You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2009/10/22 19:26:39 UTC
svn commit: r828791 [6/8] - in /jackrabbit/trunk:
jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/
jackrabbit-core/src/main/java/org/apache/jackrabbit/core/
jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/ jackrabbi...
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/WriteTest.java?rev=828791&r1=828790&r2=828791&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/WriteTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/WriteTest.java Thu Oct 22 17:26:37 2009
@@ -49,7 +49,7 @@
// simple test to check if proper provider is present:
try {
- getPrincipalBasedPolicy(acMgr, path, getTestUser().getPrincipal());
+ getPrincipalBasedPolicy(acMgr, path, testUser.getPrincipal());
} catch (Exception e) {
superuser.logout();
throw e;
@@ -135,7 +135,7 @@
assertFalse(testAcMgr.hasPrivileges(path, readPrivs));
// remove the nodebased policy
- JackrabbitAccessControlList policy = getPolicy(acMgr, path, getTestUser().getPrincipal());
+ JackrabbitAccessControlList policy = getPolicy(acMgr, path, testUser.getPrincipal());
acMgr.removePolicy(policy.getPath(), policy);
superuser.save();
@@ -152,7 +152,7 @@
givePrivileges(path, wrtPrivileges, getRestrictions(superuser, path));
// userbased: deny MODIFY_PROPERTIES privileges for 'testUser'
Privilege[] modPropPrivs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
- withdrawPrivileges(path, getTestUser().getPrincipal(), modPropPrivs, getPrincipalBasedRestrictions(path), false);
+ withdrawPrivileges(path, testUser.getPrincipal(), modPropPrivs, getPrincipalBasedRestrictions(path), false);
/*
expected result:
- MODIFY_PROPERTIES privilege still present
@@ -162,7 +162,7 @@
// nodebased: deny MODIFY_PROPERTIES privileges for 'testUser'
// on a child node.
- withdrawPrivileges(childNPath, getTestUser().getPrincipal(), modPropPrivs, getRestrictions(superuser, childNPath));
+ withdrawPrivileges(childNPath, testUser.getPrincipal(), modPropPrivs, getRestrictions(superuser, childNPath));
/*
expected result:
- MODIFY_PROPERTIES privilege still present at 'path'
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java?rev=828791&r1=828790&r2=828791&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java Thu Oct 22 17:26:37 2009
@@ -73,10 +73,14 @@
}
public void testEditor() throws NotExecutableException, RepositoryException {
+ UserManager uMgr = getUserManager(superuser);
User u = null;
try {
- UserManager uMgr = getUserManager(superuser);
u = uMgr.createUser("t", "t");
+ if (!uMgr.isAutoSave()) {
+ superuser.save();
+ }
+
Principal p = u.getPrincipal();
JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) getAccessControlManager(superuser);
@@ -103,19 +107,23 @@
superuser.refresh(false);
if (u != null) {
u.remove();
+ if (!uMgr.isAutoSave()) {
+ superuser.save();
+ }
}
}
}
public void testEditor2() throws NotExecutableException, RepositoryException {
+ UserManager uMgr = getUserManager(superuser);
User u = null;
User u2 = null;
-
try {
- UserManager uMgr = getUserManager(superuser);
-
u = uMgr.createUser("t", "t");
u2 = uMgr.createUser("tt", "tt", new TestPrincipal("tt"), "t/tt");
+ if (!uMgr.isAutoSave()) {
+ superuser.save();
+ }
Principal p = u.getPrincipal();
Principal p2 = u2.getPrincipal();
@@ -140,7 +148,10 @@
superuser.refresh(false);
if (u2 != null) u2.remove();
if (u != null) u.remove();
- }
+ if (!uMgr.isAutoSave()) {
+ superuser.save();
+ }
+ }
}
// TODO: add specific tests with other restrictions
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java?rev=828791&r1=828790&r2=828791&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java Thu Oct 22 17:26:37 2009
@@ -64,7 +64,7 @@
assertFalse(pit.hasNext());
}
- public void testInheritedMemberShip() throws RepositoryException {
+ public void testInheritedMemberShip() throws RepositoryException, NotExecutableException {
Principal up = getTestPrincipal();
User u = null;
@@ -74,9 +74,12 @@
u = userMgr.createUser(up.getName(), buildPassword(up));
gr1 = userMgr.createGroup(getTestPrincipal());
gr2 = userMgr.createGroup(getTestPrincipal());
+ save(superuser);
+
gr1.addMember(gr2);
gr2.addMember(u);
+ save(superuser);
PrincipalIterator it = principalProvider.getGroupMembership(u.getPrincipal());
while (it.hasNext()) {
@@ -96,6 +99,7 @@
if (gr1 != null) gr1.remove();
if (gr2 != null) gr2.remove();
if (u != null) u.remove();
+ save(superuser);
}
}
}
\ No newline at end of file
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AdministratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AdministratorTest.java?rev=828791&r1=828790&r2=828791&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AdministratorTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AdministratorTest.java Thu Oct 22 17:26:37 2009
@@ -18,33 +18,142 @@
import org.apache.jackrabbit.api.security.user.AbstractUserTest;
import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.core.NodeImpl;
+import org.apache.jackrabbit.core.security.SecurityConstants;
import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
import org.apache.jackrabbit.test.NotExecutableException;
+import javax.jcr.Node;
import javax.jcr.RepositoryException;
+import javax.jcr.Session;
/**
* <code>AdministratorTest</code>...
*/
public class AdministratorTest extends AbstractUserTest {
+ private String adminId;
+
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+
+ if (!(userMgr instanceof UserManagerImpl)) {
+ throw new NotExecutableException();
+ }
+ adminId = superuser.getUserID();
+ if (!((UserManagerImpl) userMgr).isAdminId(adminId)) {
+ throw new NotExecutableException();
+ }
+ }
+
public void testGetPrincipal() throws RepositoryException {
- Authorizable authr = userMgr.getAuthorizable(superuser.getUserID());
- assertNotNull(authr);
- assertFalse(authr.isGroup());
- assertTrue(authr.getPrincipal() instanceof AdminPrincipal);
+ Authorizable admin = userMgr.getAuthorizable(adminId);
+ assertNotNull(admin);
+ assertFalse(admin.isGroup());
+ assertTrue(admin.getPrincipal() instanceof AdminPrincipal);
+ }
+
+ public void testMemberOfAdministrators() throws RepositoryException {
+ Authorizable admins = userMgr.getAuthorizable(SecurityConstants.ADMINISTRATORS_NAME);
+ if (admins != null && admins.isGroup()) {
+ assertTrue(((Group) admins).isMember(userMgr.getAuthorizable(adminId)));
+ }
}
public void testRemoveSelf() throws RepositoryException, NotExecutableException {
- Authorizable authr = userMgr.getAuthorizable(superuser.getUserID());
- if (authr == null) {
+ Authorizable admin = userMgr.getAuthorizable(adminId);
+ if (admin == null) {
throw new NotExecutableException();
}
try {
- authr.remove();
+ admin.remove();
fail("The Administrator should not be allowed to remove the own authorizable.");
} catch (RepositoryException e) {
// success
}
}
+
+ public void testRemoveAdminNode() throws RepositoryException, NotExecutableException {
+ Authorizable admin = userMgr.getAuthorizable(adminId);
+
+ if (admin == null || !(admin instanceof AuthorizableImpl)) {
+ throw new NotExecutableException();
+ }
+
+ // access the node corresponding to the admin user and remove it
+ NodeImpl adminNode = ((AuthorizableImpl) admin).getNode();
+ Session s = adminNode.getSession();
+ adminNode.remove();
+ // use session obtained from the node as usermgr may point to a dedicated
+ // system workspace different from the superusers workspace.
+ s.save();
+
+ // after removing the node the admin user doesn't exist any more
+ assertNull(userMgr.getAuthorizable(adminId));
+
+ // login must succeed as system user mgr recreateds the admin user
+ Session s2 = getHelper().getSuperuserSession();
+ try {
+ admin = userMgr.getAuthorizable(adminId);
+ assertNotNull(admin);
+ assertNotNull(getUserManager(s2).getAuthorizable(adminId));
+ } finally {
+ s2.logout();
+ }
+ }
+
+ /**
+ * Test for collisions that would prevent from recreate the admin user.
+ *
+ * @throws RepositoryException
+ * @throws NotExecutableException
+ */
+ public void testCollidingAdminNode() throws RepositoryException, NotExecutableException {
+ Authorizable admin = userMgr.getAuthorizable(adminId);
+
+ if (admin == null || !(admin instanceof AuthorizableImpl)) {
+ throw new NotExecutableException();
+ }
+
+ // access the node corresponding to the admin user and remove it
+ NodeImpl adminNode = ((AuthorizableImpl) admin).getNode();
+ String adminPath = adminNode.getPath();
+ String adminNodeName = adminNode.getName();
+ Node parentNode = adminNode.getParent();
+
+ Session s = adminNode.getSession();
+ adminNode.remove();
+ // use session obtained from the node as usermgr may point to a dedicated
+ // system workspace different from the superusers workspace.
