You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/10/16 20:30:18 UTC
svn commit: r1398915 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/ oak-jcr/
oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/principal/
Author: angela
Date: Tue Oct 16 18:30:18 2012
New Revision: 1398915
URL: http://svn.apache.org/viewvc?rev=1398915&view=rev
Log:
OAK-90 : Implement Principal Management (WIP)
OAK-50 : User Management (WIP)
Added:
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/principal/
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
jackrabbit/oak/trunk/oak-jcr/pom.xml
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java?rev=1398915&r1=1398914&r2=1398915&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java Tue Oct 16 18:30:18 2012
@@ -79,7 +79,7 @@ public class PrincipalProviderImpl imple
if (tree != null) {
return (isGroup(tree)) ? new TreeBasedGroup(tree) : new TreeBasedPrincipal(tree, pathMapper);
} else {
- return null;
+ return (EveryonePrincipal.NAME.equals(principalName)) ? EveryonePrincipal.getInstance() : null;
}
}
Modified: jackrabbit/oak/trunk/oak-jcr/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/pom.xml?rev=1398915&r1=1398914&r2=1398915&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-jcr/pom.xml Tue Oct 16 18:30:18 2012
@@ -276,10 +276,16 @@
org.apache.jackrabbit.oak.jcr.security.user.AuthorizableTest#testSetSpecialPropertiesDirectly <!-- OAK-250 -->
org.apache.jackrabbit.oak.jcr.security.user.AuthorizableTest#testRemoveSpecialUserPropertiesDirectly <!-- OAK-250 -->
org.apache.jackrabbit.oak.jcr.security.user.AuthorizableTest#testRemoveSpecialGroupPropertiesDirectly <!-- OAK-250 -->
- org.apache.jackrabbit.oak.jcr.security.user.UserManagerTest#testUnknownUserLogin <!-- due to dummy login -->
- org.apache.jackrabbit.oak.jcr.security.user.UserTest#testChangePassword2 <!-- due to dummy login -->
- org.apache.jackrabbit.oak.jcr.security.user.UserTest#testChangePasswordWithOldPassword2 <!-- due to dummy login -->
- org.apache.jackrabbit.oak.jcr.security.user.UserTest#testDisable <!-- due to dummy login -->
+ org.apache.jackrabbit.oak.jcr.security.principal.PrincipalManagerTest#testGetPrincipals <!-- principal search missing -->
+ org.apache.jackrabbit.oak.jcr.security.principal.PrincipalManagerTest#testGetGroupPrincipals <!-- principal search missing -->
+ org.apache.jackrabbit.oak.jcr.security.principal.PrincipalManagerTest#testGetAllPrincipals <!-- principal search missing -->
+ org.apache.jackrabbit.oak.jcr.security.principal.PrincipalManagerTest#testGroupMembers <!-- principal search missing -->
+ org.apache.jackrabbit.oak.jcr.security.principal.PrincipalManagerTest#testGroupMembership <!-- principal search missing -->
+ org.apache.jackrabbit.oak.jcr.security.principal.PrincipalManagerTest#testGetMembersConsistentWithMembership <!-- principal search missing -->
+ org.apache.jackrabbit.oak.jcr.security.principal.PrincipalManagerTest#testFindPrincipal <!-- principal search missing -->
+ org.apache.jackrabbit.oak.jcr.security.principal.PrincipalManagerTest#testFindPrincipalByType <!-- principal search missing -->
+ org.apache.jackrabbit.oak.jcr.security.principal.PrincipalManagerTest#testFindPrincipalByTypeAll <!-- principal search missing -->
+ org.apache.jackrabbit.oak.jcr.security.principal.PrincipalManagerTest#testFindEveryone <!-- principal search missing -->
</known.issues>
</properties>
Added: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerTest.java?rev=1398915&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerTest.java (added)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerTest.java Tue Oct 16 18:30:18 2012
@@ -0,0 +1,351 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.jcr.security.principal;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Set;
+import javax.jcr.Credentials;
+import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
+
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
+import org.apache.jackrabbit.test.AbstractJCRTest;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * {@code PrincipalManagerTest}...
