http://www.day.com/specs/jcr/2.0/9_Permissions_and_Capabilities.html)
+- 16 Access Control Management (http://www.day.com/specs/jcr/2.0/16_Access_Control_Management.html)
+
+You can also find the correspoding parts of the API documentation:
+
+- Login and Impersonation
+ http://www.day.com/specs/javax.jcr/javadocs/jcr-2.0/javax/jcr/Repository.html#login%28javax.jcr.Credentials,%20java.lang.String%29
+ http://www.day.com/specs/javax.jcr/javadocs/jcr-2.0/javax/jcr/Session.html#impersonate%28javax.jcr.Credentials%29
+- Credentials
+ http://www.day.com/specs/javax.jcr/javadocs/jcr-2.0/javax/jcr/Credentials.html
+ http://www.day.com/specs/javax.jcr/javadocs/jcr-2.0/javax/jcr/GuestCredentials.html
+ http://www.day.com/specs/javax.jcr/javadocs/jcr-2.0/javax/jcr/SimpleCredentials.html
+- Permission Discovery and JCR Action Constants
+ http://www.day.com/specs/javax.jcr/javadocs/jcr-2.0/javax/jcr/Session.html
+ http://www.day.com/specs/javax.jcr/javadocs/jcr-2.0/javax/jcr/Session.html#hasPermission%28java.lang.String,%20java.lang.String%29
+ http://www.day.com/specs/javax.jcr/javadocs/jcr-2.0/javax/jcr/Session.html#checkPermission%28java.lang.String,%20java.lang.String%29
+- Access Control Management
+ http://www.day.com/specs/javax.jcr/javadocs/jcr-2.0/javax/jcr/security/package-summary.html
+
+#### Apache Jackrabbit : API Extensions for JSR 283
+
+The JavaDoc for the latest Jackrabbit API (2.10) can be found at http://jackrabbit.apache.org/api/2.10/
+
+- Authentication (TokenCredentials)
+ http://jackrabbit.apache.org/api/2.10/org/apache/jackrabbit/api/security/authentication/token/TokenCredentials.html
+- Access Control Management
+ http://jackrabbit.apache.org/api/2.10/org/apache/jackrabbit/api/security/package-summary.html
+- Privilege Management
+ http://jackrabbit.apache.org/api/2.10/org/apache/jackrabbit/api/security/authorization/PrivilegeManager.html
+- Principal Management
+ http://jackrabbit.apache.org/api/2.10/org/apache/jackrabbit/api/security/principal/package-summary.html
+- User Management
+ http://jackrabbit.apache.org/api/2.10/org/apache/jackrabbit/api/security/user/package-summary.html
+
+#### Oak Documenation
+
+There exists some documentation about Oak Security at http://jackrabbit.apache.org/oak/docs/security/overview.html. That should cover everything that is being looked at during that introduction.
+Further References
+Java Authentication and Authorization Service (JAAS)
+
+Note that we only make use of the Authentication part of JAAS. Nevertheless the following documents might be useful to consult when you are dealing with authentication.
+
+- Reference Guide
+ http://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/JAASRefGuide.html
+- Develop a LoginModule
+ http://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/JAASLMDevGuide.html
+
+#### Java API References
+
+The following API references to some authentication related classes that we keep referring to when talking about security in the repository
+General Security
+
+- Principal (http://docs.oracle.com/javase/7/docs/api/java/security/Principal.html)
+- Group (http://docs.oracle.com/javase/7/docs/api/java/security/acl/Group.html)
+
+#### Authentication
+
+- LoginContext (http://docs.oracle.com/javase/7/docs/api/javax/security/auth/login/LoginContext.html )
+- LoginModule (http://docs.oracle.com/javase/7/docs/api/javax/security/auth/spi/LoginModule.html)
+- Configuration (http://docs.oracle.com/javase/7/docs/api/javax/security/auth/login/Configuration.html)
+- Subject (http://docs.oracle.com/javase/7/docs/api/javax/security/auth/Subject.html)
+
+
+Using the Exercise Module
+-------------------------
+
+TODO
+
+How to Verify your Solutions
+----------------------------
+
+TODO
\ No newline at end of file
Added: jackrabbit/oak/trunk/oak-exercise/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/pom.xml?rev=1686235&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-exercise/pom.xml (added)
+++ jackrabbit/oak/trunk/oak-exercise/pom.xml Thu Jun 18 14:30:16 2015
@@ -0,0 +1,260 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>oak-parent</artifactId>
+ <version>1.4-SNAPSHOT</version>
+ <relativePath>../oak-parent/pom.xml</relativePath>
+ </parent>
+
+ <artifactId>oak-exercise</artifactId>
+ <name>Oak Exercises</name>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <executions>
+ <execution>
+ <goals>
+ <goal>test-jar</goal>
+ </goals>
+ <configuration>
+ <excludes>
+ <exclude>logback-test.xml</exclude>
+ </excludes>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-failsafe-plugin</artifactId>
+ <configuration>
+ <systemPropertyVariables>
+ <java.util.logging.config.file>
+ src/test/resources/logging.properties
+ </java.util.logging.config.file>
+ </systemPropertyVariables>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <configuration>
+ <instructions>
+ <Embed-Dependency>
+ </Embed-Dependency>
+ <Embed-Transitive>true</Embed-Transitive>
+ <Import-Package>
+ *;resolution:=optional
+ </Import-Package>
+ <Export-Package>
+ </Export-Package>
+ <DynamicImport-Package>
+ org.apache.felix.jaas.boot
+ </DynamicImport-Package>
+ </instructions>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-scr-plugin</artifactId>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ <version>2.0</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>oak-jcr</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>oak-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>oak-commons</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>jackrabbit-api</artifactId>
