Author: angela
Date: Mon Apr 3 14:52:40 2017
New Revision: 1790006
URL: http://svn.apache.org/viewvc?rev=1790006&view=rev
Log:
OAK-6027 : UserImporter.Impersonators : use Oak path to user instead of ID
OAK-5882 : Improve coverage for oak.security code in oak-core (wip)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java?rev=1790006&r1=1790005&r2=1790006&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java
Mon Apr 3 14:52:40 2017
@@ -297,7 +297,7 @@ class UserImporter implements ProtectedP
// since impersonators may be imported later on, postpone
processing
// to the end.
// see -> process References
- referenceTracker.processedReference(new
Impersonators(a.getID(), propInfo.getTextValues()));
+ referenceTracker.processedReference(new
Impersonators(parent.getPath(), propInfo.getTextValues()));
return true;
} else if (REP_DISABLED.equals(propName)) {
@@ -665,20 +665,20 @@ class UserImporter implements ProtectedP
*/
private final class Impersonators {
- private final String userId;
+ private final String userPath;
private final Set<String> principalNames = new HashSet<String>();
- private Impersonators(String userId, List<? extends TextValue> values)
{
- this.userId = userId;
+ private Impersonators(String userPath, List<? extends TextValue>
values) {
+ this.userPath = userPath;
for (TextValue v : values) {
principalNames.add(v.getString());
}
}
private void process() throws RepositoryException {
- Authorizable a = userManager.getAuthorizable(userId);
+ Authorizable a = userManager.getAuthorizableByOakPath(userPath);
if (a == null || a.isGroup()) {
- throw new RepositoryException(userId + " does not represent a
valid user.");
+ throw new RepositoryException(userPath + " does not represent
a valid user.");
}
Impersonation imp = checkNotNull(((User) a).getImpersonation());
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterTest.java?rev=1790006&r1=1790005&r2=1790006&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterTest.java
Mon Apr 3 14:52:40 2017
@@ -17,6 +17,7 @@
package org.apache.jackrabbit.oak.security.user;
import java.util.ArrayList;
+import java.util.Iterator;
import java.util.List;
import javax.annotation.Nonnull;
import javax.jcr.ImportUUIDBehavior;
@@ -29,6 +30,7 @@ import javax.jcr.nodetype.PropertyDefini
import javax.jcr.nodetype.PropertyDefinitionTemplate;
import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.api.JackrabbitSession;
@@ -38,19 +40,23 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
import
org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableActionProvider;
import org.apache.jackrabbit.oak.spi.security.user.action.GroupAction;
+import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtil;
import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;
import org.apache.jackrabbit.oak.spi.xml.PropInfo;
import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
@@ -63,6 +69,7 @@ import org.mockito.Mockito;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.when;
@@ -70,6 +77,7 @@ import static org.mockito.Mockito.when;
public class UserImporterTest extends AbstractSecurityTest implements
UserConstants {
private static final String TEST_USER_ID = "uid";
+ private static final String TEST_GROUP_ID = "gid";
private TestAction testAction;
AuthorizableActionProvider actionProvider = new
AuthorizableActionProvider() {
@@ -79,8 +87,11 @@ public class UserImporterTest extends Ab
return (testAction == null) ?
ImmutableList.<AuthorizableAction>of() : ImmutableList.of(testAction);
}
};
+
private User testUser;
+ private ReferenceChangeTracker refTracker = new ReferenceChangeTracker();
+
UserImporter importer;
@Override
@@ -94,6 +105,7 @@ public class UserImporterTest extends Ab
@Override
public void after() throws Exception {
try {
+ refTracker.clear();
root.refresh();
} finally {
super.after();
@@ -136,7 +148,7 @@ public class UserImporterTest extends Ab
if (createAction) {
testAction = new TestAction();
}
- return importer.init(mockJackrabbitSession(), root,
getNamePathMapper(), isWorkspaceImport(),
ImportUUIDBehavior.IMPORT_UUID_COLLISION_REMOVE_EXISTING, new
ReferenceChangeTracker(), getSecurityProvider());
+ return importer.init(mockJackrabbitSession(), root,
getNamePathMapper(), isWorkspaceImport(),
ImportUUIDBehavior.IMPORT_UUID_COLLISION_REMOVE_EXISTING, refTracker,
getSecurityProvider());
}
private Tree createUserTree() {
@@ -153,26 +165,32 @@ public class UserImporterTest extends Ab
NodeUtil node = new NodeUtil(root.getTree(PathUtils.ROOT_PATH));
NodeUtil groupRoot =
node.getOrAddTree(PathUtils.relativize(PathUtils.ROOT_PATH, groupPath),
NT_REP_AUTHORIZABLE_FOLDER);
- return groupRoot.addChild("testGroup", NT_REP_GROUP).getTree();
- }
-
- private PropInfo createPropInfo(@Nonnull String name, final String value) {
- return new PropInfo(name, PropertyType.STRING, new TextValue() {
- @Override
- public String getString() {
- return value;
- }
-
- @Override
- public Value getValue(int targetType) throws RepositoryException {
- return getValueFactory(root).createValue(value, targetType);
- }
-
- @Override
- public void dispose() {
- //nop
- }
- });
+ Tree groupTree = groupRoot.addChild("testGroup",
NT_REP_GROUP).getTree();
+ groupTree.setProperty(JcrConstants.JCR_UUID, new UserProvider(root,
ConfigurationParameters.EMPTY).getContentID(TEST_GROUP_ID));
+ return groupTree;
+ }
+
+ private PropInfo createPropInfo(@Nonnull String name, final String...
