You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2008/05/06 11:52:56 UTC
svn commit: r653726 - in /jackrabbit/trunk:
jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/
jackrabbit-core/src/main/java/org/apache/jackrabbit/core/
jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication...
Author: angela
Date: Tue May 6 02:52:55 2008
New Revision: 653726
URL: http://svn.apache.org/viewvc?rev=653726&view=rev
Log:
JCR-1104 : JSR 283 support (security work in progress)
- user API: improve creation of new users
- user API: add distinction between declared and indirect group membership
- user Impl: move group membership to authorizable node type
- javadoc
- minor fixes/improvements
Modified:
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AbstractUserTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/ImpersonationTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerCreateUserTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserManagerImplTest.java
Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java Tue May 6 02:52:55 2008
@@ -17,7 +17,6 @@
package org.apache.jackrabbit.api.security.user;
import javax.jcr.RepositoryException;
-import javax.jcr.Credentials;
import java.security.Principal;
import java.util.Iterator;
@@ -63,19 +62,20 @@
Iterator findAuthorizable(String propertyName, String value) throws RepositoryException;
/**
- * Creates an User for the given userID that authenitcates with the given
- * {@link javax.jcr.Credentials Credentials}.<br>
- * Neither of the specified parameters can be <code>null</code>.
+ * Creates an User for the given userID / password pair; neither of the
+ * specified parameters can be <code>null</code>.<br>
+ * Same as {@link #createUser(String,String,Principal,String)} where
+ * the specified userID is equal to the principal name and the intermediate
+ * path is <code>null</code>.
*
* @param userID
- * @param credentials
- * @param principal
+ * @param password The initial password of this user.
* @return The new <code>User</code>.
* @throws AuthorizableExistsException in case the given userID is already
* in use or another Authorizable with the same principal name exists.
* @throws RepositoryException If another error occurs.
*/
- User createUser(String userID, Credentials credentials, Principal principal) throws AuthorizableExistsException, RepositoryException;
+ User createUser(String userID, String password) throws AuthorizableExistsException, RepositoryException;
/**
* Creates an User for the given userID that authenitcates with the given
@@ -87,7 +87,7 @@
* parameters can be <code>null</code>.
*
* @param userID
- * @param credentials
+ * @param password
* @param principal
* @param intermediatePath
* @return The new <code>User</code>.
@@ -96,7 +96,7 @@
* @throws RepositoryException If the current Session is
* not allowed to create users or some another error occurs.
*/
- User createUser(String userID, Credentials credentials, Principal principal,
+ User createUser(String userID, String password, Principal principal,
String intermediatePath) throws AuthorizableExistsException, RepositoryException;
/**
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java Tue May 6 02:52:55 2008
@@ -53,7 +53,6 @@
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
-import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import java.security.Principal;
import java.util.HashMap;
@@ -408,8 +407,7 @@
if (adminId != null) {
Authorizable admin = systemUserManager.getAuthorizable(adminId);
if (admin == null) {
- Credentials creds = new SimpleCredentials(adminId, adminId.toCharArray());
- admin = systemUserManager.createUser(adminId, creds, new PrincipalImpl(adminId));
+ admin = systemUserManager.createUser(adminId, adminId);
log.info("...created admin-user with id \'" + adminId + "\' ...");
admins.addMember(admin);
log.info("...added admin \'" + adminId + "\' as member of the administrators group.");
@@ -419,8 +417,7 @@
if (anonymousId != null) {
Authorizable anonymous = systemUserManager.getAuthorizable(anonymousId);
if (anonymous == null) {
- Credentials creds = new SimpleCredentials(anonymousId, new char[0]);
- systemUserManager.createUser(anonymousId, creds, new PrincipalImpl(anonymousId));
+ systemUserManager.createUser(anonymousId, "");
log.info("...created anonymous-user with id \'" + anonymousId + "\' ...");
}
}
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java Tue May 6 02:52:55 2008
@@ -60,7 +60,7 @@
if (algo == null) {
// password is plain text
algorithm = SecurityConstants.DEFAULT_DIGEST;
- cryptedPassword = crypt(algorithm, password);
+ cryptedPassword = crypt(password, algorithm);
} else {
// password is already encrypted
algorithm = algo;
@@ -75,18 +75,15 @@
}
public CryptedSimpleCredentials(String userId, String password) throws NoSuchAlgorithmException, UnsupportedEncodingException {
- if (userId == null || userId.length() == 0) {
- throw new IllegalArgumentException();
- }
- if (password == null) {
- throw new IllegalArgumentException();
+ if (userId == null || userId.length() == 0 || password == null) {
+ throw new IllegalArgumentException("Invalid userID or password. Neither may be null, the userID must have a length > 0.");
}
this.userId = userId;
String algo = getAlgorithm(password);
if (algo == null) {
// password is plain text
algorithm = SecurityConstants.DEFAULT_DIGEST;
- cryptedPassword = crypt(algorithm, password);
+ cryptedPassword = crypt(password, algorithm);
} else {
// password is already encrypted
algorithm = algo;
@@ -121,8 +118,8 @@
* it with the current Digest.
