Added: jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModuleFactory.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModuleFactory.java?rev=1566895&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModuleFactory.java (added) +++ jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModuleFactory.java Tue Feb 11 00:28:49 2014 @@ -0,0 +1,106 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.spi.security.authentication.external.impl; + +import java.util.Map; + +import javax.security.auth.spi.LoginModule; + +import org.apache.felix.jaas.LoginModuleFactory; +import org.apache.felix.scr.annotations.Activate; +import org.apache.felix.scr.annotations.Component; +import org.apache.felix.scr.annotations.ConfigurationPolicy; +import org.apache.felix.scr.annotations.Property; +import org.apache.felix.scr.annotations.Service; +import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; + +/** + * Implements a LoginModuleFactory that creates {@link ExternalLoginModule}s and allows to configure login modules + * via OSGi config. + */ +@Component( + label = "Apache Jackrabbit Oak External Login Module", + metatype = true, + policy = ConfigurationPolicy.REQUIRE, + configurationFactory = true +) +@Service +public class ExternalLoginModuleFactory implements LoginModuleFactory { + + @Property( + intValue = 900, + label = "JAAS Ranking", + description = "Specifying the ranking (i.e. sort order) of this login module entry. The entries are sorted " + + "in a descending order (i.e. higher value ranked configurations come first)." + ) + public static final String JAAS_RANKING = LoginModuleFactory.JAAS_RANKING; + + @Property( + value = "SUFFICIENT", + label = "JAAS Control Flag", + description = "Property specifying whether or not a LoginModule is REQUIRED, REQUISITE, SUFFICIENT or " + + "OPTIONAL.Refer to the JAAS configuration documentation for more details around the meaning of " + + "these flags." + ) + public static final String JAAS_CONTROL_FLAG = LoginModuleFactory.JAAS_CONTROL_FLAG; + + @Property( + label = "JAAS Realm", + description = "The realm name (or application name) against which the LoginModule is be registered. If no " + + "realm name is provided then LoginModule is registered with a default realm as configured in " + + "the Felix JAAS configuration." + ) + public static final String JAAS_REALM_NAME = LoginModuleFactory.JAAS_REALM_NAME; + + @Property( + label = "Identity Provider Name", + description = "Name of the identity provider (for example: 'ldap')." + ) + public static final String PARAM_IDP_NAME = ExternalLoginModule.PARAM_IDP_NAME; + + @Property( + value = "default", + label = "Sync Handler Name", + description = "Name of the sync handler." + ) + public static final String PARAM_SYNC_HANDLER_NAME = ExternalLoginModule.PARAM_SYNC_HANDLER_NAME; + + /** + * default configuration for the login modules + */ + private ConfigurationParameters osgiConfig; + + /** + * Activates the LoginModuleFactory service + * @param properties the OSGi config + */ + @Activate + protected void activate(Map<String, Object> properties) { + osgiConfig = ConfigurationParameters.of(properties); + } + + /** + * {@inheritDoc} + * + * @return a new {@link ExternalLoginModule} instance. + */ + @Override + public LoginModule createLoginModule() { + return new ExternalLoginModule(osgiConfig); + } + +} \ No newline at end of file
Added: jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/SyncManagerImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/SyncManagerImpl.java?rev=1566895&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/SyncManagerImpl.java (added) +++ jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/SyncManagerImpl.java Tue Feb 11 00:28:49 2014 @@ -0,0 +1,83 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.jackrabbit.oak.spi.security.authentication.external.impl; + +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + +import javax.annotation.Nonnull; + +import org.apache.felix.scr.annotations.Activate; +import org.apache.felix.scr.annotations.Component; +import org.apache.felix.scr.annotations.Deactivate; +import org.apache.felix.scr.annotations.Reference; +import org.apache.felix.scr.annotations.ReferenceCardinality; +import org.apache.felix.scr.annotations.ReferencePolicy; +import org.apache.felix.scr.annotations.Service; +import org.apache.jackrabbit.oak.osgi.OsgiWhiteboard; +import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler; +import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncManager; +import org.apache.jackrabbit.oak.spi.whiteboard.AbstractServiceTracker; +import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard; +import org.osgi.service.component.ComponentContext; + +/** + * {@code SyncManagerImpl} is used to manage registered sync handlers. This class automatically + * tracks the SyncHandlers that are registered via OSGi but can