+ */
+public class PrincipalManagerTest extends AbstractJCRTest {
+
+ private PrincipalManager principalMgr;
+ private Group everyone;
+
+ private Principal[] adminPrincipals;
+
+ @Before
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+ if (!(superuser instanceof JackrabbitSession)) {
+ superuser.logout();
+ throw new NotExecutableException();
+ }
+ principalMgr = ((JackrabbitSession) superuser).getPrincipalManager();
+ everyone = (Group) principalMgr.getEveryone();
+
+ adminPrincipals = getPrincipals(getHelper().getSuperuserCredentials());
+ }
+
+ private Principal[] getPrincipals(Credentials credentials) throws Exception {
+ // TODO: improve
+ Set<Principal> principals = new HashSet<Principal>();
+ if (credentials instanceof SimpleCredentials) {
+ Principal p = principalMgr.getPrincipal(((SimpleCredentials) credentials).getUserID());
+ if (p != null) {
+ principals.add(p);
+ PrincipalIterator principalIterator = principalMgr.getGroupMembership(p);
+ while (principalIterator.hasNext()) {
+ principals.add(principalIterator.nextPrincipal());
+ }
+ }
+ }
+ return principals.toArray(new Principal[principals.size()]);
+ }
+
+ private static boolean isGroup(Principal p) {
+ return p instanceof java.security.acl.Group;
+ }
+
+ @Test
+ public void testGetEveryone() {
+ Principal principal = principalMgr.getEveryone();
+ assertTrue(principal != null);
+ assertTrue(isGroup(principal));
+ }
+
+ @Test
+ public void testGetEveryoneByName() {
+ assertTrue(principalMgr.hasPrincipal(EveryonePrincipal.NAME));
+ assertNotNull(principalMgr.getPrincipal(EveryonePrincipal.NAME));
+ assertEquals(EveryonePrincipal.getInstance(), principalMgr.getPrincipal(EveryonePrincipal.NAME));
+ }
+
+ @Test
+ public void testSuperUserIsEveryOne() {
+ for (Principal pcpl : adminPrincipals) {
+ if (!(pcpl.equals(everyone))) {
+ assertTrue(everyone.isMember(pcpl));
+ }
+ }
+ }
+
+ @Test
+ public void testReadOnlyIsEveryOne() throws Exception {
+ Session s = getHelper().getReadOnlySession();
+ try {
+ Principal[] pcpls = getPrincipals(getHelper().getReadOnlyCredentials());
+ for (Principal pcpl : pcpls) {
+ if (!(pcpl.equals(everyone))) {
+ assertTrue(everyone.isMember(pcpl));
+ }
+ }
+ } finally {
+ s.logout();
+ }
+ }
+
+ @Test
+ public void testHasPrincipal() {
+ assertTrue(principalMgr.hasPrincipal(everyone.getName()));
+
+ for (Principal pcpl : adminPrincipals) {
+ assertTrue(principalMgr.hasPrincipal(pcpl.getName()));
+ }
+ }
+
+ @Test
+ public void testGetPrincipal() {
+ Principal p = principalMgr.getPrincipal(everyone.getName());
+ assertEquals(everyone, p);
+
+ for (Principal pcpl : adminPrincipals) {
+ Principal pp = principalMgr.getPrincipal(pcpl.getName());
+ assertEquals("PrincipalManager.getPrincipal returned Principal with different Name", pcpl.getName(), pp.getName());
+ }
+ }
+
+ @Test
+ public void testGetPrincipalGetName() {
+ for (Principal pcpl : adminPrincipals) {
+ Principal pp = principalMgr.getPrincipal(pcpl.getName());
+ assertEquals("PrincipalManager.getPrincipal returned Principal with different Name", pcpl.getName(), pp.getName());
+ }
+ }
+
+ @Test
+ public void testGetPrincipals() {
