You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by dj...@apache.org on 2016/08/26 09:04:48 UTC
svn commit: r1757797 - in /jackrabbit/oak/branches/1.4: ./
oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/
Author: dj
Date: Fri Aug 26 09:04:48 2016
New Revision: 1757797
URL: http://svn.apache.org/viewvc?rev=1757797&view=rev
Log:
OAK-4679 : Backport OAK-4119, OAK-4101, OAK-4087 and OAK-4344
- also applying OAK-4382 due test failures on windows
Added:
jackrabbit/oak/branches/1.4/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderDeepNestingTest.java
- copied unchanged from r1747387, jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderDeepNestingTest.java
Modified:
jackrabbit/oak/branches/1.4/ (props changed)
jackrabbit/oak/branches/1.4/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java
jackrabbit/oak/branches/1.4/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderAutoMembershipTest.java
Propchange: jackrabbit/oak/branches/1.4/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Aug 26 09:04:48 2016
@@ -1,3 +1,3 @@
/jackrabbit/oak/branches/1.0:1665962
-/jackrabbit/oak/trunk:1733615,1733875,1733913,1733929,1734230,1734254,1734279,1734941,1735052,1735081,1735141,1735267,1735405,1735484,1735549,1735564,1735588,1735622,1735638,1735919,1735983,1736176,1737309-1737310,1737334,1737349,1737998,1738004,1738136,1738138,1738207,1738252,1738775,1738795,1738833,1738950,1738957,1738963,1739712,1739760,1739867,1739894,1739959-1739960,1740114,1740116,1740250,1740333,1740360,1740625-1740626,1740774,1740837,1740971,1741016,1741032,1741339,1741343,1742077,1742117,1742363,1742520,1742888,1742916,1743097,1743172,1743343,1743674,1744265,1744292,1744670,1744672,1744959,1745038,1745127,1745197,1745336,1745368,1746086,1746117,1746342,1746345,1746408,1746696,1746981,1747198,1747200,1747341-1747342,1747380,1747406,1747492,1747512,1748505,1748553,1748722,1748870,1749275,1749350,1749464,1749475,1749645,1749662,1749815,1749872,1749875,1749899,1750052,1750076-1750077,1750287,1750457,1750462,1750465,1750495,1750626,1750809,1750886,1751410,1751445-1751446,1751478
,1751755,1751871,1752198,1752202,1752273-1752274,1752438,1752447,1752508,1752616,1752659,1752672,1753262,1753331-1753332,1753355,1753444,1754117,1754239,1755157,1756520,1756580,1757119,1757166
+/jackrabbit/oak/trunk:1733615,1733875,1733913,1733929,1734230,1734254,1734279,1734941,1735052,1735081,1735141,1735267,1735405,1735484,1735549,1735564,1735588,1735622,1735638,1735919,1735983,1736176,1737309-1737310,1737334,1737349,1737998,1738004,1738136,1738138,1738207,1738252,1738775,1738795,1738833,1738950,1738957,1738963,1739712,1739760,1739867,1739894,1739959-1739960,1740114,1740116,1740250,1740333,1740360,1740625-1740626,1740774,1740837,1740971,1741016,1741032,1741339,1741343,1742077,1742117,1742363,1742520,1742888,1742916,1743097,1743172,1743343,1743674,1744265,1744292,1744589,1744670,1744672,1744959,1745038,1745127,1745197,1745336,1745368,1746086,1746117,1746342,1746345,1746408,1746696,1746981,1747198,1747200,1747341-1747342,1747380,1747387,1747406,1747492,1747512,1748505,1748553,1748722,1748870,1749275,1749350,1749464,1749475,1749645,1749662,1749815,1749872,1749875,1749899,1750052,1750076-1750077,1750287,1750457,1750462,1750465,1750495,1750626,1750809,1750886,1751410,1751445
-1751446,1751478,1751755,1751871,1752198,1752202,1752273-1752274,1752438,1752447,1752508,1752616,1752659,1752672,1753262,1753331-1753332,1753355,1753444,1754117,1754239,1755157,1756520,1756580,1757119,1757166
/jackrabbit/trunk:1345480