also be used in non-OSGi environments by manually + * adding and removing the handlers. + */ +@Component(immediate = true) +@Service +public class SyncManagerImpl extends AbstractServiceTracker<SyncHandler> implements SyncManager { + + /** + * Default constructor used by OSGi + */ + public SyncManagerImpl() { + super(SyncHandler.class); + } + + /** + * Constructor used by non OSGi + * @param whiteboard the whiteboard + */ + public SyncManagerImpl(Whiteboard whiteboard) { + super(SyncHandler.class); + start(whiteboard); + } + + @Activate + private void activate(ComponentContext ctx) { + start(new OsgiWhiteboard(ctx.getBundleContext())); + } + + @Deactivate + private void deactivate() { + stop(); + } + + @Override + public SyncHandler getSyncHandler(@Nonnull String name) { + for (SyncHandler handler: getServices()) { + if (name.equals(handler.getName())) { + return handler; + } + } + return null; + } +} \ No newline at end of file Added: jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java?rev=1566895&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java (added) +++ jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java Tue Feb 11 00:28:49 2014 @@ -0,0 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +@Version("0.17") +@Export(optional = "provide:=true") +package org.apache.jackrabbit.oak.spi.security.authentication.external; + +import aQute.bnd.annotation.Version; +import aQute.bnd.annotation.Export; \ No newline at end of file Added: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTest.java?rev=1566895&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTest.java (added) +++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTest.java Tue Feb 11 00:28:49 2014 @@ -0,0 +1,146 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.spi.security.authentication.external; + +import java.util.HashMap; + +import javax.jcr.SimpleCredentials; +import javax.security.auth.login.LoginException; + +import org.apache.jackrabbit.api.security.user.Authorizable; +import org.apache.jackrabbit.api.security.user.UserManager; +import org.apache.jackrabbit.oak.api.ContentSession; +import org.junit.After; +import org.junit.Before; +import org.junit.Ignore; +import org.junit.Test; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + +/** + * ExternalLoginModuleTest... + */ +public class ExternalLoginModuleTest extends ExternalLoginModuleTestBase { + + protected final HashMap<String, Object> options = new HashMap<String, Object>(); + + private String userId = "testUser"; + + @Before + public void before() throws Exception { + super.before(); + } + + @After + public void after() throws Exception { + super.after(); + } + + protected ExternalIdentityProvider createIDP() { + return new TestIdentityProvider(); + } + + @Test + public void testLoginFailed() throws Exception { + UserManager userManager = getUserManager(root); + try { + ContentSession cs = login(new SimpleCredentials("unknown", new char[0])); + cs.close(); + fail("login failure expected"); + } catch (LoginException e) { + // success + } finally { + assertNull(userManager.getAuthorizable(userId)); + } + } + + @Test + public void testSyncCreateUser() throws Exception { + UserManager userManager = getUserManager(root); + ContentSession cs = null; + try { + assertNull(userManager.getAuthorizable(userId)); + + cs = login(new SimpleCredentials(userId, new char[0])); + + root.refresh(); + + Authorizable a = userManager.getAuthorizable(userId); + assertNotNull(a); + ExternalUser user = idp.getUser(userId); + for (String prop : user.getProperties().keySet()) { + assertTrue(a.hasProperty(prop)); + } + } finally { + if (cs != null) { + cs.close(); + } + options.clear(); + } + } + + @Test + @Ignore("group sync not implemented yet") + public void testSyncCreateGroup() throws Exception { +// UserManager userManager = getUserManager(root); +// ContentSession cs = null; +// try { +// cs = login(new SimpleCredentials(userId, new char[0])); +// +// root.refresh(); +// for (String id : ids) { +// assertNull(userManager.getAuthorizable(id)); +// } +// } finally { +// if (cs != null) { +// cs.close(); +// } +// options.clear(); +// } + } + + @Test + public void testSyncUpdate() throws Exception { + // create user upfront in order to test update mode + UserManager userManager = getUserManager(root); + ExternalUser externalUser = idp.getUser(userId); + Authorizable user = userManager.createUser(externalUser.getId(), externalUser.getPassword()); + root.commit(); + + ContentSession cs = null; + try { + cs = login(new SimpleCredentials(userId, new char[0])); + + root.refresh(); + + Authorizable a = userManager.getAuthorizable(userId); + assertNotNull(a); + for (String prop : externalUser.getProperties().keySet()) { + assertTrue(a.hasProperty(prop)); + } + } finally { + if (cs != null) { + cs.close(); + } + options.clear(); + } + } + +} \ No newline at end of file Added: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTestBase.