You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/10/19 18:42:51 UTC
svn commit: r1400158 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/core/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorizat...
Author: angela
Date: Fri Oct 19 16:42:50 2012
New Revision: 1400158
URL: http://svn.apache.org/viewvc?rev=1400158&view=rev
Log:
OAK-91 - Implement Authentication Support (WIP)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/SystemPrincipal.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java Fri Oct 19 16:42:50 2012
@@ -21,6 +21,7 @@ package org.apache.jackrabbit.oak.core;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
import javax.annotation.Nonnull;
import javax.security.auth.Subject;
@@ -38,6 +39,7 @@ import org.apache.jackrabbit.oak.spi.que
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.spi.state.NodeStateDiff;
@@ -126,20 +128,17 @@ public class RootImpl implements Root {
public RootImpl(NodeStore store) {
this.store = checkNotNull(store);
- this.subject = new Subject();
+ // TODO review again (see also comment in RepositoryCallback)
+ this.subject = new Subject(true, Collections.singleton(SystemPrincipal.INSTANCE), Collections.<Object>emptySet(), Collections.<Object>emptySet());
this.accProvider = new OpenAccessControlProvider();
this.indexProvider = new CompositeQueryIndexProvider();
refresh();
}
- public void setConflictHandler(ConflictHandler conflictHandler) {
+ void setConflictHandler(ConflictHandler conflictHandler) {
this.conflictHandler = conflictHandler;
}
- public ConflictHandler getConflictHandler() {
- return conflictHandler;
- }
-
protected void checkLive() {
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java Fri Oct 19 16:42:50 2012
@@ -81,12 +81,6 @@ public class TokenProviderImpl implement
*/
private static final Logger log = LoggerFactory.getLogger(TokenProviderImpl.class);
- /**
- * Constant for the token attribute passed with simple credentials to
- * trigger the generation of a new token.
- */
- public static final String TOKEN_ATTRIBUTE = ".token";
-
private static final String TOKEN_ATTRIBUTE_EXPIRY = TOKEN_ATTRIBUTE + ".exp";
private static final String TOKEN_ATTRIBUTE_KEY = TOKEN_ATTRIBUTE + ".key";
private static final String TOKENS_NODE_NAME = ".tokens";
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java Fri Oct 19 16:42:50 2012
@@ -24,6 +24,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authorization.AllPermissions;
import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
+import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
/**
* PermissionProviderImpl... TODO
@@ -41,7 +42,7 @@ class AccessControlContextImpl implement
@Override
public CompiledPermissions getPermissions() {
Set<Principal> principals = subject.getPrincipals();
- if (isAdmin(principals)) {
+ if (principals.contains(SystemPrincipal.INSTANCE) || isAdmin(principals)) {
return AllPermissions.getInstance();
} else {
// TODO: replace with permissions based on ac evaluation
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java Fri Oct 19 16:42:50 2012
@@ -129,7 +129,6 @@ public class PrincipalProviderImpl imple
private Set<Group> getGroupMembership(Authorizable authorizable) {
Set<java.security.acl.Group> groupPrincipals = new HashSet<Group>();
- groupPrincipals.add(EveryonePrincipal.getInstance());
try {
Iterator<org.apache.jackrabbit.api.security.user.Group> groups = authorizable.memberOf();
while (groups.hasNext()) {
@@ -141,6 +140,7 @@ public class PrincipalProviderImpl imple
} catch (RepositoryException e) {
log.debug(e.getMessage());
}
+ groupPrincipals.add(EveryonePrincipal.getInstance());
return groupPrincipals;
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java Fri Oct 19 16:42:50 2012
@@ -31,14 +31,13 @@ import org.apache.jackrabbit.oak.spi.sta
*/
public class RepositoryCallback implements Callback {
+ // TODO: base on a system-ContentSession that was passed to this
+ // TODO: callback handler in order have the appropriate set of indexes,
+ // TODO: valiators, commit-hooks etc...
+
private NodeStore nodeStore;
private String workspaceName;
- @CheckForNull
- public NodeStore getNodeStore() {
- return nodeStore;
- }
-
public String getWorkspaceName() {
return workspaceName;
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java Fri Oct 19 16:42:50 2012
@@ -26,6 +26,12 @@ import javax.jcr.Credentials;
public interface TokenProvider {
/**
+ * Constant for the token attribute passed with valid simple credentials to
+ * trigger the generation of a new token.
+ */
+ public static final String TOKEN_ATTRIBUTE = ".token";
+
+ /**
* Optional configuration parameter to set the token expiration time in ms.
*/
String PARAM_TOKEN_EXPIRATION = "tokenExpiration";
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java Fri Oct 19 16:42:50 2012
@@ -16,16 +16,17 @@
*/
package org.apache.jackrabbit.oak.spi.security.principal;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
import java.security.Principal;
import java.util.Enumeration;
+import org.apache.jackrabbit.api.security.principal.JackrabbitPrincipal;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
/**
* Built-in principal group that has every other principal as member.
