You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2016/05/11 07:12:43 UTC
svn commit: r1743322 - in
/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external:
TestIdentityProvider.java impl/jmx/SyncMBeanImplTest.java
Author: angela
Date: Wed May 11 07:12:43 2016
New Revision: 1743322
URL: http://svn.apache.org/viewvc?rev=1743322&view=rev
Log:
OAK-4264 : Improve testing of SyncMBeanImpl (WIP)
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImplTest.java
Modified: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java?rev=1743322&r1=1743321&r2=1743322&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java Wed May 11 07:12:43 2016
@@ -40,14 +40,14 @@ public class TestIdentityProvider implem
private final Map<String, ExternalUser> externalUsers = new HashMap<String, ExternalUser>();
public TestIdentityProvider() {
- addGroup(new TestGroup("aa"));
- addGroup(new TestGroup("aaa"));
- addGroup(new TestGroup("a").withGroups("aa", "aaa"));
- addGroup(new TestGroup("b").withGroups("a"));
- addGroup(new TestGroup("c"));
- addGroup(new TestGroup("secondGroup"));
+ addGroup(new TestGroup("aa", getName()));
+ addGroup(new TestGroup("aaa", getName()));
+ addGroup(new TestGroup("a", getName()).withGroups("aa", "aaa"));
+ addGroup(new TestGroup("b", getName()).withGroups("a"));
+ addGroup(new TestGroup("c", getName()));
+ addGroup(new TestGroup("secondGroup", getName()));
- addUser(new TestUser(ID_TEST_USER)
+ addUser(new TestUser(ID_TEST_USER, getName())
.withProperty("name", "Test User")
.withProperty("profile/name", "Public Name")
.withProperty("profile/age", 72)
@@ -55,7 +55,7 @@ public class TestIdentityProvider implem
.withGroups("a", "b", "c")
);
- addUser(new TestUser(ID_SECOND_USER)
+ addUser(new TestUser(ID_SECOND_USER, getName())
.withProperty("profile/name", "Second User")
.withProperty("age", 24)
.withProperty("col", ImmutableList.of("v1", "v2", "v3"))
@@ -141,17 +141,17 @@ public class TestIdentityProvider implem
private final Map<String, Object> props = new HashMap<String, Object>();
public TestIdentity() {
- this("externalId", "principalName");
+ this("externalId", "principalName", "test");
}
public TestIdentity(@Nonnull String userId) {
- this(userId, userId);
+ this(userId, userId, "test");
}
- public TestIdentity(@Nonnull String userId, @Nonnull String principalName) {
+ public TestIdentity(@Nonnull String userId, @Nonnull String principalName, @Nonnull String idpName) {
this.userId = userId;
this.principalName = principalName;
- id = new ExternalIdentityRef(userId, "test");
+ id = new ExternalIdentityRef(userId, idpName);
}
public TestIdentity(@Nonnull ExternalIdentity base) {
@@ -202,7 +202,7 @@ public class TestIdentityProvider implem
protected TestIdentity withGroups(String ... grps) {
for (String grp: grps) {
- groups.add(new ExternalIdentityRef(grp, "test"));
+ groups.add(new ExternalIdentityRef(grp, id.getProviderName()));
}
return this;
}
@@ -210,8 +210,8 @@ public class TestIdentityProvider implem
private static class TestUser extends TestIdentity implements ExternalUser {
- private TestUser(String userId) {
- super(userId);
+ private TestUser(String userId, @Nonnull String idpName) {
+ super(userId, userId, idpName);
}
public String getPassword() {
@@ -222,8 +222,8 @@ public class TestIdentityProvider implem
private static class TestGroup extends TestIdentity implements ExternalGroup {
- private TestGroup(String userId) {
- super(userId);
+ private TestGroup(@Nonnull String userId, @Nonnull String idpName) {
+ super(userId, userId, idpName);
}
@Nonnull
@@ -236,26 +236,14 @@ public class TestIdentityProvider implem
public static final class ForeignExternalUser extends TestIdentityProvider.TestIdentity implements ExternalUser {
public ForeignExternalUser() {
- super();
- }
-
- @Nonnull
- @Override
- public ExternalIdentityRef getExternalId() {
- return new ExternalIdentityRef(getId(), "AnotherExternalIDP");
+ super("externalId", "principalName", "AnotherExternalIDP");
}
}
public static final class ForeignExternalGroup extends TestIdentityProvider.TestIdentity implements ExternalGroup {
public ForeignExternalGroup() {
- super();
- }
-
- @Nonnull
- @Override
- public ExternalIdentityRef getExternalId() {
- return new ExternalIdentityRef(getId(), "AnotherExternalIDP");
+ super("externalId", "principalName", "AnotherExternalIDP");
}
@Nonnull
Modified: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImplTest.java?rev=1743322&r1=1743321&r2=1743322&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImplTest.java Wed May 11 07:12:43 2016
@@ -16,23 +16,45 @@
*/
package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx;
+import java.util.Iterator;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.jcr.Repository;
+import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
+import com.google.common.collect.Iterators;
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.jcr.Jcr;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProviderManager;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncContext;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncManager;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult;
import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext;
import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
+import org.junit.After;
import org.junit.Before;
import org.junit.BeforeClass;
+import org.junit.Ignore;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
public class SyncMBeanImplTest {
@@ -42,10 +64,15 @@ public class SyncMBeanImplTest {
private static Repository REPOSITORY;
private ExternalIdentityProvider idp;
+ private ExternalIdentityProvider foreignIDP;
+ private DefaultSyncConfig syncConfig;
+ private SyncMBeanImpl syncMBean;
+
private SyncManager syncMgr;
- ExternalIdentityProviderManager idpMgr;
+ private ExternalIdentityProviderManager idpMgr;
- private SyncMBeanImpl syncMBean;
+ private Session session;
+ private UserManager userManager;
@BeforeClass
public static void beforeClass() {
@@ -53,15 +80,24 @@ public class SyncMBeanImplTest {
}
@Before
- public void before() {
- // TODO : proper setup
+ public void before() throws Exception {
idp = new TestIdentityProvider();
+ foreignIDP = new TestIdentityProvider() {
+ @Nonnull
+ public String getName() {
+ return "anotherIDP";
+ }
+
+ };
+ syncConfig = new DefaultSyncConfig();
+ syncConfig.user().setMembershipNestingDepth(1);
+
syncMgr = new SyncManager() {
@CheckForNull
@Override
public SyncHandler getSyncHandler(@Nonnull String name) {
if (SYNC_NAME.equals(name)) {
- return new DefaultSyncHandler(new DefaultSyncConfig());
+ return new DefaultSyncHandler(syncConfig);
} else {
return null;
}
@@ -79,8 +115,49 @@ public class SyncMBeanImplTest {
}
};
syncMBean = new SyncMBeanImpl(REPOSITORY, syncMgr, SYNC_NAME, idpMgr, idp.getName());
+
+ session = REPOSITORY.login(new SimpleCredentials("admin", "admin".toCharArray()));
+ if (!(session instanceof JackrabbitSession)) {
+ throw new IllegalStateException();
+ } else {
+ userManager = ((JackrabbitSession) session).getUserManager();
+ }
}
+ @After
+ public void after() throws Exception {
+ try {
+ session.refresh(false);
+ Iterator<ExternalIdentity> extIdentities = Iterators.concat(idp.listGroups(), idp.listUsers());
+ while (extIdentities.hasNext()) {
+ Authorizable a = userManager.getAuthorizable(extIdentities.next().getId());
+ if (a != null) {
+ a.remove();
+ }
+ }
+ session.save();
+ } finally {
+ session.logout();
+ }
+ }
+
+ private static void assertResultMessages(@Nonnull String[] resultMessages, int expectedSize, @Nonnull String... expectedOperations) {
+ assertEquals(expectedSize, resultMessages.length);
+ for (int i = 0; i < resultMessages.length; i++) {
+ String rm = resultMessages[i];
+ String op = rm.substring(rm.indexOf(":") + 2, rm.indexOf("\","));
