You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/02/07 16:18:29 UTC
svn commit: r1443544 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerTest.java
Author: angela
Date: Thu Feb 7 15:18:29 2013
New Revision: 1443544
URL: http://svn.apache.org/viewvc?rev=1443544&view=rev
Log:
OAK-50 : Implement User Management
- add early detection of principal collision and add new test asserting that transient collisions are detected upon committing the changes
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?rev=1443544&r1=1443543&r2=1443544&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java Thu Feb 7 15:18:29 2013
@@ -218,12 +218,13 @@ public class UserManagerImpl implements
//--------------------------------------------------------------------------
+
/**
* Let the configured {@code AuthorizableAction}s perform additional
* tasks associated with the creation of the new user before the
* corresponding new node is persisted.
*
- * @param user The new user.
+ * @param user The new user.
* @param password The password.
* @throws RepositoryException If an exception occurs.
*/
@@ -266,7 +267,7 @@ public class UserManagerImpl implements
* tasks associated with password changing of a given user before the
* corresponding property is being changed.
*
- * @param user The target user.
+ * @param user The target user.
* @param password The new password.
* @throws RepositoryException If an exception occurs.
*/
@@ -346,13 +347,16 @@ public class UserManagerImpl implements
}
}
- private void checkValidPrincipal(Principal principal, boolean isGroup) {
+ private void checkValidPrincipal(Principal principal, boolean isGroup) throws RepositoryException {
if (principal == null || principal.getName() == null || "".equals(principal.getName())) {
throw new IllegalArgumentException("Principal may not be null and must have a valid name.");
}
if (!isGroup && EveryonePrincipal.NAME.equals(principal.getName())) {
throw new IllegalArgumentException("'everyone' is a reserved group principal name.");
}
+ if (getAuthorizable(principal) != null) {
+ throw new AuthorizableExistsException("Authorizable with principal " + principal.getName() + " already exists.");
+ }
}
void setPrincipal(Tree authorizableTree, Principal principal) {
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerTest.java?rev=1443544&r1=1443543&r2=1443544&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerTest.java Thu Feb 7 15:18:29 2013
@@ -49,7 +49,7 @@ public class UserManagerTest extends Abs
user = userMgr.createUser(uid, uid);
assertEquals(uid, user.getID());
assertNotNull(userMgr.getAuthorizable(uid));
- assertEquals(user, userMgr.getAuthorizable(uid));
+ assertEquals(user, userMgr.getAuthorizable(uid));
assertNotNull(getNode(user, superuser));
} finally {
@@ -70,7 +70,7 @@ public class UserManagerTest extends Abs
assertEquals(uid, user.getID());
assertNotNull(userMgr.getAuthorizable(uid));
- assertEquals(user, userMgr.getAuthorizable(uid));
+ assertEquals(user, userMgr.getAuthorizable(uid));
assertNotNull(getNode(user, superuser));
} finally {
@@ -177,7 +177,7 @@ public class UserManagerTest extends Abs
String uid = p.getName();
Principal emptyNamePrincipal = new PrincipalImpl("");
-
+
Map<String, Principal> fail = new HashMap<String, Principal>();
fail.put(uid, null);
fail.put(uid, emptyNamePrincipal);
@@ -235,7 +235,7 @@ public class UserManagerTest extends Abs
try {
String id = createGroupId();
- // assert group creation with exact ID
+ // assert group creation with exact ID
gr = userMgr.createGroup(id);
superuser.save();
assertEquals("Expect group with exact ID", id, gr.getID());
@@ -255,7 +255,7 @@ public class UserManagerTest extends Abs
Principal p = getTestPrincipal();
String uid = p.getName();
- // assert group creation with exact ID
+ // assert group creation with exact ID
gr = userMgr.createGroup(uid, p, null);
superuser.save();
@@ -306,10 +306,10 @@ public class UserManagerTest extends Abs
// assert AuthorizableExistsException for principal that is already in use
Group gr = null;
try {
- gr = userMgr.createGroup(p);
- fail("Principal " + p.getName() + " is already in use -> must throw AuthorizableExistsException.");
- } catch (AuthorizableExistsException aee) {
- // expected this
+ gr = userMgr.createGroup(p);
+ fail("Principal " + p.getName() + " is already in use -> must throw AuthorizableExistsException.");
+ } catch (AuthorizableExistsException e) {
+ // expected this
} finally {
if (gr != null) {
gr.remove();
@@ -334,17 +334,17 @@ public class UserManagerTest extends Abs
User u = null;
try {
- // create a user with the given ID
+ // create a user with the given ID
u = userMgr.createUser(uid, "pw", p, null);
superuser.save();
// assert AuthorizableExistsException for principal that is already in use
Group gr = null;
try {
- gr = userMgr.createGroup(p);
- fail("Principal " + p.getName() + " is already in use -> must throw AuthorizableExistsException.");
- } catch (AuthorizableExistsException aee) {
- // expected this
+ gr = userMgr.createGroup(p);
+ fail("Principal " + p.getName() + " is already in use -> must throw AuthorizableExistsException.");
+ } catch (AuthorizableExistsException e) {
+ // expected this
} finally {
if (gr != null) {
gr.remove();
@@ -369,17 +369,17 @@ public class UserManagerTest extends Abs
User u = null;
try {
- // create a user with the given ID
+ // create a user with the given ID
u = userMgr.createUser(uid, "pw", p, null);
superuser.save();
// assert AuthorizableExistsException for principal that is already in use
Group gr = null;
try {
- gr = userMgr.createGroup(createGroupId(), p, null);
- fail("Principal " + p.getName() + " is already in use -> must throw AuthorizableExistsException.");
- } catch (AuthorizableExistsException aee) {
- // expected this
+ gr = userMgr.createGroup(createGroupId(), p, null);
+ fail("Principal " + p.getName() + " is already in use -> must throw AuthorizableExistsException.");
+ } catch (AuthorizableExistsException e) {
+ // expected this
} finally {
if (gr != null) {
gr.remove();
@@ -395,23 +395,60 @@ public class UserManagerTest extends Abs
}
}
+ /**
+ * @since oak 1.0 : if collision is added within the same set of transient
+ * modifications it will only be detected upon save. in this case RepositoryException
+ * is thrown instead of AuthorizableExistsException as the violation is
+ * detected by the uniqueness constraint on the corresponding property index.