+ <version>${jackrabbit.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>jackrabbit-jcr-commons</artifactId>
+ <version>${jackrabbit.version}</version>
+ </dependency>
+
+ <!-- Findbugs annotations -->
+ <dependency>
+ <groupId>com.google.code.findbugs</groupId>
+ <artifactId>jsr305</artifactId>
+ </dependency>
+
+ <!-- OSGi -->
+ <dependency>
+ <!-- somehow the 1.6.0_65 compiler crashes on osx without this. -->
+ <groupId>org.apache.felix</groupId>
+ <artifactId>org.apache.felix.scr.annotations</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>org.apache.felix.jaas</artifactId>
+ <version>0.0.2</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.compendium</artifactId>
+ <scope>provided</scope>
+ </dependency>
+
+
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+
+ <!-- Test dependencies -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.mongodb</groupId>
+ <artifactId>mongo-java-driver</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jul-to-slf4j</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>com.h2database</groupId>
+ <artifactId>h2</artifactId>
+ <version>${h2.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>jackrabbit-jcr-tests</artifactId>
+ <version>${jackrabbit.version}</version>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>oak-commons</artifactId>
+ <version>${project.version}</version>
+ <type>test-jar</type>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>oak-jcr</artifactId>
+ <version>${project.version}</version>
+ <type>test-jar</type>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>oak-core</artifactId>
+ <version>${project.version}</version>
+ <type>test-jar</type>
+ <scope>test</scope>
+ </dependency>
+ <!--<dependency>-->
+ <!--<groupId>org.apache.jackrabbit</groupId>-->
+ <!--<artifactId>jackrabbit-core</artifactId>-->
+ <!--<version>${jackrabbit.version}</version>-->
+ <!--<classifier>tests</classifier>-->
+ <!--<scope>test</scope>-->
+ <!--</dependency>-->
+ <!--<dependency>-->
+ <!--<groupId>org.apache.jackrabbit</groupId>-->
+ <!--<artifactId>jackrabbit-core</artifactId>-->
+ <!--<version>${jackrabbit.version}</version>-->
+ <!--<scope>test</scope>-->
+ <!--</dependency>-->
+ <!--<dependency>-->
+ <!--<groupId>org.apache.jackrabbit</groupId>-->
+ <!--<artifactId>jackrabbit-data</artifactId>-->
+ <!--<version>${jackrabbit.version}</version>-->
+ <!--<classifier>tests</classifier>-->
+ <!--<scope>test</scope>-->
+ <!--</dependency>-->
+ <!--<dependency>-->
+ <!--<groupId>org.apache.jackrabbit</groupId>-->
+ <!--<artifactId>jackrabbit-jcr-server</artifactId>-->
+ <!--<version>${jackrabbit.version}</version>-->
+ <!--<scope>test</scope>-->
+ <!--</dependency>-->
+ <dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-jta_1.0.1B_spec</artifactId>
+ <version>1.0.1</version>
+ <scope>test</scope>
+ </dependency>
+ <!--<dependency>-->
+ <!--<groupId>org.apache.commons</groupId>-->
+ <!--<artifactId>commons-math3</artifactId>-->
+ <!--<version>3.2</version>-->
+ <!--<scope>test</scope>-->
+ <!--</dependency>-->
+ <!--<dependency>-->
+ <!--<groupId>com.googlecode.json-simple</groupId>-->
+ <!--<artifactId>json-simple</artifactId>-->
+ <!--<version>1.1.1</version>-->
+ <!--<scope>test</scope>-->
+ <!--</dependency>-->
+ <!--<dependency>-->
+ <!--<groupId>commons-dbcp</groupId>-->
+ <!--<artifactId>commons-dbcp</artifactId>-->
+ <!--<version>1.4</version>-->
+ <!--<scope>test</scope>-->
+ <!--</dependency>-->
+ <!--<dependency>-->
+ <!--<groupId>org.apache.sling</groupId>-->
+ <!--<artifactId>org.apache.sling.testing.osgi-mock</artifactId>-->
+ <!--</dependency>-->
+ </dependencies>
+</project>
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-exercise/pom.xml
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/CustomCredentials.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/CustomCredentials.java?rev=1686235&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/CustomCredentials.java (added)
+++ jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/CustomCredentials.java Thu Jun 18 14:30:16 2015
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication;
+
+import java.util.Map;
+import javax.jcr.Credentials;
+
+import com.google.common.collect.ImmutableMap;
+
+class CustomCredentials implements Credentials {
+
+ private final String loginID;
+ private final String password;
+ private final Map<String, String> attributes;
+
+ CustomCredentials(String loginID, String password, Map<String,String> attributes) {
+ this.loginID = loginID;
+ this.password = password;
+ this.attributes = ImmutableMap.copyOf(attributes);
+ }
+
+ String getLoginID() {
+ return loginID;
+ }
+
+ String getPassword() {
+ return password;
+ }
+
+ Map<String, String> getAttributes() {
+ return attributes;
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/CustomCredentials.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/CustomLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/CustomLoginModule.java?rev=1686235&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/CustomLoginModule.java (added)
+++ jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/CustomLoginModule.java Thu Jun 18 14:30:16 2015
@@ -0,0 +1,81 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication;
+
+import java.util.Map;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * A custom login module for test purposes.