+ assertEquals(expectedOperations[i], op);
+ }
+ }
+
+ private SyncResult sync(@Nonnull ExternalIdentityProvider idp, @Nonnull String id, boolean isGroup) throws Exception {
+ SyncContext ctx = new DefaultSyncContext(syncConfig, idp, userManager, session.getValueFactory());
+ SyncResult res = ctx.sync((isGroup) ? idp.getGroup(id) : idp.getUser(id));
+ session.save();
+ return res;
+ }
+
+
@Test
public void testGetSyncHandlerName() {
assertEquals(SYNC_NAME, syncMBean.getSyncHandlerName());
@@ -119,18 +196,245 @@ public class SyncMBeanImplTest {
}
}
+ /**
+ * test users have never been synced before => result must be NSA
+ */
@Test
- public void testSyncUsers() {
- // TODO
+ public void testSyncUsersBefore() {
+ String[] userIds = new String[] {TestIdentityProvider.ID_TEST_USER, TestIdentityProvider.ID_SECOND_USER};
+
+ String[] result = syncMBean.syncUsers(userIds, false);
+ assertResultMessages(result, userIds.length, "nsa", "nsa");
+
+ result = syncMBean.syncUsers(userIds, true);
+ assertResultMessages(result, userIds.length, "nsa", "nsa");
}
@Test
- public void testSyncAllUsers() {
- // TODO
+ public void testSyncUsers() throws Exception {
+ sync(idp, TestIdentityProvider.ID_TEST_USER, false);
+
+ String[] userIds = new String[]{TestIdentityProvider.ID_TEST_USER, TestIdentityProvider.ID_SECOND_USER};
+ String[] result = syncMBean.syncUsers(userIds, false);
+ assertResultMessages(result, userIds.length, "upd", "nsa");
+
+ result = syncMBean.syncUsers(userIds, true);
+ assertResultMessages(result, userIds.length, "upd", "nsa");
+ }
+
+ @Test
+ public void testSyncUsersAlwaysForcesSync() throws Exception {
+ sync(idp, TestIdentityProvider.ID_TEST_USER, false);
+
+ String[] userIds = new String[]{TestIdentityProvider.ID_TEST_USER, TestIdentityProvider.ID_SECOND_USER};
+ syncConfig.user().setExpirationTime(Long.MAX_VALUE);
+
+ String[]result = syncMBean.syncUsers(userIds, false);
+ assertResultMessages(result, userIds.length, "upd", "nsa");
+ }
+
+ @Test
+ public void testSyncGroups() throws Exception {
+ sync(idp, "a", true);
+
+ String[] ids = new String[]{"a"};
+ syncConfig.group().setExpirationTime(Long.MAX_VALUE);
+
+ // force group sync is true by default => exp time is ignored
+ String[] result = syncMBean.syncUsers(ids, false);
+ assertResultMessages(result, ids.length, "upd");
+ }
+
+ @Test
+ public void testSyncUsersPurge() throws Exception {
+ User u = userManager.createUser("thirdUser", null);
+ u.setProperty(DefaultSyncContext.REP_EXTERNAL_ID, session.getValueFactory().createValue(new ExternalIdentityRef(u.getID(), idp.getName()).getString()));
+ session.save();
+
+ String[] ids = new String[]{u.getID()};
+ String[] result = syncMBean.syncUsers(ids, false);
+ assertResultMessages(result, ids.length, "mis");
+ assertNotNull(userManager.getAuthorizable(u.getID()));
+
+ result = syncMBean.syncUsers(ids, true);
+ assertResultMessages(result, ids.length, "del");
+ assertNull(userManager.getAuthorizable(u.getID()));
+ }
+
+ @Test
+ public void testSyncUsersNonExisting() {
+ String[] result = syncMBean.syncUsers(new String[] {"nonExisting"}, false);
+ assertResultMessages(result, 1, "nsa");
+ }
+
+ @Test
+ public void testSyncUsersLocal() {
+ String[] result = syncMBean.syncUsers(new String[] {UserConstants.DEFAULT_ANONYMOUS_ID}, false);
+ assertResultMessages(result, 1, "for");
+ }
+
+ @Test
+ public void testSyncUsersLocalPurge() throws Exception {
+ String[] result = syncMBean.syncUsers(new String[] {UserConstants.DEFAULT_ANONYMOUS_ID}, true);
+ assertResultMessages(result, 1, "for");
+
+ assertNotNull(userManager.getAuthorizable(UserConstants.DEFAULT_ANONYMOUS_ID));
}
@Test
- public void testSyncExternalUsers() {
+ public void testSyncUsersForeign() throws Exception {
+ // sync user from foreign IDP into the repository
+ SyncResult res = sync(foreignIDP, TestIdentityProvider.ID_TEST_USER, false);
+ assertNotNull(userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER));
+ assertEquals(foreignIDP.getUser(TestIdentityProvider.ID_TEST_USER).getExternalId(), res.getIdentity().getExternalIdRef());
+
+ // syncUsers with testIDP must detect the foreign status
+ String[] result = syncMBean.syncUsers(new String[]{TestIdentityProvider.ID_TEST_USER}, false);
+ assertResultMessages(result, 1, "for");
+ assertNotNull(userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER));
+
+ // same expected with 'purge' set to true
+ result = syncMBean.syncUsers(new String[] {TestIdentityProvider.ID_TEST_USER}, true);
+ assertResultMessages(result, 1, "for");
+ assertNotNull(userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER));
+ }
+
+ @Test
+ public void testSyncGroupsForeign() throws Exception {
+ // sync user from foreign IDP into the repository
+ SyncResult res = sync(foreignIDP, "a", true);
+ assertNotNull(userManager.getAuthorizable("a"));
+ assertEquals(foreignIDP.getGroup("a").getExternalId(), res.getIdentity().getExternalIdRef());
+
+ // syncUsers with testIDP must detect the foreign status
+ String[] result = syncMBean.syncUsers(new String[]{"a"}, false);
+ assertResultMessages(result, 1, "for");
+ assertNotNull(userManager.getAuthorizable("a"));
+
+ // same expected with 'purge' set to true
+ result = syncMBean.syncUsers(new String[] {"a"}, true);
+ assertResultMessages(result, 1, "for");
+ assertNotNull(userManager.getAuthorizable("a"));
+ }
+
+ @Test
+ public void testInitialSyncExternalUsers() throws Exception {
+ ExternalUser externalUser = idp.getUser(TestIdentityProvider.ID_TEST_USER);
+ String[] externalId = new String[] {externalUser.getExternalId().getString()};
+
+ String[] result = syncMBean.syncExternalUsers(externalId);
+ assertResultMessages(result, 1, "add");
+
+ User testUser = userManager.getAuthorizable(externalUser.getId(), User.class);
+ assertNotNull(testUser);
+
+ for (ExternalIdentityRef groupRef : externalUser.getDeclaredGroups()) {
+ assertNotNull(userManager.getAuthorizable(groupRef.getId()));
+ }
+ }
+
+ @Test
+ public void testInitialSyncExternalUsersNoNesting() throws Exception {
+ syncConfig.user().setMembershipNestingDepth(-1);
+
+ ExternalUser externalUser = idp.getUser(TestIdentityProvider.ID_TEST_USER);
+ String[] externalId = new String[] {externalUser.getExternalId().getString()};
+
+ String[] result = syncMBean.syncExternalUsers(externalId);
+ assertResultMessages(result, 1, "add");
+
+ User testUser = userManager.getAuthorizable(externalUser.getId(), User.class);
+ assertNotNull(testUser);
+
+ for (ExternalIdentityRef groupRef : externalUser.getDeclaredGroups()) {
+ assertNull(userManager.getAuthorizable(groupRef.getId()));
+ }
+ }
+
+ @Test
+ public void testSyncExternalUsersLastSyncedProperty() throws Exception {
+ ExternalUser externalUser = idp.getUser(TestIdentityProvider.ID_TEST_USER);
+ String[] externalId = new String[]{externalUser.getExternalId().getString()};
+
+ syncMBean.syncExternalUsers(externalId);
+ User testUser = userManager.getAuthorizable(externalUser.getId(), User.class);
+
+ long lastSynced = testUser.getProperty(DefaultSyncContext.REP_LAST_SYNCED)[0].getLong();
+ for (ExternalIdentityRef groupRef : externalUser.getDeclaredGroups()) {
+ Group gr = userManager.getAuthorizable(groupRef.getId(), Group.class);
+ long groupLastSynced = gr.getProperty(DefaultSyncContext.REP_LAST_SYNCED)[0].getLong();
+
+ assertTrue(lastSynced == groupLastSynced);
+ }
+
+ // default value for forceGroup sync is defined to be 'true' => verify result
+ syncMBean.syncExternalUsers(externalId);
+ testUser = userManager.getAuthorizable(externalUser.getId(), User.class);
+ long lastSynced2 = testUser.getProperty(DefaultSyncContext.REP_LAST_SYNCED)[0].getLong();
+
+ assertTrue(lastSynced < lastSynced2);
+ for (ExternalIdentityRef groupRef : externalUser.getDeclaredGroups()) {
