You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2016/05/20 10:12:36 UTC
svn commit: r1744683 - in
/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external:
./ impl/principal/
Author: angela
Date: Fri May 20 10:12:36 2016
New Revision: 1744683
URL: http://svn.apache.org/viewvc?rev=1744683&view=rev
Log:
OAK-4386 : Verify that external login with dynamic membership populates subject
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleDynamicMembershipTest.java
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestSecurityProvider.java
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java
Modified: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java?rev=1744683&r1=1744682&r2=1744683&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java (original)
+++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java Fri May 20 10:12:36 2016
@@ -40,6 +40,7 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.ExternalPrincipalConfiguration;
import org.junit.After;
import org.junit.Before;
@@ -53,8 +54,8 @@ public abstract class AbstractExternalAu
protected static final String TEST_CONSTANT_PROPERTY_VALUE = "constant-value";
protected ExternalIdentityProvider idp;
-
protected DefaultSyncConfig syncConfig;
+ protected ExternalPrincipalConfiguration externalPrincipalConfiguration = new ExternalPrincipalConfiguration();
private Set<String> ids;
@@ -124,7 +125,7 @@ public abstract class AbstractExternalAu
@Override
protected SecurityProvider getSecurityProvider() {
if (securityProvider == null) {
- securityProvider = new TestSecurityProvider(getSecurityConfigParameters());
+ securityProvider = new TestSecurityProvider(getSecurityConfigParameters(), externalPrincipalConfiguration);
}
return securityProvider;
}
Modified: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleDynamicMembershipTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleDynamicMembershipTest.java?rev=1744683&r1=1744682&r2=1744683&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleDynamicMembershipTest.java (original)
+++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleDynamicMembershipTest.java Fri May 20 10:12:36 2016
@@ -16,16 +16,29 @@
*/
package org.apache.jackrabbit.oak.spi.security.authentication.external;
+import java.security.Principal;
import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.jcr.SimpleCredentials;
import javax.jcr.Value;
+import com.google.common.collect.ImmutableMap;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncConfigImpl;
import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalIdentityConstants;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
+import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardUtils;
+import org.apache.sling.testing.mock.osgi.junit.OsgiContext;
+import org.junit.Rule;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
@@ -36,11 +49,23 @@ import static org.junit.Assert.assertTru
public class ExternalLoginModuleDynamicMembershipTest extends ExternalLoginModuleTest {
+ @Rule
+ public final OsgiContext context = new OsgiContext();
+
@Override
public void before() throws Exception {
super.before();
syncConfig.user().setDynamicMembership(true);
+
+ // register the ExternalPrincipal configuration in order to have it's
+ // activate method invoked.
+ context.registerInjectActivateService(externalPrincipalConfiguration);
+
+ // now register the sync-handler with the dynamic membership config
+ // in order to enable dynamic membership with the external principal configuration
+ Map props = ImmutableMap.of(DefaultSyncConfigImpl.PARAM_USER_DYNAMIC_MEMBERSHIP, syncConfig.user().getDynamicMembership());
+ context.registerService(SyncHandler.class, WhiteboardUtils.getService(whiteboard, SyncHandler.class), props);
}
private void assertExternalPrincipalNames(@Nonnull UserManager userMgr, @Nonnull String id) throws Exception {
@@ -70,6 +95,43 @@ public class ExternalLoginModuleDynamicM
}
@Test
+ public void testLoginPopulatesPrincipals() throws Exception {
+ ContentSession cs = null;
+ try {
+ cs = login(new SimpleCredentials(USER_ID, new char[0]));
+
+ Set<String> expectedExternal = new HashSet<String>();
+ calcExpectedPrincipalNames(idp.getUser(USER_ID), syncConfig.user().getMembershipNestingDepth(), expectedExternal);
+
+ Set<Principal> principals = new HashSet<Principal>(cs.getAuthInfo().getPrincipals());
+
+ root.refresh();
+ PrincipalManager principalManager = getPrincipalManager(root);
+ for (String pName : expectedExternal) {
+ Principal p = principalManager.getPrincipal(pName);
+ assertNotNull(p);
+ assertTrue(principals.remove(p));
+ }
+
+ UserManager uMgr = getUserManager(root);
+ User u = uMgr.getAuthorizable(USER_ID, User.class);
+ assertTrue(principals.remove(u.getPrincipal()));
+
+ Iterator<Group> it = u.memberOf();
+ assertFalse(it.hasNext());
+
+ assertTrue(principals.remove(EveryonePrincipal.getInstance()));
+ assertTrue(principals.isEmpty());
+
+ } finally {
+ if (cs != null) {
+ cs.close();
+ }
+ options.clear();
+ }
+ }
+
+ @Test
public void testSyncCreatesRepExternalPrincipals() throws Exception {
try {
login(new SimpleCredentials(USER_ID, new char[0])).close();
@@ -184,5 +246,4 @@ public class ExternalLoginModuleDynamicM
options.clear();
}
}
-
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestSecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestSecurityProvider.java?rev=1744683&r1=1744682&r2=1744683&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestSecurityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestSecurityProvider.java Fri May 20 10:12:36 2016
@@ -27,7 +27,8 @@ import org.apache.jackrabbit.oak.spi.sec
import static com.google.common.base.Preconditions.checkNotNull;
public class TestSecurityProvider extends SecurityProviderImpl {
- public TestSecurityProvider(@Nonnull ConfigurationParameters configuration) {
+
+ public TestSecurityProvider(@Nonnull ConfigurationParameters configuration, @Nonnull ExternalPrincipalConfiguration externalPrincipalConfiguration) {
super(configuration);
PrincipalConfiguration principalConfiguration = getConfiguration(PrincipalConfiguration.class);
@@ -35,7 +36,7 @@ public class TestSecurityProvider extend
throw new IllegalStateException();
} else {
PrincipalConfiguration defConfig = checkNotNull(((CompositePrincipalConfiguration) principalConfiguration).getDefaultConfig());
- bindPrincipalConfiguration((new ExternalPrincipalConfiguration(this)));
+ bindPrincipalConfiguration(externalPrincipalConfiguration);
bindPrincipalConfiguration(defConfig);
}
}
Modified: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java?rev=1744683&r1=1744682&r2=1744683&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java (original)
+++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java Fri May 20 10:12:36 2016
@@ -67,7 +67,7 @@ public class ExternalIdentityImporterTes
@Before
public void before() throws Exception {
- securityProvider = new TestSecurityProvider(getConfigurationParameters());
+ securityProvider = new TestSecurityProvider(getConfigurationParameters(), new ExternalPrincipalConfiguration());
Jcr jcr = new Jcr();
jcr.with(securityProvider);
repo = jcr.createRepository();