/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.jackrabbit.core.security.user; import java.security.Principal; import java.util.Properties; import java.util.Set; import javax.jcr.RepositoryException; import javax.jcr.Session; import org.apache.jackrabbit.api.security.principal.PrincipalIterator; import org.apache.jackrabbit.api.security.user.AbstractUserTest; import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.Group; import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.core.security.TestPrincipal; import org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider; import org.apache.jackrabbit.core.security.principal.EveryonePrincipal; import org.apache.jackrabbit.core.security.principal.PrincipalProvider; import org.apache.jackrabbit.test.NotExecutableException; /** * <code>DefaultPrincipalProviderTest</code>... */ public class DefaultPrincipalProviderTest extends AbstractUserTest { private PrincipalProvider principalProvider; @Override protected void setUp() throws Exception { super.setUp(); if (!(userMgr instanceof UserManagerImpl)) { throw new NotExecutableException(); } UserManagerImpl umgr = (UserManagerImpl) userMgr; // Workaround for testing cache behaviour that relies on observation: // - retrieve session attached to the userManager implementation. // - using superuser will not work if users are stored in a different workspace. Authorizable a = umgr.getAuthorizable(getPrincipalSetFromSession(superuser).iterator().next()); Session s = ((AuthorizableImpl) a).getNode().getSession(); principalProvider = new DefaultPrincipalProvider(s, umgr); principalProvider.init(new Properties()); } @Override protected void tearDown() throws Exception { principalProvider.close(); super.tearDown(); } // TODO: add tests for 'findPrincipals' public void testUnknownUserMemberShip() throws RepositoryException { Principal userPrincipal = getTestPrincipal(); PrincipalIterator pit = principalProvider.getGroupMembership(userPrincipal); // unknown user must be in 'everyone' group but nothing else assertTrue(pit.hasNext()); assertEquals(EveryonePrincipal.getInstance(), pit.nextPrincipal()); assertFalse(pit.hasNext()); } public void testInheritedMemberShip() throws RepositoryException, NotExecutableException { Principal up = getTestPrincipal(); User u = null; Group gr1 = null; Group gr2 = null; try { u = userMgr.createUser(up.getName(), buildPassword(up)); gr1 = userMgr.createGroup(getTestPrincipal()); gr2 = userMgr.createGroup(getTestPrincipal()); save(superuser); gr1.addMember(gr2); gr2.addMember(u); save(superuser); PrincipalIterator it = principalProvider.getGroupMembership(u.getPrincipal()); while (it.hasNext()) { Principal p = it.nextPrincipal(); if (p.equals(gr1.getPrincipal())) { // success return return; } } fail("User principal " + up.getName() + " must have inherited group membership for " + gr1.getPrincipal().getName()); } finally { if (gr2 != null && u != null) gr2.removeMember(u); if (gr1 != null && gr2 != null) gr1.removeMember(gr2); if (gr1 != null) gr1.remove(); if (gr2 != null) gr2.remove(); if (u != null) u.remove(); save(superuser); } } /** * * @throws Exception */ public void testCacheDoesntContainTestPrincipalImpl() throws Exception { Set<Principal> principals = getPrincipalSetFromSession(superuser); for (Principal p : principals) { Principal testPrinc = new TestPrincipal(p.getName()); principalProvider.getGroupMembership(testPrinc); Principal fromProvider = principalProvider.getPrincipal(p.getName()); assertNotSame(testPrinc, fromProvider); assertFalse(fromProvider instanceof TestPrincipal); } } /** * Test if cache is properly updated. * * @throws Exception */ public void testPrincipalCache() throws Exception { Principal testPrincipal = getTestPrincipal(); String testName = testPrincipal.getName(); assertNull(principalProvider.getPrincipal(testName)); // create a user with the given principal name -> cache must be updated. Authorizable a = userMgr.createUser(testName, "pw"); save(superuser); try { assertNotNull(principalProvider.getPrincipal(testName)); } finally { a.remove(); save(superuser); } // after removal -> entry must be removed from the cache. assertNull(principalProvider.getPrincipal(testName)); // create a group with that name a = userMgr.createGroup(testPrincipal); save(superuser); try { Principal p = principalProvider.getPrincipal(testName); assertNotNull(p); assertTrue(p instanceof java.security.acl.Group); } finally { a.remove(); save(superuser); } // recreate user again without filling cache with 'null' value a = userMgr.createUser(testName, "pw"); save(superuser); try { Principal p = principalProvider.getPrincipal(testName); assertNotNull(p); assertFalse(p instanceof java.security.acl.Group); } finally { a.remove(); save(superuser); } } public void testEveryonePrincipal() throws Exception { Principal p = principalProvider.getPrincipal(EveryonePrincipal.NAME); assertNotNull(p); assertEquals(EveryonePrincipal.getInstance(), p); PrincipalIterator pit = principalProvider.findPrincipals(EveryonePrincipal.NAME); assertNotNull(pit); if (pit.getSize() == -1) { assertTrue(pit.hasNext()); assertEquals(EveryonePrincipal.getInstance(), pit.nextPrincipal()); assertFalse(pit.hasNext()); } else { assertEquals(1, pit.getSize()); assertEquals(EveryonePrincipal.getInstance(), pit.nextPrincipal()); } } public void testEveryonePrincipal2() throws Exception { Group g = null; try { g = userMgr.createGroup(EveryonePrincipal.NAME); save(superuser); Principal p = principalProvider.getPrincipal(EveryonePrincipal.NAME); assertNotNull(p); assertEquals(EveryonePrincipal.getInstance(), p); PrincipalIterator pit = principalProvider.findPrincipals(EveryonePrincipal.NAME); assertNotNull(pit); if (pit.getSize() == -1) { assertTrue(pit.hasNext()); assertEquals(EveryonePrincipal.getInstance(), pit.nextPrincipal()); assertFalse(pit.hasNext()); } else { assertEquals(1, pit.getSize()); assertEquals(EveryonePrincipal.getInstance(), pit.nextPrincipal()); } } finally { if (g != null) { g.remove(); save(superuser); } } } /** * Test for: Principal assiocated with Group does not update members * @see <a href=https://issues.apache.org/jira/browse/JCR-3552>JCR-3552</a> */ public void testGroupMembership() throws Exception { Group g = null; User u = null; Principal up = getTestPrincipal(); try { // create a group and user, add the user to the group and assert membership g = userMgr.createGroup(getTestPrincipal()); u = userMgr.createUser(up.getName(), buildPassword(up)); save(superuser); g.addMember(u); save(superuser); Principal groupPrincipal = principalProvider.getPrincipal(g.getPrincipal().getName()); assertTrue(groupPrincipal instanceof java.security.acl.Group); assertTrue(((java.security.acl.Group) groupPrincipal).isMember(u.getPrincipal())); // remove the user from the group and assert the user is no longer a member of the group g.removeMember(u); save(superuser); groupPrincipal = principalProvider.getPrincipal(g.getPrincipal().getName()); assertFalse(((java.security.acl.Group) groupPrincipal).isMember(u.getPrincipal())); } finally { if (null != g) { g.remove(); } if (null != u) { u.remove(); } save(superuser); } } }