+ Group gr = userManager.getAuthorizable(groupRef.getId(), Group.class);
+ long groupLastSynced = gr.getProperty(DefaultSyncContext.REP_LAST_SYNCED)[0].getLong();
+
+ assertTrue(lastSynced2 == groupLastSynced);
+ }
+ }
+
+ @Test
+ public void testInitialSyncExternalGroup() throws Exception {
+ ExternalGroup externalGroup = idp.getGroup("a");
+ String[] externalId = new String[] {externalGroup.getExternalId().getString()};
+
+ String[] result = syncMBean.syncExternalUsers(externalId);
+ assertResultMessages(result, 1, "add");
+
+ Group aGroup = userManager.getAuthorizable(externalGroup.getId(), Group.class);
+ assertNotNull(aGroup);
+
+ // membership of groups are not synced (unless imposed by user-sync with membership depth)
+ for (ExternalIdentityRef groupRef : externalGroup.getDeclaredGroups()) {
+ assertNull(userManager.getAuthorizable(groupRef.getId()));
+ }
+ }
+
+ @Test
+ public void testSyncExternalNonExisting() throws Exception {
+ ExternalIdentityRef ref = new ExternalIdentityRef("nonExisting", idp.getName());
+
+ String[] result = syncMBean.syncExternalUsers(new String[]{ref.getString()});
+ assertResultMessages(result, 1, "nsi");
+ }
+
+ /**
+ * @see <a href="https://issues.apache.org/jira/browse/OAK-4346">OAK-4346</a>
+ */
+ @Ignore("OAK-4346")
+ @Test
+ public void testSyncExternalLocal() throws Exception {
+ ExternalIdentityRef ref = new ExternalIdentityRef(UserConstants.DEFAULT_ANONYMOUS_ID, null);
+
+ String[] result = syncMBean.syncExternalUsers(new String[]{ref.getString()});
+ assertResultMessages(result, 1, "for");
+ }
+
+ /**
+ * @see <a href="https://issues.apache.org/jira/browse/OAK-4346">OAK-4346</a>
+ */
+ @Ignore("OAK-4346")
+ @Test
+ public void testSyncExternalForeign() throws Exception {
+ ExternalIdentityRef ref = new ExternalIdentityRef(TestIdentityProvider.ID_TEST_USER, "anotherIDP");
+
+ String[] result = syncMBean.syncExternalUsers(new String[]{ref.getString()});
+ assertResultMessages(result, 1, "for");
+
+ result = syncMBean.syncExternalUsers(new String[] {ref.getString()});
+ assertResultMessages(result, 1, "for");
+ }
+
+ @Test
+ public void testSyncAllUsers() {
// TODO
}
Re: svn commit: r1743322 - in /jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external:
TestIdentityProvider.java impl/jmx/SyncMBeanImplTest.java
Posted by Jukka Zitting <ju...@gmail.com>.
Hi,
On Fri, May 13, 2016 at 9:28 AM Angela Schreiber <an...@adobe.com> wrote:
> On 13/05/16 15:13, "Julian Reschke" <ju...@greenbytes.de> wrote:
> >Maybe there's code missing ensuring that System.currentTimeMillis()
> >actually changed before doing the operation that's suppose to lead to a
> >new timestamp?
>
> that might well be. i will take a look.
>
The Clock class [1] is convenient for this purpose.
[1]
https://github.com/apache/jackrabbit-oak/blob/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/stats/Clock.java
Best,
Jukka Zitting
Re: svn commit: r1743322 - in
/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external:
TestIdentityProvider.java impl/jmx/SyncMBeanImplTest.java
Posted by Angela Schreiber <an...@adobe.com>.
hi julian
On 13/05/16 15:13, "Julian Reschke" <ju...@greenbytes.de> wrote:
>...with this change,
change? hasn't the test just been introduced with that commit?
*confused*
>testSyncExternalUsersLastSyncedProperty fails
>reliably on my machines, because the two timestamps are the same.
ok...
>
>Maybe there's code missing ensuring that System.currentTimeMillis()
>actually changed before doing the operation that's suppose to lead to a
>new timestamp?
that might well be. i will take a look.
thanks for reporting
angela
>
>Best regards, Julian
>
>
>On 2016-05-11 09:12, angela@apache.org wrote:
>> Author: angela
>> Date: Wed May 11 07:12:43 2016
>> New Revision: 1743322
>>
>> URL: http://svn.apache.org/viewvc?rev=1743322&view=rev
>> Log:
>> OAK-4264 : Improve testing of SyncMBeanImpl (WIP)
>>
>> Modified:
>>
>>jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbi
>>t/oak/spi/security/authentication/external/TestIdentityProvider.java
>>
>>jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbi
>>t/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImplTest.jav
>>a
>>
>> Modified:
>>jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbi
>>t/oak/spi/security/authentication/external/TestIdentityProvider.java
>> URL:
>>http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/t
>>est/java/org/apache/jackrabbit/oak/spi/security/authentication/external/T
>>estIdentityProvider.java?rev=1743322&r1=1743321&r2=1743322&view=diff
>>
>>=========================================================================
>>=====
>> ---
>>jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbi
>>t/oak/spi/security/authentication/external/TestIdentityProvider.java
>>(original)
>> +++
>>jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbi
>>t/oak/spi/security/authentication/external/TestIdentityProvider.java Wed
>>May 11 07:12:43 2016
>> @@ -40,14 +40,14 @@ public class TestIdentityProvider implem
>> private final Map<String, ExternalUser> externalUsers = new
>>HashMap<String, ExternalUser>();
>>
>> public TestIdentityProvider() {
>> - addGroup(new TestGroup("aa"));
>> - addGroup(new TestGroup("aaa"));
>> - addGroup(new TestGroup("a").withGroups("aa", "aaa"));
>> - addGroup(new TestGroup("b").withGroups("a"));
>> - addGroup(new TestGroup("c"));
>> - addGroup(new TestGroup("secondGroup"));
>> + addGroup(new TestGroup("aa", getName()));
>> + addGroup(new TestGroup("aaa", getName()));
>> + addGroup(new TestGroup("a", getName()).withGroups("aa",
>>"aaa"));
>> + addGroup(new TestGroup("b", getName()).withGroups("a"));
>> + addGroup(new TestGroup("c", getName()));
>> + addGroup(new TestGroup("secondGroup", getName()));
>>
>> - addUser(new TestUser(ID_TEST_USER)
>> + addUser(new TestUser(ID_TEST_USER, getName())
>> .withProperty("name", "Test User")
>> .withProperty("profile/name", "Public Name")
>> .withProperty("profile/age", 72)
>> @@ -55,7 +55,7 @@ public class TestIdentityProvider implem
>> .withGroups("a", "b", "c")
>> );
>>
>> - addUser(new TestUser(ID_SECOND_USER)
>> + addUser(new TestUser(ID_SECOND_USER, getName())
>> .withProperty("profile/name", "Second User")
>> .withProperty("age", 24)
>> .withProperty("col", ImmutableList.of("v1", "v2",
>>"v3"))
>> @@ -141,17 +141,17 @@ public class TestIdentityProvider implem
>> private final Map<String, Object> props = new HashMap<String,
>>Object>();
>>
>> public TestIdentity() {
>> - this("externalId", "principalName");
>> + this("externalId", "principalName", "test");
>> }
>>
>> public TestIdentity(@Nonnull String userId) {
>> - this(userId, userId);
>> + this(userId, userId, "test");
>> }
>>
>> - public TestIdentity(@Nonnull String userId, @Nonnull String
>>principalName) {
>> + public TestIdentity(@Nonnull String userId, @Nonnull String
>>principalName, @Nonnull String idpName) {
>> this.userId = userId;
>> this.principalName = principalName;
>> - id = new ExternalIdentityRef(userId, "test");
>> + id = new ExternalIdentityRef(userId, idpName);
>> }
>>
>> public TestIdentity(@Nonnull ExternalIdentity base) {
>> @@ -202,7 +202,7 @@ public class TestIdentityProvider implem
>>
>> protected TestIdentity withGroups(String ... grps) {
>> for (String grp: grps) {
>> - groups.add(new ExternalIdentityRef(grp, "test"));
>> + groups.add(new ExternalIdentityRef(grp,
>>id.getProviderName()));
>> }
>> return this;
>> }
>> @@ -210,8 +210,8 @@ public class TestIdentityProvider implem
>>
>> private static class TestUser extends TestIdentity implements
>>ExternalUser {
>>
>> - private TestUser(String userId) {
>> - super(userId);
>> + private TestUser(String userId, @Nonnull String idpName) {
>> + super(userId, userId, idpName);
>> }
>>
>> public String getPassword() {
