You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2016/05/20 10:12:36 UTC

svn commit: r1744683 - in /jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external: ./ impl/principal/

Author: angela
Date: Fri May 20 10:12:36 2016
New Revision: 1744683

URL: http://svn.apache.org/viewvc?rev=1744683&view=rev
Log:
OAK-4386 : Verify that external login with dynamic membership populates subject

Modified:
    jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java
    jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleDynamicMembershipTest.java
    jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestSecurityProvider.java
    jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java

Modified: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java?rev=1744683&r1=1744682&r2=1744683&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java (original)
+++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java Fri May 20 10:12:36 2016
@@ -40,6 +40,7 @@ import org.apache.jackrabbit.oak.api.Roo
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
 import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.ExternalPrincipalConfiguration;
 import org.junit.After;
 import org.junit.Before;
 
@@ -53,8 +54,8 @@ public abstract class AbstractExternalAu
     protected static final String TEST_CONSTANT_PROPERTY_VALUE = "constant-value";
 
     protected ExternalIdentityProvider idp;
-
     protected DefaultSyncConfig syncConfig;
+    protected ExternalPrincipalConfiguration externalPrincipalConfiguration = new ExternalPrincipalConfiguration();
 
     private Set<String> ids;
 
@@ -124,7 +125,7 @@ public abstract class AbstractExternalAu
     @Override
     protected SecurityProvider getSecurityProvider() {
         if (securityProvider == null) {
-            securityProvider = new TestSecurityProvider(getSecurityConfigParameters());
+            securityProvider = new TestSecurityProvider(getSecurityConfigParameters(), externalPrincipalConfiguration);
         }
         return securityProvider;
     }

Modified: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleDynamicMembershipTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleDynamicMembershipTest.java?rev=1744683&r1=1744682&r2=1744683&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleDynamicMembershipTest.java (original)
+++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleDynamicMembershipTest.java Fri May 20 10:12:36 2016
@@ -16,16 +16,29 @@
  */
 package org.apache.jackrabbit.oak.spi.security.authentication.external;
 
+import java.security.Principal;
 import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
 import java.util.Set;
 import javax.annotation.Nonnull;
 import javax.jcr.SimpleCredentials;
 import javax.jcr.Value;
 
+import com.google.common.collect.ImmutableMap;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncConfigImpl;
 import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalIdentityConstants;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
+import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardUtils;
+import org.apache.sling.testing.mock.osgi.junit.OsgiContext;
+import org.junit.Rule;
 import org.junit.Test;
 
 import static org.junit.Assert.assertEquals;
@@ -36,11 +49,23 @@ import static org.junit.Assert.assertTru
 
 public class ExternalLoginModuleDynamicMembershipTest extends ExternalLoginModuleTest {
 
+    @Rule
+    public final OsgiContext context = new OsgiContext();
+
     @Override
     public void before() throws Exception {
         super.before();
 
         syncConfig.user().setDynamicMembership(true);
+
+        // register the ExternalPrincipal configuration in order to have it's
+        // activate method invoked.
+        context.registerInjectActivateService(externalPrincipalConfiguration);
+
+        // now register the sync-handler with the dynamic membership config
+        // in order to enable dynamic membership with the external principal configuration
+        Map props = ImmutableMap.of(DefaultSyncConfigImpl.PARAM_USER_DYNAMIC_MEMBERSHIP, syncConfig.user().getDynamicMembership());
+        context.registerService(SyncHandler.class, WhiteboardUtils.getService(whiteboard, SyncHandler.class), props);
     }
 
     private void assertExternalPrincipalNames(@Nonnull UserManager userMgr, @Nonnull String id) throws Exception {
@@ -70,6 +95,43 @@ public class ExternalLoginModuleDynamicM
     }
 
     @Test
+    public void testLoginPopulatesPrincipals() throws Exception {
+        ContentSession cs = null;
+        try {
+            cs = login(new SimpleCredentials(USER_ID, new char[0]));
+
+            Set<String> expectedExternal = new HashSet<String>();
+            calcExpectedPrincipalNames(idp.getUser(USER_ID), syncConfig.user().getMembershipNestingDepth(), expectedExternal);
+
+            Set<Principal> principals = new HashSet<Principal>(cs.getAuthInfo().getPrincipals());
+
+            root.refresh();
+            PrincipalManager principalManager = getPrincipalManager(root);
+            for (String pName : expectedExternal) {
+                Principal p = principalManager.getPrincipal(pName);
+                assertNotNull(p);
+                assertTrue(principals.remove(p));
+            }
+
+            UserManager uMgr = getUserManager(root);
+            User u = uMgr.getAuthorizable(USER_ID, User.class);
+            assertTrue(principals.remove(u.getPrincipal()));
+
+            Iterator<Group> it = u.memberOf();
+            assertFalse(it.hasNext());
+
+            assertTrue(principals.remove(EveryonePrincipal.getInstance()));
+            assertTrue(principals.isEmpty());
+
+        } finally {
+            if (cs != null) {
+                cs.close();
+            }
+            options.clear();
+        }
+    }
+
+    @Test
     public void testSyncCreatesRepExternalPrincipals() throws Exception {
         try {
             login(new SimpleCredentials(USER_ID, new char[0])).close();
@@ -184,5 +246,4 @@ public class ExternalLoginModuleDynamicM
             options.clear();
         }
     }
-
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestSecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestSecurityProvider.java?rev=1744683&r1=1744682&r2=1744683&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestSecurityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestSecurityProvider.java Fri May 20 10:12:36 2016
@@ -27,7 +27,8 @@ import org.apache.jackrabbit.oak.spi.sec
 import static com.google.common.base.Preconditions.checkNotNull;
 
 public class TestSecurityProvider extends SecurityProviderImpl {
-    public TestSecurityProvider(@Nonnull ConfigurationParameters configuration) {
+
+    public TestSecurityProvider(@Nonnull ConfigurationParameters configuration, @Nonnull ExternalPrincipalConfiguration externalPrincipalConfiguration) {
         super(configuration);
 
         PrincipalConfiguration principalConfiguration = getConfiguration(PrincipalConfiguration.class);
@@ -35,7 +36,7 @@ public class TestSecurityProvider extend
             throw new IllegalStateException();
         } else {
             PrincipalConfiguration defConfig = checkNotNull(((CompositePrincipalConfiguration) principalConfiguration).getDefaultConfig());
-            bindPrincipalConfiguration((new ExternalPrincipalConfiguration(this)));
+            bindPrincipalConfiguration(externalPrincipalConfiguration);
             bindPrincipalConfiguration(defConfig);
         }
     }

Modified: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java?rev=1744683&r1=1744682&r2=1744683&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java (original)
+++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java Fri May 20 10:12:36 2016
@@ -67,7 +67,7 @@ public class ExternalIdentityImporterTes
 
     @Before
     public void before() throws Exception {
-        securityProvider = new TestSecurityProvider(getConfigurationParameters());
+        securityProvider = new TestSecurityProvider(getConfigurationParameters(), new ExternalPrincipalConfiguration());
         Jcr jcr = new Jcr();
         jcr.with(securityProvider);
         repo = jcr.createRepository();