+ */
+ @Test
+ public void testCreateGroupWithExistingPrincipal4() throws RepositoryException, NotExecutableException {
+ Principal p = getTestPrincipal();
+ String uid = createUserId();
+
+ assertFalse(uid.equals(p.getName()));
+
+ User u = null;
+ Group gr = null;
+ try {
+ // create a user with the given ID
+ u = userMgr.createUser(uid, "pw", p, null);
+ gr = userMgr.createGroup(createGroupId(), p, null);
+ superuser.save();
+
+ fail("Principal " + p.getName() + " is already in use -> must throw AuthorizableExistsException.");
+ } catch (RepositoryException e) {
+ // expected this
+ } finally {
+ if (gr != null) {
+ gr.remove();
+ }
+ if (u != null) {
+ u.remove();
+ }
+ if (superuser.hasPendingChanges()) {
+ superuser.save();
+ }
+ }
+ }
+
@Test
public void testCreateGroupWithExistingUserID() throws RepositoryException, NotExecutableException {
User u = null;
try {
String uid = createUserId();
- // create a user with the given ID
+ // create a user with the given ID
u = userMgr.createUser(uid, "pw");
superuser.save();
// assert AuthorizableExistsException for id that is already in use
Group gr = null;
try {
- gr = userMgr.createGroup(uid);
- fail("ID " + uid + " is already in use -> must throw AuthorizableExistsException.");
+ gr = userMgr.createGroup(uid);
+ fail("ID " + uid + " is already in use -> must throw AuthorizableExistsException.");
} catch (AuthorizableExistsException aee) {
- // expected this
+ // expected this
} finally {
if (gr != null) {
gr.remove();
@@ -433,17 +470,17 @@ public class UserManagerTest extends Abs
try {
String id = createGroupId();
- // create a user with the given ID
+ // create a user with the given ID
g = userMgr.createGroup(id);
superuser.save();
// assert AuthorizableExistsException for id that is already in use
Group gr = null;
try {
- gr = userMgr.createGroup(id);
- fail("ID " + id + " is already in use -> must throw AuthorizableExistsException.");
+ gr = userMgr.createGroup(id);
+ fail("ID " + id + " is already in use -> must throw AuthorizableExistsException.");
} catch (AuthorizableExistsException aee) {
- // expected this
+ // expected this
} finally {
if (gr != null) {
gr.remove();
@@ -466,17 +503,17 @@ public class UserManagerTest extends Abs
try {
String id = createGroupId();
- // create a group with the given ID
+ // create a group with the given ID
g = userMgr.createGroup(id);
superuser.save();
// assert AuthorizableExistsException for id that is already in use
Group gr = null;
try {
- gr = userMgr.createGroup(id, getTestPrincipal(), null);
- fail("ID " + id + " is already in use -> must throw AuthorizableExistsException.");
+ gr = userMgr.createGroup(id, getTestPrincipal(), null);
+ fail("ID " + id + " is already in use -> must throw AuthorizableExistsException.");
} catch (AuthorizableExistsException aee) {
- // expected this
+ // expected this
} finally {
if (gr != null) {
gr.remove();
@@ -593,7 +630,7 @@ public class UserManagerTest extends Abs
User user = userMgr.createUser(uid, "pw", p, path);
superuser.save();
- fail("intermediate path '"+ path +"' outside of the user tree.");
+ fail("intermediate path '" + path + "' outside of the user tree.");
} catch (Exception e) {
// success
} finally {