+ s.save();
+
+ Session s2 = null;
+ try {
+ // no create a colliding node:
+ parentNode.addNode(adminNodeName, "rep:AuthorizableFolder");
+ s.save();
+
+ // force recreation of admin user.
+ s2 = getHelper().getSuperuserSession();
+
+ admin = userMgr.getAuthorizable(adminId);
+ assertNotNull(admin);
+ assertEquals(adminNodeName, ((AuthorizableImpl) admin).getNode().getName());
+ assertFalse(adminPath.equals(((AuthorizableImpl) admin).getNode().getPath()));
+
+ } finally {
+ if (s2 == null) {
+ // something went wrong -> remove the folder again.
+ parentNode.remove();
+ s.save();
+ // force recreation of admin user.
+ s2 = getHelper().getSuperuserSession();
+ }
+ if (s2 != null) {
+ s2.logout();
+ }
+ }
+ }
}
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java?rev=828791&r1=828790&r2=828791&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java Thu Oct 22 17:26:37 2009
@@ -20,34 +20,34 @@
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.NodeImpl;
-import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.PropertyImpl;
+import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.value.StringValue;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import javax.jcr.Property;
+import javax.jcr.PropertyIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
-import javax.jcr.PropertyIterator;
+import javax.jcr.PropertyType;
import javax.jcr.nodetype.ConstraintViolationException;
-import javax.jcr.nodetype.NodeType;
import java.util.ArrayList;
-import java.util.Iterator;
import java.util.List;
+import java.util.Iterator;
+import java.util.HashSet;
+import java.util.Set;
+import java.security.Principal;
/**
* <code>AuthorizableImplTest</code>...
*/
public class AuthorizableImplTest extends AbstractUserTest {
- private static Logger log = LoggerFactory.getLogger(AuthorizableImplTest.class);
-
- private List protectedUserProps = new ArrayList();
- private List protectedGroupProps = new ArrayList();
+ private List<String> protectedUserProps = new ArrayList();
+ private List<String> protectedGroupProps = new ArrayList();
protected void setUp() throws Exception {
super.setUp();
@@ -55,11 +55,10 @@
if (superuser instanceof SessionImpl) {
NameResolver resolver = (SessionImpl) superuser;
protectedUserProps.add(resolver.getJCRName(UserConstants.P_PASSWORD));
- protectedUserProps.add(resolver.getJCRName(UserConstants.P_GROUPS));
protectedUserProps.add(resolver.getJCRName(UserConstants.P_IMPERSONATORS));
protectedUserProps.add(resolver.getJCRName(UserConstants.P_PRINCIPAL_NAME));
- protectedUserProps.add(resolver.getJCRName(UserConstants.P_GROUPS));
+ protectedUserProps.add(resolver.getJCRName(UserConstants.P_MEMBERS));
protectedGroupProps.add(resolver.getJCRName(UserConstants.P_PRINCIPAL_NAME));
} else {
throw new NotExecutableException();
@@ -85,22 +84,22 @@
Value v = superuser.getValueFactory().createValue("any_value");
User u = getTestUser(superuser);
- for (Iterator it = protectedUserProps.iterator(); it.hasNext();) {
- String pName = it.next().toString();
+ for (String pName : protectedUserProps) {
try {
u.setProperty(pName, v);
- fail("changing the '" +pName+ "' property on a User should fail.");
+ save(superuser);
+ fail("changing the '" + pName + "' property on a User should fail.");
} catch (RepositoryException e) {
// success
}
}
Group g = getTestGroup(superuser);
- for (Iterator it = protectedGroupProps.iterator(); it.hasNext();) {
- String pName = it.next().toString();
+ for (String pName : protectedGroupProps) {
try {
g.setProperty(pName, v);
- fail("changing the '" +pName+ "' property on a Group should fail.");
+ save(superuser);
+ fail("changing the '" + pName + "' property on a Group should fail.");
} catch (RepositoryException e) {
// success
}
@@ -109,21 +108,21 @@
public void testRemoveSpecialProperties() throws NotExecutableException, RepositoryException {
User u = getTestUser(superuser);
- for (Iterator it = protectedUserProps.iterator(); it.hasNext();) {
- String pName = it.next().toString();
+ for (String pName : protectedUserProps) {
try {
u.removeProperty(pName);
- fail("removing the '" +pName+ "' property on a User should fail.");
+ save(superuser);
+ fail("removing the '" + pName + "' property on a User should fail.");
} catch (RepositoryException e) {
// success
}
}
Group g = getTestGroup(superuser);
- for (Iterator it = protectedGroupProps.iterator(); it.hasNext();) {
- String pName = it.next().toString();
+ for (String pName : protectedGroupProps) {
try {
g.removeProperty(pName);
- fail("removing the '" +pName+ "' property on a Group should fail.");
+ save(superuser);
+ fail("removing the '" + pName + "' property on a Group should fail.");
} catch (RepositoryException e) {
// success
}
@@ -136,9 +135,6 @@
checkProtected(n.getProperty(UserConstants.P_PASSWORD));
checkProtected(n.getProperty(UserConstants.P_PRINCIPAL_NAME));
- if (n.hasProperty(UserConstants.P_GROUPS)) {
- checkProtected(n.getProperty(UserConstants.P_GROUPS));
- }
if (n.hasProperty(UserConstants.P_IMPERSONATORS)) {
checkProtected(n.getProperty(UserConstants.P_IMPERSONATORS));
}
@@ -149,8 +145,17 @@
NodeImpl n = gr.getNode();
checkProtected(n.getProperty(UserConstants.P_PRINCIPAL_NAME));
- if (n.hasProperty(UserConstants.P_GROUPS)) {
- checkProtected(n.getProperty(UserConstants.P_GROUPS));
+ if (n.hasProperty(UserConstants.P_MEMBERS)) {
+ checkProtected(n.getProperty(UserConstants.P_MEMBERS));
+ }
+ }
+
+ public void testMembersPropertyType() throws NotExecutableException, RepositoryException {
+ GroupImpl gr = (GroupImpl) getTestGroup(superuser);
+ NodeImpl n = gr.getNode();
+
+ if (n.hasProperty(UserConstants.P_MEMBERS)) {
+ assertEquals(PropertyType.WEAKREFERENCE, n.getProperty(UserConstants.P_MEMBERS).getType());
}
}
@@ -194,9 +199,7 @@
for (PropertyIterator it = n.getProperties(); it.hasNext();) {
PropertyImpl p = (PropertyImpl) it.nextProperty();
- NodeType declaringNt = p.getDefinition().getDeclaringNodeType();
- if (!declaringNt.isNodeType("rep:Authorizable") ||
- protectedUserProps.contains(p.getName())) {
+ if (p.getDefinition().isProtected()) {
assertFalse(user.hasProperty(p.getName()));
assertNull(user.getProperty(p.getName()));
} else {
@@ -213,9 +216,7 @@
for (PropertyIterator it = n.getProperties(); it.hasNext();) {
PropertyImpl p = (PropertyImpl) it.nextProperty();
- NodeType declaringNt = p.getDefinition().getDeclaringNodeType();
- if (!declaringNt.isNodeType("rep:Authorizable") ||
- protectedGroupProps.contains(p.getName())) {
+ if (p.getDefinition().isProtected()) {
assertFalse(group.hasProperty(p.getName()));
assertNull(group.getProperty(p.getName()));
} else {
@@ -225,4 +226,111 @@
}
}
}
+
+ public void testSingleToMultiValued() throws Exception {
+ AuthorizableImpl user = (AuthorizableImpl) getTestUser(superuser);
+ UserManager uMgr = getUserManager(superuser);
+ try {
+ Value v = superuser.getValueFactory().createValue("anyValue");
+ user.setProperty("someProp", v);
+ if (!uMgr.isAutoSave()) {
+ superuser.save();
+ }
+ Value[] vs = new Value[] {v, v};
+ user.setProperty("someProp", vs);
+ if (!uMgr.isAutoSave()) {
+ superuser.save();
+ }
+ } finally {
+ if (user.removeProperty("someProp") && !uMgr.isAutoSave()) {
+ superuser.save();
+ }
+ }
+ }
+
+ public void testMultiValuedToSingle() throws Exception {
+ AuthorizableImpl user = (AuthorizableImpl) getTestUser(superuser);
+ UserManager uMgr = getUserManager(superuser);
+ try {
+ Value v = superuser.getValueFactory().createValue("anyValue");
+ Value[] vs = new Value[] {v, v};
+ user.setProperty("someProp", vs);
+ if (!uMgr.isAutoSave()) {
+ superuser.save();
+ }
+ user.setProperty("someProp", v);
+ if (!uMgr.isAutoSave()) {
+ superuser.save();
+ }
+ } finally {
+ if (user.removeProperty("someProp") && !uMgr.isAutoSave()) {
+ superuser.save();
+ }
+ }
+ }
+
+ public void testObjectMethods() throws Exception {