*
* @param credentials
- * @return true if {@link SimpleCredentials#getUserID() UserID}
- * and {@link SimpleCredentials#getPassword() Password} match
+ * @return true if {@link SimpleCredentials#getUserID() UserID} and
+ * {@link SimpleCredentials#getPassword() Password} match.
* @throws NoSuchAlgorithmException
* @throws UnsupportedEncodingException
*/
@@ -135,10 +132,10 @@
if (algr == null && algorithm != null) {
// uncrypted pw to match -> crypt with algorithm present here.
- return crypt(algorithm, toMatch).equals(cryptedPassword);
+ return crypt(toMatch, algorithm).equals(cryptedPassword);
} else if (algr != null && algorithm == null) {
// crypted pw to match but unkown algorithm here -> crypt this pw
- return crypt(cryptedPassword, algr).equals(toMatch);
+ return crypt(algr, cryptedPassword).equals(toMatch);
}
// both pw to compare define a algorithm and are crypted
@@ -148,7 +145,7 @@
return false;
}
- private static String crypt(String algorithm, String pwd)
+ private static String crypt(String pwd, String algorithm)
throws NoSuchAlgorithmException, UnsupportedEncodingException {
StringBuffer password = new StringBuffer();
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java Tue May 6 02:52:55 2008
@@ -27,6 +27,7 @@
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials;
import org.apache.jackrabbit.core.security.principal.ItemBasedPrincipal;
+import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.commons.name.NameConstants;
import org.apache.jackrabbit.util.Text;
@@ -34,13 +35,11 @@
import org.slf4j.LoggerFactory;
import javax.jcr.AccessDeniedException;
-import javax.jcr.Credentials;
import javax.jcr.Item;
import javax.jcr.ItemExistsException;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
-import javax.jcr.SimpleCredentials;
import javax.jcr.Value;
import javax.jcr.lock.LockException;
import javax.jcr.nodetype.ConstraintViolationException;
@@ -147,7 +146,6 @@
/**
* Creates a new Node on the repository with the specified
* <code>userName</code>.<br>
- * The <code>userID</code> is expected to be a valid JCR-<code>Name</code>.
* The User will be created relative to path of the User who represents the
* Session this UserManager has been created for.<br>
* If the {@link javax.jcr.Credentials Credentials} are of type
@@ -155,29 +153,28 @@
* crypted.
*
* @param userID
- * @param credentials
- * @see UserManager#createUser(String, Credentials, Principal principal)
+ * @param password
+ * @see UserManager#createUser(String,String)
* @inheritDoc
*/
- public User createUser(String userID, Credentials credentials,
- Principal principal) throws RepositoryException {
- return createUser(userID, credentials, principal, null);
+ public User createUser(String userID, String password) throws RepositoryException {
+ return createUser(userID, password, new PrincipalImpl(userID), null);
}
/**
*
* @param userID
- * @param credentials
+ * @param password
* @param principal
* @param intermediatePath
* @return
* @throws AuthorizableExistsException
* @throws RepositoryException
*/
- public User createUser(String userID, Credentials credentials,
+ public User createUser(String userID, String password,
Principal principal, String intermediatePath)
throws AuthorizableExistsException, RepositoryException {
- if (userID == null || credentials == null || principal == null) {
+ if (userID == null || password == null || principal == null) {
throw new IllegalArgumentException("Not possible to create user with null parameters");
}
if (getAuthorizable(userID) != null) {
@@ -186,11 +183,6 @@
if (hasAuthorizableOrReferee(principal)) {
throw new AuthorizableExistsException("Authorizable for '" + principal.getName() + "' already exists");
}
- if (!(credentials instanceof SimpleCredentials)) {
- throw new RepositoryException("SimpleCredentials required. Found " + credentials.getClass());
- } else if (!userID.equals(((SimpleCredentials) credentials).getUserID())) {
- throw new RepositoryException("UserID mismatch: " + userID + " <-> " + ((SimpleCredentials) credentials).getUserID());
- }
NodeImpl parent = null;
try {
@@ -200,8 +192,8 @@
Name nodeName = session.getQName(Text.escapeIllegalJcrChars(userID));
NodeImpl userNode = addSecurityNode(parent, nodeName, NT_REP_USER);
- setSecurityProperty(userNode, P_USERID, getValue(userID));
- CryptedSimpleCredentials creds = new CryptedSimpleCredentials((SimpleCredentials) credentials);
+ CryptedSimpleCredentials creds = new CryptedSimpleCredentials(userID, password);
+ setSecurityProperty(userNode, P_USERID, getValue(creds.getUserID()));
setSecurityProperty(userNode, P_PASSWORD, getValue(creds.getPassword()));
setSecurityProperty(userNode, P_PRINCIPAL_NAME, getValue(principal.getName()));
parent.save();
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AbstractUserTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AbstractUserTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AbstractUserTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AbstractUserTest.java Tue May 6 02:52:55 2008
@@ -19,22 +19,26 @@
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.security.TestPrincipal;
+import org.apache.jackrabbit.core.security.SecurityConstants;
import org.apache.jackrabbit.test.AbstractJCRTest;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.uuid.UUID;
+import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
-import javax.jcr.SimpleCredentials;
import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.jcr.Credentials;
+import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import java.security.Principal;
+import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
+import java.io.UnsupportedEncodingException;
/**
* <code>AbstractUserTest</code>...