Modified: jackrabbit/oak/branches/1.4/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.4/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java?rev=1757797&r1=1757796&r2=1757797&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.4/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java (original)
+++ jackrabbit/oak/branches/1.4/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java Fri Aug 26 09:04:48 2016
@@ -33,18 +33,17 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
-import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DynamicSyncContext;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertSame;
@@ -53,14 +52,9 @@ import static org.junit.Assert.fail;
public class ExternalGroupPrincipalProviderTest extends AbstractPrincipalTest {
- void syncWithMembership(@Nonnull ExternalUser externalUser, long depth) throws Exception {
- DefaultSyncConfig sc = new DefaultSyncConfig();
- sc.user().setMembershipNestingDepth(depth);
-
+ void sync(@Nonnull ExternalUser externalUser) throws Exception {
Root systemRoot = getSystemRoot();
- DynamicSyncContext syncContext = new DynamicSyncContext(sc, idp, getUserManager(systemRoot), getValueFactory(systemRoot));
- syncContext.setForceUserSync(true);
- syncContext.setForceGroupSync(true);
+ DynamicSyncContext syncContext = new DynamicSyncContext(syncConfig, idp, getUserManager(systemRoot), getValueFactory(systemRoot));
syncContext.sync(externalUser);
syncContext.close();
systemRoot.commit();
@@ -69,25 +63,27 @@ public class ExternalGroupPrincipalProvi
}
Set<Principal> getExpectedGroupPrincipals(@Nonnull String userId) throws Exception {
- return getDeclaredGroupPrincipals(userId);
- }
-
- Set<Principal> getDeclaredGroupPrincipals(@Nonnull String userId) throws Exception {
- Set<Principal> principals = ImmutableSet.copyOf(Iterables.transform(idp.getUser(userId).getDeclaredGroups(), new Function<ExternalIdentityRef, Principal>() {
- @Nullable
- @Override
- public Principal apply(ExternalIdentityRef input) {
- try {
- return new PrincipalImpl(idp.getIdentity(input).getPrincipalName());
- } catch (ExternalIdentityException e) {
- throw new RuntimeException(e);
- }
- };
- }));
- return principals;
+ if (syncConfig.user().getMembershipNestingDepth() == 1) {
+ Set<Principal> principals = ImmutableSet.copyOf(Iterables.transform(idp.getUser(userId).getDeclaredGroups(), new Function<ExternalIdentityRef, Principal>() {
+ @Nullable
+ @Override
+ public Principal apply(ExternalIdentityRef input) {
+ try {
+ return new PrincipalImpl(idp.getIdentity(input).getPrincipalName());
+ } catch (ExternalIdentityException e) {
+ throw new RuntimeException(e);
+ }
+ };
+ }));
+ return principals;
+ } else {
+ Set<Principal> set = new HashSet<Principal>();
+ collectExpectedPrincipals(set, idp.getUser(userId).getDeclaredGroups(), syncConfig.user().getMembershipNestingDepth());
+ return set;
+ }
}
- void collectExpectedPrincipals(Set<Principal> grPrincipals, @Nonnull Iterable<ExternalIdentityRef> declaredGroups, long depth) throws Exception {
+ private void collectExpectedPrincipals(Set<Principal> grPrincipals, @Nonnull Iterable<ExternalIdentityRef> declaredGroups, long depth) throws Exception {
if (depth <= 0) {
return;
}
@@ -132,7 +128,7 @@ public class ExternalGroupPrincipalProvi
}
@Test
- public void testGetPrincipalDynamicGroupDepth1() throws Exception {
+ public void testGetPrincipalDynamicGroup() throws Exception {
for (ExternalIdentityRef ref : idp.getUser(USER_ID).getDeclaredGroups()) {
String princName = idp.getIdentity(ref).getPrincipalName();
@@ -144,7 +140,7 @@ public class ExternalGroupPrincipalProvi
}
@Test
- public void testGetPrincipalInheritedGroupsDepth1() throws Exception {
+ public void testGetPrincipalInheritedGroups() throws Exception {