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTestBase.java?rev=1566895&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTestBase.java (added) +++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleTestBase.java Tue Feb 11 00:28:49 2014 @@ -0,0 +1,143 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.jackrabbit.oak.spi.security.authentication.external; + +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Set; + +import javax.security.auth.login.AppConfigurationEntry; +import javax.security.auth.login.Configuration; + +import org.apache.jackrabbit.api.security.user.Authorizable; +import org.apache.jackrabbit.api.security.user.UserManager; +import org.apache.jackrabbit.oak.AbstractSecurityTest; +import org.apache.jackrabbit.oak.Oak; +import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncConfig; +import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler; +import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalIDPManagerImpl; +import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule; +import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.SyncManagerImpl; +import org.apache.jackrabbit.oak.spi.whiteboard.Registration; +import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard; +import org.junit.After; +import org.junit.Before; + +/** + * ExternalLoginModuleTest... + */ +public abstract class ExternalLoginModuleTestBase extends AbstractSecurityTest { + + protected final HashMap<String, Object> options = new HashMap<String, Object>(); + + private Set<String> ids = new HashSet<String>(); + + private Registration testIdpReg; + + private Registration syncHandlerReg; + + protected Whiteboard whiteboard; + + protected ExternalIdentityProvider idp; + + @Before + public void before() throws Exception { + super.before(); + UserManager userManager = getUserManager(root); + Iterator<Authorizable> iter = userManager.findAuthorizables("jcr:primaryType", null); + while (iter.hasNext()) { + ids.add(iter.next().getID()); + } + idp = createIDP(); + + testIdpReg = whiteboard.register(ExternalIdentityProvider.class, idp, Collections.<String, Object>emptyMap()); + + options.put(ExternalLoginModule.PARAM_SYNC_HANDLER_NAME, "default"); + options.put(ExternalLoginModule.PARAM_IDP_NAME, idp.getName()); + + // set default sync config + setSyncConfig(new DefaultSyncConfig()); + } + + @After + public void after() throws Exception { + if (testIdpReg != null) { + testIdpReg.unregister(); + testIdpReg = null; + } + idp = null; + setSyncConfig(null); + + try { + UserManager userManager = getUserManager(root); + Iterator<Authorizable> iter = userManager.findAuthorizables("jcr:primaryType", null); + while (iter.hasNext()) { + ids.remove(iter.next().getID()); + } + for (String id : ids) { + Authorizable a = userManager.getAuthorizable(id); + if (a != null) { + a.remove(); + } + } + root.commit(); + } finally { + root.refresh(); + super.after(); + } + } + + @Override + protected Oak withEditors(Oak oak) { + super.withEditors(oak); + + // register non-OSGi managers + whiteboard = oak.getWhiteboard(); + whiteboard.register(SyncManager.class, new SyncManagerImpl(whiteboard), Collections.emptyMap()); + whiteboard.register(ExternalIdentityProviderManager.class, new ExternalIDPManagerImpl(whiteboard), Collections.emptyMap()); + + return oak; + } + + protected abstract ExternalIdentityProvider createIDP(); + + protected void setSyncConfig(DefaultSyncConfig cfg) { + if (syncHandlerReg != null) { + syncHandlerReg.unregister(); + syncHandlerReg = null; + } + if (cfg != null) { + syncHandlerReg = whiteboard.register(SyncHandler.class, new DefaultSyncHandler(cfg), Collections.<String, Object>emptyMap()); + } + } + + protected Configuration getConfiguration() { + return new Configuration() { + @Override + public AppConfigurationEntry[] getAppConfigurationEntry(String s) { + AppConfigurationEntry entry = new AppConfigurationEntry( + ExternalLoginModule.class.getName(), + AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, + options); + return new AppConfigurationEntry[]{entry}; + } + }; + } +} \ No newline at end of file Added: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java?rev=1566895&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java (added) +++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/TestIdentityProvider.java Tue Feb 11 00:28:49 2014 @@ -0,0 +1,173 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.spi.security.authentication.external; + +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +import javax.annotation.Nonnull; +import javax.jcr.Credentials; +import javax.jcr.SimpleCredentials; +import javax.security.auth.login.LoginException; + +/** + * ExternalLoginModuleImpl... TODO + */ +public class TestIdentityProvider implements ExternalIdentityProvider { + + private