+ final AuthorizableImpl user = (AuthorizableImpl) getTestUser(superuser);
+ AuthorizableImpl user2 = (AuthorizableImpl) getTestUser(superuser);
+
+ assertEquals(user, user2);
+ assertEquals(user.hashCode(), user2.hashCode());
+ Set<Authorizable> s = new HashSet();
+ s.add(user);
+ assertFalse(s.add(user2));
+
+ Authorizable user3 = new Authorizable() {
+
+ public String getID() throws RepositoryException {
+ return user.getID();
+ }
+
+ public boolean isGroup() {
+ return user.isGroup();
+ }
+
+ public Principal getPrincipal() throws RepositoryException {
+ return user.getPrincipal();
+ }
+
+ public Iterator<Group> declaredMemberOf() throws RepositoryException {
+ return user.declaredMemberOf();
+ }
+
+ public Iterator<Group> memberOf() throws RepositoryException {
+ return user.memberOf();
+ }
+
+ public void remove() throws RepositoryException {
+ user.remove();
+ }
+
+ public Iterator<String> getPropertyNames() throws RepositoryException {
+ return user.getPropertyNames();
+ }
+
+ public boolean hasProperty(String name) throws RepositoryException {
+ return user.hasProperty(name);
+ }
+
+ public void setProperty(String name, Value value) throws RepositoryException {
+ user.setProperty(name, value);
+ }
+
+ public void setProperty(String name, Value[] values) throws RepositoryException {
+ user.setProperty(name, values);
+ }
+
+ public Value[] getProperty(String name) throws RepositoryException {
+ return user.getProperty(name);
+ }
+
+ public boolean removeProperty(String name) throws RepositoryException {
+ return user.removeProperty(name);
+ }
+ };
+
+ assertFalse(user.equals(user3));
+ assertTrue(s.add(user3));
+ }
}
\ No newline at end of file
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java?rev=828791&r1=828790&r2=828791&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java Thu Oct 22 17:26:37 2009
@@ -29,6 +29,7 @@
import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
+import javax.jcr.Node;
import java.security.Principal;
import java.util.Iterator;
@@ -45,6 +46,7 @@
private String otherUID2;
private String grID;
+ private String groupsPath;
private Group groupAdmin;
@@ -54,6 +56,7 @@
// create a first user
Principal p = getTestPrincipal();
UserImpl pUser = (UserImpl) userMgr.createUser(p.getName(), buildPassword(p));
+ save(superuser);
otherUID = pUser.getID();
// create a second user and make it group-admin
@@ -61,19 +64,23 @@
String pw = buildPassword(p);
Credentials creds = buildCredentials(p.getName(), pw);
User user = userMgr.createUser(p.getName(), pw);
+ save(superuser);
uID = user.getID();
// make other user a group-administrator:
Authorizable grAdmin = userMgr.getAuthorizable(UserConstants.GROUP_ADMIN_GROUP_NAME);
if (grAdmin == null || !grAdmin.isGroup()) {
- throw new NotExecutableException("Cannot execute test. Group-Admin name has been changed by config.");
+ throw new NotExecutableException("Cannot execute test. No group-administrator group found.");
}
groupAdmin = (Group) grAdmin;
groupAdmin.addMember(user);
+ save(superuser);
grID = groupAdmin.getID();
// create a session for the grou-admin user.
uSession = getHelper().getRepository().login(creds);
+
+ groupsPath = (userMgr instanceof UserManagerImpl) ? ((UserManagerImpl) userMgr).getGroupsPath() : UserConstants.GROUPS_PATH;
}
protected void tearDown() throws Exception {
@@ -90,16 +97,17 @@
if (a != null) {
a.remove();
}
-
+ save(superuser);
}
super.tearDown();
}
- private String getYetAnotherID() throws RepositoryException {
+ private String getYetAnotherID() throws RepositoryException, NotExecutableException {
if (otherUID2 == null) {
// create a third user
Principal p = getTestPrincipal();
otherUID2 = userMgr.createUser(p.getName(), buildPassword(p)).getID();
+ save(superuser);
}
return otherUID2;
}
@@ -118,10 +126,15 @@
try {
Principal p = getTestPrincipal();
u = (UserImpl) umgr.createUser(p.getName(), buildPassword(p));
+ save(uSession);
fail("Group administrator should not be allowed to create a new user.");
- u.remove();
} catch (AccessDeniedException e) {
// success
+ } finally {
+ if (u != null) {
+ u.remove();
+ save(uSession);
+ }
}
}
@@ -131,21 +144,37 @@
Authorizable himself = umgr.getAuthorizable(uID);
try {
himself.remove();
+ save(uSession);
fail("A GroupAdministrator should not be allowed to remove the own authorizable.");
} catch (AccessDeniedException e) {
// success
}
}
+ public void testRemoveGroupAdmin() throws RepositoryException, NotExecutableException {
+ UserManager umgr = getUserManager(uSession);
+
+ Authorizable groupAdmin = umgr.getAuthorizable(grID);
+ try {
+ groupAdmin.remove();
+ save(uSession);
+ fail("A GroupAdministrator should not be allowed to remove the group admin.");
+ } catch (AccessDeniedException e) {
+ // success
+ }
+ }
+
public void testCreateGroup() throws RepositoryException, NotExecutableException {
UserManager umgr = getUserManager(uSession);
Group testGroup = null;
try {
testGroup = umgr.createGroup(getTestPrincipal());
- assertTrue(Text.isDescendant(UserConstants.GROUPS_PATH, ((GroupImpl)testGroup).getNode().getPath()));
+ save(uSession);
+ assertTrue(Text.isDescendant(groupsPath, ((GroupImpl)testGroup).getNode().getPath()));
} finally {
if (testGroup != null) {
testGroup.remove();
+ save(uSession);
}
}
}
@@ -155,10 +184,12 @@
Group testGroup = null;
try {
testGroup = umgr.createGroup(getTestPrincipal(), "/any/intermediate/path");
- assertTrue(Text.isDescendant(UserConstants.GROUPS_PATH + "/any/intermediate/path", ((GroupImpl)testGroup).getNode().getPath()));
+ save(uSession);
+ assertTrue(Text.isDescendant(groupsPath + "/any/intermediate/path", ((GroupImpl)testGroup).getNode().getPath()));
} finally {
if (testGroup != null) {
testGroup.remove();
+ save(uSession);
}
}
}
@@ -168,14 +199,13 @@
Authorizable cU = umgr.getAuthorizable(getYetAnotherID());
Group gr = (Group) umgr.getAuthorizable(grID);
- // adding and removing the child-user as member of a group must not
- // succeed as long editing session is not user-admin.
+ // adding and removing the test user as member of a group must succeed.
try {
- assertFalse("Modifying group membership requires GroupAdmin and UserAdmin.",gr.addMember(cU));
- } catch (AccessDeniedException e) {
- // ok
+ assertTrue("Modifying group membership requires GroupAdmin membership.",gr.addMember(cU));
+ save(uSession);
} finally {
gr.removeMember(cU);
+ save(uSession);
}
}
@@ -183,75 +213,80 @@
UserManager umgr = getUserManager(uSession);
Authorizable cU = umgr.getAuthorizable(getYetAnotherID());
- Authorizable auth = umgr.getAuthorizable(UserConstants.USER_ADMIN_GROUP_NAME);
- if (auth == null || !auth.isGroup()) {
- throw new NotExecutableException("Cannot execute test. User-Admin name has been changed by config.");
- }
- Group userAdmin = (Group)auth;
- User self = (User) umgr.getAuthorizable(uID);
- try {
- assertTrue(userAdmin.addMember(self));
-
- Group gr = (Group) umgr.getAuthorizable(groupAdmin.getID());
- assertTrue(gr.addMember(cU));
- assertTrue(gr.removeMember(cU));
- } finally {
- userAdmin.removeMember(self);
- }
+ Group gr = (Group) umgr.getAuthorizable(groupAdmin.getID());
+ assertTrue(gr.addMember(cU));
+ save(uSession);
+ assertTrue(gr.removeMember(cU));
+ save(uSession);
}
public void testAddMembersToCreatedGroup() throws RepositoryException, NotExecutableException {
UserManager umgr = getUserManager(uSession);
- Authorizable auth = umgr.getAuthorizable(UserConstants.USER_ADMIN_GROUP_NAME);
- if (auth == null || !auth.isGroup()) {
- throw new NotExecutableException("Cannot execute test. User-Admin name has been changed by config.");
- }
- Group userAdmin = (Group) auth;
Group testGroup = null;
User self = (User) umgr.getAuthorizable(uID);
try {
// let groupadmin create a new group
testGroup = umgr.createGroup(getTestPrincipal(), "/a/b/c/d");
+ save(uSession);
// editing session adds itself to that group -> must succeed.