+ *
+ * EXERCISE: complete the implemenation
+ */
+public class CustomLoginModule implements LoginModule {
+
+ private static final Logger log = LoggerFactory.getLogger(CustomLoginModule.class);
+
+ private ConfigurationParameters config;
+
+ public CustomLoginModule() {
+ this(ConfigurationParameters.EMPTY);
+ }
+
+ public CustomLoginModule(ConfigurationParameters config) {
+ this.config = config;
+ }
+
+ @Override
+ public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
+ if (options != null) {
+ ConfigurationParameters opts = ConfigurationParameters.of(options);
+ config = (config == null) ? opts : ConfigurationParameters.of(config, opts);
+ }
+
+ // EXERCISE
+ }
+
+ @Override
+ public boolean login() throws LoginException {
+ // EXERCISE
+ return false;
+ }
+
+ @Override
+ public boolean commit() throws LoginException {
+ // EXERCISE
+ return false;
+ }
+
+ @Override
+ public boolean abort() throws LoginException {
+ // EXERCISE
+ return false;
+ }
+
+ @Override
+ public boolean logout() throws LoginException {
+ // EXERCISE
+ return false;
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/CustomLoginModule.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/CustomLoginModuleFactory.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/CustomLoginModuleFactory.java?rev=1686235&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/CustomLoginModuleFactory.java (added)
+++ jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/CustomLoginModuleFactory.java Thu Jun 18 14:30:16 2015
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication;
+
+import javax.security.auth.spi.LoginModule;
+
+import org.apache.felix.jaas.LoginModuleFactory;
+import org.apache.felix.scr.annotations.Activate;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.ConfigurationPolicy;
+import org.apache.felix.scr.annotations.Deactivate;
+import org.apache.felix.scr.annotations.Property;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.osgi.service.component.ComponentContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Implements a LoginModuleFactory that creates {
+ * @link org.apache.jackrabbit.oak.security.authentication.CustomLoginModule}s
+ * and allows to configure login modules via OSGi config.
+ */
+@Component(
+ label = "Custom Test Login Module (Oak Exercise Module)",
+ metatype = true,
+ policy = ConfigurationPolicy.REQUIRE,
+ configurationFactory = true
+)
+@Service
+public class CustomLoginModuleFactory implements LoginModuleFactory {
+
+ private static final Logger log = LoggerFactory.getLogger(CustomLoginModuleFactory.class);
+
+ @SuppressWarnings("UnusedDeclaration")
+ @Property(
+ intValue = 500,
+ label = "JAAS Ranking",
+ description = "Specifying the ranking (i.e. sort order) of this login module entry. The entries are sorted " +
+ "in a descending order (i.e. higher value ranked configurations come first)."
+ )
+ public static final String JAAS_RANKING = LoginModuleFactory.JAAS_RANKING;
+
+ @SuppressWarnings("UnusedDeclaration")
+ @Property(
+ value = "OPTIONAL",
+ label = "JAAS Control Flag",
+ description = "Property specifying whether or not a LoginModule is REQUIRED, REQUISITE, SUFFICIENT or " +
+ "OPTIONAL. Refer to the JAAS configuration documentation for more details around the meaning of " +
+ "these flags."
+ )
+ public static final String JAAS_CONTROL_FLAG = LoginModuleFactory.JAAS_CONTROL_FLAG;
+
+ @SuppressWarnings("UnusedDeclaration")
+ @Property(
+ label = "JAAS Realm",
+ description = "The realm name (or application name) against which the LoginModule is be registered. If no " +
+ "realm name is provided then LoginModule is registered with a default realm as configured in " +
+ "the Felix JAAS configuration."
+ )
+ public static final String JAAS_REALM_NAME = LoginModuleFactory.JAAS_REALM_NAME;
+
+ // configuration parameters for the login module instances
+ private ConfigurationParameters osgiConfig;
+
+ /**
+ * Activates the LoginModuleFactory service
+ * @param context the component context
+ */
+ @SuppressWarnings("UnusedDeclaration")
+ @Activate
+ private void activate(ComponentContext componentContext) {
+ osgiConfig = ConfigurationParameters.of(componentContext.getProperties());
+ }
+
+ @SuppressWarnings("UnusedDeclaration")
+ @Deactivate
+ private void deactivate() {
+ // nop
+ }
+
+ /**
+ * {@inheritDoc}
+ *
+ * @return a new {@link ExternalLoginModule} instance.
+ */
+ @Override
+ public LoginModule createLoginModule() {
+ return new CustomLoginModule(osgiConfig);
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/CustomLoginModuleFactory.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/UserIDTestLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/UserIDTestLoginModule.java?rev=1686235&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/UserIDTestLoginModule.java (added)
+++ jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/UserIDTestLoginModule.java Thu Jun 18 14:30:16 2015
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication;
+
+import java.security.Principal;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Set;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.spi.LoginModule;
+
+import org.apache.jackrabbit.oak.api.AuthInfo;
+import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl;
+
+/**
+ * LoginModule implementation for {@code UserIDTest}
+ */
+public class UserIDTestLoginModule implements LoginModule {
+
+ private Subject subject;
+
+ @Override
+ public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> stringMap, Map<String, ?> stringMap2) {
+ this.subject = subject;
+ }
+
+ @Override
+ public boolean login() {
+ return true;
+ }
+
+ @Override
+ public boolean commit() {
+ if (!subject.isReadOnly()) {
+ // be defensive: remove all potentially added "AuthInfo' objects.