*/
-public class EveryonePrincipal implements java.security.acl.Group {
+public class EveryonePrincipal implements JackrabbitPrincipal, java.security.acl.Group {
/**
* logger instance
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/SystemPrincipal.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/SystemPrincipal.java?rev=1400158&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/SystemPrincipal.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/SystemPrincipal.java Fri Oct 19 16:42:50 2012
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.principal;
+
+import java.security.Principal;
+
+/**
+ * Principal to mark an system internal subject.
+ */
+public final class SystemPrincipal implements Principal {
+
+ public static final SystemPrincipal INSTANCE = new SystemPrincipal();
+
+ private SystemPrincipal() { }
+
+ //----------------------------------------------------------< Principal >---
+ @Override
+ public String getName() {
+ return "system";
+ }
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java Fri Oct 19 16:42:50 2012
@@ -115,8 +115,6 @@ public class DefaultLoginModuleTest exte
@Test
public void testUserLogin() throws Exception {
- String anonymousID = UserUtility.getAnonymousId(securityProvider.getUserConfiguration().getConfigurationParameters());
-
Root root = admin.getLatestRoot();
UserManager userManager = securityProvider.getUserConfiguration().getUserManager(root, NamePathMapper.DEFAULT);
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java?rev=1400158&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java Fri Oct 19 16:42:50 2012
@@ -0,0 +1,205 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication;
+
+import java.util.Collections;
+import javax.jcr.GuestCredentials;
+import javax.jcr.SimpleCredentials;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginException;
+
+import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule;
+import org.apache.jackrabbit.oak.security.authentication.token.TokenProviderImpl;
+import org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.fail;
+
+/**
+ * TokenDefaultLoginModuleTest...
+ */
+public class TokenDefaultLoginModuleTest extends AbstractSecurityTest {
+
+ @Override
+ protected Configuration getConfiguration() {
+ return new TokenDefaultConfiguration();
+ }
+
+ @Test
+ public void testNullLogin() throws Exception {
+ ContentSession cs = null;
+ try {
+ cs = login(null);
+ fail("Null login should fail");
+ } catch (LoginException e) {
+ // success
+ } finally {
+ if (cs != null) {
+ cs.close();
+ }
+ }
+ }
+
+ @Test
+ public void testGuestLogin() throws Exception {
+ ContentSession cs = null;
+ try {
+ cs = login(new GuestCredentials());
+ } finally {
+ if (cs != null) {
+ cs.close();
+ }
+ }
+ }
+
+ @Test
+ public void testInvalidSimpleCredentials() throws Exception {
+ ContentSession cs = null;
+ try {
+ SimpleCredentials sc = new SimpleCredentials("test", new char[0]);
+ cs = login(sc);
+ fail("Invalid simple credentials login should fail");
+ } catch (LoginException e) {
+ // success
+ } finally {
+ if (cs != null) {
+ cs.close();
+ }
+ }
+ }
+
+ @Test
+ public void testInvalidSimpleCredentialsWithAttribute() throws Exception {
+ ContentSession cs = null;
+ try {
+ SimpleCredentials sc = new SimpleCredentials("test", new char[0]);
+ sc.setAttribute(TokenProviderImpl.TOKEN_ATTRIBUTE, "");
+
+ cs = login(sc);
+ fail("Invalid simple credentials login should fail");
+ } catch (LoginException e) {
+ // success
+ } finally {
+ if (cs != null) {
+ cs.close();
+ }
+ }
+ }
+
+ @Test
+ public void testSimpleCredentials() throws Exception {
+ ContentSession cs = null;
+ try {
+ cs = login(getAdminCredentials());
+ } finally {
+ if (cs != null) {
+ cs.close();
+ }
+ }
+ }
+
+ @Test
+ public void testSimpleCredentialsWithAttribute() throws Exception {
+ ContentSession cs = null;
+ try {
+ SimpleCredentials sc = (SimpleCredentials) getAdminCredentials();
+ sc.setAttribute(TokenProviderImpl.TOKEN_ATTRIBUTE, "");
+ cs = login(sc);
+ } finally {
+ if (cs != null) {
+ cs.close();
+ }
+ }
+ }
+
+ @Test
+ public void testTokenCreationAndLogin() throws Exception {
+ ContentSession cs = null;
+ try {
+ SimpleCredentials sc = (SimpleCredentials) getAdminCredentials();
+ sc.setAttribute(TokenProvider.TOKEN_ATTRIBUTE, "");
+ cs = login(sc);
+
+ Object token = sc.getAttribute(TokenProvider.TOKEN_ATTRIBUTE).toString();
+ assertNotNull(token);
+ TokenCredentials tc = new TokenCredentials(token.toString());
+
+ cs.close();
+ cs = login(tc);
+ } finally {
+ if (cs != null) {
+ cs.close();
+ }
+ }
+ }
+
+ @Test
+ public void testInvalidTokenCredentials() throws Exception {
+ ContentSession cs = null;
+ try {
+ cs = login(new TokenCredentials("invalid"));