@@ -74,13 +78,29 @@
return p;
}
- protected Credentials buildCredentials(String uid, String pw) {
- // todo: retrieve creds impl from config
- return new SimpleCredentials(uid, pw.toCharArray());
+ protected String buildPassword(String uid, boolean createDigest) throws IllegalArgumentException {
+ if (createDigest) {
+ try {
+ StringBuffer password = new StringBuffer();
+ password.append("{").append(SecurityConstants.DEFAULT_DIGEST).append("}");
+ password.append(Text.digest(SecurityConstants.DEFAULT_DIGEST, uid.getBytes("UTF-8")));
+ return password.toString();
+ } catch (NoSuchAlgorithmException e) {
+ throw new IllegalArgumentException(e);
+ } catch (UnsupportedEncodingException e) {
+ throw new IllegalArgumentException(e);
+ }
+ } else {
+ return uid;
+ }
+ }
+
+ protected String buildPassword(Principal p) {
+ return buildPassword(p.getName(), false);
}
- protected Credentials buildCredentials(Principal p) {
- return buildCredentials(p.getName(), p.getName());
+ protected Credentials buildCredentials(String uID, String pw) {
+ return new SimpleCredentials(uID, pw.toCharArray());
}
protected static Set getPrincipalSetFromSession(Session session) throws NotExecutableException {
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/ImpersonationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/ImpersonationTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/ImpersonationTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/ImpersonationTest.java Tue May 6 02:52:55 2008
@@ -41,8 +41,9 @@
super.setUp();
Principal test = getTestPrincipal();
- Credentials creds = buildCredentials(test);
- newUser = userMgr.createUser(test.getName(), creds, test);
+ String pw = buildPassword(test);
+ Credentials creds = buildCredentials(test.getName(), pw);
+ newUser = userMgr.createUser(test.getName(), pw);
impersonation = newUser.getImpersonation();
}
@@ -85,7 +86,7 @@
User u = null;
Principal test = getTestPrincipal();
try {
- u = userMgr.createUser(test.getName(), buildCredentials(test), test);
+ u = userMgr.createUser(test.getName(), buildPassword(test));
assertTrue("Admin should be allowed to edit impersonation and grant to another test-user.", impersonation.grantImpersonation(test));
} finally {
impersonation.revokeImpersonation(test);
@@ -99,7 +100,7 @@
Principal test = getTestPrincipal();
User u = null;
try {
- u = userMgr.createUser(test.getName(), buildCredentials(test), test);
+ u = userMgr.createUser(test.getName(), buildPassword(test));
impersonation.grantImpersonation(test);
// try again
assertFalse("Granting impersonation twice should not succeed.", impersonation.grantImpersonation(test));
@@ -115,7 +116,7 @@
User u = null;
Principal test = getTestPrincipal();
try {
- u = userMgr.createUser(test.getName(), buildCredentials(test), test);
+ u = userMgr.createUser(test.getName(), buildPassword(test));
impersonation.grantImpersonation(test);
assertTrue(impersonation.revokeImpersonation(test));
@@ -130,7 +131,7 @@
User u = null;
Principal test = getTestPrincipal();
try {
- u = userMgr.createUser(test.getName(), buildCredentials(test), test);
+ u = userMgr.createUser(test.getName(), buildPassword(test));
impersonation.grantImpersonation(test);
impersonation.revokeImpersonation(test);
// try again
@@ -187,7 +188,7 @@
}
private Subject createSubject(Principal p) throws RepositoryException {
- Set creds = Collections.singleton(buildCredentials(p));
+ Set creds = Collections.singleton(buildCredentials(p.getName(), buildPassword(p)));
Subject subject = new Subject(true, Collections.singleton(p), creds, creds);
return subject;
}
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerCreateUserTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerCreateUserTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerCreateUserTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerCreateUserTest.java Tue May 6 02:52:55 2008
@@ -19,7 +19,6 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import java.security.Principal;
import java.util.ArrayList;
@@ -51,7 +50,7 @@
public void testCreateUser() throws RepositoryException {
Principal p = getTestPrincipal();
String uid = p.getName();
- User user = userMgr.createUser(uid, buildCredentials(uid, uid), p);
+ User user = userMgr.createUser(uid, buildPassword(uid, false));
createdUsers.add(user);
assertNotNull(user.getID());
@@ -61,7 +60,17 @@
public void testCreateUserWithPath() throws RepositoryException {
Principal p = getTestPrincipal();
String uid = p.getName();
