You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2023/01/19 17:25:39 UTC
[jackrabbit-oak] branch trunk updated: OAK-10074 : AutoMembershipProvider consistency with ExternalPrincipalProvider
This is an automated email from the ASF dual-hosted git repository.
angela pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git
The following commit(s) were added to refs/heads/trunk by this push:
new bf02e7adc1 OAK-10074 : AutoMembershipProvider consistency with ExternalPrincipalProvider
bf02e7adc1 is described below
commit bf02e7adc1f1a0fb06f05b7663ec0a695d1710af
Author: angela <an...@adobe.com>
AuthorDate: Thu Jan 19 18:25:30 2023 +0100
OAK-10074 : AutoMembershipProvider consistency with ExternalPrincipalProvider
---
.../impl/principal/AutoMembershipProvider.java | 4 +--
.../external/impl/DynamicSyncTest.java | 34 ++++++++++++++++++++++
2 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipProvider.java b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipProvider.java
index a4c49a70b4..84595ab803 100644
--- a/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipProvider.java
+++ b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipProvider.java
@@ -52,7 +52,6 @@ import java.util.stream.StreamSupport;
import static org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalIdentityConstants.REP_EXTERNAL_ID;
import static org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.DynamicGroupUtil.getIdpName;
import static org.apache.jackrabbit.oak.spi.security.user.UserConstants.NT_REP_AUTHORIZABLE;
-import static org.apache.jackrabbit.oak.spi.security.user.UserConstants.NT_REP_GROUP;
import static org.apache.jackrabbit.oak.spi.security.user.UserConstants.NT_REP_USER;
import static org.apache.jackrabbit.oak.spi.security.user.UserConstants.REP_AUTHORIZABLE_ID;
@@ -190,7 +189,8 @@ class AutoMembershipProvider implements DynamicMembershipProvider {
return;
}
- String nodeType = (groupIdpNames.isEmpty()) ? NT_REP_USER : (idpNames.size() == groupIdpNames.size()) ? NT_REP_GROUP : NT_REP_AUTHORIZABLE;
+ // currently 'group.automembership' is added for all users -> search for type authorizable (not just groups)
+ String nodeType = (groupIdpNames.isEmpty()) ? NT_REP_USER : NT_REP_AUTHORIZABLE;
// since this provider is only enabled for dynamic-automembership the 'includeInherited' flag can be ignored.
// as group-membership for dynamic users is flattened and automembership-configuration for groups is included.
diff --git a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncTest.java b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncTest.java
index 0f55531f0e..348c188ea5 100644
--- a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncTest.java
+++ b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncTest.java
@@ -37,6 +37,7 @@ import java.util.List;
import java.util.Set;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
@@ -143,6 +144,39 @@ public class DynamicSyncTest extends AbstractDynamicTest {
assertExpectedIds(expectedIds, aGroup.declaredMemberOf(), aGroup.memberOf());
}
+ @Test
+ public void testAutomembershipGroups() throws Exception {
+ ExternalUser externalUser = idp.getUser(USER_ID);
+ sync(externalUser, SyncResult.Status.ADD);
+
+ Authorizable user = userManager.getAuthorizable(USER_ID);
+ Group aGroup = userManager.getAuthorizable("a", Group.class);
+
+ // verify group 'autoForGroups'
+ Set<String> expMemberIds = ImmutableSet.of("a", "b", "c", "aa", "aaa", USER_ID);
+ assertExpectedIds(expMemberIds, autoForGroups.getDeclaredMembers(), autoForGroups.getMembers());
+ assertIsMember(autoForGroups, true, user, aGroup);
+ assertIsMember(autoForGroups, false, user, aGroup);
+ assertFalse(autoForGroups.isMember(base));
+ }
+
+ @Test
+ public void testAutomembershipUsers() throws Exception {
+ ExternalUser externalUser = idp.getUser(USER_ID);
+ sync(externalUser, SyncResult.Status.ADD);
+
+ Authorizable user = userManager.getAuthorizable(USER_ID);
+ Group aGroup = userManager.getAuthorizable("a", Group.class);
+
+ // verify group 'autoForUsers'
+ Set<String> expMemberIds = ImmutableSet.of(USER_ID);
+ assertExpectedIds(expMemberIds, autoForUsers.getDeclaredMembers(), autoForUsers.getMembers());
+ assertTrue(autoForUsers.isMember(user));
+
+ assertFalse(autoForUsers.isMember(aGroup));
+ assertFalse(autoForUsers.isMember(base));
+ }
+
private static void assertIsMember(@NotNull Group group, boolean declared, @NotNull Authorizable... members) {
try {
for (Authorizable member : members) {