+ Set<AuthInfo> ais = subject.getPublicCredentials(AuthInfo.class);
+ if (!ais.isEmpty()) {
+ subject.getPublicCredentials().removeAll(ais);
+ }
+ // and finally add the one that produces the desired result:
+ String userID = null;
+ subject.getPublicCredentials().add(new AuthInfoImpl(userID, Collections.<String, Object>emptyMap(), Collections.<Principal>emptySet()));
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ @Override
+ public boolean abort() {
+ return true;
+ }
+
+ @Override
+ public boolean logout() {
+ return true;
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/UserIDTestLoginModule.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/CustomRestrictionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/CustomRestrictionProvider.java?rev=1686235&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/CustomRestrictionProvider.java (added)
+++ jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/CustomRestrictionProvider.java Thu Jun 18 14:30:16 2015
@@ -0,0 +1,90 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.restriction;
+
+import java.util.Set;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.jcr.security.AccessControlException;
+
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
+
+/**
+ * EXERCISE: complete the implemenation
+ */
+public class CustomRestrictionProvider implements RestrictionProvider {
+
+ @Nonnull
+ @Override
+ public Set<RestrictionDefinition> getSupportedRestrictions(@Nullable String oakPath) {
+ // EXERCISE
+ return null;
+ }
+
+ @Nonnull
+ @Override
+ public Restriction createRestriction(@Nullable String oakPath, @Nonnull String oakName, @Nonnull Value value) throws RepositoryException {
+ // EXERCISE
+ return null;
+ }
+
+ @Nonnull
+ @Override
+ public Restriction createRestriction(@Nullable String oakPath, @Nonnull String oakName, @Nonnull Value... values) throws RepositoryException {
+ // EXERCISE
+ return null;
+ }
+
+ @Nonnull
+ @Override
+ public Set<Restriction> readRestrictions(@Nullable String oakPath, @Nonnull Tree aceTree) {
+ // EXERCISE
+ return null;
+ }
+
+ @Override
+ public void writeRestrictions(String oakPath, Tree aceTree, Set<Restriction> restrictions) throws RepositoryException {
+ // EXERCISE
+
+ }
+
+ @Override
+ public void validateRestrictions(@Nullable String oakPath, @Nonnull Tree aceTree) throws RepositoryException {
+ // EXERCISE
+
+ }
+
+ @Nonnull
+ @Override
+ public RestrictionPattern getPattern(@Nullable String oakPath, @Nonnull Tree tree) {
+ // TODO
+ return null;
+ }
+
+ @Nonnull
+ @Override
+ public RestrictionPattern getPattern(@Nullable String oakPath, @Nonnull Set<Restriction> restrictions) {
+ // TODO
+ return null;
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/CustomRestrictionProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/principal/CustomPrincipalConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/principal/CustomPrincipalConfiguration.java?rev=1686235&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/principal/CustomPrincipalConfiguration.java (added)
+++ jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/principal/CustomPrincipalConfiguration.java Thu Jun 18 14:30:16 2015
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.principal;
+
+import javax.annotation.Nonnull;
+
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.ConfigurationPolicy;
+import org.apache.felix.scr.annotations.Property;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalManagerImpl;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Custom principal configuration that is disabled by default.
+ */
+@Component(metatype = true, policy = ConfigurationPolicy.REQUIRE)
+@Service({PrincipalConfiguration.class, org.apache.jackrabbit.oak.spi.security.SecurityConfiguration.class})
+public class CustomPrincipalConfiguration extends ConfigurationBase implements PrincipalConfiguration {
+
+ private static final Logger log = LoggerFactory.getLogger(CustomPrincipalConfiguration.class);
+
+ // EXERCISE define sensible properties (e.g. configuration parameters for principal lookup on a third party system)
+ @Property(name = "knownPrincipals", value = {}, cardinality = 100)
+ private String[] knownPrincipals = new String[0];
+
+ @Nonnull
+ @Override
+ public PrincipalManager getPrincipalManager(Root root, NamePathMapper namePathMapper) {
+ return new PrincipalManagerImpl(getPrincipalProvider(root, namePathMapper));
+ }
+
+ @Nonnull
+ @Override
+ public PrincipalProvider getPrincipalProvider(Root root, NamePathMapper namePathMapper) {
+ return new CustomPrincipalProvider(knownPrincipals);
+ }
+
+ @Nonnull
+ @Override
+ public String getName() {
+ return PrincipalConfiguration.NAME;
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/principal/CustomPrincipalConfiguration.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/principal/CustomPrincipalProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/principal/CustomPrincipalProvider.java?rev=1686235&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/principal/CustomPrincipalProvider.java (added)
+++ jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/principal/CustomPrincipalProvider.java Thu Jun 18 14:30:16 2015
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.principal;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.Set;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Iterators;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
+
+/**
+ * Custom principal provider that only knows of a predefined set of principals
+ * and their group membership.