assertTrue(testGroup.addMember(self));
-
- // editing session adds itself to user-admin group
- userAdmin.addMember(self);
- assertTrue(userAdmin.isMember(self));
+ save(uSession);
// add child-user to test group
Authorizable testUser = umgr.getAuthorizable(getYetAnotherID());
assertFalse(testGroup.isMember(testUser));
assertTrue(testGroup.addMember(testUser));
+ save(uSession);
} finally {
if (testGroup != null) {
- for (Iterator it = testGroup.getDeclaredMembers(); it.hasNext();) {
- testGroup.removeMember((Authorizable) it.next());
+ for (Iterator<Authorizable> it = testGroup.getDeclaredMembers(); it.hasNext();) {
+ testGroup.removeMember(it.next());
}
testGroup.remove();
+ save(uSession);
}
- userAdmin.removeMember(self);
}
}
- public void testAddMemberToForeignGroup() throws RepositoryException, NotExecutableException {
+ public void testAddMembersUserAdmins() throws RepositoryException, NotExecutableException {
+ UserManager umgr = getUserManager(uSession);
+ Authorizable auth = umgr.getAuthorizable(UserConstants.USER_ADMIN_GROUP_NAME);
+ if (auth == null || !auth.isGroup()) {
+ throw new NotExecutableException("Cannot execute test. No User-Admin group found.");
+ }
+ Group userAdmin = (Group) auth;
+ Group testGroup = null;
+ User self = (User) umgr.getAuthorizable(uID);
try {
- // let superuser create child user below the user with uID.
- UserManager umgr = getUserManager(uSession);
- Authorizable cU = umgr.getAuthorizable(getYetAnotherID());
- Group uadminGr = (Group) umgr.getAuthorizable(UserConstants.USER_ADMIN_GROUP_NAME);
- if (uadminGr.isMember(cU)) {
- throw new RepositoryException("Test user is already member -> cannot execute.");
- }
- // adding to and removing a child user from a group the group-admin
- // is NOT member of must fail.
- uadminGr.addMember(cU);
- fail("A GroupAdmin should not be allowed to add a user to a group she/he is not member of.");
+ userAdmin.addMember(self);
+ save(uSession);
+
+ userAdmin.removeMember(self);
+ save(uSession);
+ fail("Group admin cannot add member to user-admins");
+ } catch (AccessDeniedException e) {
+ // success
+ }
+
+ try {
+ // let groupadmin create a new group
+ testGroup = umgr.createGroup(getTestPrincipal(), "/a/b/c/d");
+ save(uSession);
+ userAdmin.addMember(testGroup);
+ save(uSession);
+ userAdmin.removeMember(testGroup);
+ save(uSession);
+ fail("Group admin cannot add member to user-admins");
} catch (AccessDeniedException e) {
- // success.
+ // success
+ } finally {
+ if (testGroup != null) {
+ testGroup.remove();
+ save(uSession);
+ }
}
}
@@ -261,35 +296,12 @@
Authorizable pU = umgr.getAuthorizable(otherUID);
Group gr = (Group) umgr.getAuthorizable(groupAdmin.getID());
- // adding and removing the parent-user as member of a group must not
- // succeed: editing session isn't UserAdmin
try {
- assertFalse(gr.addMember(pU));
- } catch (AccessDeniedException e) {
- // ok
- } finally {
- gr.removeMember(pU);
- }
-
- // ... if the editing user becomes member of the user-admin group it
- // must work.
- Group uAdministrators = null;
- try {
- Authorizable userAdmin = userMgr.getAuthorizable(UserConstants.USER_ADMIN_GROUP_NAME);
- if (userAdmin == null || !userAdmin.isGroup()) {
- throw new NotExecutableException("Cannot execute test. User-Admin name has been changed by config.");
- }
- uAdministrators = (Group) userAdmin;
- uAdministrators.addMember(userMgr.getAuthorizable(uID));
-
assertTrue(gr.addMember(pU));
- gr.removeMember(pU);
+ save(uSession);
} finally {
- // let superuser do the clean up.
- // remove testuser from u-admin group again.
- if (uAdministrators != null) {
- uAdministrators.removeMember(userMgr.getAuthorizable(uID));
- }
+ gr.removeMember(pU);
+ save(uSession);
}
}
@@ -316,16 +328,20 @@
public void testAddOwnAuthorizableToForeignGroup() throws RepositoryException, NotExecutableException {
UserManager umgr = getUserManager(uSession);
+ Authorizable self = umgr.getAuthorizable(uID);
- Authorizable user = umgr.getAuthorizable(uID);
- Group uadminGr = (Group) umgr.getAuthorizable(UserConstants.USER_ADMIN_GROUP_NAME);
- if (uadminGr.isMember(user)) {
- throw new RepositoryException("Test user is already member -> cannot execute.");
- }
+ Group gr = userMgr.createGroup(getTestPrincipal());
+ save(superuser);
- String msg = "GroupAdmin must be able to add its own authorizable to a group she/he is not yet member of.";
- assertTrue(msg, uadminGr.addMember(user));
- assertTrue(msg, uadminGr.removeMember(user));
+ try {
+ assertTrue(((Group) umgr.getAuthorizable(gr.getID())).addMember(self));
+ save(uSession);
+ assertTrue(((Group) umgr.getAuthorizable(gr.getID())).removeMember(self));
+ save(uSession);
+ } finally {
+ gr.remove();
+ save(superuser);
+ }
}
public void testRemoveMembersOfForeignGroup() throws RepositoryException, NotExecutableException {
@@ -336,24 +352,32 @@
try {
// let superuser create a group and a user a make user member of group
nGr = userMgr.createGroup(getTestPrincipal());
+ save(superuser);
+
Principal p = getTestPrincipal();
nUs = userMgr.createUser(p.getName(), buildPassword(p));
+ save(superuser);
+
p = getTestPrincipal();
nUs2 = userMgr.createUser(p.getName(), buildPassword(p));
+ save(superuser);
nGr.addMember(nUs);
nGr.addMember(nUs2);
+ save(superuser);
- Group gr = (Group) getUserManager(uSession).getAuthorizable(nGr.getID());
+ UserManager umgr = getUserManager(uSession);
+ Group gr = (Group) umgr.getAuthorizable(nGr.getID());
// removing any member must fail unless the testuser is user-admin
- Iterator it = gr.getMembers();
+ Iterator<Authorizable> it = gr.getMembers();
if (it.hasNext()) {
- Authorizable auth = (Authorizable) it.next();
+ Authorizable auth = it.next();
- String msg = "GroupAdmin cannot remove members of other user unless he/she is user-admin.";
- assertFalse(msg, gr.removeMember(auth));
+ String msg = "GroupAdmin must be able to modify group membership.";
+ assertTrue(msg, gr.removeMember(auth));
+ save(uSession);
} else {
- throw new RepositoryException("Must contain members....");
+ fail("Must contain members....");
}
} catch (AccessDeniedException e) {
@@ -367,6 +391,7 @@
}
if (nUs != null) nUs.remove();
if (nUs2 != null) nUs2.remove();
+ save(superuser);
}
}
@@ -377,19 +402,23 @@
try {
// let superuser create a group and a user a make user member of group
nGr = userMgr.createGroup(getTestPrincipal());
+ save(superuser);
Principal p = getTestPrincipal();
nUs = userMgr.createUser(p.getName(), buildPassword(p));
nGr.addMember(nUs);
+ save(superuser);
- Group gr = (Group) getUserManager(uSession).getAuthorizable(nGr.getID());
+ UserManager umgr = getUserManager(uSession);
+ Group gr = (Group) umgr.getAuthorizable(nGr.getID());
// since only 1 single member -> removal rather than modification.
// since uSession is not user-admin this must fail.
- for (Iterator it = gr.getMembers(); it.hasNext();) {
- Authorizable auth = (Authorizable) it.next();
+ for (Iterator<Authorizable> it = gr.getMembers(); it.hasNext();) {
+ Authorizable auth = it.next();
- String msg = "GroupAdmin cannot remove members of groups unless he/she is UserAdmin.";
- assertFalse(msg, gr.removeMember(auth));
+ String msg = "GroupAdmin must be able to remove a member of another group.";
+ assertTrue(msg, gr.removeMember(auth));
+ save(uSession);
}
} catch (AccessDeniedException e) {
// fine as well.
@@ -398,6 +427,7 @@
if (nGr != null && nUs != null) nGr.removeMember(nUs);
if (nGr != null) nGr.remove();
if (nUs != null) nUs.remove();
+ save(superuser);
}
}
@@ -410,6 +440,7 @@
assertFalse(impers.allows(buildSubject(selfPrinc)));
try {
assertFalse(impers.grantImpersonation(selfPrinc));
+ save(uSession);
} catch (AccessDeniedException e) {
// ok.