+ PrincipalIterator it = principalMgr.getPrincipals(PrincipalManager.SEARCH_TYPE_NOT_GROUP);
+ while (it.hasNext()) {
+ Principal p = it.nextPrincipal();
+ assertFalse(isGroup(p));
+ }
+ }
+
+ @Test
+ public void testGetGroupPrincipals() {
+ PrincipalIterator it = principalMgr.getPrincipals(PrincipalManager.SEARCH_TYPE_GROUP);
+ while (it.hasNext()) {
+ Principal p = it.nextPrincipal();
+ assertTrue(isGroup(p));
+ }
+ }
+
+ @Test
+ public void testGetAllPrincipals() {
+ PrincipalIterator it = principalMgr.getPrincipals(PrincipalManager.SEARCH_TYPE_ALL);
+ while (it.hasNext()) {
+ Principal p = it.nextPrincipal();
+ assertTrue(principalMgr.hasPrincipal(p.getName()));
+ assertEquals(principalMgr.getPrincipal(p.getName()), p);
+ }
+ }
+
+ @Test
+ public void testGroupMembers() {
+ PrincipalIterator it = principalMgr.getPrincipals(PrincipalManager.SEARCH_TYPE_ALL);
+ while (it.hasNext()) {
+ Principal p = it.nextPrincipal();
+ if (isGroup(p) && !p.equals(principalMgr.getEveryone())) {
+ Enumeration<? extends Principal> en = ((java.security.acl.Group) p).members();
+ while (en.hasMoreElements()) {
+ Principal memb = en.nextElement();
+ assertTrue(principalMgr.hasPrincipal(memb.getName()));
+ }
+ }
+ }
+ }
+
+ @Test
+ public void testGroupMembership() {
+ testMembership(PrincipalManager.SEARCH_TYPE_NOT_GROUP);
+ testMembership(PrincipalManager.SEARCH_TYPE_GROUP);
+ testMembership(PrincipalManager.SEARCH_TYPE_ALL);
+ }
+
+ private void testMembership(int searchType) {
+ PrincipalIterator it = principalMgr.getPrincipals(searchType);
+ while (it.hasNext()) {
+ Principal p = it.nextPrincipal();
+ if (p.equals(everyone)) {
+ for (PrincipalIterator membership = principalMgr.getGroupMembership(p); membership.hasNext();) {
+ Principal gr = membership.nextPrincipal();
+ assertTrue(isGroup(gr));
+ if (gr.equals(everyone)) {
+ fail("Everyone must never be a member of the EveryOne group.");
+ }
+ }
+ } else {
+ boolean atleastEveryone = false;
+ for (PrincipalIterator membership = principalMgr.getGroupMembership(p); membership.hasNext();) {
+ Principal gr = membership.nextPrincipal();
+ assertTrue(isGroup(gr));
+ if (gr.equals(everyone)) {
+ atleastEveryone = true;
+ }
+ }
+ assertTrue("All principals (except everyone) must be member of the everyone group.", atleastEveryone);
+
+ }
+ }
+ }
+
+ @Test
+ public void testGetMembersConsistentWithMembership() {
+ Principal everyone = principalMgr.getEveryone();
+ PrincipalIterator it = principalMgr.getPrincipals(PrincipalManager.SEARCH_TYPE_GROUP);
+ while (it.hasNext()) {
+ Principal p = it.nextPrincipal();
+ if (p.equals(everyone)) {
+ continue;
+ }
+
+ assertTrue(isGroup(p));
+
+ Enumeration<? extends Principal> members = ((java.security.acl.Group) p).members();
+ while (members.hasMoreElements()) {
+ Principal memb = members.nextElement();
+
+ Principal group = null;
+ PrincipalIterator mship = principalMgr.getGroupMembership(memb);
+ while (mship.hasNext() && group == null) {
+ Principal gr = mship.nextPrincipal();
+ if (p.equals(gr)) {
+ group = gr;
+ }
+ }
+ assertNotNull("Group member " + memb.getName() + "does not reveal group upon getGroupMembership", p.getName());