+ *
+ * EXERCISE: complete the implemenation
+ */
+class CustomPrincipalProvider implements PrincipalProvider {
+
+ private final Set knownPrincipalNames;
+
+ CustomPrincipalProvider(String[] knownPrincipalNames) {
+ this.knownPrincipalNames = ImmutableSet.copyOf(knownPrincipalNames);
+ }
+
+ @Override
+ public Principal getPrincipal(@Nonnull String principalName) {
+ // EXERCISE: complete
+ return null;
+ }
+
+ @Nonnull
+ @Override
+ public Set<Group> getGroupMembership(@Nonnull Principal principal) {
+ // EXERCISE : expose the group membership of your known Principals
+ // EXERCISE : add every other principal into one of your known-principal-groups to establish dynamic group membership
+ return Collections.EMPTY_SET;
+ }
+
+ @Nonnull
+ @Override
+ public Set<? extends Principal> getPrincipals(@Nonnull String userID) {
+ // EXERCISE : expose the principal-sets of your known principals
+ // EXERCISE : add every other principal into one of your known-principal-groups to establish dynamic group membership
+ return Collections.EMPTY_SET;
+ }
+
+ @Nonnull
+ @Override
+ public Iterator<? extends Principal> findPrincipals(@Nullable String nameHint, int searchType) {
+ // EXERCISE
+ return Iterators.emptyIterator();
+ }
+
+ @Nonnull
+ @Override
+ public Iterator<? extends Principal> findPrincipals(int searchType) {
+ // EXERCISE
+ return Iterators.emptyIterator();
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/principal/CustomPrincipalProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/ExerciseUtility.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/ExerciseUtility.java?rev=1686235&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/ExerciseUtility.java (added)
+++ jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/ExerciseUtility.java Thu Jun 18 14:30:16 2015
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security;
+
+import java.security.Principal;
+import java.util.UUID;
+import javax.annotation.Nonnull;
+import javax.jcr.RepositoryException;
+import javax.jcr.SimpleCredentials;
+
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
+
+public final class ExerciseUtility {
+
+ public static final String TEST_USER_HINT = "testUser";
+ public static final String TEST_GROUP_HINT = "testGroup";
+ public static final String TEST_PRINCIPAL_HINT = "testPrincipal";
+ public static final String TEST_GROUP_PRINCIPAL_HINT = "testGroupPrincipal";
+ public static final String TEST_PW = "pw";
+
+ private ExerciseUtility() {}
+
+ public static String getTestId(@Nonnull String hint) {
+ return hint + UUID.randomUUID().toString();
+ }
+
+ public static Principal getTestPrincipal(@Nonnull String hint) {
+ String name = hint + UUID.randomUUID().toString();
+ return new PrincipalImpl(name);
+ }
+
+ public static User createTestUser(@Nonnull UserManager userMgr) throws RepositoryException {
+ return userMgr.createUser(getTestId(TEST_USER_HINT), TEST_PW, getTestPrincipal(TEST_PRINCIPAL_HINT), null);
+ }
+
+ public static Group createTestGroup(@Nonnull UserManager userMgr) throws RepositoryException {
+ return userMgr.createGroup(getTestId(TEST_GROUP_HINT), getTestPrincipal(TEST_GROUP_PRINCIPAL_HINT), null);
+ }
+
+ public static SimpleCredentials getTestCredentials(@Nonnull String userID) {
+ return new SimpleCredentials(userID, TEST_PW.toCharArray());
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/ExerciseUtility.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L1_IntroductionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L1_IntroductionTest.java?rev=1686235&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L1_IntroductionTest.java (added)
+++ jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L1_IntroductionTest.java Thu Jun 18 14:30:16 2015
@@ -0,0 +1,116 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication;
+
+import javax.jcr.Credentials;
+import javax.jcr.Repository;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.test.AbstractJCRTest;
+
+import static org.apache.jackrabbit.oak.security.ExerciseUtility.createTestUser;
+import static org.apache.jackrabbit.oak.security.ExerciseUtility.getTestCredentials;
+
+/**
+ * <pre>
+ * Module: Authentication
+ * =============================================================================
+ *
+ * Title: Introduction - Login Step by Step
+ * -----------------------------------------------------------------------------
+ *
+ * Goal:
+ * Make yourself familiar with the authentication as present in JCR and in Oak.
+ *
+ * Exercise:
+ *
+ * Walk though repository login starting from the JCR repository login and
+ * make yourself familiar with the authentication.
+ *
+ * - {@link #testUserLogin()}
+ * - {@link #testAdminLogin()}
+ *
+ * Questions:
+ *
+ * - What is the Oak API correspondent of {@link Repository#login(javax.jcr.Credentials)}?
+ *
+ * - Identify those parts/classes/configurations in the repository authentication
+ * that can be customized
+ *
+ *
+ * Additional Exercises:
+ * -----------------------------------------------------------------------------
+ *
+ * - Modify the test to use the other variants of {@link javax.jcr.Repository#login}
+ * - Modify the test to use {@link org.apache.jackrabbit.api.JackrabbitRepository#login(javax.jcr.Credentials, String, java.util.Map)}
+ *
+ * Questions:
+ *
+ * - Explain the difference between the different login flavors
+ *
+ * - Explain the difference of the {@code JackrabbitRepository} login extension
+ * wrt regular JCR login and explain what it is (could be) used for.