final Map<String, TestGroup> externalGroups = new HashMap<String, TestGroup>(); + private final Map<String, TestUser> externalUsers = new HashMap<String, TestUser>(); + + + public TestIdentityProvider() { + addGroup(new TestGroup("a").withGroups("aa", "aaa")); + addGroup(new TestGroup("b").withGroups("a")); + addGroup(new TestGroup("c")); + + addUser(new TestUser("testUser") + .withProperty("name", "Test User") + .withProperty("profile/name", "Public Name") + .withProperty("profile/age", 72) + .withProperty("./email", "[email protected]") + .withGroups("a", "b", "c") + ); + } + + private void addUser(TestIdentity user) { + externalUsers.put(user.getId(), (TestUser) user); + } + + private void addGroup(TestIdentity group) { + externalGroups.put(group.getId(), (TestGroup) group); + } + + @Nonnull + @Override + public String getName() { + return "test"; + } + + @Override + public ExternalIdentity getIdentity(@Nonnull ExternalIdentityRef ref) throws ExternalIdentityException { + return null; + } + + @Override + public ExternalUser getUser(@Nonnull String userId) throws ExternalIdentityException { + return externalUsers.get(userId); + } + + @Override + public ExternalUser authenticate(@Nonnull Credentials credentials) throws ExternalIdentityException, LoginException { + if (!(credentials instanceof SimpleCredentials)) { + return null; + } + SimpleCredentials creds = (SimpleCredentials) credentials; + ExternalUser user = getUser(creds.getUserID()); + if (user != null) { + if (!new String(creds.getPassword()).equals(user.getPassword())) { + throw new LoginException("Invalid User/Password"); + } + } + return user; + } + + @Override + public ExternalGroup getGroup(@Nonnull String name) throws ExternalIdentityException { + return externalGroups.get(name); + } + + private static class TestIdentity implements ExternalIdentity { + + private final String userId; + private final ExternalIdentityRef id; + + private final Set<ExternalIdentityRef> groups = new HashSet<ExternalIdentityRef>(); + private final Map<String, Object> props = new HashMap<String, Object>(); + + private TestIdentity(String userId) { + this.userId = userId; + id = new ExternalIdentityRef(userId, "test"); + } + + @Override + public String getId() { + return userId; + } + + @Override + public String getPrincipalName() { + return userId; + } + + @Nonnull + @Override + public ExternalIdentityRef getExternalId() { + return id; + } + + @Override + public String getIntermediatePath() { + return null; + } + + @Override + public Iterable<ExternalIdentityRef> getGroups() { + return groups; + } + + @Override + public Map<String, ?> getProperties() { + return props; + } + + protected TestIdentity withProperty(String name, Object value) { + props.put(name, value); + return this; + } + + protected TestIdentity withGroups(String ... grps) { + for (String grp: grps) { + groups.add(new ExternalIdentityRef(grp, "test")); + } + return this; + } + } + + private static class TestUser extends TestIdentity implements ExternalUser { + + private TestUser(String userId) { + super(userId); + } + + @Override + public String getPassword() { + return ""; + } + + } + + private static class TestGroup extends TestIdentity implements ExternalGroup { + + private TestGroup(String userId) { + super(userId); + } + + } +} \ No newline at end of file Added: jackrabbit/oak/trunk/oak-auth-external/src/test/resources/META-INF/services/org.apache.jackrabbit.mk.test.MicroKernelFixture URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/resources/META-INF/services/org.apache.jackrabbit.mk.test.MicroKernelFixture?rev=1566895&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/test/resources/META-INF/services/org.apache.jackrabbit.mk.test.MicroKernelFixture (added) +++ jackrabbit/oak/trunk/oak-auth-external/src/test/resources/META-INF/services/org.apache.jackrabbit.mk.test.MicroKernelFixture Tue Feb 11 00:28:49 2014 @@ -0,0 +1,16 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#org.apache.jackrabbit.mk.simple.SimpleKernelImplFixture Added: jackrabbit/oak/trunk/oak-auth-external/src/test/resources/logback-test.xml URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/resources/logback-test.xml?rev=1566895&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/test/resources/logback-test.xml (added) +++ jackrabbit/oak/trunk/oak-auth-external/src/test/resources/logback-test.xml Tue Feb 11 00:28:49 2014 @@ -0,0 +1,39 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<configuration> + + <appender name="console" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>%date{HH:mm:ss.SSS} %-5level %-40([%thread] %F:%L) %msg%n</pattern> + </encoder> + </appender> + + <appender name="file" class="ch.qos.logback.core.FileAppender"> + <file>target/unit-tests.log</file> + <encoder> + <pattern>%date{HH:mm:ss.SSS} %-5level %-40([%thread] %F:%L) %msg%n</pattern> + </encoder> + </appender> + + <root level="INFO"> + <!