values) {
+ List<TextValue> txtValues = Lists.newArrayList();
+ for (final String v : values) {
+ txtValues.add(new TextValue() {
+ @Override
+ public String getString() {
+ return v;
+ }
+
+ @Override
+ public Value getValue(int targetType) throws
RepositoryException {
+ return getValueFactory(root).createValue(v, targetType);
+ }
+
+ @Override
+ public void dispose() {
+ //nop
+ }
+ });
+ }
+ return new PropInfo(name, PropertyType.STRING, txtValues);
}
private PropertyDefinition mockPropertyDefinition(@Nonnull String
declaringNt, boolean mv) throws Exception {
@@ -275,6 +293,166 @@ public class UserImporterTest extends Ab
assertTrue(importer.handlePropInfo(userTree,
createPropInfo(REP_AUTHORIZABLE_ID, TEST_USER_ID),
mockPropertyDefinition(NT_REP_USER, false)));
}
+ @Test
+ public void testHandlePrincipalName() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ assertTrue(importer.handlePropInfo(userTree,
createPropInfo(REP_PRINCIPAL_NAME, "principalName"),
mockPropertyDefinition(NT_REP_AUTHORIZABLE, false)));
+ assertEquals("principalName",
userTree.getProperty(REP_PRINCIPAL_NAME).getValue(Type.STRING));
+ }
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testHandleEmptyPrincipalName() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ importer.handlePropInfo(userTree, createPropInfo(REP_PRINCIPAL_NAME,
""), mockPropertyDefinition(NT_REP_AUTHORIZABLE, false));
+ }
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testHandleEveryonePrincipalNameOnUser() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ importer.handlePropInfo(userTree, createPropInfo(REP_PRINCIPAL_NAME,
EveryonePrincipal.NAME), mockPropertyDefinition(NT_REP_AUTHORIZABLE, false));
+ }
+
+ @Test
+ public void testHandlePrincipalNameMvPropertyDef() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ assertFalse(importer.handlePropInfo(userTree,
createPropInfo(REP_PRINCIPAL_NAME, "principalName"),
mockPropertyDefinition(NT_REP_AUTHORIZABLE, true)));
+ assertNull(userTree.getProperty(REP_PRINCIPAL_NAME));
+ }
+
+ @Test
+ public void testHandlePrincipalNameOtherDeclNtDef() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ assertFalse(importer.handlePropInfo(userTree,
createPropInfo(REP_PRINCIPAL_NAME, "principalName"),
mockPropertyDefinition(NT_REP_AUTHORIZABLE_FOLDER, false)));
+ assertNull(userTree.getProperty(REP_PRINCIPAL_NAME));
+ }
+
+ @Test
+ public void testHandlePassword() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ String pwHash = PasswordUtil.buildPasswordHash("pw");
+ assertTrue(importer.handlePropInfo(userTree,
createPropInfo(REP_PASSWORD, pwHash), mockPropertyDefinition(NT_REP_USER,
false)));
+ assertEquals(pwHash,
userTree.getProperty(REP_PASSWORD).getValue(Type.STRING));
+ }
+
+ @Test
+ public void testHandlePasswordOnSystemUser() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ userTree.setProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_SYSTEM_USER,
Type.NAME);
+ assertFalse(importer.handlePropInfo(userTree,
createPropInfo(REP_PASSWORD, PasswordUtil.buildPasswordHash("pw")),
mockPropertyDefinition(NT_REP_USER, false)));
+ }
+
+ @Test
+ public void testHandlePasswordOnGroup() throws Exception {
+ init();
+ Tree groupTree = createGroupTree();
+ assertFalse(importer.handlePropInfo(groupTree,
createPropInfo(REP_PASSWORD, PasswordUtil.buildPasswordHash("pw")),
mockPropertyDefinition(NT_REP_USER, false)));
+ }
+
+ @Test
+ public void testHandlePasswordMvPropertyDef() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ assertFalse(importer.handlePropInfo(userTree,
createPropInfo(REP_PASSWORD, PasswordUtil.buildPasswordHash("pw")),
mockPropertyDefinition(NT_REP_USER, true)));
+ assertNull(userTree.getProperty(REP_PASSWORD));
+ }
+
+ @Test
+ public void testHandlePasswordOtherDeclNtDef() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ assertFalse(importer.handlePropInfo(userTree,
createPropInfo(REP_PASSWORD, PasswordUtil.buildPasswordHash("pw")),
mockPropertyDefinition(NT_REP_AUTHORIZABLE, false)));
+ assertNull(userTree.getProperty(REP_PASSWORD));
+ }
+
+ @Test
+ public void testHandleImpersonators() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ assertTrue(importer.handlePropInfo(userTree,
createPropInfo(REP_IMPERSONATORS, "impersonator1", "impersonator2"),
mockPropertyDefinition(NT_REP_USER, true)));