- User user = userMgr.createUser(uid, buildCredentials(uid, uid), p, "/any/path/to/the/new/user");
+ User user = userMgr.createUser(uid, buildPassword(uid, true), p, "/any/path/to/the/new/user");
+ createdUsers.add(user);
+
+ assertNotNull(user.getID());
+ assertEquals(p.getName(), user.getPrincipal().getName());
+ }
+
+ public void testCreateUserWithDifferentPrincipalName() throws RepositoryException {
+ Principal p = getTestPrincipal();
+ String uid = getTestPrincipal().getName();
+ User user = userMgr.createUser(uid, buildPassword(uid, true), p, "/any/path/to/the/new/user");
createdUsers.add(user);
assertNotNull(user.getID());
@@ -70,7 +79,16 @@
public void testCreateUserWithNullParamerters() throws RepositoryException {
try {
- User user = userMgr.createUser(null, null, null);
+ User user = userMgr.createUser(null, null);
+ createdUsers.add(user);
+
+ fail("A User cannot be built from 'null' parameters");
+ } catch (Exception e) {
+ // ok
+ }
+
+ try {
+ User user = userMgr.createUser(null, null, null, null);
createdUsers.add(user);
fail("A User cannot be built from 'null' parameters");
@@ -82,8 +100,7 @@
public void testCreateUserWithNullUserID() throws RepositoryException {
try {
Principal p = getTestPrincipal();
- Credentials creds = buildCredentials(p.getName(), "");
- User user = userMgr.createUser(null, creds, p);
+ User user = userMgr.createUser(null, "anyPW");
createdUsers.add(user);
fail("A User cannot be built with 'null' userID");
@@ -92,11 +109,48 @@
}
}
+ public void testCreateUserWithEmptyUserID() throws RepositoryException {
+ try {
+ User user = userMgr.createUser("", "anyPW");
+ createdUsers.add(user);
+
+ fail("A User cannot be built with 'null' userID");
+ } catch (Exception e) {
+ // ok
+ }
+ try {
+ User user = userMgr.createUser("", "anyPW", getTestPrincipal(), null);
+ createdUsers.add(user);
+
+ fail("A User cannot be built with 'null' userID");
+ } catch (Exception e) {
+ // ok
+ }
+ }
+
+ public void testCreateUserWithNullPassword() throws RepositoryException {
+ try {
+ Principal p = getTestPrincipal();
+ User user = userMgr.createUser(p.getName(), null);
+ createdUsers.add(user);
+
+ fail("A User cannot be built with 'null' password");
+ } catch (Exception e) {
+ // ok
+ }
+ }
+
+ public void testCreateUserWithEmptyPassword() throws RepositoryException {
+ Principal p = getTestPrincipal();
+ User user = userMgr.createUser(p.getName(), "");
+ createdUsers.add(user);
+ }
+
public void testCreateUserWithNullPrincipal() throws RepositoryException {
try {
Principal p = getTestPrincipal();
String uid = p.getName();
- User user = userMgr.createUser(uid, buildCredentials(uid, uid), null);
+ User user = userMgr.createUser(uid, buildPassword(uid, true), null, "/a/b/c");
createdUsers.add(user);
fail("A User cannot be built with 'null' Principal");
@@ -106,15 +160,12 @@
}
public void testCreateTwiceWithSameUserID() throws RepositoryException {
- Principal p = getTestPrincipal();
- String uid = p.getName();
- Credentials creds = buildCredentials(uid, uid);
- User user = userMgr.createUser(uid, creds, p);
+ String uid = getTestPrincipal().getName();
+ User user = userMgr.createUser(uid, buildPassword(uid, false));
createdUsers.add(user);
try {
- p = getTestPrincipal();
- User user2 = userMgr.createUser(uid, creds, p);
+ User user2 = userMgr.createUser(uid, buildPassword("anyPW", true));
createdUsers.add(user2);
fail("Creating 2 users with the same UserID should throw AuthorizableExistsException.");
@@ -126,15 +177,12 @@
public void testCreateTwiceWithSamePrincipal() throws RepositoryException {
Principal p = getTestPrincipal();
String uid = p.getName();
- Credentials creds = buildCredentials(uid, uid);
- User user = userMgr.createUser(uid, creds, p);
+ User user = userMgr.createUser(uid, buildPassword(uid, true), p, "a/b/c");
createdUsers.add(user);
try {
uid = getTestPrincipal().getName();
- creds = buildCredentials(uid, uid);
-
- User user2 = userMgr.createUser(uid, creds, p);
+ User user2 = userMgr.createUser(uid, buildPassword(uid, false), p, null);
createdUsers.add(user2);
fail("Creating 2 users with the same Principal should throw AuthorizableExistsException.");
@@ -147,7 +195,7 @@
Principal p = getTestPrincipal();
String uid = p.getName();
- User user = userMgr.createUser(uid, buildCredentials(uid, uid), p);
+ User user = userMgr.createUser(uid, buildPassword(uid, false));
createdUsers.add(user);
assertNotNull(userMgr.getAuthorizable(user.getID()));