+ fail("Invalid token credentials login should fail");
+ } catch (LoginException e) {
+ // success
+ } finally {
+ if (cs != null) {
+ cs.close();
+ }
+ }
+ }
+
+ @Test
+ public void testValidTokenCredentials() throws Exception {
+ Root root = admin.getLatestRoot();
+ TokenProvider tp = securityProvider.getTokenProvider(root);
+
+ SimpleCredentials sc = (SimpleCredentials) getAdminCredentials();
+ TokenInfo info = tp.createToken(sc.getUserID(), Collections.<String, Object>emptyMap());
+
+ ContentSession cs = login(new TokenCredentials(info.getToken()));
+ try {
+ assertEquals(sc.getUserID(), cs.getAuthInfo().getUserID());
+ } finally {
+ cs.close();
+ }
+ }
+
+ private class TokenDefaultConfiguration extends Configuration {
+
+ @Override
+ public AppConfigurationEntry[] getAppConfigurationEntry(String s) {
+ AppConfigurationEntry tokenEntry = new AppConfigurationEntry(
+ TokenLoginModule.class.getName(),
+ AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT,
+ Collections.<String, Object>emptyMap());
+ AppConfigurationEntry defaultEntry = new AppConfigurationEntry(
+ LoginModuleImpl.class.getName(),
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
+ Collections.<String, Object>emptyMap());
+ return new AppConfigurationEntry[] {tokenEntry, defaultEntry};
+ }
+ }
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java Fri Oct 19 16:42:50 2012
@@ -28,7 +28,6 @@ import org.apache.jackrabbit.oak.api.Con
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
import org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule;
-import org.apache.jackrabbit.oak.security.authentication.token.TokenProviderImpl;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.junit.Test;
@@ -77,11 +76,27 @@ public class TokenLoginModuleTest extend
}
@Test
+ public void testSimpleCredentials() throws Exception {
+ ContentSession cs = null;
+ try {
+ SimpleCredentials sc = new SimpleCredentials("admin", "admin".toCharArray());
+ cs = login(sc);
+ fail("Unsupported credentials login should fail");
+ } catch (LoginException e) {
+ // success
+ } finally {
+ if (cs != null) {
+ cs.close();
+ }
+ }
+ }
+
+ @Test
public void testSimpleCredentialsWithAttribute() throws Exception {
ContentSession cs = null;
try {
SimpleCredentials sc = new SimpleCredentials("test", new char[0]);
- sc.setAttribute(TokenProviderImpl.TOKEN_ATTRIBUTE, "");
+ sc.setAttribute(TokenProvider.TOKEN_ATTRIBUTE, "");
cs = login(sc);
fail("Unsupported credentials login should fail");
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java Fri Oct 19 16:42:50 2012
@@ -19,11 +19,13 @@ package org.apache.jackrabbit.oak.securi
import java.security.Principal;
import java.util.Set;
+import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.junit.Test;
import static org.junit.Assert.assertFalse;
@@ -57,4 +59,30 @@ public class PrincipalProviderImplTest e
}
assertTrue(containsAdminPrincipal);
}
+
+ @Test
+ public void testEveryone() throws Exception {
+ Root root = admin.getLatestRoot();
+ UserConfiguration config = securityProvider.getUserConfiguration();
+
+ PrincipalProviderImpl principalProvider = new PrincipalProviderImpl(root, config, NamePathMapper.DEFAULT);
+
+ Principal everyone = principalProvider.getPrincipal(EveryonePrincipal.NAME);
+ assertTrue(everyone instanceof EveryonePrincipal);
+
+ org.apache.jackrabbit.api.security.user.Group everyoneGroup = null;
+ try {
+ UserManager userMgr = config.getUserManager(root, NamePathMapper.DEFAULT);
+ everyoneGroup = userMgr.createGroup(EveryonePrincipal.NAME);
+ root.commit();
+
+ Principal ep = principalProvider.getPrincipal(EveryonePrincipal.NAME);
+ assertFalse(ep instanceof EveryonePrincipal);
+ } finally {
+ if (everyoneGroup != null) {
+ everyoneGroup.remove();
+ root.commit();
+ }
+ }
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java Fri Oct 19 16:42:50 2012
@@ -65,11 +65,13 @@ public class EveryoneGroupTest extends A
@Test
public void testGroupPrincipal() throws Exception {
- Principal everonePrincipal = everyone.getPrincipal();
- assertTrue(everonePrincipal instanceof java.security.acl.Group);
+ Principal everyonePrincipal = everyone.getPrincipal();
+ assertTrue(everyonePrincipal instanceof java.security.acl.Group);
+ assertTrue(everyonePrincipal.equals(EveryonePrincipal.getInstance()));
+ assertTrue(EveryonePrincipal.getInstance().equals(everyonePrincipal));
- java.security.acl.Group gr = (java.security.acl.Group) everonePrincipal;
- assertFalse(gr.isMember(everonePrincipal));
+ java.security.acl.Group gr = (java.security.acl.Group) everyonePrincipal;
+ assertFalse(gr.isMember(everyonePrincipal));
assertTrue(gr.isMember(getTestUser(superuser).getPrincipal()));
assertTrue(gr.isMember(new Principal() {
public String getName() {