}
@@ -420,6 +451,7 @@
assertFalse(impers.allows(buildSubject(selfPrinc)));
try {
assertFalse(impers.grantImpersonation(selfPrinc));
+ save(uSession);
} catch (AccessDeniedException e) {
// ok.
}
@@ -432,14 +464,32 @@
try {
Principal p = getTestPrincipal();
gr = umgr.createGroup(p);
+ save(uSession);
+ // must be visible for the user-mgr attached to another session.
Authorizable az = userMgr.getAuthorizable(gr.getID());
assertNotNull(az);
assertEquals(gr.getID(), az.getID());
} finally {
if (gr != null) {
gr.remove();
+ save(uSession);
}
}
}
+
+ public void testAddCustomNodeToGroupAdminNode() throws RepositoryException, NotExecutableException {
+ UserManager umgr = getUserManager(uSession);
+ Node groupAdminNode = ((AuthorizableImpl) umgr.getAuthorizable(grID)).getNode();
+ Session s = groupAdminNode.getSession();
+
+ Node n = groupAdminNode.addNode(nodeName1, ntUnstructured);
+ save(uSession);
+
+ n.setProperty(propertyName1, s.getValueFactory().createValue("anyValue"));
+ save(uSession);
+
+ n.remove();
+ save(uSession);
+ }
}
\ No newline at end of file
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java?rev=828791&r1=828790&r2=828791&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java Thu Oct 22 17:26:37 2009
@@ -20,6 +20,7 @@
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.api.security.user.Impersonation;
import org.apache.jackrabbit.test.NotExecutableException;
import javax.jcr.AccessDeniedException;
@@ -48,7 +49,10 @@
Principal p = getTestPrincipal();
String pw = buildPassword(p);
creds = buildCredentials(p.getName(), pw);
+
UserImpl u = (UserImpl) userMgr.createUser(p.getName(), pw);
+ save(superuser);
+
uID = u.getID();
uSession = getHelper().getRepository().login(creds);
uMgr = getUserManager(uSession);
@@ -56,7 +60,10 @@
// create a second user 'below' the first user.
p = getTestPrincipal();
pw = buildPassword(p);
+
User u2 = userMgr.createUser(p.getName(), pw);
+ save(superuser);
+
otherUID = u2.getID();
}
@@ -65,9 +72,14 @@
uSession.logout();
} finally {
Authorizable a = userMgr.getAuthorizable(uID);
- if (a != null) a.remove();
+ if (a != null) {
+ a.remove();
+ }
a = userMgr.getAuthorizable(otherUID);
- if (a != null) a.remove();
+ if (a != null) {
+ a.remove();
+ }
+ save(superuser);
}
super.tearDown();
}
@@ -75,12 +87,24 @@
public void testModifyOwnImpersonation() throws RepositoryException, NotExecutableException {
User u = (User) uMgr.getAuthorizable(uID);
+ if (!uSession.hasPermission(((UserImpl) u).getNode().getPath(), "set_property")) {
+ throw new NotExecutableException("Users should be able to modify their properties -> Check repository config.");
+ }
+
Principal otherP = uMgr.getAuthorizable(otherUID).getPrincipal();
- assertTrue(u.getImpersonation().grantImpersonation(otherP));
- assertTrue(u.getImpersonation().allows(buildSubject(otherP)));
- assertTrue(u.getImpersonation().revokeImpersonation(otherP));
- assertFalse(u.getImpersonation().allows(buildSubject(otherP)));
+ Impersonation impers = u.getImpersonation();
+ assertFalse(impers.allows(buildSubject(otherP)));
+
+ assertTrue(impers.grantImpersonation(otherP));
+ save(uSession);
+
+ assertTrue(impers.allows(buildSubject(otherP)));
+
+ assertTrue(impers.revokeImpersonation(otherP));
+ save(uSession);
+
+ assertFalse(impers.allows(buildSubject(otherP)));
}
public void testModifyOthersImpersonators() throws RepositoryException {
@@ -89,6 +113,7 @@
User other = (User) uMgr.getAuthorizable(otherUID);
try {
boolean success = other.getImpersonation().grantImpersonation(p);
+ // omit save call
assertFalse("A simple user may not add itself as impersonator to another user.",success);
} catch (AccessDeniedException e) {
// fine as well -> access denied.
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/IndexNodeResolverTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/IndexNodeResolverTest.java?rev=828791&r1=828790&r2=828791&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/IndexNodeResolverTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/IndexNodeResolverTest.java Thu Oct 22 17:26:37 2009
@@ -23,7 +23,6 @@
import org.slf4j.LoggerFactory;
import javax.jcr.RepositoryException;
-import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.NodeIterator;
@@ -32,11 +31,8 @@
private static Logger log = LoggerFactory.getLogger(IndexNodeResolver.class);
- protected NodeResolver createNodeResolver(Session session) throws RepositoryException, NotExecutableException {
- if (!(session instanceof SessionImpl)) {
- throw new NotExecutableException();
- }
- return new IndexNodeResolver(session, (SessionImpl) session);
+ protected NodeResolver createNodeResolver(SessionImpl session) throws RepositoryException, NotExecutableException {
+ return new IndexNodeResolver(session, session);
}
@@ -48,9 +44,10 @@
* @throws RepositoryException
*/
public void testFindNodesNonExact() throws NotExecutableException, RepositoryException {
- UserImpl currentUser = getCurrentUser(superuser);
+ UserImpl currentUser = getCurrentUser();
Value vs = superuser.getValueFactory().createValue("value \\, containing backslash");
currentUser.setProperty(propertyName1, vs);
+ save();
Name propName = ((SessionImpl) superuser).getQName(propertyName1);
try {
@@ -62,6 +59,7 @@
assertFalse("expected no more results", result.hasNext());
} finally {
currentUser.removeProperty(propertyName1);
+ save();
}
}
}
\ No newline at end of file
Copied: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NodeCreationTest.java (from r818472, jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/IdResolverTest.java)
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NodeCreationTest.java?p2=jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NodeCreationTest.java&p1=jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/IdResolverTest.java&r1=818472&r2=828791&rev=828791&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/IdResolverTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NodeCreationTest.java Thu Oct 22 17:26:37 2009
@@ -25,6 +25,7 @@
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.security.TestPrincipal;
import org.apache.jackrabbit.util.Text;
+import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.commons.collections.map.ListOrderedMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -38,23 +39,29 @@
/**
* <code>IdResolverTest</code>...
*/
-public class IdResolverTest extends AbstractUserTest {
+public class NodeCreationTest extends AbstractUserTest {
/**
* logger instance
*/
- private static final Logger log = LoggerFactory.getLogger(IdResolverTest.class);
+ private static final Logger log = LoggerFactory.getLogger(NodeCreationTest.class);
private SessionImpl s;
private UserManagerImpl uMgr;
private List<NodeImpl> toRemove = new ArrayList();
+ private String usersPath;
+ private String groupsPath;
+
@Override
protected void setUp() throws Exception {
super.setUp();
String workspaceName = ((RepositoryImpl) superuser.getRepository()).getConfig().getSecurityConfig().getSecurityManagerConfig().getWorkspaceName();
s = (SessionImpl) ((SessionImpl) superuser).createSession(workspaceName);
+
+ usersPath = ((UserManagerImpl) userMgr).getUsersPath();
+ groupsPath = ((UserManagerImpl) userMgr).getGroupsPath();
}
@Override
@@ -62,6 +69,7 @@
try {
for (NodeImpl node : toRemove) {
uMgr.removeProtectedItem(node, node.getParent());
+ save(s);
}
} finally {
s.logout();
@@ -74,29 +82,36 @@
props.put(UserManagerImpl.PARAM_DEFAULT_DEPTH, depth);
props.put(UserManagerImpl.PARAM_AUTO_EXPAND_TREE, expandTree);
props.put(UserManagerImpl.PARAM_AUTO_EXPAND_SIZE, size);
+ props.put(UserManagerImpl.PARAM_GROUPS_PATH, groupsPath);
+ props.put(UserManagerImpl.PARAM_USERS_PATH, usersPath);
uMgr = new UserManagerImpl(s, "admin", props);
}
- public void testRemoveTree() throws RepositoryException {
+ public void testRemoveTree() throws RepositoryException, NotExecutableException {
UserImpl u = (UserImpl) userMgr.createUser("z", "z");
+ save(superuser);
UserImpl u2 = (UserImpl) userMgr.createUser("zz", "zz");
+ save(superuser);
- assertEquals(UserConstants.USERS_PATH + "/z/zz/z", u.getNode().getPath());
+ assertEquals(usersPath + "/z/zz/z", u.getNode().getPath());
try {
NodeImpl folder = (NodeImpl) u.getNode().getParent().getParent();
((UserManagerImpl) userMgr).removeProtectedItem(folder, folder.getParent());
+ save(superuser);
} finally {
boolean fail = false;
if (userMgr.getAuthorizable("z") != null) {
fail = true;
u.remove();
+ save(superuser);
}
if (userMgr.getAuthorizable("zz") != null) {
fail = true;
u2.remove();
+ save(superuser);
}
if (fail) {
fail("Removing the top authorizable folder must remove all users contained.");
@@ -107,20 +122,20 @@
/**
* If auto-expand is false all users must be created on the second level.