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java Tue May 6 02:52:55 2008
@@ -49,7 +49,7 @@
*/
public abstract class AbstractEvaluationTest extends AbstractAccessControlTest {
- protected static final long DEFAULT_WAIT_TIMEOUT = 5000;
+ protected static final long DEFAULT_WAIT_TIMEOUT = 50;
protected Credentials creds;
protected User testUser;
@@ -72,11 +72,13 @@
UserManager uMgr = getUserManager(superuser);
Principal princ = new TestPrincipal("anyUser");
- creds = new SimpleCredentials("anyUser", "anyUser".toCharArray());
+ String uid = "anyUser";
+ String pw = "anyUser";
+ creds = new SimpleCredentials(uid, pw.toCharArray());
Authorizable a = uMgr.getAuthorizable(princ);
if (a == null) {
- testUser = uMgr.createUser("anyUser", creds, princ);
+ testUser = uMgr.createUser(uid, pw);
} else if (a.isGroup()) {
throw new NotExecutableException();
} else {
@@ -140,19 +142,45 @@
protected abstract String[] getRestrictions(String path);
protected PolicyTemplate givePrivileges(String nPath, int privileges, String[] restrictions) throws NotExecutableException, RepositoryException {
- PolicyTemplate tmpl = getPolicyTemplate(acMgr, nPath);
- tmpl.setEntry(createEntry(testUser.getPrincipal(), privileges, true, restrictions));
- acMgr.setPolicy(tmpl.getPath(), tmpl);
- superuser.save();
- return tmpl;
+ ObservationManager obsMgr = superuser.getWorkspace().getObservationManager();
+ EventResult listener = new EventResult(((JUnitTest) this).log);
+ try {
+ obsMgr.addEventListener(listener, Event.PROPERTY_CHANGED, nPath,
+ true, new String[0], new String[] {"rep:ACE"}, false);
+
+ PolicyTemplate tmpl = getPolicyTemplate(acMgr, nPath);
+ tmpl.setEntry(createEntry(testUser.getPrincipal(), privileges, true, restrictions));
+ acMgr.setPolicy(tmpl.getPath(), tmpl);
+ superuser.save();
+
+ obsMgr.removeEventListener(listener);
+ Event[] evts = listener.getEvents(DEFAULT_WAIT_TIMEOUT);
+
+ return tmpl;
+ } finally {
+ obsMgr.removeEventListener(listener);
+ }
}
protected PolicyTemplate withdrawPrivileges(String nPath, int privileges, String[] restrictions) throws NotExecutableException, RepositoryException {
- PolicyTemplate tmpl = getPolicyTemplate(acMgr, nPath);
- tmpl.setEntry(createEntry(testUser.getPrincipal(), privileges, false, restrictions));
- acMgr.setPolicy(tmpl.getPath(), tmpl);
- superuser.save();
- return tmpl;
+ ObservationManager obsMgr = superuser.getWorkspace().getObservationManager();
+ EventResult listener = new EventResult(((JUnitTest) this).log);
+ try {
+ obsMgr.addEventListener(listener, Event.PROPERTY_CHANGED | Event.PROPERTY_REMOVED, nPath,
+ true, new String[0], new String[] {"rep:ACE"}, false);
+
+ PolicyTemplate tmpl = getPolicyTemplate(acMgr, nPath);
+ tmpl.setEntry(createEntry(testUser.getPrincipal(), privileges, false, restrictions));
+ acMgr.setPolicy(tmpl.getPath(), tmpl);
+ superuser.save();
+
+ obsMgr.removeEventListener(listener);
+ Event[] evts = listener.getEvents(DEFAULT_WAIT_TIMEOUT);
+
+ return tmpl;
+ } finally {
+ obsMgr.removeEventListener(listener);
+ }
}
protected void checkReadOnly(String path) throws RepositoryException {
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java Tue May 6 02:52:55 2008
@@ -131,6 +131,7 @@
testUser.getPrincipal(),
new Privilege[] {PrivilegeRegistry.WRITE_PRIVILEGE});
testSession.save();
+
assertTrue(testAcMgr.hasPrivileges(path,
new Privilege[] {PrivilegeRegistry.REMOVE_CHILD_NODES_PRIVILEGE}));
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java Tue May 6 02:52:55 2008
@@ -75,7 +75,7 @@
Group gr1 = null;
Group gr2 = null;
try {
- u = userMgr.createUser(up.getName(), buildCredentials(up), up);
+ u = userMgr.createUser(up.getName(), buildPassword(up));
gr1 = userMgr.createGroup(getTestPrincipal());
gr2 = userMgr.createGroup(getTestPrincipal());
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java Tue May 6 02:52:55 2008
@@ -56,19 +56,20 @@
// create a first user
Principal p = getTestPrincipal();
- UserImpl pUser = (UserImpl) userMgr.createUser(p.getName(), buildCredentials(p), p);
+ UserImpl pUser = (UserImpl) userMgr.createUser(p.getName(), buildPassword(p));
parentUID = pUser.getID();
// create a second user 'below' the first user and make it group-admin
p = getTestPrincipal();
- Credentials creds = buildCredentials(p);
- User u = userMgr.createUser(p.getName(), creds, p, pUser.getNode().getPath());
+ String pw = buildPassword(p);
+ Credentials creds = buildCredentials(p.getName(), pw);
