Author: angela
Date: Wed Dec 9 14:51:13 2015
New Revision: 1718873
URL: http://svn.apache.org/viewvc?rev=1718873&view=rev
Log:
OAK-3759 : UserManager.onCreate is not omitted for system users in case of XML
import
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/SystemUserImplTest.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportWithActionsTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?rev=1718873&r1=1718872&r2=1718873&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
Wed Dec 9 14:51:13 2015
@@ -257,8 +257,12 @@ public class UserManagerImpl implements
* @throws RepositoryException If an exception occurs.
*/
void onCreate(@Nonnull User user, @CheckForNull String password) throws
RepositoryException {
- for (AuthorizableAction action :
actionProvider.getAuthorizableActions(securityProvider)) {
- action.onCreate(user, password, root, namePathMapper);
+ if (!user.isSystemUser()) {
+ for (AuthorizableAction action :
actionProvider.getAuthorizableActions(securityProvider)) {
+ action.onCreate(user, password, root, namePathMapper);
+ }
+ } else {
+ log.debug("Omit onCreate action for system users.");
}
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java?rev=1718873&r1=1718872&r2=1718873&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
Wed Dec 9 14:51:13 2015
@@ -152,7 +152,7 @@ public class AccessControlAction extends
if (securityProvider == null) {
throw new IllegalStateException("Not initialized");
}
- if (isSystemUser(authorizable)) {
+ if (isBuiltInUser(authorizable)) {
log.debug("System user: " + authorizable.getID() + "; omit ac
setup.");
return;
}
@@ -200,7 +200,7 @@ public class AccessControlAction extends
}
}
- private boolean isSystemUser(@Nonnull Authorizable authorizable) throws
RepositoryException {
+ private boolean isBuiltInUser(@Nonnull Authorizable authorizable) throws
RepositoryException {
if (authorizable.isGroup()) {
return false;
}
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/SystemUserImplTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/SystemUserImplTest.java?rev=1718873&r1=1718872&r2=1718873&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/SystemUserImplTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/SystemUserImplTest.java
Wed Dec 9 14:51:13 2015
@@ -17,24 +17,37 @@
package org.apache.jackrabbit.oak.security.user;
import java.util.Iterator;
+import java.util.List;
import java.util.UUID;
+import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.Credentials;
import javax.jcr.SimpleCredentials;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.security.auth.login.LoginException;
+import com.google.common.collect.ImmutableList;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import
org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
+import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.principal.SystemUserPrincipal;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.security.user.UserIdCredentials;
+import org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction;
+import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
+import
org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableActionProvider;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.oak.util.TreeUtil;
import org.junit.Before;
@@ -76,6 +89,21 @@ public class SystemUserImplTest extends
}
}
+ @Override
+ protected ConfigurationParameters getSecurityConfigParameters() {
+ return ConfigurationParameters.of(
+ UserConfiguration.NAME,
+
ConfigurationParameters.of(UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER,
new AuthorizableActionProvider() {
+ @Nonnull
+ @Override
+ public List<? extends AuthorizableAction>
getAuthorizableActions(@Nonnull SecurityProvider securityProvider) {
+ AuthorizableAction action = new AccessControlAction();
+ action.init(securityProvider,
ConfigurationParameters.of(AccessControlAction.USER_PRIVILEGE_NAMES, new
String[]{PrivilegeConstants.JCR_ALL}));
+ return ImmutableList.of(action);
+ }
+ }));
+ }
+
private User createUser(@Nullable String intermediatePath) throws
Exception {
User user = userMgr.createSystemUser(uid, intermediatePath);
root.commit();
@@ -274,4 +302,16 @@ public class SystemUserImplTest extends
}
}
}
+
+ /**
+ * Test asserting that {@link AuthorizableAction#onCreate(User, String,
Root, NamePathMapper)}
+ * is omitted upon calling {@link UserManager#createSystemUser(String,
String)}.
+ */
+ @Test
+ public void testOnCreateOmitted() throws Exception {
+ user = createUser(null);
+
+ Tree t = root.getTree(user.getPath());
+ assertFalse(t.hasChild(AccessControlConstants.REP_POLICY));
+ }
}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportWithActionsTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportWithActionsTest.java?rev=1718873&r1=1718872&r2=1718873&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportWithActionsTest.java
(original)
+++
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportWithActionsTest.java
Wed Dec 9 14:51:13 2015
@@ -204,6 +204,33 @@ public class UserImportWithActionsTest e
assertEquals("gPrincipal", aces[0].getPrincipal().getName());
}
+ @Test
+ public void testAccessControlActionExecutionForSystemUser() throws
Exception {
+ AccessControlAction a1 = new AccessControlAction();
+ a1.init(securityProvider,
ConfigurationParameters.of(AccessControlAction.USER_PRIVILEGE_NAMES, new
String[] {Privilege.JCR_ALL}));
+
+ setAuthorizableActions(a1);
+
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
+ "<sv:node sv:name=\"t\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\"
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\"
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\"
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\"
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\"
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+ " <sv:property sv:name=\"jcr:primaryType\"
sv:type=\"Name\"><sv:value>rep:SystemUser</sv:value></sv:property>" +
+ " <sv:property sv:name=\"jcr:uuid\"
sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>"
+
+ " <sv:property sv:name=\"rep:principalName\"
sv:type=\"String\"><sv:value>tSystemPrincipal</sv:value></sv:property>" +
+ "</sv:node>";
+
+ doImport(USERPATH, xml);
+
+ Authorizable a = getUserManager().getAuthorizable("t");
+ assertNotNull(a);
+ assertFalse(a.isGroup());
+ assertTrue(((User) a).isSystemUser());
+
+ AccessControlManager acMgr =
getImportSession().getAccessControlManager();
+ AccessControlPolicy[] policies = acMgr.getPolicies(a.getPath());
+ assertNotNull(policies);
+ assertEquals(0, policies.length);
+ }
+
private final class TestActionProvider implements
AuthorizableActionProvider {
private final List<AuthorizableAction> actions = new ArrayList();