+ * Hint: Look at Sling (Granite|CQ), search in the Apache JIRA
+ *
+ * </pre>
+ *
+ * @see javax.jcr.Repository#login
+ * @see org.apache.jackrabbit.api.JackrabbitRepository#login
+ * @see org.apache.jackrabbit.oak.api.ContentRepository#login(javax.jcr.Credentials, String)
+ * @see javax.jcr.Credentials
+ * @see javax.jcr.SimpleCredentials
+ */
+public class L1_IntroductionTest extends AbstractJCRTest {
+
+ private Repository repository;
+ private User user;
+ private Session testSession;
+
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+
+ repository = getHelper().getRepository();
+ user = createTestUser(((JackrabbitSession) superuser).getUserManager());;
+ superuser.save();
+ }
+
+ @Override
+ protected void tearDown() throws Exception {
+ try {
+ if (testSession != null && testSession.isLive()) {
+ testSession.logout();
+ }
+ user.remove();
+ superuser.save();
+ } finally {
+ super.tearDown();
+ }
+ }
+
+ public void testUserLogin() throws RepositoryException {
+ testSession = repository.login(getTestCredentials(user.getID()));
+ }
+
+ public void testAdminLogin() throws RepositoryException {
+ Credentials adminCredentials = getHelper().getSuperuserCredentials();
+ testSession = repository.login(adminCredentials);
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L1_IntroductionTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L2_AuthInfoTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L2_AuthInfoTest.java?rev=1686235&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L2_AuthInfoTest.java (added)
+++ jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L2_AuthInfoTest.java Thu Jun 18 14:30:16 2015
@@ -0,0 +1,181 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication;
+
+import java.security.Principal;
+import java.util.Set;
+import javax.jcr.GuestCredentials;
+import javax.jcr.NoSuchWorkspaceException;
+import javax.jcr.RepositoryException;
+import javax.security.auth.login.LoginException;
+
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.AuthInfo;
+import org.apache.jackrabbit.oak.api.CommitFailedException;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.security.ExerciseUtility;
+import org.junit.Test;
+
+import static org.apache.jackrabbit.oak.security.ExerciseUtility.createTestGroup;
+import static org.apache.jackrabbit.oak.security.ExerciseUtility.createTestUser;
+import static org.apache.jackrabbit.oak.security.ExerciseUtility.getTestCredentials;
+import static org.junit.Assert.assertEquals;
+
+/**
+ * <pre>
+ * Module: Authentication
+ * =============================================================================
+ *
+ * Title: Oak AuthInfo
+ * -----------------------------------------------------------------------------
+ *
+ * Goal:
+ * Understand the {@link AuthInfo} interface, how it relates to the
+ * {@link javax.security.auth.Subject} and how it is populated during login.
+ *
+ * Exercises:
+ *
+ * - {@link #testGetAuthInfo()}
+ * Walk through the {@link org.apache.jackrabbit.oak.api.ContentSession#getAuthInfo()}
+ * call in order to get in insight to the implementation and how the {@link org.apache.jackrabbit.oak.api.AuthInfo}
+ * relates to the {@link javax.security.auth.Subject}
+ *
+ * - {@link #testGuestAuthInfo()}
+ * Walk though the login call on the Oak API and identify where the {@link AuthInfo}
+ * is being created.
+ * Fix the test case by providing the expected id and set of principals for the guest content session.
+ * Question: Can you identify the similarities between the subject and the AuthInfo? What is missing in AuthInfo?
+ *
+ * - {@link #testUserAuthInfo()}
+ * Same as {@link #testGuestAuthInfo()} for a newly created user.
+ * Fix the test case by providing the expected id and set of principals for the content session.
+ * Pay attention to the way the test user has been created.
+ *
+ * Question: What is the principal name?
+ * Question: What is the difference between the userID and the principal name? and how is that reflected in the AuthInfo?
+ *
+ * - {@link #testUserAuthInfoWithGroupMembership()}
+ * Same as {@link #testUserAuthInfo()} but with the subtle difference that the
+ * test user is member of a group.
+ * Fix the test case by providing the expected set of principals for the content session.
+ * Identify how the group membership is being exposed in the AuthInfo
+ *
+ * Question: Can you spot the 'groupID' in the AuthInfo? Or in the underlying Subject?
+ *
+ * </pre>
+ *
+ * @see org.apache.jackrabbit.oak.api.AuthInfo
+ * @see javax.security.auth.Subject
+ * @see org.apache.jackrabbit.oak.api.ContentRepository#login(javax.jcr.Credentials, String)
+ */
+public class L2_AuthInfoTest extends AbstractSecurityTest {
+
+ private UserManager userManager;
+ private User testUser;
+ private Group testGroup;
+
+ private ContentSession contentSession;
+
+ @Override
+ public void before() throws Exception {
+ super.before();
+
+ userManager = getUserManager(root);
+ }
+
+ @Override
+ public void after() throws Exception {
+ try {
+ if (contentSession != null) {
+ contentSession.close();
+ }
+ if (testUser != null) {
+ testUser.remove();
+ }
+ if (testGroup != null) {
+ testGroup.remove();
+ }
+ root.commit();
+ } finally {
+ super.after();
+ }
+ }
+
+ @Test
+ public void testGetAuthInfo() {
+ // EXERCISE: inspect the method
+ AuthInfo authInfo = adminSession.getAuthInfo();
+ }
+
+ @Test
+ public void testGuestAuthInfo() throws LoginException, NoSuchWorkspaceException {
+ contentSession = login(new GuestCredentials());
+
+ AuthInfo authInfo = contentSession.getAuthInfo();
+
+ String expectedId = null; // EXERCISE : fill in the expected id
+ assertEquals(expectedId, authInfo.getUserID());
+
+
+ // EXERCISE: create the set of expected principals.
