Author: angela
Date: Wed Dec  9 14:51:13 2015
New Revision: 1718873

URL: http://svn.apache.org/viewvc?rev=1718873&view=rev
Log:
OAK-3759 : UserManager.onCreate is not omitted for system users in case of XML 
import

Modified:
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
    
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/SystemUserImplTest.java
    
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportWithActionsTest.java

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?rev=1718873&r1=1718872&r2=1718873&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
 Wed Dec  9 14:51:13 2015
@@ -257,8 +257,12 @@ public class UserManagerImpl implements
      * @throws RepositoryException If an exception occurs.
      */
     void onCreate(@Nonnull User user, @CheckForNull String password) throws 
RepositoryException {
-        for (AuthorizableAction action : 
actionProvider.getAuthorizableActions(securityProvider)) {
-            action.onCreate(user, password, root, namePathMapper);
+        if (!user.isSystemUser()) {
+            for (AuthorizableAction action : 
actionProvider.getAuthorizableActions(securityProvider)) {
+                action.onCreate(user, password, root, namePathMapper);
+            }
+        } else {
+            log.debug("Omit onCreate action for system users.");
         }
     }
 

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java?rev=1718873&r1=1718872&r2=1718873&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
 Wed Dec  9 14:51:13 2015
@@ -152,7 +152,7 @@ public class AccessControlAction extends
         if (securityProvider == null) {
             throw new IllegalStateException("Not initialized");
         }
-        if (isSystemUser(authorizable)) {
+        if (isBuiltInUser(authorizable)) {
             log.debug("System user: " + authorizable.getID() + "; omit ac 
setup.");
             return;
         }
@@ -200,7 +200,7 @@ public class AccessControlAction extends
         }
     }
 
-    private boolean isSystemUser(@Nonnull Authorizable authorizable) throws 
RepositoryException {
+    private boolean isBuiltInUser(@Nonnull Authorizable authorizable) throws 
RepositoryException {
         if (authorizable.isGroup()) {
             return false;
         }

Modified: 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/SystemUserImplTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/SystemUserImplTest.java?rev=1718873&r1=1718872&r2=1718873&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/SystemUserImplTest.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/SystemUserImplTest.java
 Wed Dec  9 14:51:13 2015
@@ -17,24 +17,37 @@
 package org.apache.jackrabbit.oak.security.user;
 
 import java.util.Iterator;
+import java.util.List;
 import java.util.UUID;
+import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 import javax.jcr.Credentials;
 import javax.jcr.SimpleCredentials;
 import javax.jcr.nodetype.ConstraintViolationException;
 import javax.security.auth.login.LoginException;
 
+import com.google.common.collect.ImmutableList;
 import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.api.CommitFailedException;
 import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import 
org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
+import 
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
 import org.apache.jackrabbit.oak.spi.security.principal.SystemUserPrincipal;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.UserIdCredentials;
+import org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction;
+import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
+import 
org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableActionProvider;
 import org.apache.jackrabbit.oak.util.NodeUtil;
 import org.apache.jackrabbit.oak.util.TreeUtil;
 import org.junit.Before;
@@ -76,6 +89,21 @@ public class SystemUserImplTest extends
         }
     }
 
+    @Override
+    protected ConfigurationParameters getSecurityConfigParameters() {
+        return ConfigurationParameters.of(
+                UserConfiguration.NAME,
+                
ConfigurationParameters.of(UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, 
new AuthorizableActionProvider() {
+                    @Nonnull
+                    @Override
+                    public List<? extends AuthorizableAction> 
getAuthorizableActions(@Nonnull SecurityProvider securityProvider) {
+                        AuthorizableAction action = new AccessControlAction();
+                        action.init(securityProvider, 
ConfigurationParameters.of(AccessControlAction.USER_PRIVILEGE_NAMES, new 
String[]{PrivilegeConstants.JCR_ALL}));
+                        return ImmutableList.of(action);
+                    }
+                }));
+    }
+
     private User createUser(@Nullable String intermediatePath) throws 
Exception {
         User user = userMgr.createSystemUser(uid, intermediatePath);
         root.commit();
@@ -274,4 +302,16 @@ public class SystemUserImplTest extends
             }
         }
     }
+
+    /**
+     * Test asserting that {@link AuthorizableAction#onCreate(User, String, 
Root, NamePathMapper)}
+     * is omitted upon calling {@link UserManager#createSystemUser(String, 
String)}.
+     */
+    @Test
+    public void testOnCreateOmitted() throws Exception {
+        user = createUser(null);
+
+        Tree t = root.getTree(user.getPath());
+        assertFalse(t.hasChild(AccessControlConstants.REP_POLICY));
+    }
 }
\ No newline at end of file

Modified: 
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportWithActionsTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportWithActionsTest.java?rev=1718873&r1=1718872&r2=1718873&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportWithActionsTest.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportWithActionsTest.java
 Wed Dec  9 14:51:13 2015
@@ -204,6 +204,33 @@ public class UserImportWithActionsTest e
         assertEquals("gPrincipal", aces[0].getPrincipal().getName());
     }
 
+    @Test
+    public void testAccessControlActionExecutionForSystemUser() throws 
Exception {
+        AccessControlAction a1 = new AccessControlAction();
+        a1.init(securityProvider, 
ConfigurationParameters.of(AccessControlAction.USER_PRIVILEGE_NAMES, new 
String[] {Privilege.JCR_ALL}));
+
+        setAuthorizableActions(a1);
+
+        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
+                "<sv:node sv:name=\"t\" 
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\"; 
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\"; 
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\"; 
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\"; 
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\"; 
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\" 
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+                "   <sv:property sv:name=\"jcr:primaryType\" 
sv:type=\"Name\"><sv:value>rep:SystemUser</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"jcr:uuid\" 
sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>"
 +
+                "   <sv:property sv:name=\"rep:principalName\" 
sv:type=\"String\"><sv:value>tSystemPrincipal</sv:value></sv:property>" +
+                "</sv:node>";
+
+        doImport(USERPATH, xml);
+
+        Authorizable a = getUserManager().getAuthorizable("t");
+        assertNotNull(a);
+        assertFalse(a.isGroup());
+        assertTrue(((User) a).isSystemUser());
+
+        AccessControlManager acMgr = 
getImportSession().getAccessControlManager();
+        AccessControlPolicy[] policies = acMgr.getPolicies(a.getPath());
+        assertNotNull(policies);
+        assertEquals(0, policies.length);
+    }
+
     private final class TestActionProvider implements 
AuthorizableActionProvider {
 
         private final List<AuthorizableAction> actions = new ArrayList();


Reply via email to