*/
- public void testDefault() throws RepositoryException {
+ public void testDefault() throws RepositoryException, NotExecutableException {
createUserManager(2, false, 1);
UserImpl u = (UserImpl) uMgr.createUser("z", "z");
+ save(s);
+
// remember the z-folder for later removal
toRemove.add((NodeImpl) u.getNode().getParent().getParent());
- assertEquals(UserConstants.USERS_PATH + "/z/zz/z", u.getNode().getPath());
+ assertEquals(usersPath + "/z/zz/z", u.getNode().getPath());
Map<String, String> m = new ListOrderedMap();
m.put("zz", "/z/zz/zz");
m.put("zzz", "/z/zz/zzz");
m.put("zzzz", "/z/zz/zzzz");
- m.put("zZ", "/z/zZ/zZ");
- m.put("zH", "/z/zH/zH");
m.put("zh", "/z/zh/zh");
m.put("zHzh", "/z/zH/zHzh");
m.put("z_Hz", "/z/z_/z_Hz");
@@ -128,7 +143,8 @@
for (String uid : m.keySet()) {
u = (UserImpl) uMgr.createUser(uid, uid);
- assertEquals(UserConstants.USERS_PATH + m.get(uid), u.getNode().getPath());
+ save(s);
+ assertEquals(usersPath + m.get(uid), u.getNode().getPath());
}
}
@@ -137,46 +153,48 @@
*
* @throws RepositoryException
*/
- public void testChangedDefaultLevel() throws RepositoryException {
+ public void testChangedDefaultLevel() throws RepositoryException, NotExecutableException {
createUserManager(3, false, 1);
UserImpl u = (UserImpl) uMgr.createUser("z", "z");
+ save(s);
+
// remember the z-folder for later removal
toRemove.add((NodeImpl) u.getNode().getParent().getParent().getParent());
- assertEquals(UserConstants.USERS_PATH + "/z/zz/zzz/z", u.getNode().getPath());
+ assertEquals(usersPath + "/z/zz/zzz/z", u.getNode().getPath());
Map<String, String> m = new ListOrderedMap();
m.put("zz", "/z/zz/zzz/zz");
m.put("zzz", "/z/zz/zzz/zzz");
m.put("zzzz", "/z/zz/zzz/zzzz");
- m.put("zZ", "/z/zZ/zZZ/zZ");
m.put("zH", "/z/zH/zHH/zH");
- m.put("zh", "/z/zh/zhh/zh");
m.put("zHzh", "/z/zH/zHz/zHzh");
m.put("z_Hz", "/z/z_/z_H/z_Hz");
m.put("zrich", "/z/z/zr/zrich");
for (String uid : m.keySet()) {
u = (UserImpl) uMgr.createUser(uid, uid);
- assertEquals(UserConstants.USERS_PATH + m.get(uid), u.getNode().getPath());
+ save(s);
+
+ assertEquals(usersPath + m.get(uid), u.getNode().getPath());
Authorizable az = uMgr.getAuthorizable(uid);
assertNotNull(az);
}
}
- public void testIllegalChars() throws RepositoryException {
+ public void testIllegalChars() throws RepositoryException, NotExecutableException {
createUserManager(2, true, 2);
UserImpl u = (UserImpl) uMgr.createUser("z", "z");
+ save(s);
+
// remember the z-folder for later removal
toRemove.add((NodeImpl) u.getNode().getParent().getParent());
String zu = Text.escapeIllegalJcrChars("z*");
String zur = Text.escapeIllegalJcrChars("z*r");
- String zuri = Text.escapeIllegalJcrChars("z*.r.i");
-
Map<String, String> m = new ListOrderedMap();
// test illegal JCR chars in uid
// on level 2
@@ -189,7 +207,8 @@
for (String uid : m.keySet()) {
u = (UserImpl) uMgr.createUser(uid, uid);
- assertEquals(UserConstants.USERS_PATH + m.get(uid), u.getNode().getPath());
+ save(s);
+ assertEquals(usersPath + m.get(uid), u.getNode().getPath());
Authorizable ath = uMgr.getAuthorizable(uid);
assertNotNull("User with id " + uid + " must exist.", ath);
@@ -198,11 +217,12 @@
// test for groups as well
GroupImpl gr = (GroupImpl) uMgr.createGroup(new TestPrincipal("z[x]"));
+ save(s);
// remember the z-folder for later removal
toRemove.add((NodeImpl) gr.getNode().getParent().getParent());
assertEquals("z[x]", gr.getID());
- String expectedPath = UserConstants.GROUPS_PATH + "/z/" + Text.escapeIllegalJcrChars("z[") + "/" + Text.escapeIllegalJcrChars("z[x]");
+ String expectedPath = groupsPath + "/z/" + Text.escapeIllegalJcrChars("z[") + "/" + Text.escapeIllegalJcrChars("z[x]");
assertEquals(expectedPath, gr.getNode().getPath());
Authorizable ath = uMgr.getAuthorizable(gr.getID());
@@ -212,6 +232,7 @@
// test if conflicting authorizables are detected.
try {
uMgr.createUser("z[x]", "z[x]");
+ save(s);
fail("A group \"z[x]\" already exists.");
} catch (AuthorizableExistsException e) {
// success
@@ -219,6 +240,7 @@
try {
uMgr.createGroup(new TestPrincipal("z*rik"));
+ save(s);
fail("A user \"z*rik\" already exists");
} catch (AuthorizableExistsException e) {
// success
@@ -232,13 +254,15 @@
*
* @throws RepositoryException
*/
- public void testAutoExpand() throws RepositoryException {
+ public void testAutoExpand() throws RepositoryException, NotExecutableException {
createUserManager(2, true, 5);
UserImpl u = (UserImpl) uMgr.createUser("z", "z");
+ save(s);
+
// remember the z-folder for later removal
toRemove.add((NodeImpl) u.getNode().getParent().getParent());
- assertEquals(UserConstants.USERS_PATH + "/z/zz/z", u.getNode().getPath());
+ assertEquals(usersPath + "/z/zz/z", u.getNode().getPath());
Map<String, String> m = new ListOrderedMap();
m.put("zz", "/z/zz/zz");
@@ -265,7 +289,8 @@
for (String uid : m.keySet()) {
u = (UserImpl) uMgr.createUser(uid, uid);
- assertEquals(UserConstants.USERS_PATH + m.get(uid), u.getNode().getPath());
+ save(s);
+ assertEquals(usersPath + m.get(uid), u.getNode().getPath());
}
}
@@ -277,14 +302,16 @@
*
* @throws RepositoryException
*/
- public void testConflictUponChangingAutoExpandFlag() throws RepositoryException {
+ public void testConflictUponChangingAutoExpandFlag() throws RepositoryException, NotExecutableException {
createUserManager(2, false, 1);
UserImpl u = (UserImpl) uMgr.createUser("zzz", "zzz");
+ save(s);
+
// remember the z-folder for later removal
toRemove.add((NodeImpl) u.getNode().getParent().getParent());
- assertEquals(UserConstants.USERS_PATH + "/z/zz/zzz", u.getNode().getPath());
+ assertEquals(usersPath + "/z/zz/zzz", u.getNode().getPath());
// now create a second user manager that has auto-expand-tree enabled
createUserManager(2, true, 1);
@@ -307,7 +334,9 @@
for (String uid : m.keySet()) {
u = (UserImpl) uMgr.createUser(uid, uid);
- assertEquals(UserConstants.USERS_PATH + m.get(uid), u.getNode().getPath());
+ save(s);
+
+ assertEquals(usersPath + m.get(uid), u.getNode().getPath());
assertNotNull(uMgr.getAuthorizable(uid));
}
}
@@ -317,13 +346,15 @@
*
* @throws RepositoryException
*/
- public void testFindById() throws RepositoryException {
+ public void testFindById() throws RepositoryException, NotExecutableException {
createUserManager(2, true, 2);
UserImpl u = (UserImpl) uMgr.createUser("z", "z");
+ save(s);
+
// remember the z-folder for later removal
toRemove.add((NodeImpl) u.getNode().getParent().getParent());
- assertEquals(UserConstants.USERS_PATH + "/z/zz/z", u.getNode().getPath());
+ assertEquals(usersPath + "/z/zz/z", u.getNode().getPath());
Map<String, String> m = new ListOrderedMap();
// potential conflicting uid
@@ -336,11 +367,42 @@
for (String uid : m.keySet()) {
u = (UserImpl) uMgr.createUser(uid, uid);
- assertEquals(UserConstants.USERS_PATH + m.get(uid), u.getNode().getPath());
+ save(s);
+
+ assertEquals(usersPath + m.get(uid), u.getNode().getPath());
User us = (User) uMgr.getAuthorizable(uid);
assertNotNull(us);
assertEquals(uid, us.getID());
}
}
+
+ public void testIdIsCaseSensitive() throws RepositoryException, NotExecutableException {
+ createUserManager(2, true, 2);
+
+ UserImpl u = (UserImpl) uMgr.createUser("ZuRiCh", "z");
+ save(s);
+
+ // remember the z-folder for later removal
+ toRemove.add((NodeImpl) u.getNode().getParent().getParent());
+
+ assertEquals("ZuRiCh", u.getID());
+ }
+
+ public void testUUIDIsBuildCaseInsensitive() throws RepositoryException, NotExecutableException {
+ createUserManager(2, true, 2);
+
+ UserImpl u = (UserImpl) uMgr.createUser("ZuRiCh", "z");
+ save(s);
+
+ // remember the z-folder for later removal