+ User u = userMgr.createUser(p.getName(), pw, p, pUser.getNode().getPath());
uID = u.getID();
uPath = ((UserImpl) u).getNode().getPath();
// create a third child user below
p = getTestPrincipal();
- childUID = userMgr.createUser(p.getName(), buildCredentials(p), p, uPath).getID();
+ childUID = userMgr.createUser(p.getName(), buildPassword(p), p, uPath).getID();
// make other user a group-administrator:
Authorizable groupAdmin = userMgr.getAuthorizable(UserConstants.GROUP_ADMIN_GROUP_NAME);
@@ -116,7 +117,7 @@
// create a new user -> must succeed and user must be create below 'other'
try {
Principal p = getTestPrincipal();
- u = (UserImpl) umgr.createUser(p.getName(), buildCredentials(p), p);
+ u = (UserImpl) umgr.createUser(p.getName(), buildPassword(p));
fail("Group administrator should not be allowed to create a new user.");
u.remove();
} catch (AccessDeniedException e) {
@@ -339,9 +340,9 @@
// let superuser create a group and a user a make user member of group
nGr = userMgr.createGroup(getTestPrincipal());
Principal p = getTestPrincipal();
- nUs = userMgr.createUser(p.getName(), buildCredentials(p), p);
+ nUs = userMgr.createUser(p.getName(), buildPassword(p));
p = getTestPrincipal();
- nUs2 = userMgr.createUser(p.getName(), buildCredentials(p), p);
+ nUs2 = userMgr.createUser(p.getName(), buildPassword(p));
nGr.addMember(nUs);
nGr.addMember(nUs2);
@@ -380,7 +381,7 @@
// let superuser create a group and a user a make user member of group
nGr = userMgr.createGroup(getTestPrincipal());
Principal p = getTestPrincipal();
- nUs = userMgr.createUser(p.getName(), buildCredentials(p), p);
+ nUs = userMgr.createUser(p.getName(), buildPassword(p));
nGr.addMember(nUs);
Group gr = (Group) getUserManager(uSession).getAuthorizable(nGr.getID());
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java Tue May 6 02:52:55 2008
@@ -51,16 +51,18 @@
// create a first user and retrieve the UserManager from the session
// created for that new user.
Principal p = getTestPrincipal();
- creds = buildCredentials(p);
- UserImpl u = (UserImpl) userMgr.createUser(p.getName(), creds, p);
+ String pw = buildPassword(p);
+ creds = buildCredentials(p.getName(), pw);
+ UserImpl u = (UserImpl) userMgr.createUser(p.getName(), pw);
uID = u.getID();
uSession = helper.getRepository().login(creds);
uMgr = getUserManager(uSession);
// create a second user 'below' the first user.
p = getTestPrincipal();
- otherCreds = buildCredentials(p);
- User u2 = userMgr.createUser(p.getName(), otherCreds, p, u.getNode().getPath());
+ pw = buildPassword(p);
+ otherCreds = buildCredentials(p.getName(), pw);
+ User u2 = userMgr.createUser(p.getName(), pw, p, u.getNode().getPath());
otherUID = u2.getID();
}
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java Tue May 6 02:52:55 2008
@@ -28,9 +28,9 @@
import org.slf4j.LoggerFactory;
import javax.jcr.AccessDeniedException;
-import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
import java.security.Principal;
import java.util.Iterator;
@@ -53,13 +53,13 @@
// create a first user and retrieve the UserManager from the session
// created for that new user.
Principal p = getTestPrincipal();
- Credentials creds = buildCredentials(p);
- UserImpl u = (UserImpl) userMgr.createUser(p.getName(), creds, p);
+ String pw = buildPassword(p);
+ UserImpl u = (UserImpl) userMgr.createUser(p.getName(), pw);
uID = u.getID();
uPath = u.getNode().getPath();
// create a session for the other user.
- uSession = helper.getRepository().login(creds);
+ uSession = helper.getRepository().login(new SimpleCredentials(uID, pw.toCharArray()));
uMgr = getUserManager(uSession);
}
@@ -80,7 +80,7 @@
public void testCreateUser() {
try {
Principal p = getTestPrincipal();
- User u = uMgr.createUser(p.getName(), buildCredentials(p), p);
+ User u = uMgr.createUser(p.getName(), buildPassword(p));
fail("A non-UserAdmin should not be allowed to create a new User.");
// clean-up: let superuser remove the user created by fault.
@@ -96,7 +96,7 @@
public void testCreateUserWithItermediatePath() {
try {
Principal p = getTestPrincipal();
- User u = uMgr.createUser(p.getName(), buildCredentials(p), p, "/any/intermediate/path");
+ User u = uMgr.createUser(p.getName(), buildPassword(p), p, "/any/intermediate/path");
fail("A non-UserAdmin should not be allowed to create a new User.");
// clean-up: let superuser remove the user created by fault.
@@ -122,7 +122,7 @@
public void testRemoveChildUser() throws RepositoryException {
// let superuser create a child-user.
