Author: angela
Date: Thu Apr 21 14:49:16 2016
New Revision: 1740333
URL: http://svn.apache.org/viewvc?rev=1740333&view=rev
Log:
OAK-4224 : DefaultSyncContext.sync(ExternalIdentity) should verify IDP
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.java
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/CustomCredentialsSupportTest.java
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java?rev=1740333&r1=1740332&r2=1740333&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java
(original)
+++
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java
Thu Apr 21 14:49:16 2016
@@ -222,6 +222,12 @@ public class DefaultSyncContext implemen
@Nonnull
@Override
public SyncResult sync(@Nonnull ExternalIdentity identity) throws
SyncException {
+ ExternalIdentityRef ref = identity.getExternalId();
+ if (!isSameIDP(ref)) {
+ // create result in accordance with sync(String) where status is
FOREIGN
+ boolean isGroup = (identity instanceof ExternalGroup);
+ return new DefaultSyncResultImpl(new
DefaultSyncedIdentity(identity.getId(), ref, isGroup, -1),
SyncResult.Status.FOREIGN);
+ }
try {
DebugTimer timer = new DebugTimer();
DefaultSyncResultImpl ret;
@@ -250,7 +256,7 @@ public class DefaultSyncContext implemen
throw new IllegalArgumentException("identity must be user or
group but was: " + identity);
}
if (log.isDebugEnabled()) {
- log.debug("sync({}) -> {} {}",
identity.getExternalId().getString(), identity.getId(), timer.getString());
+ log.debug("sync({}) -> {} {}", ref.getString(),
identity.getId(), timer.getString());
}
if (created) {
ret.setStatus(SyncResult.Status.ADD);
@@ -277,8 +283,8 @@ public class DefaultSyncContext implemen
}
// check if we need to deal with this authorizable
ExternalIdentityRef ref = DefaultSyncContext.getIdentityRef(auth);
- if (ref == null || !idp.getName().equals(ref.getProviderName())) {
- return new DefaultSyncResultImpl(new DefaultSyncedIdentity(id,
null, false, -1), SyncResult.Status.FOREIGN);
+ if (ref == null || !isSameIDP(ref)) {
+ return new DefaultSyncResultImpl(new DefaultSyncedIdentity(id,
ref, false, -1), SyncResult.Status.FOREIGN);
}
if (auth.isGroup()) {
@@ -713,4 +719,16 @@ public class DefaultSyncContext implemen
ExternalIdentityRef ref = DefaultSyncContext.getIdentityRef(auth);
return ref != null && idp.getName().equals(ref.getProviderName());
}
+
+ /**
+ * Tests if the given {@link ExternalIdentityRef} refers to the same IDP
+ * as associated with this context instance.
+ *
+ * @param ref The {@link ExternalIdentityRef} to be tested.
+ * @return {@code true} if {@link ExternalIdentityRef#getProviderName()}
refers
+ * to the IDP associated with this context instance.
+ */
+ private boolean isSameIDP(@Nonnull ExternalIdentityRef ref) {
+ return idp.getName().equals(ref.getProviderName());
+ }
}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.java?rev=1740333&r1=1740332&r2=1740333&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.java
(original)
+++
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.java
Thu Apr 21 14:49:16 2016
@@ -56,7 +56,6 @@ import org.apache.jackrabbit.oak.spi.sec
import
org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import org.junit.After;
import org.junit.Before;
-import org.junit.Ignore;
import org.junit.Test;
import static org.junit.Assert.assertArrayEquals;
@@ -69,8 +68,6 @@ import static org.junit.Assert.assertTru
public class DefaultSyncContextTest extends AbstractExternalAuthTest {
- private TestIdentityProvider idp = new TestIdentityProvider();
-
private DefaultSyncContext syncCtx;
private List<String> authorizableIds = new ArrayList<String>();
@@ -315,14 +312,48 @@ public class DefaultSyncContextTest exte
assertEquals(SyncResult.Status.UPDATE, result.getStatus());
}
- @Ignore("OAK-4224")
- @Test(expected = SyncException.class)
- public void testSyncForeignExternalIdentity() throws Exception {
+ @Test
+ public void testSyncForeignExternalUser() throws Exception {
ExternalIdentity foreign = new ForeignExternalUser();
- syncCtx.sync(foreign);
- // don't commit changes as the after-call would not properly remove any
- // authorizable created this way.