>> @@ -222,8 +222,8 @@ public class TestIdentityProvider implem
>>
>> private static class TestGroup extends TestIdentity implements
>>ExternalGroup {
>>
>> - private TestGroup(String userId) {
>> - super(userId);
>> + private TestGroup(@Nonnull String userId, @Nonnull String
>>idpName) {
>> + super(userId, userId, idpName);
>> }
>>
>> @Nonnull
>> @@ -236,26 +236,14 @@ public class TestIdentityProvider implem
>> public static final class ForeignExternalUser extends
>>TestIdentityProvider.TestIdentity implements ExternalUser {
>>
>> public ForeignExternalUser() {
>> - super();
>> - }
>> -
>> - @Nonnull
>> - @Override
>> - public ExternalIdentityRef getExternalId() {
>> - return new ExternalIdentityRef(getId(),
>>"AnotherExternalIDP");
>> + super("externalId", "principalName", "AnotherExternalIDP");
>> }
>> }
>>
>> public static final class ForeignExternalGroup extends
>>TestIdentityProvider.TestIdentity implements ExternalGroup {
>>
>> public ForeignExternalGroup() {
>> - super();
>> - }
>> -
>> - @Nonnull
>> - @Override
>> - public ExternalIdentityRef getExternalId() {
>> - return new ExternalIdentityRef(getId(),
>>"AnotherExternalIDP");
>> + super("externalId", "principalName", "AnotherExternalIDP");
>> }
>>
>> @Nonnull
>>
>> Modified:
>>jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbi
>>t/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImplTest.jav
>>a
>> URL:
>>http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/t
>>est/java/org/apache/jackrabbit/oak/spi/security/authentication/external/i
>>mpl/jmx/SyncMBeanImplTest.java?rev=1743322&r1=1743321&r2=1743322&view=dif
>>f
>>
>>=========================================================================
>>=====
>> ---
>>jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbi
>>t/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImplTest.jav
>>a (original)
>> +++
>>jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbi
>>t/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImplTest.jav
>>a Wed May 11 07:12:43 2016
>> @@ -16,23 +16,45 @@
>> */
>> package
>>org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx;
>>
>> +import java.util.Iterator;
>> import javax.annotation.CheckForNull;
>> import javax.annotation.Nonnull;
>> import javax.jcr.Repository;
>> +import javax.jcr.Session;
>> +import javax.jcr.SimpleCredentials;
>>
>> +import com.google.common.collect.Iterators;
>> +import org.apache.jackrabbit.api.JackrabbitSession;
>> +import org.apache.jackrabbit.api.security.user.Authorizable;
>> +import org.apache.jackrabbit.api.security.user.Group;
>> +import org.apache.jackrabbit.api.security.user.User;
>> +import org.apache.jackrabbit.api.security.user.UserManager;
>> import org.apache.jackrabbit.oak.jcr.Jcr;
>> +import
>>org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGr
>>oup;
>> +import
>>org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalId
>>entity;
>> import
>>org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalId
>>entityProvider;
>> import
>>org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalId
>>entityProviderManager;
>> +import
>>org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalId
>>entityRef;
>> +import
>>org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUs
>>er;
>> +import
>>org.apache.jackrabbit.oak.spi.security.authentication.external.SyncContex
>>t;
>> import
>>org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandle
>>r;
>> import
>>org.apache.jackrabbit.oak.spi.security.authentication.external.SyncManage
>>r;
>> +import
>>org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult
>>;
>> import
>>org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdenti
>>tyProvider;
>> import
>>org.apache.jackrabbit.oak.spi.security.authentication.external.basic.Defa
>>ultSyncConfig;
>> +import
>>org.apache.jackrabbit.oak.spi.security.authentication.external.basic.Defa
>>ultSyncContext;
>> import
>>org.apache.jackrabbit.oak.spi.security.authentication.external.impl.Defau
>>ltSyncHandler;
>> +import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
>> +import org.junit.After;
>> import org.junit.Before;
>> import org.junit.BeforeClass;
>> +import org.junit.Ignore;
>> import org.junit.Test;
>>
>> import static org.junit.Assert.assertEquals;
>> +import static org.junit.Assert.assertNotNull;
>> +import static org.junit.Assert.assertNull;
>> +import static org.junit.Assert.assertTrue;
>> import static org.junit.Assert.fail;
>>
>> public class SyncMBeanImplTest {
>> @@ -42,10 +64,15 @@ public class SyncMBeanImplTest {
>> private static Repository REPOSITORY;
>>
>> private ExternalIdentityProvider idp;
>> + private ExternalIdentityProvider foreignIDP;
>> + private DefaultSyncConfig syncConfig;
>> + private SyncMBeanImpl syncMBean;
>> +
>> private SyncManager syncMgr;
>> - ExternalIdentityProviderManager idpMgr;
>> + private ExternalIdentityProviderManager idpMgr;
>>
>> - private SyncMBeanImpl syncMBean;
>> + private Session session;
>> + private UserManager userManager;
>>
>> @BeforeClass
>> public static void beforeClass() {
>> @@ -53,15 +80,24 @@ public class SyncMBeanImplTest {
>> }
>>
>> @Before
>> - public void before() {
>> - // TODO : proper setup
>> + public void before() throws Exception {
>> idp = new TestIdentityProvider();
>> + foreignIDP = new TestIdentityProvider() {
>> + @Nonnull
>> + public String getName() {
>> + return "anotherIDP";
>> + }
>> +
>> + };
>> + syncConfig = new DefaultSyncConfig();
>> + syncConfig.user().setMembershipNestingDepth(1);
>> +
>> syncMgr = new SyncManager() {
>> @CheckForNull
>> @Override
>> public SyncHandler getSyncHandler(@Nonnull String name) {
>> if (SYNC_NAME.equals(name)) {
>> - return new DefaultSyncHandler(new
>>DefaultSyncConfig());
>> + return new DefaultSyncHandler(syncConfig);
>> } else {
>> return null;
>> }
>> @@ -79,8 +115,49 @@ public class SyncMBeanImplTest {
>> }
>> };
>> syncMBean = new SyncMBeanImpl(REPOSITORY, syncMgr, SYNC_NAME,
>>idpMgr, idp.getName());
>> +
>> + session = REPOSITORY.login(new SimpleCredentials("admin",
>>"admin".toCharArray()));
>> + if (!(session instanceof JackrabbitSession)) {
>> + throw new IllegalStateException();
>> + } else {
>> + userManager = ((JackrabbitSession)
>>session).getUserManager();
>> + }
>> }
>>
>> + @After
>> + public void after() throws Exception {
>> + try {
>> + session.refresh(false);
>> + Iterator<ExternalIdentity> extIdentities =
>>Iterators.concat(idp.listGroups(), idp.listUsers());
>> + while (extIdentities.hasNext()) {
>> + Authorizable a =
>>userManager.getAuthorizable(extIdentities.next().getId());
>> + if (a != null) {
>> + a.remove();
>> + }
>> + }
>> + session.save();
>> + } finally {
>> + session.logout();
>> + }
>> + }
>> +
>> + private static void assertResultMessages(@Nonnull String[]
>>resultMessages, int expectedSize, @Nonnull String... expectedOperations)
>>{
>> + assertEquals(expectedSize, resultMessages.length);
>> + for (int i = 0; i < resultMessages.length; i++) {
>> + String rm = resultMessages[i];
>> + String op = rm.substring(rm.indexOf(":") + 2,
>>rm.indexOf("\","));
>> + assertEquals(expectedOperations[i], op);
>> + }
>> + }
>> +
>> + private SyncResult sync(@Nonnull ExternalIdentityProvider idp,
>>@Nonnull String id, boolean isGroup) throws Exception {
>> + SyncContext ctx = new DefaultSyncContext(syncConfig, idp,
>>userManager, session.getValueFactory());
>> + SyncResult res = ctx.sync((isGroup) ? idp.getGroup(id) :
>>idp.getUser(id));
>> + session.save();
>> + return res;
>> + }
>> +
>> +
>> @Test
>> public void testGetSyncHandlerName() {
>> assertEquals(SYNC_NAME, syncMBean.getSyncHandlerName());
>> @@ -119,18 +196,245 @@ public class SyncMBeanImplTest {
>> }
>> }
>>
>> + /**
>> + * test users have never been synced before => result must be NSA