Principal p = getTestPrincipal();
- String childID = userMgr.createUser(p.getName(), buildCredentials(p), p, uPath).getID();
+ String childID = userMgr.createUser(p.getName(), buildPassword(p), p, uPath).getID();
try {
Authorizable a = uMgr.getAuthorizable(childID);
a.remove();
@@ -141,7 +141,7 @@
public void testRemoveOtherUser() throws RepositoryException {
// let superuser create a child-user.
Principal p = getTestPrincipal();
- String childID = userMgr.createUser(p.getName(), buildCredentials(p), p, "/any/intermediate/path").getID();
+ String childID = userMgr.createUser(p.getName(), buildPassword(p), p, "/any/intermediate/path").getID();
try {
Authorizable a = uMgr.getAuthorizable(childID);
a.remove();
@@ -160,7 +160,7 @@
public void testModifyImpersonation() throws RepositoryException {
// let superuser create a child-user.
Principal p = getTestPrincipal();
- Authorizable child = userMgr.createUser(p.getName(), buildCredentials(p), p, uPath);
+ Authorizable child = userMgr.createUser(p.getName(), buildPassword(p), p, uPath);
try {
p = child.getPrincipal();
@@ -182,15 +182,14 @@
public void testModifyImpersonationOfChildUser() throws RepositoryException {
// let superuser create a child-user.
Principal p = getTestPrincipal();
- String childID = userMgr.createUser(p.getName(), buildCredentials(p), p, uPath).getID();
+ String childID = userMgr.createUser(p.getName(), buildPassword(p), p, uPath).getID();
try {
- Authorizable a = uMgr.getAuthorizable(childID);
+ Authorizable child = uMgr.getAuthorizable(childID);
- Impersonation impers = ((User) a).getImpersonation();
+ Impersonation impers = ((User) child).getImpersonation();
Principal himselfP = uMgr.getAuthorizable(uID).getPrincipal();
assertFalse(impers.allows(buildSubject(himselfP)));
- assertTrue(impers.grantImpersonation(himselfP));
- assertFalse(impers.allows(buildSubject(himselfP)));
+ impers.grantImpersonation(himselfP);
fail("A non-administrator user should not be allowed modify Impersonation of a child user.");
} catch (AccessDeniedException e) {
// success
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java Tue May 6 02:52:55 2008
@@ -56,13 +56,14 @@
// create a first user and retrieve the UserManager from the session
// created for that new user.
Principal p = getTestPrincipal();
- UserImpl u = (UserImpl) userMgr.createUser(p.getName(), buildCredentials(p), p);
+ UserImpl u = (UserImpl) userMgr.createUser(p.getName(), buildPassword(p));
uID = u.getID();
// create a second user 'below' the first user.
p = getTestPrincipal();
- Credentials otherCreds = buildCredentials(p);
- User other = userMgr.createUser(p.getName(), otherCreds, p, u.getNode().getPath());
+ String pw = buildPassword(p);
+ Credentials otherCreds = buildCredentials(p.getName(), pw);
+ User other = userMgr.createUser(p.getName(), pw, p, u.getNode().getPath());
otherUID = other.getID();
otherPath = ((UserImpl) other).getNode().getPath();
@@ -117,7 +118,7 @@
// create a new user -> must succeed and user must be create below 'other'
try {
Principal p = getTestPrincipal();
- u = (UserImpl) umgr.createUser(p.getName(), buildCredentials(p), p);
+ u = (UserImpl) umgr.createUser(p.getName(), buildPassword(p));
assertTrue(Text.isDescendant(otherPath, u.getNode().getPath()));
} finally {
if (u != null) {
@@ -133,7 +134,7 @@
// -> must succeed and user must be create below 'other'
try {
Principal p = getTestPrincipal();
- u = (UserImpl) umgr.createUser(p.getName(), buildCredentials(p), p, "/some/intermediate/path");
+ u = (UserImpl) umgr.createUser(p.getName(), buildPassword(p), p, "/some/intermediate/path");
assertTrue(Text.isDescendant(otherPath, u.getNode().getPath()));
assertTrue(Text.isDescendant(otherPath + "/some/intermediate/path", u.getNode().getPath()));
} finally {
@@ -175,7 +176,7 @@
// create a new user -> must succeed and user must be create below 'other'
try {
Principal p = getTestPrincipal();
- u = umgr.createUser(p.getName(), buildCredentials(p), p);
+ u = umgr.createUser(p.getName(), buildPassword(p));
Impersonation impers = u.getImpersonation();
assertFalse(impers.allows(buildSubject(otherP)));
@@ -248,7 +249,7 @@
Principal cp = getTestPrincipal();
User childU = null;
try {
- childU = umgr.createUser(cp.getName(), buildCredentials(cp), cp);
+ childU = umgr.createUser(cp.getName(), buildPassword(cp));
for (Iterator it = ((UserManagerImpl) umgr).findGroups(""); it.hasNext();) {
Group gr = (Group) it.next();
try {
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java Tue May 6 02:52:55 2008
@@ -29,6 +29,7 @@
import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
import java.security.Principal;
/**
@@ -47,8 +48,9 @@
super.setUp();
Principal p = getTestPrincipal();
- creds = buildCredentials(p);
- User u = userMgr.createUser(p.getName(), creds, p);
+ String pw = buildPassword(p);
+ creds = new SimpleCredentials(p.getName(), pw.toCharArray());
+ User u = userMgr.createUser(p.getName(), pw);
uID = u.getID();
uSession = helper.getRepository().login(creds);
uMgr = getUserManager(uSession);
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserManagerImplTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserManagerImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserManagerImplTest.java Tue May 6 02:52:55 2008
@@ -26,9 +26,11 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
+import javax.jcr.Credentials;
+import javax.jcr.SimpleCredentials;
+import javax.jcr.Session;
import javax.jcr.nodetype.ConstraintViolationException;
import java.security.Principal;
import java.util.Iterator;
@@ -95,10 +97,10 @@
public void testRemoveUserRemovesTree() throws RepositoryException {
// create 2 new users. the second as child of the first.