ImmutableSet<ExternalIdentityRef> declared = ImmutableSet.<ExternalIdentityRef>copyOf(idp.getUser(USER_ID).getDeclaredGroups());
for (ExternalIdentityRef ref : declared) {
@@ -159,33 +155,8 @@ public class ExternalGroupPrincipalProvi
}
@Test
- public void testGetPrincipalInheritedGroupsDepthInfinite() throws Exception {
- ExternalUser externalUser = idp.getUser(USER_ID);
- syncWithMembership(externalUser, Long.MAX_VALUE);
-
- for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) {
- ExternalIdentity externalGroup = idp.getIdentity(ref);
- Principal grPrincipal = principalProvider.getPrincipal(externalGroup.getPrincipalName());
-
- for (ExternalIdentityRef inheritedGroupRef : externalGroup.getDeclaredGroups()) {
- String inheritedPrincName = idp.getIdentity(inheritedGroupRef).getPrincipalName();
-
- Principal principal = principalProvider.getPrincipal(inheritedPrincName);
-
- assertNotNull(principal);
- assertTrue(principal instanceof java.security.acl.Group);
-
- java.security.acl.Group inheritedGrPrincipal = (java.security.acl.Group) principal;
- assertTrue(inheritedGrPrincipal.isMember(new PrincipalImpl(externalUser.getPrincipalName())));
- assertFalse(inheritedGrPrincipal.isMember(grPrincipal));
- }
- }
- }
-
- @Test
public void testGetPrincipalUnderscoreSign() throws Exception {
ExternalUser externalUser = idp.getUser(USER_ID);
- syncWithMembership(externalUser, 1);
for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) {
String pName = idp.getIdentity(ref).getPrincipalName();
@@ -199,7 +170,6 @@ public class ExternalGroupPrincipalProvi
@Test
public void testGetPrincipalPercentSign() throws Exception {
ExternalUser externalUser = idp.getUser(USER_ID);
- syncWithMembership(externalUser, 1);
for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) {
String pName = idp.getIdentity(ref).getPrincipalName();
@@ -213,7 +183,7 @@ public class ExternalGroupPrincipalProvi
@Test
public void testGetPrincipalGroupsWithQueryWildCard() throws Exception {
ExternalUser externalUser = idp.getUser(TestIdentityProvider.ID_WILDCARD_USER);
- syncWithMembership(externalUser, 1);
+ sync(externalUser);
for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) {
String pName = idp.getIdentity(ref).getPrincipalName();
@@ -249,41 +219,39 @@ public class ExternalGroupPrincipalProvi
Set<? extends Principal> principals = principalProvider.getGroupMembership(user.getPrincipal());
assertEquals(expected, principals);
+ }
- // same if the principal is not a tree-based-principal
- principals = principalProvider.getGroupMembership(new PrincipalImpl(user.getPrincipal().getName()));
+ @Test
+ public void testGetGroupMembershipExternalUser2() throws Exception {
+ Authorizable user = getUserManager(root).getAuthorizable(USER_ID);
+ assertNotNull(user);
+
+ Set<Principal> expected = getExpectedGroupPrincipals(USER_ID);
+
+ // same as in test before even if the principal is not a tree-based-principal
+ Set<? extends Principal> principals = principalProvider.getGroupMembership(new PrincipalImpl(user.getPrincipal().getName()));
assertEquals(expected, principals);
}
@Test
- public void testGetGroupMembershipExternalUser2() throws Exception {
+ public void testGetGroupMembershipDefaultSync() throws Exception {
// synchronized by default sync-context => no 'dynamic' group principals
Authorizable user = getUserManager(root).getAuthorizable(TestIdentityProvider.ID_SECOND_USER);
assertNotNull(user);
Set<? extends Principal> principals = principalProvider.getGroupMembership(user.getPrincipal());
assertTrue(principals.isEmpty());
-
- // same if the principal is not a tree-based-principal
- principals = principalProvider.getGroupMembership(new PrincipalImpl(user.getPrincipal().getName()));