+ // EXERCISE: what are the variants you have at hand when using the Jackrabbit API
+ // EXERCISE: what are the variants you have at hand when using public Oak SPI interfaces?
+ Set<Principal> expectedPrincipals = null;
+ assertEquals(expectedPrincipals, authInfo.getPrincipals());
+ }
+
+ @Test
+ public void testUserAuthInfo() throws LoginException, RepositoryException, CommitFailedException {
+ testUser = createTestUser(userManager);
+ root.commit();
+
+ contentSession = login(ExerciseUtility.getTestCredentials(testUser.getID()));
+
+ AuthInfo authInfo = contentSession.getAuthInfo();
+
+ String expectedId = null; // EXERCISE : fill in the expected id
+ assertEquals(expectedId, authInfo.getUserID());
+
+
+ // EXERCISE: create the set of expected principals.
+ // EXERCISE: what are the variants you have at hand when using the Jackrabbit API
+ // EXERCISE: what are the variants you have at hand when using public Oak SPI interfaces?
+ Set<Principal> expectedPrincipals = null;
+ assertEquals(expectedPrincipals, authInfo.getPrincipals());
+ }
+
+ @Test
+ public void testUserAuthInfoWithGroupMembership() throws LoginException, RepositoryException, CommitFailedException {
+ testUser = createTestUser(userManager);
+ testGroup = createTestGroup(userManager);
+ testGroup.addMember(testUser);
+ root.commit();
+
+ contentSession = login(getTestCredentials(testUser.getID()));
+
+ AuthInfo authInfo = contentSession.getAuthInfo();
+
+ // EXERCISE: create the set of expected principals.
+ // EXERCISE: what are the variants you have at hand when using the Jackrabbit API
+ // EXERCISE: what are the variants you have at hand when using public Oak SPI interfaces?
+ Set<Principal> expectedPrincipals = null;
+ assertEquals(expectedPrincipals, authInfo.getPrincipals());
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L2_AuthInfoTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L3_LoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L3_LoginModuleTest.java?rev=1686235&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L3_LoginModuleTest.java (added)
+++ jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L3_LoginModuleTest.java Thu Jun 18 14:30:16 2015
@@ -0,0 +1,135 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication;
+
+import java.io.IOException;
+import java.util.Collections;
+import javax.jcr.GuestCredentials;
+import javax.jcr.NoSuchWorkspaceException;
+import javax.jcr.RepositoryException;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginException;
+
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.junit.Test;
+
+/**
+ * <pre>
+ * Module: Authentication
+ * =============================================================================
+ *
+ * Title: LoginModule
+ * -----------------------------------------------------------------------------
+ *
+ * Goal:
+ * Understand the role of {@link javax.security.auth.spi.LoginModule}s in the Oak
+ * authentication setup, the way multiple login modules can be configured (both
+ * in OSGi and Java based setups) and how they interact.
+ *
+ * Exercises:
+ *
+ * - Overview
+ * Search the Oak code base for implementations of {@link javax.security.auth.spi.LoginModule}
+ * and describe their behaviour|intention and the interactions they may have
+ * when combined in a certain order.
+ *
+ * - {@link #testLogin()}
+ * Learn how different login modules interact by modifing the JAAS setup.
+ * In this test-scenario this can easily be achieved by overriding the
+ * {@link #getConfiguration()} method.
+ * Change the JAAS configuration and use the {@link #testLogin()} method to
+ * walk through the login. For example
+ * > look at ConfigurationUtil for various options
+ * > manually create a different configuration with different control flags
+ * > create a configuration that also includes the {@link CustomLoginModule}
+ * Discuss your findings
+ *
+ *
+ * Additional Exercises
+ * -----------------------------------------------------------------------------
+ *
+ * In an OSGi base setup like Sling (i.e. Granite|CQ) you can perform the
+ * following exercises to deepen your understanding of the {@code LoginModule}
+ * mechanism.
+ *
+ * - Instead of modifying the JAAS configuration in the Java code (or a jaas
+ * configuration file) use the system console to change the order and control
+ * flag of the various login modules.
+ * Same as {@link #testLogin()} but with configuration changed in OSGi.
+ *
+ *
+ * Advanced Exercises
+ * -----------------------------------------------------------------------------
+ *
+ * Use the {@link org.apache.jackrabbit.oak.security.authentication.CustomLoginModule}
+ * stub to make advanced exercises wrt {@link javax.security.auth.spi.LoginModule}:
+ *
+ * - {@link #testCustomCredentialsLogin}
+ * Adjust the JAAS configuration and complete the
+ * {@link org.apache.jackrabbit.oak.security.authentication.CustomLoginModule}
+ * such that the test passes; i.e. that you can perform a successful login with
+ * {@link org.apache.jackrabbit.oak.security.authentication.CustomCredentials}.
+ *
+ * Play with the {@link javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag}
+ * in the configuration such that a successful login with the custom module succeeds.
+ *
+ * Alternatively you could for example map the a given loginID to a particular
+ * user in the repository and use the shared state of the login modules to pass
+ * around credentials, login name etc.