+ toRemove.add((NodeImpl) u.getNode().getParent().getParent());
+
+ try {
+ User u2 = uMgr.createUser("zurich", "z");
+ fail("uuid is built from insensitive userID -> must conflict");
+ } catch (AuthorizableExistsException e) {
+ // success
+ }
+ }
}
\ No newline at end of file
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NodeResolverTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NodeResolverTest.java?rev=828791&r1=828790&r2=828791&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NodeResolverTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NodeResolverTest.java Thu Oct 22 17:26:37 2009
@@ -19,12 +19,14 @@
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.commons.name.NameConstants;
import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl;
import org.apache.jackrabbit.test.AbstractJCRTest;
import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -41,37 +43,68 @@
private static Logger log = LoggerFactory.getLogger(NodeResolverTest.class);
NodeResolver nodeResolver;
+ UserManager umgr;
+ String usersPath = UserConstants.USERS_PATH;
+ String groupsPath = UserConstants.GROUPS_PATH;
+ String authorizablesPath = UserConstants.AUTHORIZABLES_PATH;
protected void setUp() throws Exception {
super.setUp();
nodeResolver = createNodeResolver(superuser);
- }
-
- protected static UserImpl getCurrentUser(Session session) throws NotExecutableException, RepositoryException {
- if (!(session instanceof JackrabbitSession)) {
+ if (!(superuser instanceof JackrabbitSession)) {
throw new NotExecutableException();
}
- try {
- UserManager uMgr = ((JackrabbitSession) session).getUserManager();
- String uid = session.getUserID();
- if (uid != null) {
- Authorizable auth = uMgr.getAuthorizable(session.getUserID());
- if (auth != null && auth instanceof UserImpl) {
- return (UserImpl) auth;
- }
+
+ umgr = ((JackrabbitSession) superuser).getUserManager();
+ if (umgr instanceof UserManagerImpl) {
+ UserManagerImpl uImpl = (UserManagerImpl) umgr;
+ usersPath = uImpl.getUsersPath();
+ groupsPath = uImpl.getGroupsPath();
+
+ authorizablesPath = usersPath;
+ while (!Text.isDescendant(authorizablesPath, groupsPath)) {
+ authorizablesPath = Text.getRelativeParent(authorizablesPath, 1);
+ }
+ }
+ }
+
+ protected UserImpl getCurrentUser() throws NotExecutableException, RepositoryException {
+ String uid = superuser.getUserID();
+ if (uid != null) {
+ Authorizable auth = umgr.getAuthorizable(uid);
+ if (auth != null && auth instanceof UserImpl) {
+ return (UserImpl) auth;
}
- } catch (RepositoryException e) {
- // ignore
}
// unable to retrieve current user
throw new NotExecutableException();
}
- protected abstract NodeResolver createNodeResolver(Session session) throws RepositoryException, NotExecutableException;
+ protected void save() throws RepositoryException {
+ if (!umgr.isAutoSave() && superuser.hasPendingChanges()) {
+ superuser.save();
+ }
+ }
+
+ protected abstract NodeResolver createNodeResolver(SessionImpl session) throws RepositoryException, NotExecutableException;
+
+ protected NodeResolver createNodeResolver(Session session) throws NotExecutableException, RepositoryException {
+ if (!(session instanceof SessionImpl)) {
+ throw new NotExecutableException();
+ }
+
+ NodeResolver resolver = createNodeResolver((SessionImpl) session);
+ UserManager umr = ((SessionImpl) session).getUserManager();
+ if (umr instanceof UserManagerImpl) {
+ UserManagerImpl uImpl = (UserManagerImpl) umr;
+ resolver.setSearchRoots(uImpl.getUsersPath(), uImpl.getGroupsPath());
+ }
+ return resolver;
+ }
public void testFindNode() throws NotExecutableException, RepositoryException {
- UserImpl currentUser = getCurrentUser(superuser);
+ UserImpl currentUser = getCurrentUser();
NodeResolver nr = createNodeResolver(currentUser.getNode().getSession());
@@ -86,7 +119,7 @@
result = nr.findNode(currentUser.getNode().getQName(), UserConstants.NT_REP_GROUP);
assertNull(result);
- Iterator it = currentUser.memberOf();
+ Iterator<Group> it = currentUser.memberOf();
while (it.hasNext()) {
GroupImpl gr = (GroupImpl) it.next();
@@ -104,7 +137,7 @@
}
public void testFindNodeByPrincipalName() throws NotExecutableException, RepositoryException {
- UserImpl currentUser = getCurrentUser(superuser);
+ UserImpl currentUser = getCurrentUser();
NodeResolver nr = createNodeResolver(currentUser.getNode().getSession());
@@ -112,7 +145,7 @@
assertNotNull(result);
assertTrue(currentUser.getNode().isSame(result));
- Iterator it = currentUser.memberOf();
+ Iterator<Group> it = currentUser.memberOf();
while (it.hasNext()) {
GroupImpl gr = (GroupImpl) it.next();
@@ -126,13 +159,14 @@
}
public void testFindNodeByMultiValueProp() throws NotExecutableException, RepositoryException {
- UserImpl currentUser = getCurrentUser(superuser);
+ UserImpl currentUser = getCurrentUser();
Value[] vs = new Value[] {
superuser.getValueFactory().createValue("blub"),
superuser.getValueFactory().createValue("blib")
};
currentUser.setProperty(propertyName1, vs);
+ save();
NodeResolver nr = createNodeResolver(currentUser.getNode().getSession());
@@ -142,6 +176,7 @@
assertTrue(currentUser.getNode().isSame(result));
currentUser.removeProperty(propertyName1);
+ save();
}
public void testFindNodeWithNonExistingSearchRoot() throws NotExecutableException, RepositoryException {
@@ -161,14 +196,17 @@
superuser.getValueFactory().createValue("blib")
};
- UserImpl currentUser = getCurrentUser(superuser);
+ UserImpl currentUser = getCurrentUser();
currentUser.setProperty(propertyName1, vs);
- Iterator it = currentUser.memberOf();
+ int expResultSize = 1;
+ Iterator<Group> it = currentUser.memberOf();
while (it.hasNext()) {
GroupImpl gr = (GroupImpl) it.next();
gr.setProperty(propertyName1, vs);
+ expResultSize++;
}
+ save();
Name propName = ((SessionImpl) superuser).getQName(propertyName1);
@@ -181,7 +219,7 @@
assertFalse("expected no more results", result.hasNext());
result = nr.findNodes(propName, "blub", UserConstants.NT_REP_AUTHORIZABLE, false);
- assertTrue(getSize(result) > 1);
+ assertEquals(expResultSize, getSize(result));
} finally {
currentUser.removeProperty(propertyName1);
@@ -190,6 +228,7 @@
GroupImpl gr = (GroupImpl) it.next();
gr.removeProperty(propertyName1);
}
+ save();
}
}
@@ -207,25 +246,25 @@
public void testGetSearchRoot() {
String searchRoot = nodeResolver.getSearchRoot(UserConstants.NT_REP_AUTHORIZABLE);
assertNotNull(searchRoot);
- assertEquals(UserConstants.AUTHORIZABLES_PATH, searchRoot);
+ assertEquals(authorizablesPath, searchRoot);
searchRoot = nodeResolver.getSearchRoot(UserConstants.NT_REP_GROUP);
assertNotNull(searchRoot);
- assertEquals(UserConstants.GROUPS_PATH, searchRoot);
+ assertEquals(groupsPath, searchRoot);
searchRoot = nodeResolver.getSearchRoot(UserConstants.NT_REP_USER);
assertNotNull(searchRoot);
- assertEquals(UserConstants.USERS_PATH, searchRoot);
+ assertEquals(usersPath, searchRoot);
}
public void testGetSearchRootDefault() {
String searchRoot = nodeResolver.getSearchRoot(UserConstants.NT_REP_AUTHORIZABLE_FOLDER);
assertNotNull(searchRoot);
- assertEquals(UserConstants.AUTHORIZABLES_PATH, searchRoot);
+ assertEquals(authorizablesPath, searchRoot);
searchRoot = nodeResolver.getSearchRoot(NameConstants.NT_UNSTRUCTURED);
assertNotNull(searchRoot);
- assertEquals(UserConstants.AUTHORIZABLES_PATH, searchRoot);
+ assertEquals(authorizablesPath, searchRoot);
}
public void testGetNamePathResolver() {
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java?rev=828791&r1=828790&r2=828791&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java Thu Oct 22 17:26:37 2009
@@ -49,7 +49,10 @@
// created for that new user.