- assertTrue(principals.isEmpty());
}
@Test
- public void testGetGroupMembershipExternalUserInfiniteDepth() throws Exception {
- ExternalUser externalUser = idp.getUser(USER_ID);
- syncWithMembership(externalUser, Long.MAX_VALUE);
-
- Set<Principal> expectedGrPrincipals = new HashSet();
- collectExpectedPrincipals(expectedGrPrincipals, externalUser.getDeclaredGroups(), Long.MAX_VALUE);
-
- Authorizable user = getUserManager(root).getAuthorizable(USER_ID);
- Set<? extends Principal> principals = principalProvider.getGroupMembership(user.getPrincipal());
- assertEquals(expectedGrPrincipals, principals);
+ public void testGetGroupMembershipDefaultSync2() throws Exception {
+ // synchronized by default sync-context => no 'dynamic' group principals
+ Authorizable user = getUserManager(root).getAuthorizable(TestIdentityProvider.ID_SECOND_USER);
+ assertNotNull(user);
- // same if the principal is not a tree-based-principal
- principals = principalProvider.getGroupMembership(new PrincipalImpl(user.getPrincipal().getName()));
- assertEquals(expectedGrPrincipals, principals);
+ // same as in test before even if the principal is not a tree-based-principal
+ Set<? extends Principal> principals = principalProvider.getGroupMembership(new PrincipalImpl(user.getPrincipal().getName()));
+ assertTrue(principals.isEmpty());
}
@Test
@@ -348,10 +316,7 @@ public class ExternalGroupPrincipalProvi
@Test
public void testFindPrincipalsByHintTypeGroup() throws Exception {
- ExternalUser externalUser = idp.getUser(USER_ID);
- syncWithMembership(externalUser, Long.MAX_VALUE);
-
- Set<? extends Principal> expected = ImmutableSet.of(new PrincipalImpl("a"), new PrincipalImpl("aa"), new PrincipalImpl("aaa"));
+ Set<? extends Principal> expected = ImmutableSet.of(new PrincipalImpl("a"));
Set<? extends Principal> res = ImmutableSet.copyOf(principalProvider.findPrincipals("a", PrincipalManager.SEARCH_TYPE_GROUP));
assertEquals(expected, res);
@@ -359,13 +324,7 @@ public class ExternalGroupPrincipalProvi
@Test
public void testFindPrincipalsByHintTypeAll() throws Exception {
- ExternalUser externalUser = idp.getUser(USER_ID);
- syncWithMembership(externalUser, Long.MAX_VALUE);
-
- Set<? extends Principal> expected = ImmutableSet.of(
- new PrincipalImpl("a"),
- new PrincipalImpl("aa"),
- new PrincipalImpl("aaa"));
+ Set<? extends Principal> expected = ImmutableSet.of(new PrincipalImpl("a"));
Set<? extends Principal> res = ImmutableSet.copyOf(principalProvider.findPrincipals("a", PrincipalManager.SEARCH_TYPE_ALL));
assertEquals(expected, res);
@@ -374,7 +333,7 @@ public class ExternalGroupPrincipalProvi
@Test
public void testFindPrincipalsContainingUnderscore() throws Exception {
ExternalUser externalUser = idp.getUser(TestIdentityProvider.ID_WILDCARD_USER);
- syncWithMembership(externalUser, 1);
+ sync(externalUser);
Set<? extends Principal> expected = ImmutableSet.of(
new PrincipalImpl("_gr_u_"));
@@ -386,7 +345,7 @@ public class ExternalGroupPrincipalProvi
@Test
public void testFindPrincipalsContainingPercentSign() throws Exception {
ExternalUser externalUser = idp.getUser(TestIdentityProvider.ID_WILDCARD_USER);
- syncWithMembership(externalUser, 1);
+ sync(externalUser);
Set<? extends Principal> expected = ImmutableSet.of(
new PrincipalImpl("g%r%"));
@@ -404,24 +363,32 @@ public class ExternalGroupPrincipalProvi
@Test
public void testFindPrincipalsByTypeGroup() throws Exception {
Set<? extends Principal> res = ImmutableSet.copyOf(principalProvider.findPrincipals(PrincipalManager.SEARCH_TYPE_GROUP));
- assertEquals(getDeclaredGroupPrincipals(USER_ID), res);
+ assertEquals(getExpectedGroupPrincipals(USER_ID), res);