Principal p = getTestPrincipal();
- User u = userMgr.createUser(p.getName(), buildCredentials(p), p);
+ User u = userMgr.createUser(p.getName(), buildPassword(p));
String uID = u.getID();
p = getTestPrincipal();
- User u2 = userMgr.createUser(p.getName(), buildCredentials(p), p, ((UserImpl)u).getNode().getPath());
+ User u2 = userMgr.createUser(p.getName(), buildPassword(p), p, ((UserImpl)u).getNode().getPath());
String u2ID = u2.getID();
// removing the first user must also remove the child-users.
@@ -109,35 +111,11 @@
assertNull(userMgr.getAuthorizable(u2ID));
}
- public void testCreateUserWithInvalidCredentials() throws RepositoryException {
- Principal p = getTestPrincipal();
- try {
- Credentials creds = new Credentials() {};
- User u = userMgr.createUser(p.getName(), creds, p);
- u.remove();
- fail("creating a user with 'unknown' credentials must fail.");
- } catch (RepositoryException e) {
- // success
- }
- }
-
- public void testCreateUserWithUserIDNotMatchingCredentials() throws RepositoryException {
- Principal p = getTestPrincipal();
- String uid = getTestUserId(p);
- try {
- User u = userMgr.createUser(uid, buildCredentials(p), p);
- u.remove();
- fail("creating a user with UserID not matching uid from credentials must fail.");
- } catch (RepositoryException e) {
- // success
- }
- }
-
- public void testCreateUserIdEqualsUserId() throws RepositoryException {
+ public void testPrincipalNameEqualsUserID() throws RepositoryException {
Principal p = getTestPrincipal();
User u = null;
try {
- u = userMgr.createUser(p.getName(), buildCredentials(p), p);
+ u = userMgr.createUser(p.getName(), buildPassword(p));
String msg = "Implementation specific: User.getID() must return the userID pass to createUser.";
assertEquals(msg, u.getID(), p.getName());
@@ -154,7 +132,7 @@
User u = null;
try {
- u = userMgr.createUser(uid, buildCredentials(uid, uid), p);
+ u = userMgr.createUser(uid, buildPassword(uid, true), p, null);
String msg = "Creating a User with principal-name distinct from Principal-name must succeed as long as both are unique.";
assertEquals(msg, u.getID(), uid);
@@ -174,7 +152,7 @@
User u = null;
Group gr = null;
try {
- u = userMgr.createUser(uid, buildCredentials(uid, uid), p);
+ u = userMgr.createUser(uid, buildPassword(uid, true), p, null);
gr = userMgr.createGroup(new TestPrincipal(uid));
String msg = "Creating a Group with a principal-name that exists as UserID -> must create new GroupID but keep PrincipalName.";
@@ -248,8 +226,7 @@
try {
Principal p = getTestPrincipal();
String uid = "UID" + p.getName();
- Credentials c = buildCredentials(uid, uid);
- u = userMgr.createUser(uid, c, p);
+ u = userMgr.createUser(uid, buildPassword(uid, false), p, null);
boolean found = false;
Iterator it = ((UserManagerImpl)userMgr).findUsers("");
@@ -344,4 +321,37 @@
assertTrue(((Authorizable) it.next()).isGroup());
}
}
+
+ public void testNewUserCanLogin() throws RepositoryException {
+ String uid = getTestPrincipal().getName();
+ String pw = buildPassword(uid, false);
+
+ User u = null;
+ Session s = null;
+ try {
+ u = userMgr.createUser(uid, pw);
+ Credentials creds = new SimpleCredentials(uid, pw.toCharArray());
+ s = superuser.getRepository().login(creds);
+ } finally {
+ if (u != null) {
+ u.remove();
+ }
+ if (s != null) {
+ s.logout();
+ }
+ }
+ }
+
+ public void testUnknownUserLogin() throws RepositoryException {
+ String uid = getTestPrincipal().getName();
+ assertNull(userMgr.getAuthorizable(uid));
+ try {
+ Session s = superuser.getRepository().login(new SimpleCredentials(uid, uid.toCharArray()));
+ s.logout();
+
+ fail("An unknown user should not be allowed to execute the login.");
+ } catch (Exception e) {
+ // ok.
+ }
+ }
}
\ No newline at end of file