>> + */
>> @Test
>> - public void testSyncUsers() {
>> - // TODO
>> + public void testSyncUsersBefore() {
>> + String[] userIds = new String[]
>>{TestIdentityProvider.ID_TEST_USER, TestIdentityProvider.ID_SECOND_USER};
>> +
>> + String[] result = syncMBean.syncUsers(userIds, false);
>> + assertResultMessages(result, userIds.length, "nsa", "nsa");
>> +
>> + result = syncMBean.syncUsers(userIds, true);
>> + assertResultMessages(result, userIds.length, "nsa", "nsa");
>> }
>>
>> @Test
>> - public void testSyncAllUsers() {
>> - // TODO
>> + public void testSyncUsers() throws Exception {
>> + sync(idp, TestIdentityProvider.ID_TEST_USER, false);
>> +
>> + String[] userIds = new
>>String[]{TestIdentityProvider.ID_TEST_USER,
>>TestIdentityProvider.ID_SECOND_USER};
>> + String[] result = syncMBean.syncUsers(userIds, false);
>> + assertResultMessages(result, userIds.length, "upd", "nsa");
>> +
>> + result = syncMBean.syncUsers(userIds, true);
>> + assertResultMessages(result, userIds.length, "upd", "nsa");
>> + }
>> +
>> + @Test
>> + public void testSyncUsersAlwaysForcesSync() throws Exception {
>> + sync(idp, TestIdentityProvider.ID_TEST_USER, false);
>> +
>> + String[] userIds = new
>>String[]{TestIdentityProvider.ID_TEST_USER,
>>TestIdentityProvider.ID_SECOND_USER};
>> + syncConfig.user().setExpirationTime(Long.MAX_VALUE);
>> +
>> + String[]result = syncMBean.syncUsers(userIds, false);
>> + assertResultMessages(result, userIds.length, "upd", "nsa");
>> + }
>> +
>> + @Test
>> + public void testSyncGroups() throws Exception {
>> + sync(idp, "a", true);
>> +
>> + String[] ids = new String[]{"a"};
>> + syncConfig.group().setExpirationTime(Long.MAX_VALUE);
>> +
>> + // force group sync is true by default => exp time is ignored
>> + String[] result = syncMBean.syncUsers(ids, false);
>> + assertResultMessages(result, ids.length, "upd");
>> + }
>> +
>> + @Test
>> + public void testSyncUsersPurge() throws Exception {
>> + User u = userManager.createUser("thirdUser", null);
>> + u.setProperty(DefaultSyncContext.REP_EXTERNAL_ID,
>>session.getValueFactory().createValue(new ExternalIdentityRef(u.getID(),
>>idp.getName()).getString()));
>> + session.save();
>> +
>> + String[] ids = new String[]{u.getID()};
>> + String[] result = syncMBean.syncUsers(ids, false);
>> + assertResultMessages(result, ids.length, "mis");
>> + assertNotNull(userManager.getAuthorizable(u.getID()));
>> +
>> + result = syncMBean.syncUsers(ids, true);
>> + assertResultMessages(result, ids.length, "del");
>> + assertNull(userManager.getAuthorizable(u.getID()));
>> + }
>> +
>> + @Test
>> + public void testSyncUsersNonExisting() {
>> + String[] result = syncMBean.syncUsers(new String[]
>>{"nonExisting"}, false);
>> + assertResultMessages(result, 1, "nsa");
>> + }
>> +
>> + @Test
>> + public void testSyncUsersLocal() {
>> + String[] result = syncMBean.syncUsers(new String[]
>>{UserConstants.DEFAULT_ANONYMOUS_ID}, false);
>> + assertResultMessages(result, 1, "for");
>> + }
>> +
>> + @Test
>> + public void testSyncUsersLocalPurge() throws Exception {
>> + String[] result = syncMBean.syncUsers(new String[]
>>{UserConstants.DEFAULT_ANONYMOUS_ID}, true);
>> + assertResultMessages(result, 1, "for");
>> +
>> +
>>assertNotNull(userManager.getAuthorizable(UserConstants.DEFAULT_ANONYMOUS
>>_ID));
>> }
>>
>> @Test
>> - public void testSyncExternalUsers() {
>> + public void testSyncUsersForeign() throws Exception {
>> + // sync user from foreign IDP into the repository
>> + SyncResult res = sync(foreignIDP,
>>TestIdentityProvider.ID_TEST_USER, false);
>> +
>>assertNotNull(userManager.getAuthorizable(TestIdentityProvider.ID_TEST_US
>>ER));
>> +
>>assertEquals(foreignIDP.getUser(TestIdentityProvider.ID_TEST_USER).getExt
>>ernalId(), res.getIdentity().getExternalIdRef());
>> +
>> + // syncUsers with testIDP must detect the foreign status
>> + String[] result = syncMBean.syncUsers(new
>>String[]{TestIdentityProvider.ID_TEST_USER}, false);
>> + assertResultMessages(result, 1, "for");
>> +
>>assertNotNull(userManager.getAuthorizable(TestIdentityProvider.ID_TEST_US
>>ER));
>> +
>> + // same expected with 'purge' set to true
>> + result = syncMBean.syncUsers(new String[]
>>{TestIdentityProvider.ID_TEST_USER}, true);
>> + assertResultMessages(result, 1, "for");
>> +
>>assertNotNull(userManager.getAuthorizable(TestIdentityProvider.ID_TEST_US
>>ER));
>> + }
>> +
>> + @Test
>> + public void testSyncGroupsForeign() throws Exception {
>> + // sync user from foreign IDP into the repository
>> + SyncResult res = sync(foreignIDP, "a", true);
>> + assertNotNull(userManager.getAuthorizable("a"));
>> + assertEquals(foreignIDP.getGroup("a").getExternalId(),
>>res.getIdentity().getExternalIdRef());
>> +
>> + // syncUsers with testIDP must detect the foreign status
>> + String[] result = syncMBean.syncUsers(new String[]{"a"},
>>false);
>> + assertResultMessages(result, 1, "for");
>> + assertNotNull(userManager.getAuthorizable("a"));
>> +
>> + // same expected with 'purge' set to true
>> + result = syncMBean.syncUsers(new String[] {"a"}, true);
>> + assertResultMessages(result, 1, "for");
>> + assertNotNull(userManager.getAuthorizable("a"));
>> + }
>> +
>> + @Test
>> + public void testInitialSyncExternalUsers() throws Exception {
>> + ExternalUser externalUser =
>>idp.getUser(TestIdentityProvider.ID_TEST_USER);
>> + String[] externalId = new String[]
>>{externalUser.getExternalId().getString()};
>> +
>> + String[] result = syncMBean.syncExternalUsers(externalId);
>> + assertResultMessages(result, 1, "add");
>> +
>> + User testUser =
>>userManager.getAuthorizable(externalUser.getId(), User.class);
>> + assertNotNull(testUser);
>> +
>> + for (ExternalIdentityRef groupRef :
>>externalUser.getDeclaredGroups()) {
>> +
>>assertNotNull(userManager.getAuthorizable(groupRef.getId()));
>> + }
>> + }
>> +
>> + @Test
>> + public void testInitialSyncExternalUsersNoNesting() throws
>>Exception {
>> + syncConfig.user().setMembershipNestingDepth(-1);
>> +
>> + ExternalUser externalUser =
>>idp.getUser(TestIdentityProvider.ID_TEST_USER);
>> + String[] externalId = new String[]
>>{externalUser.getExternalId().getString()};
>> +
>> + String[] result = syncMBean.syncExternalUsers(externalId);
>> + assertResultMessages(result, 1, "add");
>> +
>> + User testUser =
>>userManager.getAuthorizable(externalUser.getId(), User.class);
>> + assertNotNull(testUser);
>> +
>> + for (ExternalIdentityRef groupRef :
>>externalUser.getDeclaredGroups()) {
>> + assertNull(userManager.getAuthorizable(groupRef.getId()));
>> + }
>> + }
>> +
>> + @Test
>> + public void testSyncExternalUsersLastSyncedProperty() throws
>>Exception {
>> + ExternalUser externalUser =
>>idp.getUser(TestIdentityProvider.ID_TEST_USER);
>> + String[] externalId = new
>>String[]{externalUser.getExternalId().getString()};
>> +
>> + syncMBean.syncExternalUsers(externalId);
>> + User testUser =
>>userManager.getAuthorizable(externalUser.getId(), User.class);
>> +
>> + long lastSynced =
>>testUser.getProperty(DefaultSyncContext.REP_LAST_SYNCED)[0].getLong();
>> + for (ExternalIdentityRef groupRef :
>>externalUser.getDeclaredGroups()) {
>> + Group gr = userManager.getAuthorizable(groupRef.getId(),
>>Group.class);
>> + long groupLastSynced =
>>gr.getProperty(DefaultSyncContext.REP_LAST_SYNCED)[0].getLong();
>> +
>> + assertTrue(lastSynced == groupLastSynced);
>> + }
>> +
>> + // default value for forceGroup sync is defined to be 'true'
>>=> verify result
>> + syncMBean.syncExternalUsers(externalId);
>> + testUser = userManager.getAuthorizable(externalUser.getId(),
>>User.class);
>> + long lastSynced2 =
>>testUser.getProperty(DefaultSyncContext.REP_LAST_SYNCED)[0].getLong();
>> +
>> + assertTrue(lastSynced < lastSynced2);
>> + for (ExternalIdentityRef groupRef :
>>externalUser.getDeclaredGroups()) {