+ SyncResult res = syncCtx.sync(foreign);
+ assertNotNull(res);
+ assertSame(SyncResult.Status.FOREIGN, res.getStatus());
+
+ // expect {@code SyncedIdentity} in accordance with {@code sync(String
userId)},
+ // where the authorizable is found to be linked to a different IDP.
+ SyncedIdentity si = res.getIdentity();
+ assertNotNull(si);
+ assertEquals(foreign.getId(), si.getId());
+ ExternalIdentityRef ref = si.getExternalIdRef();
+ assertNotNull(ref);
+ assertEquals(foreign.getExternalId(), ref);
+ assertFalse(si.isGroup());
+ assertEquals(-1, si.lastSynced());
+
+ assertFalse(root.hasPendingChanges());
+ }
+
+ @Test
+ public void testSyncForeignExternalGroup() throws Exception {
+ ExternalIdentity foreign = new ForeignExternalGroup();
+
+ SyncResult res = syncCtx.sync(foreign);
+ assertNotNull(res);
+ assertSame(SyncResult.Status.FOREIGN, res.getStatus());
+
+ // expect {@code SyncedIdentity} in accordance with {@code sync(String
userId)},
+ // where the authorizable is found to be linked to a different IDP.
+ SyncedIdentity si = res.getIdentity();
+ assertNotNull(si);
+ assertEquals(foreign.getId(), si.getId());
+ ExternalIdentityRef ref = si.getExternalIdRef();
+ assertNotNull(ref);
+ assertEquals(foreign.getExternalId(), ref);
+ assertTrue(si.isGroup());
+ assertEquals(-1, si.lastSynced());
+
+ assertFalse(root.hasPendingChanges());
}
@Test
@@ -430,7 +461,11 @@ public class DefaultSyncContextTest exte
@Test
public void testSyncByForeignId() throws Exception {
SyncResult result = syncCtx.sync(getTestUser().getID());
+
assertEquals(SyncResult.Status.FOREIGN, result.getStatus());
+ SyncedIdentity si = result.getIdentity();
+ assertNotNull(si);
+ assertNull(si.getExternalIdRef());
}
@Test
@@ -440,6 +475,9 @@ public class DefaultSyncContextTest exte
SyncResult result = syncCtx.sync(u.getID());
assertEquals(SyncResult.Status.FOREIGN, result.getStatus());
+ SyncedIdentity si = result.getIdentity();
+ assertNotNull(si);
+ assertEquals(DefaultSyncContext.getIdentityRef(u),
si.getExternalIdRef());
}
@Test(expected = SyncException.class)
@@ -1198,6 +1236,21 @@ public class DefaultSyncContextTest exte
}
}
+ private final class ForeignExternalGroup extends TestExternalIdentity
implements ExternalGroup {
+
+ @Nonnull
+ @Override
+ public ExternalIdentityRef getExternalId() {
+ return new ExternalIdentityRef(getId(), "AnotherExternalIDP");
+ }
+
+ @Nonnull
+ @Override
+ public Iterable<ExternalIdentityRef> getDeclaredMembers() {
+ return ImmutableList.of();
+ }
+ }
+
private final class ExternalUserWithDeclaredGroup extends
TestExternalIdentity implements ExternalUser {
private final ExternalIdentityRef declaredGroupRef;
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/CustomCredentialsSupportTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/CustomCredentialsSupportTest.java?rev=1740333&r1=1740332&r2=1740333&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/CustomCredentialsSupportTest.java
(original)
+++
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/CustomCredentialsSupportTest.java
Thu Apr 21 14:49:16 2016
@@ -131,7 +131,7 @@ public class CustomCredentialsSupportTes
@Nonnull
@Override
public ExternalIdentityRef getExternalId() {
- return new ExternalIdentityRef(uid, "test");
+ return new ExternalIdentityRef(uid, getName());
}
@Nonnull