This is an automated email from the ASF dual-hosted git repository. angela pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git
The following commit(s) were added to refs/heads/trunk by this push: new bf02e7adc1 OAK-10074 : AutoMembershipProvider consistency with ExternalPrincipalProvider bf02e7adc1 is described below commit bf02e7adc1f1a0fb06f05b7663ec0a695d1710af Author: angela <anch...@adobe.com> AuthorDate: Thu Jan 19 18:25:30 2023 +0100 OAK-10074 : AutoMembershipProvider consistency with ExternalPrincipalProvider --- .../impl/principal/AutoMembershipProvider.java | 4 +-- .../external/impl/DynamicSyncTest.java | 34 ++++++++++++++++++++++ 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipProvider.java b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipProvider.java index a4c49a70b4..84595ab803 100644 --- a/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipProvider.java +++ b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipProvider.java @@ -52,7 +52,6 @@ import java.util.stream.StreamSupport; import static org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalIdentityConstants.REP_EXTERNAL_ID; import static org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.DynamicGroupUtil.getIdpName; import static org.apache.jackrabbit.oak.spi.security.user.UserConstants.NT_REP_AUTHORIZABLE; -import static org.apache.jackrabbit.oak.spi.security.user.UserConstants.NT_REP_GROUP; import static org.apache.jackrabbit.oak.spi.security.user.UserConstants.NT_REP_USER; import static org.apache.jackrabbit.oak.spi.security.user.UserConstants.REP_AUTHORIZABLE_ID; @@ -190,7 +189,8 @@ class AutoMembershipProvider implements DynamicMembershipProvider { return; } - String nodeType = (groupIdpNames.isEmpty()) ? NT_REP_USER : (idpNames.size() == groupIdpNames.size()) ? NT_REP_GROUP : NT_REP_AUTHORIZABLE; + // currently 'group.automembership' is added for all users -> search for type authorizable (not just groups) + String nodeType = (groupIdpNames.isEmpty()) ? NT_REP_USER : NT_REP_AUTHORIZABLE; // since this provider is only enabled for dynamic-automembership the 'includeInherited' flag can be ignored. // as group-membership for dynamic users is flattened and automembership-configuration for groups is included. diff --git a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncTest.java b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncTest.java index 0f55531f0e..348c188ea5 100644 --- a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncTest.java +++ b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncTest.java @@ -37,6 +37,7 @@ import java.util.List; import java.util.Set; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; @@ -143,6 +144,39 @@ public class DynamicSyncTest extends AbstractDynamicTest { assertExpectedIds(expectedIds, aGroup.declaredMemberOf(), aGroup.memberOf()); } + @Test + public void testAutomembershipGroups() throws Exception { + ExternalUser externalUser = idp.getUser(USER_ID); + sync(externalUser, SyncResult.Status.ADD); + + Authorizable user = userManager.getAuthorizable(USER_ID); + Group aGroup = userManager.getAuthorizable("a", Group.class); + + // verify group 'autoForGroups' + Set<String> expMemberIds = ImmutableSet.of("a", "b", "c", "aa", "aaa", USER_ID); + assertExpectedIds(expMemberIds, autoForGroups.getDeclaredMembers(), autoForGroups.getMembers()); + assertIsMember(autoForGroups, true, user, aGroup); + assertIsMember(autoForGroups, false, user, aGroup); + assertFalse(autoForGroups.isMember(base)); + } + + @Test + public void testAutomembershipUsers() throws Exception { + ExternalUser externalUser = idp.getUser(USER_ID); + sync(externalUser, SyncResult.Status.ADD); + + Authorizable user = userManager.getAuthorizable(USER_ID); + Group aGroup = userManager.getAuthorizable("a", Group.class); + + // verify group 'autoForUsers' + Set<String> expMemberIds = ImmutableSet.of(USER_ID); + assertExpectedIds(expMemberIds, autoForUsers.getDeclaredMembers(), autoForUsers.getMembers()); + assertTrue(autoForUsers.isMember(user)); + + assertFalse(autoForUsers.isMember(aGroup)); + assertFalse(autoForUsers.isMember(base)); + } + private static void assertIsMember(@NotNull Group group, boolean declared, @NotNull Authorizable... members) { try { for (Authorizable member : members) {