+ // writing is postponed though and the ref-tracker must not be empty
+ assertNull(userTree.getProperty(REP_IMPERSONATORS));
+ assertTrue(refTracker.getProcessedReferences().hasNext());
+ }
+
+ @Test
+ public void testHandleImpersonatorsOnGroup() throws Exception {
+ init();
+ Tree groupTree = createGroupTree();
+ assertFalse(importer.handlePropInfo(groupTree,
createPropInfo(REP_IMPERSONATORS, "impersonator1"),
mockPropertyDefinition(NT_REP_USER, true)));
+ }
+
+ @Test
+ public void testHandleImpersonatorsSinglePropertyDef() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ assertFalse(importer.handlePropInfo(userTree,
createPropInfo(REP_IMPERSONATORS, "impersonator1"),
mockPropertyDefinition(NT_REP_USER, false)));
+ assertNull(userTree.getProperty(REP_IMPERSONATORS));
+ }
+
+ @Test
+ public void testHandleImpersonatorsOtherDeclNtDef() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ assertFalse(importer.handlePropInfo(userTree,
createPropInfo(REP_IMPERSONATORS, "impersonator1"),
mockPropertyDefinition(NT_REP_AUTHORIZABLE, true)));
+ assertNull(userTree.getProperty(REP_IMPERSONATORS));
+ }
+
+ @Test
+ public void testHandleDisabled() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ assertTrue(importer.handlePropInfo(userTree,
createPropInfo(REP_DISABLED, "disabled"), mockPropertyDefinition(NT_REP_USER,
false)));
+ PropertyState property = userTree.getProperty(REP_DISABLED);
+ assertNotNull(property);
+ assertEquals("disabled", property.getValue(Type.STRING));
+ }
+
+ @Test
+ public void testHandleDisabledOnGroup() throws Exception {
+ init();
+ Tree groupTree = createGroupTree();
+ assertFalse(importer.handlePropInfo(groupTree,
createPropInfo(REP_DISABLED, "disabled"), mockPropertyDefinition(NT_REP_USER,
false)));
+ assertNull(groupTree.getProperty(REP_DISABLED));
+ }
+
+ @Test(expected = RepositoryException.class)
+ public void testHandleDisabledMvProperty() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ importer.handlePropInfo(userTree, createPropInfo(REP_DISABLED,
"disabled", "disabled"), mockPropertyDefinition(NT_REP_USER, false));
+ }
+
+ @Test
+ public void testHandleDisabledMvPropertyDef() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ assertFalse(importer.handlePropInfo(userTree,
createPropInfo(REP_DISABLED, "disabled"), mockPropertyDefinition(NT_REP_USER,
true)));
+ assertNull(userTree.getProperty(REP_DISABLED));
+ }
+
+ @Test
+ public void testHandleDisabledOtherDeclNtDef() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ assertFalse(importer.handlePropInfo(userTree,
createPropInfo(REP_DISABLED, "disabled"),
mockPropertyDefinition(NT_REP_AUTHORIZABLE, false)));
+ assertNull(userTree.getProperty(REP_DISABLED));
+ }
+
+ @Test
+ public void testHandleUnknownProperty() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ assertFalse(importer.handlePropInfo(userTree,
createPropInfo("unknownProperty", "value"),
mockPropertyDefinition(NodeTypeConstants.NT_OAK_UNSTRUCTURED, false)));
+ assertNull(userTree.getProperty("unknownProperty"));
+ }
+
//--------------------------------------------------< processReferences
>---
@Test(expected = IllegalStateException.class)
@@ -282,6 +460,32 @@ public class UserImporterTest extends Ab
importer.processReferences();
}
+ @Test
+ public void testProcessUnknownImpersonators() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ assertTrue(importer.handlePropInfo(userTree,
createPropInfo(REP_IMPERSONATORS, "impersonator1", "impersonator2"),
mockPropertyDefinition(NT_REP_USER, true)));
+
+ importer.processReferences();
+
+ // default importbehavior == IGNORE
+ PropertyState impersonators = userTree.getProperty(REP_IMPERSONATORS);
+ assertNull(impersonators);
+ }
+
+ @Test
+ public void testProcessImpersonators() throws Exception {
+ init();
+ Tree userTree = createUserTree();
+ assertTrue(importer.handlePropInfo(userTree,
createPropInfo(REP_IMPERSONATORS, testUser.getPrincipal().getName()),
mockPropertyDefinition(NT_REP_USER, true)));
+
+ importer.processReferences();
+
+ PropertyState impersonators = userTree.getProperty(REP_IMPERSONATORS);
+ assertNotNull(impersonators);
+ assertEquals(ImmutableList.of(testUser.getPrincipal().getName()),
impersonators.getValue(Type.STRINGS));
+ }
+
//------------------------------------------------< propertiesCompleted
>---
@Test