Principal p = getTestPrincipal();
String pw = buildPassword(p);
+
UserImpl u = (UserImpl) userMgr.createUser(p.getName(), pw);
+ save(superuser);
+
uID = u.getID();
// create a session for the other user.
@@ -66,15 +69,18 @@
Authorizable a = userMgr.getAuthorizable(uID);
if (a != null) {
a.remove();
+ save(superuser);
}
}
super.tearDown();
}
- public void testCreateUser() {
+ public void testCreateUser() throws NotExecutableException {
try {
Principal p = getTestPrincipal();
User u = uMgr.createUser(p.getName(), buildPassword(p));
+ save(uSession);
+
fail("A non-UserAdmin should not be allowed to create a new User.");
// clean-up: let superuser remove the user created by fault.
@@ -87,10 +93,12 @@
}
}
- public void testCreateUserWithItermediatePath() {
+ public void testCreateUserWithItermediatePath() throws NotExecutableException {
try {
Principal p = getTestPrincipal();
User u = uMgr.createUser(p.getName(), buildPassword(p), p, "/any/intermediate/path");
+ save(uSession);
+
fail("A non-UserAdmin should not be allowed to create a new User.");
// clean-up: let superuser remove the user created by fault.
@@ -103,101 +111,96 @@
}
}
- public void testRemoveOwnAuthorizable() throws RepositoryException {
+ public void testRemoveOwnAuthorizable() throws RepositoryException, NotExecutableException {
Authorizable himself = uMgr.getAuthorizable(uID);
try {
himself.remove();
+ save(uSession);
+
fail("A user should not be allowed to remove him/herself.");
} catch (AccessDeniedException e) {
// success
}
}
- public void testRemoveChildUser() throws RepositoryException {
- // let superuser create a child-user.
+ public void testRemoveUser() throws RepositoryException, NotExecutableException {
+ // let superuser create another user.
Principal p = getTestPrincipal();
- String childID = userMgr.createUser(p.getName(), buildPassword(p)).getID();
+ String user2ID = userMgr.createUser(p.getName(), buildPassword(p)).getID();
+ save(superuser);
+
try {
- Authorizable a = uMgr.getAuthorizable(childID);
+ Authorizable a = uMgr.getAuthorizable(user2ID);
a.remove();
- fail("A non-administrator user should not be allowed to remove a child-user.");
+ save(uSession);
+
+ fail("A non-administrator user should not be allowed to remove another user.");
} catch (AccessDeniedException e) {
// success
}
// let superuser do clean up.
- Authorizable child = userMgr.getAuthorizable(childID);
- if (child != null) {
- child.remove();
+ Authorizable user2 = userMgr.getAuthorizable(user2ID);
+ if (user2 != null) {
+ user2.remove();
+ save(superuser);
}
}
- public void testRemoveOtherUser() throws RepositoryException {
- // let superuser create a child-user.
+ public void testRemoveOtherUser() throws RepositoryException, NotExecutableException {
+ // let superuser create another user.
Principal p = getTestPrincipal();
- String childID = userMgr.createUser(p.getName(), buildPassword(p), p, "/any/intermediate/path").getID();
+ String user2ID = userMgr.createUser(p.getName(), buildPassword(p), p, "/any/intermediate/path").getID();
+ save(superuser);
+
try {
- Authorizable a = uMgr.getAuthorizable(childID);
+ Authorizable a = uMgr.getAuthorizable(user2ID);
a.remove();
+ save(uSession);
+
fail("A non-administrator user should not be allowed to remove another user.");
} catch (AccessDeniedException e) {
// success
}
// let superuser do clean up.
- Authorizable child = userMgr.getAuthorizable(childID);
- if (child != null) {
- child.remove();
+ Authorizable user2 = userMgr.getAuthorizable(user2ID);
+ if (user2 != null) {
+ user2.remove();
+ save(superuser);
}
}
- public void testModifyImpersonation() throws RepositoryException {
- // let superuser create a child-user.
+ public void testModifyImpersonationOfAnotherUser() throws RepositoryException, NotExecutableException {
+ // let superuser create another user.
Principal p = getTestPrincipal();
- Authorizable child = userMgr.createUser(p.getName(), buildPassword(p));
- try {
- p = child.getPrincipal();
-
- Authorizable himself = uMgr.getAuthorizable(uID);
- Impersonation impers = ((User) himself).getImpersonation();
+ String user2ID = userMgr.createUser(p.getName(), buildPassword(p)).getID();
+ save(superuser);
- assertFalse(impers.allows(buildSubject(p)));
- assertTrue(impers.grantImpersonation(p));
- assertTrue(impers.allows(buildSubject(p)));
- assertTrue(impers.revokeImpersonation(p));
- assertFalse(impers.allows(buildSubject(p)));
-
- } finally {
- // let superuser do clean up.
- child.remove();
- }
- }
-
- public void testModifyImpersonationOfChildUser() throws RepositoryException {
- // let superuser create a child-user.
- Principal p = getTestPrincipal();
- String childID = userMgr.createUser(p.getName(), buildPassword(p)).getID();
try {
- Authorizable child = uMgr.getAuthorizable(childID);
+ Authorizable a = uMgr.getAuthorizable(user2ID);
- Impersonation impers = ((User) child).getImpersonation();
+ Impersonation impers = ((User) a).getImpersonation();
Principal himselfP = uMgr.getAuthorizable(uID).getPrincipal();
assertFalse(impers.allows(buildSubject(himselfP)));
impers.grantImpersonation(himselfP);
- fail("A non-administrator user should not be allowed modify Impersonation of a child user.");
+ save(uSession);
+
+ fail("A non-administrator user should not be allowed modify Impersonation of another user.");
} catch (AccessDeniedException e) {
// success
}
// let superuser do clean up.
- Authorizable child = userMgr.getAuthorizable(childID);
- if (child != null) {
- child.remove();
+ Authorizable user2 = userMgr.getAuthorizable(user2ID);
+ if (user2 != null) {
+ user2.remove();
+ save(superuser);
}
}
public void testAddToGroup() throws NotExecutableException, RepositoryException {
- Authorizable auth = userMgr.getAuthorizable(SecurityConstants.ADMINISTRATORS_NAME);
+ Authorizable auth = uMgr.getAuthorizable(SecurityConstants.ADMINISTRATORS_NAME);
if (auth == null || !auth.isGroup()) {
throw new NotExecutableException("Couldn't find 'administrators' group");
}
@@ -206,10 +209,15 @@
try {
auth = uMgr.getAuthorizable(uID);
gr.addMember(auth);
+ save(uSession);
+
fail("a common user should not be allowed to modify any groups.");
- gr.removeMember(auth);
} catch (AccessDeniedException e) {
// success
+ } finally {
+ if (gr.removeMember(auth)) {
+ save(uSession);
+ }
}
}
}
\ No newline at end of file
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java?rev=828791&r1=828790&r2=828791&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java Thu Oct 22 17:26:37 2009
@@ -45,7 +45,9 @@
suite.addTestSuite(IndexNodeResolverTest.class);
suite.addTestSuite(TraversingNodeResolverTest.class);
- suite.addTestSuite(IdResolverTest.class);
+ suite.addTestSuite(NodeCreationTest.class);
+
+ suite.addTestSuite(UserImporterTest.class);
return suite;
}
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolverTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolverTest.java?rev=828791&r1=828790&r2=828791&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolverTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolverTest.java Thu Oct 22 17:26:37 2009
@@ -22,17 +22,13 @@
import org.slf4j.LoggerFactory;
import javax.jcr.RepositoryException;
-import javax.jcr.Session;
/** <code>TraversingNodeResolverTest</code>... */
public class TraversingNodeResolverTest extends NodeResolverTest {
private static Logger log = LoggerFactory.getLogger(TraversingNodeResolverTest.class);
- protected NodeResolver createNodeResolver(Session session) throws RepositoryException, NotExecutableException {
- if (!(session instanceof SessionImpl)) {
- throw new NotExecutableException();
- }
- return new TraversingNodeResolver(session, (SessionImpl) session);
+ protected NodeResolver createNodeResolver(SessionImpl session) throws RepositoryException, NotExecutableException {
+ return new TraversingNodeResolver(session, session);
}
}
\ No newline at end of file