>> + Group gr = userManager.getAuthorizable(groupRef.getId(),
>>Group.class);
>> + long groupLastSynced =
>>gr.getProperty(DefaultSyncContext.REP_LAST_SYNCED)[0].getLong();
>> +
>> + assertTrue(lastSynced2 == groupLastSynced);
>> + }
>> + }
>> +
>> + @Test
>> + public void testInitialSyncExternalGroup() throws Exception {
>> + ExternalGroup externalGroup = idp.getGroup("a");
>> + String[] externalId = new String[]
>>{externalGroup.getExternalId().getString()};
>> +
>> + String[] result = syncMBean.syncExternalUsers(externalId);
>> + assertResultMessages(result, 1, "add");
>> +
>> + Group aGroup =
>>userManager.getAuthorizable(externalGroup.getId(), Group.class);
>> + assertNotNull(aGroup);
>> +
>> + // membership of groups are not synced (unless imposed by
>>user-sync with membership depth)
>> + for (ExternalIdentityRef groupRef :
>>externalGroup.getDeclaredGroups()) {
>> + assertNull(userManager.getAuthorizable(groupRef.getId()));
>> + }
>> + }
>> +
>> + @Test
>> + public void testSyncExternalNonExisting() throws Exception {
>> + ExternalIdentityRef ref = new
>>ExternalIdentityRef("nonExisting", idp.getName());
>> +
>> + String[] result = syncMBean.syncExternalUsers(new
>>String[]{ref.getString()});
>> + assertResultMessages(result, 1, "nsi");
>> + }
>> +
>> + /**
>> + * @see <a
>>href="https://issues.apache.org/jira/browse/OAK-4346">OAK-4346</a>
>> + */
>> + @Ignore("OAK-4346")
>> + @Test
>> + public void testSyncExternalLocal() throws Exception {
>> + ExternalIdentityRef ref = new
>>ExternalIdentityRef(UserConstants.DEFAULT_ANONYMOUS_ID, null);
>> +
>> + String[] result = syncMBean.syncExternalUsers(new
>>String[]{ref.getString()});
>> + assertResultMessages(result, 1, "for");
>> + }
>> +
>> + /**
>> + * @see <a
>>href="https://issues.apache.org/jira/browse/OAK-4346">OAK-4346</a>
>> + */
>> + @Ignore("OAK-4346")
>> + @Test
>> + public void testSyncExternalForeign() throws Exception {
>> + ExternalIdentityRef ref = new
>>ExternalIdentityRef(TestIdentityProvider.ID_TEST_USER, "anotherIDP");
>> +
>> + String[] result = syncMBean.syncExternalUsers(new
>>String[]{ref.getString()});
>> + assertResultMessages(result, 1, "for");
>> +
>> + result = syncMBean.syncExternalUsers(new String[]
>>{ref.getString()});
>> + assertResultMessages(result, 1, "for");
>> + }
>> +
>> + @Test
>> + public void testSyncAllUsers() {
>> // TODO
>> }
>>
>>
>>
>>
>
>
>--
><green/>bytes GmbH, Hafenweg 16, D-48155 Münster, Germany
>Amtsgericht Münster: HRB5782
Re: svn commit: r1743322 - in
/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external:
TestIdentityProvider.java impl/jmx/SyncMBeanImplTest.java
Posted by Julian Reschke <ju...@greenbytes.de>.
...with this change, testSyncExternalUsersLastSyncedProperty fails
reliably on my machines, because the two timestamps are the same.
Maybe there's code missing ensuring that System.currentTimeMillis()
actually changed before doing the operation that's suppose to lead to a
new timestamp?
Best regards, Julian
On 2016-05-11 09:12, angela@apache.org wrote:
> Author: angela
> Date: Wed May 11 07:12:43 2016
> New Revision: 1743322
>
> URL: http://svn.apache.org/viewvc?rev=1743322&view=rev
> Log:
> OAK-4264 : Improve testing of SyncMBeanImpl (WIP)
>
> Modified:
> jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java
> jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImplTest.java
>
> Modified: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java
> URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java?rev=1743322&r1=1743321&r2=1743322&view=diff
> ==============================================================================
> --- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java (original)
> +++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java Wed May 11 07:12:43 2016
> @@ -40,14 +40,14 @@ public class TestIdentityProvider implem
> private final Map<String, ExternalUser> externalUsers = new HashMap<String, ExternalUser>();
>
> public TestIdentityProvider() {
> - addGroup(new TestGroup("aa"));
> - addGroup(new TestGroup("aaa"));
> - addGroup(new TestGroup("a").withGroups("aa", "aaa"));
> - addGroup(new TestGroup("b").withGroups("a"));
> - addGroup(new TestGroup("c"));
> - addGroup(new TestGroup("secondGroup"));
> + addGroup(new TestGroup("aa", getName()));
> + addGroup(new TestGroup("aaa", getName()));
> + addGroup(new TestGroup("a", getName()).withGroups("aa", "aaa"));
> + addGroup(new TestGroup("b", getName()).withGroups("a"));
> + addGroup(new TestGroup("c", getName()));
> + addGroup(new TestGroup("secondGroup", getName()));
>
> - addUser(new TestUser(ID_TEST_USER)
> + addUser(new TestUser(ID_TEST_USER, getName())
> .withProperty("name", "Test User")
> .withProperty("profile/name", "Public Name")
> .withProperty("profile/age", 72)
> @@ -55,7 +55,7 @@ public class TestIdentityProvider implem
> .withGroups("a", "b", "c")
> );
>
> - addUser(new TestUser(ID_SECOND_USER)
> + addUser(new TestUser(ID_SECOND_USER, getName())
> .withProperty("profile/name", "Second User")
> .withProperty("age", 24)
> .withProperty("col", ImmutableList.of("v1", "v2", "v3"))
> @@ -141,17 +141,17 @@ public class TestIdentityProvider implem
> private final Map<String, Object> props = new HashMap<String, Object>();
>
> public TestIdentity() {
> - this("externalId", "principalName");
> + this("externalId", "principalName", "test");
> }
>
> public TestIdentity(@Nonnull String userId) {
> - this(userId, userId);
> + this(userId, userId, "test");
> }
>
> - public TestIdentity(@Nonnull String userId, @Nonnull String principalName) {
> + public TestIdentity(@Nonnull String userId, @Nonnull String principalName, @Nonnull String idpName) {
> this.userId = userId;
> this.principalName = principalName;
> - id = new ExternalIdentityRef(userId, "test");
> + id = new ExternalIdentityRef(userId, idpName);
> }
>
> public TestIdentity(@Nonnull ExternalIdentity base) {
> @@ -202,7 +202,7 @@ public class TestIdentityProvider implem
>
> protected TestIdentity withGroups(String ... grps) {
> for (String grp: grps) {
> - groups.add(new ExternalIdentityRef(grp, "test"));
> + groups.add(new ExternalIdentityRef(grp, id.getProviderName()));
> }
> return this;
> }
> @@ -210,8 +210,8 @@ public class TestIdentityProvider implem
>
> private static class TestUser extends TestIdentity implements ExternalUser {
>
> - private TestUser(String userId) {
> - super(userId);
> + private TestUser(String userId, @Nonnull String idpName) {
> + super(userId, userId, idpName);
> }
>
> public String getPassword() {
> @@ -222,8 +222,8 @@ public class TestIdentityProvider implem
>
> private static class TestGroup extends TestIdentity implements ExternalGroup {
>
> - private TestGroup(String userId) {
> - super(userId);
> + private TestGroup(@Nonnull String userId, @Nonnull String idpName) {
> + super(userId, userId, idpName);
> }
>
> @Nonnull
> @@ -236,26 +236,14 @@ public class TestIdentityProvider implem
> public static final class ForeignExternalUser extends TestIdentityProvider.TestIdentity implements ExternalUser {
>
> public ForeignExternalUser() {
> - super();
> - }
> -
> - @Nonnull
> - @Override
> - public ExternalIdentityRef getExternalId() {
> - return new ExternalIdentityRef(getId(), "AnotherExternalIDP");
> + super("externalId", "principalName", "AnotherExternalIDP");
> }
> }
>
> public static final class ForeignExternalGroup extends TestIdentityProvider.TestIdentity implements ExternalGroup {
>
> public ForeignExternalGroup() {
> - super();
> - }
> -
> - @Nonnull
> - @Override
> - public ExternalIdentityRef getExternalId() {
> - return new ExternalIdentityRef(getId(), "AnotherExternalIDP");
> + super("externalId", "principalName", "AnotherExternalIDP");
> }
>
> @Nonnull
>
> Modified: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImplTest.java
> URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImplTest.java?rev=1743322&r1=1743321&r2=1743322&view=diff
> ==============================================================================
> --- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImplTest.java (original)
> +++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/SyncMBeanImplTest.java Wed May 11 07:12:43 2016
> @@ -16,23 +16,45 @@
> */
> package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx;
>
> +import java.util.Iterator;
> import javax.annotation.CheckForNull;
> import javax.annotation.Nonnull;
> import javax.jcr.Repository;
> +import javax.jcr.Session;
> +import javax.jcr.SimpleCredentials;
>
> +import com.google.common.collect.Iterators;
> +import org.apache.jackrabbit.api.JackrabbitSession;
> +import org.apache.jackrabbit.api.security.user.Authorizable;
> +import org.apache.jackrabbit.api.security.user.Group;
> +import org.apache.jackrabbit.api.security.user.User;
> +import org.apache.jackrabbit.api.security.user.UserManager;
> import org.apache.jackrabbit.oak.jcr.Jcr;
> +import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
> +import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
> import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
> import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProviderManager;
> +import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
> +import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
> +import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncContext;
> import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler;
> import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncManager;
> +import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult;
> import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
> import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
> +import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext;
> import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler;
> +import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
> +import org.junit.After;
> import org.junit.Before;
> import org.junit.BeforeClass;
> +import org.junit.Ignore;
> import org.junit.Test;
>
> import static org.junit.Assert.assertEquals;
> +import static org.junit.Assert.assertNotNull;
> +import static org.junit.Assert.assertNull;
> +import static org.junit.Assert.assertTrue;
> import static org.junit.Assert.fail;
>
> public class SyncMBeanImplTest {
> @@ -42,10 +64,15 @@ public class SyncMBeanImplTest {
> private static Repository REPOSITORY;
>
> private ExternalIdentityProvider idp;
> + private ExternalIdentityProvider foreignIDP;
> + private DefaultSyncConfig syncConfig;
> + private SyncMBeanImpl syncMBean;
> +
> private SyncManager syncMgr;
> - ExternalIdentityProviderManager idpMgr;
> + private ExternalIdentityProviderManager idpMgr;
>
> - private SyncMBeanImpl syncMBean;
> + private Session session;
> + private UserManager userManager;
>
> @BeforeClass
> public static void beforeClass() {
> @@ -53,15 +80,24 @@ public class SyncMBeanImplTest {
> }
>
> @Before
> - public void before() {
> - // TODO : proper setup
> + public void before() throws Exception {
> idp = new TestIdentityProvider();
> + foreignIDP = new TestIdentityProvider() {
> + @Nonnull
> + public String getName() {
> + return "anotherIDP";
> + }
> +
> + };
> + syncConfig = new DefaultSyncConfig();
> + syncConfig.user().setMembershipNestingDepth(1);
> +
> syncMgr = new SyncManager() {
> @CheckForNull
> @Override
> public SyncHandler getSyncHandler(@Nonnull String name) {
> if (SYNC_NAME.equals(name)) {
> - return new DefaultSyncHandler(new DefaultSyncConfig());
> + return new DefaultSyncHandler(syncConfig);
> } else {
> return null;
> }
> @@ -79,8 +115,49 @@ public class SyncMBeanImplTest {
> }
> };
> syncMBean = new SyncMBeanImpl(REPOSITORY, syncMgr, SYNC_NAME, idpMgr, idp.getName());
> +
> + session = REPOSITORY.login(new SimpleCredentials("admin", "admin".toCharArray()));
> + if (!(session instanceof JackrabbitSession)) {
> + throw new IllegalStateException();
> + } else {
> + userManager = ((JackrabbitSession) session).getUserManager();
> + }
> }
>
> + @After
> + public void after() throws Exception {
> + try {
> + session.refresh(false);
> + Iterator<ExternalIdentity> extIdentities = Iterators.concat(idp.listGroups(), idp.listUsers());
> + while (extIdentities.hasNext()) {
> + Authorizable a = userManager.getAuthorizable(extIdentities.next().getId());
> + if (a != null) {
> + a.remove();
> + }
> + }
> + session.save();
> + } finally {
> + session.logout();
> + }
> + }
> +
> + private static void assertResultMessages(@Nonnull String[] resultMessages, int expectedSize, @Nonnull String... expectedOperations) {
> + assertEquals(expectedSize, resultMessages.length);
> + for (int i = 0; i < resultMessages.length; i++) {
> + String rm = resultMessages[i];
> + String op = rm.substring(rm.indexOf(":") + 2, rm.indexOf("\","));
> + assertEquals(expectedOperations[i], op);
> + }
> + }
> +
> + private SyncResult sync(@Nonnull ExternalIdentityProvider idp, @Nonnull String id, boolean isGroup) throws Exception {
> + SyncContext ctx = new DefaultSyncContext(syncConfig, idp, userManager, session.getValueFactory());
> + SyncResult res = ctx.sync((isGroup) ? idp.getGroup(id) : idp.getUser(id));
> + session.save();
> + return res;
> + }
> +
> +
> @Test
> public void testGetSyncHandlerName() {
> assertEquals(SYNC_NAME, syncMBean.getSyncHandlerName());
> @@ -119,18 +196,245 @@ public class SyncMBeanImplTest {
> }
> }
>
> + /**
> + * test users have never been synced before => result must be NSA
> + */
> @Test
> - public void testSyncUsers() {
> - // TODO
> + public void testSyncUsersBefore() {
> + String[] userIds = new String[] {TestIdentityProvider.ID_TEST_USER, TestIdentityProvider.ID_SECOND_USER};
> +
> + String[] result = syncMBean.syncUsers(userIds, false);
> + assertResultMessages(result, userIds.length, "nsa", "nsa");
> +
> + result = syncMBean.syncUsers(userIds, true);
> + assertResultMessages(result, userIds.length, "nsa", "nsa");
> }
>
> @Test
> - public void testSyncAllUsers() {
> - // TODO
> + public void testSyncUsers() throws Exception {
> + sync(idp, TestIdentityProvider.ID_TEST_USER, false);
> +
> + String[] userIds = new String[]{TestIdentityProvider.ID_TEST_USER, TestIdentityProvider.ID_SECOND_USER};
> + String[] result = syncMBean.syncUsers(userIds, false);
> + assertResultMessages(result, userIds.length, "upd", "nsa");
> +
> + result = syncMBean.syncUsers(userIds, true);
> + assertResultMessages(result, userIds.length, "upd", "nsa");
> + }
> +
> + @Test
> + public void testSyncUsersAlwaysForcesSync() throws Exception {
> + sync(idp, TestIdentityProvider.ID_TEST_USER, false);
> +
> + String[] userIds = new String[]{TestIdentityProvider.ID_TEST_USER, TestIdentityProvider.ID_SECOND_USER};
> + syncConfig.user().setExpirationTime(Long.MAX_VALUE);
> +
> + String[]result = syncMBean.syncUsers(userIds, false);
> + assertResultMessages(result, userIds.length, "upd", "nsa");
> + }
> +
> + @Test
> + public void testSyncGroups() throws Exception {
> + sync(idp, "a", true);
> +
> + String[] ids = new String[]{"a"};
> + syncConfig.group().setExpirationTime(Long.MAX_VALUE);
> +
> + // force group sync is true by default => exp time is ignored
> + String[] result = syncMBean.syncUsers(ids, false);
> + assertResultMessages(result, ids.length, "upd");
> + }
> +
> + @Test
> + public void testSyncUsersPurge() throws Exception {
> + User u = userManager.createUser("thirdUser", null);
> + u.setProperty(DefaultSyncContext.REP_EXTERNAL_ID, session.getValueFactory().createValue(new ExternalIdentityRef(u.getID(), idp.getName()).getString()));
> + session.save();