}
@Test
public void testFindPrincipalsByTypeAll() throws Exception {
Set<? extends Principal> res = ImmutableSet.copyOf(principalProvider.findPrincipals(PrincipalManager.SEARCH_TYPE_ALL));
- assertEquals(getDeclaredGroupPrincipals(USER_ID), res);
+ assertEquals(getExpectedGroupPrincipals(USER_ID), res);
}
@Test
public void testFindPrincipalsFiltersDuplicates() throws Exception {
- ExternalUser otherUser = new TestUser("anotherUser", ImmutableSet.of(idp.getGroup("a").getExternalId()));
- syncWithMembership(otherUser, 1);
+ ExternalGroup gr = idp.getGroup("a");
+ ExternalUser otherUser = new TestUser("anotherUser", ImmutableSet.of(gr.getExternalId()));
+ sync(otherUser);
+
+ Set<Principal> expected = new HashSet();
+ expected.add(new PrincipalImpl(gr.getPrincipalName()));
+ long depth = syncConfig.user().getMembershipNestingDepth();
+ if (depth > 1) {
+ collectExpectedPrincipals(expected, gr.getDeclaredGroups(), --depth);
+ }
Iterator<? extends Principal> res = principalProvider.findPrincipals("a", PrincipalManager.SEARCH_TYPE_ALL);
assertTrue(res.hasNext());
- assertEquals(new PrincipalImpl("a"), res.next());
- assertFalse(res.hasNext());
+
+ assertEquals(expected, ImmutableSet.copyOf(res));
}
private static final class TestUser extends TestIdentityProvider.TestIdentity implements ExternalUser {
Modified: jackrabbit/oak/branches/1.4/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderAutoMembershipTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.4/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderAutoMembershipTest.java?rev=1757797&r1=1757796&r2=1757797&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.4/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderAutoMembershipTest.java (original)
+++ jackrabbit/oak/branches/1.4/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderAutoMembershipTest.java Fri Aug 26 09:04:48 2016
@@ -21,7 +21,6 @@ import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.UUID;
-
import javax.annotation.Nonnull;
import com.google.common.collect.ImmutableList;
@@ -30,8 +29,6 @@ import com.google.common.collect.Iterato
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
-import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
-import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.junit.Test;
@@ -77,9 +74,11 @@ public class PrincipalProviderAutoMember
}
@Override
- void collectExpectedPrincipals(Set<Principal> grPrincipals, @Nonnull Iterable<ExternalIdentityRef> declaredGroups, long depth) throws Exception {
- super.collectExpectedPrincipals(grPrincipals, declaredGroups, depth);
- grPrincipals.add(autoMembershipGroup.getPrincipal());
+ @Test
+ public void testFindPrincipalsByTypeAll() throws Exception {
+ Set<? extends Principal> res = ImmutableSet.copyOf(principalProvider.findPrincipals(PrincipalManager.SEARCH_TYPE_ALL));
+ // not automembership principals expected here
+ assertEquals(super.getExpectedGroupPrincipals(USER_ID), res);
}
@Test
@@ -92,9 +91,6 @@ public class PrincipalProviderAutoMember
@Test
public void testGetGroupPrincipals() throws Exception {
- ExternalUser externalUser = idp.getUser(USER_ID);
- syncWithMembership(externalUser, 1);
-
Set<Principal> expected = getExpectedGroupPrincipals(USER_ID);
Authorizable user = getUserManager(root).getAuthorizable(USER_ID);
@@ -106,9 +102,6 @@ public class PrincipalProviderAutoMember
@Test
public void testGetPrincipals() throws Exception {
- ExternalUser externalUser = idp.getUser(USER_ID);
- syncWithMembership(externalUser, 1);
-
Set<Principal> expected = getExpectedGroupPrincipals(USER_ID);
Set<? extends Principal> result = principalProvider.getPrincipals(USER_ID);