+ }
+ }
+ }
+
+ @Test
+ public void testFindPrincipal() {
+ for (Principal pcpl : adminPrincipals) {
+ if (pcpl.equals(everyone)) {
+ continue;
+ }
+ PrincipalIterator it = principalMgr.findPrincipals(pcpl.getName());
+ // search must find at least a single principal
+ assertTrue("findPrincipals does not find principal with filter " + pcpl.getName(), it.hasNext());
+ }
+ }
+
+ @Test
+ public void testFindPrincipalByType() {
+ for (Principal pcpl : adminPrincipals) {
+ if (pcpl.equals(everyone)) {
+ // special case covered by another test
+ continue;
+ }
+
+ if (isGroup(pcpl)) {
+ PrincipalIterator it = principalMgr.findPrincipals(pcpl.getName(),
+ PrincipalManager.SEARCH_TYPE_GROUP);
+ // search must find at least a single matching group principal
+ assertTrue("findPrincipals does not find principal with filter " + pcpl.getName(), it.hasNext());
+ } else {
+ PrincipalIterator it = principalMgr.findPrincipals(pcpl.getName(),
+ PrincipalManager.SEARCH_TYPE_NOT_GROUP);
+ // search must find at least a single matching non-group principal
+ assertTrue("findPrincipals does not find principal with filter " + pcpl.getName(), it.hasNext());
+ }
+ }
+ }
+
+ @Test
+ public void testFindPrincipalByTypeAll() {
+ for (Principal pcpl : adminPrincipals) {
+ if (pcpl.equals(everyone)) {
+ // special case covered by another test
+ continue;
+ }
+
+ PrincipalIterator it = principalMgr.findPrincipals(pcpl.getName(), PrincipalManager.SEARCH_TYPE_ALL);
+ PrincipalIterator it2 = principalMgr.findPrincipals(pcpl.getName());
+
+ // both search must reveal the same result and size
+ assertTrue(it.getSize() == it2.getSize());
+
+ Set<Principal> s1 = new HashSet<Principal>();
+ Set<Principal> s2 = new HashSet<Principal>();
+ while (it.hasNext() && it2.hasNext()) {
+ s1.add(it.nextPrincipal());
+ s2.add(it2.nextPrincipal());
+ }
+
+ assertEquals(s1, s2);
+ assertFalse(it.hasNext() && it2.hasNext());
+ }
+ }
+
+ @Test
+ public void testFindEveryone() {
+ Principal everyone = principalMgr.getEveryone();
+
+ boolean containedInResult = false;
+
+ // untyped search -> everyone must be part of the result set
+ PrincipalIterator it = principalMgr.findPrincipals(everyone.getName());
+ while (it.hasNext()) {
+ Principal p = it.nextPrincipal();
+ if (p.getName().equals(everyone.getName())) {
+ containedInResult = true;
+ }
+ }
+ assertTrue(containedInResult);
+
+ // search group only -> everyone must be part of the result set
+ containedInResult = false;
+ it = principalMgr.findPrincipals(everyone.getName(), PrincipalManager.SEARCH_TYPE_GROUP);
+ while (it.hasNext()) {
+ Principal p = it.nextPrincipal();
+ if (p.getName().equals(everyone.getName())) {
+ containedInResult = true;
+ }
+ }
+ assertTrue(containedInResult);
+
+ // search non-group only -> everyone should not be part of the result set
+ containedInResult = false;
+ it = principalMgr.findPrincipals(everyone.getName(), PrincipalManager.SEARCH_TYPE_NOT_GROUP);
+ while (it.hasNext()) {
+ Principal p = it.nextPrincipal();
+ if (p.getName().equals(everyone.getName())) {
+ containedInResult = true;
+ }
+ }
+ assertFalse(containedInResult);
+ }
+}
\ No newline at end of file