> +
> + String[] ids = new String[]{u.getID()};
> + String[] result = syncMBean.syncUsers(ids, false);
> + assertResultMessages(result, ids.length, "mis");
> + assertNotNull(userManager.getAuthorizable(u.getID()));
> +
> + result = syncMBean.syncUsers(ids, true);
> + assertResultMessages(result, ids.length, "del");
> + assertNull(userManager.getAuthorizable(u.getID()));
> + }
> +
> + @Test
> + public void testSyncUsersNonExisting() {
> + String[] result = syncMBean.syncUsers(new String[] {"nonExisting"}, false);
> + assertResultMessages(result, 1, "nsa");
> + }
> +
> + @Test
> + public void testSyncUsersLocal() {
> + String[] result = syncMBean.syncUsers(new String[] {UserConstants.DEFAULT_ANONYMOUS_ID}, false);
> + assertResultMessages(result, 1, "for");
> + }
> +
> + @Test
> + public void testSyncUsersLocalPurge() throws Exception {
> + String[] result = syncMBean.syncUsers(new String[] {UserConstants.DEFAULT_ANONYMOUS_ID}, true);
> + assertResultMessages(result, 1, "for");
> +
> + assertNotNull(userManager.getAuthorizable(UserConstants.DEFAULT_ANONYMOUS_ID));
> }
>
> @Test
> - public void testSyncExternalUsers() {
> + public void testSyncUsersForeign() throws Exception {
> + // sync user from foreign IDP into the repository
> + SyncResult res = sync(foreignIDP, TestIdentityProvider.ID_TEST_USER, false);
> + assertNotNull(userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER));
> + assertEquals(foreignIDP.getUser(TestIdentityProvider.ID_TEST_USER).getExternalId(), res.getIdentity().getExternalIdRef());
> +
> + // syncUsers with testIDP must detect the foreign status
> + String[] result = syncMBean.syncUsers(new String[]{TestIdentityProvider.ID_TEST_USER}, false);
> + assertResultMessages(result, 1, "for");
> + assertNotNull(userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER));
> +
> + // same expected with 'purge' set to true
> + result = syncMBean.syncUsers(new String[] {TestIdentityProvider.ID_TEST_USER}, true);
> + assertResultMessages(result, 1, "for");
> + assertNotNull(userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER));
> + }
> +
> + @Test
> + public void testSyncGroupsForeign() throws Exception {
> + // sync user from foreign IDP into the repository
> + SyncResult res = sync(foreignIDP, "a", true);
> + assertNotNull(userManager.getAuthorizable("a"));
> + assertEquals(foreignIDP.getGroup("a").getExternalId(), res.getIdentity().getExternalIdRef());
> +
> + // syncUsers with testIDP must detect the foreign status
> + String[] result = syncMBean.syncUsers(new String[]{"a"}, false);
> + assertResultMessages(result, 1, "for");
> + assertNotNull(userManager.getAuthorizable("a"));
> +
> + // same expected with 'purge' set to true
> + result = syncMBean.syncUsers(new String[] {"a"}, true);
> + assertResultMessages(result, 1, "for");
> + assertNotNull(userManager.getAuthorizable("a"));
> + }
> +
> + @Test
> + public void testInitialSyncExternalUsers() throws Exception {
> + ExternalUser externalUser = idp.getUser(TestIdentityProvider.ID_TEST_USER);
> + String[] externalId = new String[] {externalUser.getExternalId().getString()};
> +
> + String[] result = syncMBean.syncExternalUsers(externalId);
> + assertResultMessages(result, 1, "add");
> +
> + User testUser = userManager.getAuthorizable(externalUser.getId(), User.class);
> + assertNotNull(testUser);
> +
> + for (ExternalIdentityRef groupRef : externalUser.getDeclaredGroups()) {
> + assertNotNull(userManager.getAuthorizable(groupRef.getId()));
> + }
> + }
> +
> + @Test
> + public void testInitialSyncExternalUsersNoNesting() throws Exception {
> + syncConfig.user().setMembershipNestingDepth(-1);
> +
> + ExternalUser externalUser = idp.getUser(TestIdentityProvider.ID_TEST_USER);
> + String[] externalId = new String[] {externalUser.getExternalId().getString()};
> +
> + String[] result = syncMBean.syncExternalUsers(externalId);
> + assertResultMessages(result, 1, "add");
> +
> + User testUser = userManager.getAuthorizable(externalUser.getId(), User.class);
> + assertNotNull(testUser);
> +
> + for (ExternalIdentityRef groupRef : externalUser.getDeclaredGroups()) {
> + assertNull(userManager.getAuthorizable(groupRef.getId()));
> + }
> + }
> +
> + @Test
> + public void testSyncExternalUsersLastSyncedProperty() throws Exception {
> + ExternalUser externalUser = idp.getUser(TestIdentityProvider.ID_TEST_USER);
> + String[] externalId = new String[]{externalUser.getExternalId().getString()};
> +
> + syncMBean.syncExternalUsers(externalId);
> + User testUser = userManager.getAuthorizable(externalUser.getId(), User.class);
> +
> + long lastSynced = testUser.getProperty(DefaultSyncContext.REP_LAST_SYNCED)[0].getLong();
> + for (ExternalIdentityRef groupRef : externalUser.getDeclaredGroups()) {
> + Group gr = userManager.getAuthorizable(groupRef.getId(), Group.class);
> + long groupLastSynced = gr.getProperty(DefaultSyncContext.REP_LAST_SYNCED)[0].getLong();
> +
> + assertTrue(lastSynced == groupLastSynced);
> + }
> +
> + // default value for forceGroup sync is defined to be 'true' => verify result
> + syncMBean.syncExternalUsers(externalId);
> + testUser = userManager.getAuthorizable(externalUser.getId(), User.class);
> + long lastSynced2 = testUser.getProperty(DefaultSyncContext.REP_LAST_SYNCED)[0].getLong();
> +
> + assertTrue(lastSynced < lastSynced2);
> + for (ExternalIdentityRef groupRef : externalUser.getDeclaredGroups()) {
> + Group gr = userManager.getAuthorizable(groupRef.getId(), Group.class);
> + long groupLastSynced = gr.getProperty(DefaultSyncContext.REP_LAST_SYNCED)[0].getLong();
> +
> + assertTrue(lastSynced2 == groupLastSynced);
> + }
> + }
> +
> + @Test
> + public void testInitialSyncExternalGroup() throws Exception {
> + ExternalGroup externalGroup = idp.getGroup("a");
> + String[] externalId = new String[] {externalGroup.getExternalId().getString()};
> +
> + String[] result = syncMBean.syncExternalUsers(externalId);
> + assertResultMessages(result, 1, "add");
> +
> + Group aGroup = userManager.getAuthorizable(externalGroup.getId(), Group.class);
> + assertNotNull(aGroup);
> +
> + // membership of groups are not synced (unless imposed by user-sync with membership depth)
> + for (ExternalIdentityRef groupRef : externalGroup.getDeclaredGroups()) {
> + assertNull(userManager.getAuthorizable(groupRef.getId()));
> + }
> + }
> +
> + @Test
> + public void testSyncExternalNonExisting() throws Exception {
> + ExternalIdentityRef ref = new ExternalIdentityRef("nonExisting", idp.getName());
> +
> + String[] result = syncMBean.syncExternalUsers(new String[]{ref.getString()});
> + assertResultMessages(result, 1, "nsi");
> + }
> +
> + /**
> + * @see <a href="https://issues.apache.org/jira/browse/OAK-4346">OAK-4346</a>
> + */
> + @Ignore("OAK-4346")
> + @Test
> + public void testSyncExternalLocal() throws Exception {
> + ExternalIdentityRef ref = new ExternalIdentityRef(UserConstants.DEFAULT_ANONYMOUS_ID, null);
> +
> + String[] result = syncMBean.syncExternalUsers(new String[]{ref.getString()});
> + assertResultMessages(result, 1, "for");
> + }
> +
> + /**
> + * @see <a href="https://issues.apache.org/jira/browse/OAK-4346">OAK-4346</a>
> + */
> + @Ignore("OAK-4346")
> + @Test
> + public void testSyncExternalForeign() throws Exception {
> + ExternalIdentityRef ref = new ExternalIdentityRef(TestIdentityProvider.ID_TEST_USER, "anotherIDP");
> +
> + String[] result = syncMBean.syncExternalUsers(new String[]{ref.getString()});
> + assertResultMessages(result, 1, "for");
> +
> + result = syncMBean.syncExternalUsers(new String[] {ref.getString()});
> + assertResultMessages(result, 1, "for");
> + }
> +
> + @Test
> + public void testSyncAllUsers() {
> // TODO
> }
>
>
>
>
--
<green/>bytes GmbH, Hafenweg 16, D-48155 M�nster, Germany
Amtsgericht M�nster: HRB5782