+ *
+ *
+ * Related Exercises
+ * -----------------------------------------------------------------------------
+ *
+ * - {@link L8_PreAuthTest}
+ * - {@link L9_NullLoginTest}
+ *
+ * </pre>
+ *
+ * @see javax.security.auth.spi.LoginModule
+ * @see javax.security.auth.login.Configuration
+ */
+public class L3_LoginModuleTest extends AbstractSecurityTest {
+
+
+ @Override
+ protected Configuration getConfiguration() {
+ // EXERCISE: modify the JAAS configuration
+ // EXERCISE: - look at ConfigurationUtil for various options
+ // EXERCISE: - manually create a different configuration with different control flags
+ // EXERCISE: - create a configuration that also includes the {@link CustomLoginModule}
+ return super.getConfiguration();
+ }
+
+ @Test
+ public void testLogin() throws LoginException, NoSuchWorkspaceException, IOException {
+ ContentSession contentSession = login(new GuestCredentials());
+ contentSession.close();
+ }
+
+ @Test
+ public void testCustomCredentialsLogin() throws LoginException, RepositoryException, IOException {
+ String loginID = null; // EXERCISE
+ String pw = null; // EXERCISE
+ ContentSession contentSession = login(new CustomCredentials(loginID, pw, Collections.EMPTY_MAP));
+
+ // EXERCISE: add verification of the AuthInfo according to your implementation of the custom login module.
+
+ contentSession.close();
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L3_LoginModuleTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L4_UserIDTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L4_UserIDTest.java?rev=1686235&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L4_UserIDTest.java (added)
+++ jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L4_UserIDTest.java Thu Jun 18 14:30:16 2015
@@ -0,0 +1,124 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication;
+
+import java.util.Collections;
+import javax.jcr.Credentials;
+import javax.jcr.Repository;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginException;
+
+import org.apache.jackrabbit.oak.security.authentication.UserIDTestLoginModule;
+import org.apache.jackrabbit.test.AbstractJCRTest;
+
+/**
+ * <pre>
+ * Module: Authentication
+ * =============================================================================
+ *
+ * Title: Session.getUserID()
+ * -----------------------------------------------------------------------------
+ *
+ * Goal:
+ * Understand the semantics of {@link javax.jcr.Session#getUserID()} and the
+ * difference to {@link org.apache.jackrabbit.api.security.user.User#getID()}.
+ * Understand, why this test is located in the 'Authentication' section instead
+ * of the 'UserManagement' section.
+ *
+ * Exercises:
+ *
+ * - Read JSR 283 and the JavaDoc of {@link javax.jcr.Session#getUserID()}
+ * Question: What is the defined return value of this method? How does that
+ * relate to {@link org.apache.jackrabbit.api.security.user.User#getID()}?
+ *
+ * - {@link #testGetUserIDReturnsNull()}
+ * Run the test and explain why {@link javax.jcr.Session#getUserID()} returns
+ * {@code null} after login with the admin credentials.
+ *
+ *
+ * Additional Exercises:
+ * -----------------------------------------------------------------------------
+ *
+ * - Identify what the nature of the API contract means for round trips between
+ * {@link javax.jcr.Session#getUserID()} and {@link org.apache.jackrabbit.api.security.user.UserManager#getAuthorizable(String)}.
+ *
+ *
+ * Related Exercises:
+ * -----------------------------------------------------------------------------
+ *
+ * - {@link org.apache.jackrabbit.oak.security.authentication.L2_AuthInfoTest}
+ *
+ * </pre>
+ *
+ * @see javax.jcr.Session#getUserID()
+ * @see org.apache.jackrabbit.api.security.user.User#getID()
+ * @see org.apache.jackrabbit.oak.api.AuthInfo#getUserID()
+ */
+public class L4_UserIDTest extends AbstractJCRTest {
+
+ private Repository repository;
+
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+ repository = getHelper().getRepository();
+ }
+
+
+ public void testGetUserIDReturnsNull() throws RepositoryException, LoginException {
+
+ // verify first that the admin-ID is not null in the default setup.
+ String adminId = superuser.getUserID();
+ assertNotNull(adminId);
+
+ // verify userID in SimpleCredentials is not null
+ Credentials adminCredentials = getHelper().getSuperuserCredentials();
+ assertNotNull(((SimpleCredentials) adminCredentials).getUserID());
+
+ Session adminSession = null;
+ try {
+ // change the JAAS configuration
+ Configuration.setConfiguration(getConfiguration());
+ // login again
+ adminSession = repository.login(adminCredentials);
+
+ // EXERCISE : explain why the userID of the admin-session is now 'null'
+ assertNull(adminSession.getUserID());
+
+ } finally {
+ if (adminSession != null && adminSession.isLive()) {
+ adminSession.logout();
+ }
+ Configuration.setConfiguration(null);
+ }
+ }
+
+ private static Configuration getConfiguration() {
+ return new Configuration() {
+ @Override
+ public AppConfigurationEntry[] getAppConfigurationEntry(String applicationName) {
+ return new AppConfigurationEntry[]{
+ new AppConfigurationEntry(UserIDTestLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, Collections.EMPTY_MAP)
+ };
+ }
+ };
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/security/authentication/L4_UserIDTest.java
------------------------------------------------------------------------------
svn:eol-style = native