-- + <appender-ref ref="console"/> + --> + <appender-ref ref="file"/> + </root> + +</configuration> Added: jackrabbit/oak/trunk/oak-auth-external/src/test/resources/logging.properties URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/resources/logging.properties?rev=1566895&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/test/resources/logging.properties (added) +++ jackrabbit/oak/trunk/oak-auth-external/src/test/resources/logging.properties Tue Feb 11 00:28:49 2014 @@ -0,0 +1,16 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +handlers = org.slf4j.bridge.SLF4JBridgeHandler Modified: jackrabbit/oak/trunk/oak-auth-ldap/README.md URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/README.md?rev=1566895&r1=1566894&r2=1566895&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-auth-ldap/README.md (original) +++ jackrabbit/oak/trunk/oak-auth-ldap/README.md Tue Feb 11 00:28:49 2014 @@ -1,2 +1,25 @@ Oak LDAP Authentication Support =============================== + +License +------- + +(see the top-level [LICENSE.txt](../LICENSE.txt) for full license details) + +Collective work: Copyright 2012 The Apache Software Foundation. + +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + Modified: jackrabbit/oak/trunk/oak-auth-ldap/pom.xml URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/pom.xml?rev=1566895&r1=1566894&r2=1566895&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-auth-ldap/pom.xml (original) +++ jackrabbit/oak/trunk/oak-auth-ldap/pom.xml Tue Feb 11 00:28:49 2014 @@ -131,6 +131,11 @@ <artifactId>oak-core</artifactId> <version>${project.version}</version> </dependency> + <dependency> + <groupId>org.apache.jackrabbit</groupId> + <artifactId>oak-auth-external</artifactId> + <version>${project.version}</version> + </dependency> <dependency> <groupId>org.apache.jackrabbit</groupId> @@ -219,6 +224,13 @@ <classifier>tests</classifier> <scope>test</scope> </dependency> + <dependency> + <groupId>org.apache.jackrabbit</groupId> + <artifactId>oak-auth-external</artifactId> + <version>${project.version}</version> + <classifier>tests</classifier> + <scope>test</scope> + </dependency> </dependencies> </project> Modified: jackrabbit/oak/trunk/oak-core/pom.xml URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/pom.xml?rev=1566895&r1=1566894&r2=1566895&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/pom.xml (original) +++ jackrabbit/oak/trunk/oak-core/pom.xml Tue Feb 11 00:28:49 2014 @@ -74,7 +74,6 @@ org.apache.jackrabbit.oak.spi.security, org.apache.jackrabbit.oak.spi.security.authentication, org.apache.jackrabbit.oak.spi.security.authentication.callback, - org.apache.jackrabbit.oak.spi.security.authentication.external, org.apache.jackrabbit.oak.spi.security.authentication.token, org.apache.jackrabbit.oak.spi.security.authorization, org.apache.jackrabbit.oak.spi.security.authorization.permission, Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java?rev=1566895&r1=1566894&r2=1566895&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java Tue Feb 11 00:28:49 2014 @@ -16,7 +16,6 @@ */ package org.apache.jackrabbit.oak.security; -import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.Map; @@ -44,10 +43,6 @@ import org.apache.jackrabbit.oak.spi.sec import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration; -import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProviderManager; -import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncManager; -import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalIDPManagerImpl; -import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.SyncManagerImpl; import org.apache.jackrabbit.oak.spi.security.authentication.token.CompositeTokenConfiguration; import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration; import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration; @@ -146,10 +141,6 @@ public class SecurityProviderImpl implem @Override public void setWhiteboard(@Nonnull Whiteboard whiteboard) { this.whiteboard = whiteboard; - - // register non-OSGi managers - whiteboard.register(SyncManager.class, new SyncManagerImpl(whiteboard), Collections.emptyMap()); - whiteboard.register(ExternalIdentityProviderManager.class, new ExternalIDPManagerImpl(whiteboard), Collections.emptyMap()); } @Override Modified: jackrabbit/oak/trunk/pom.xml URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/pom.xml?rev=1566895&r1=1566894&r2=1566895&view=diff ============================================================================== --- jackrabbit/oak/trunk/pom.xml (original) +++ jackrabbit/oak/trunk/pom.xml Tue Feb 11 00:28:49 2014 @@ -49,6 +49,7 @@ <module>oak-solr-core</module> <module>oak-solr-remote</module> <module>oak-solr-embedded</module> + <module>oak-auth-external</module> <module>oak-auth-ldap</module> <module>oak-run</module> <module>oak-it</module>
