@Nonnull @Override public Boolean perform() throws RepositoryException { return impersonationDelegate.grantImpersonation(principal); } });
@Override public boolean allows(final Subject subject) throws RepositoryException { return delegate.allows(subject); } }
@Override public PrincipalIterator getImpersonators() throws RepositoryException { return dlg.getImpersonators(); }
@Test public void testImpersonation() throws RepositoryException, NotExecutableException { Principal user2Principal = user2.getPrincipal(); Subject subject = new Subject(true, Collections.singleton(user2Principal), Collections.<Object>emptySet(), Collections.<Object>emptySet()); Impersonation impers = user.getImpersonation(); assertFalse(impers.allows(subject)); assertTrue(impers.grantImpersonation(user2Principal)); assertFalse(impers.grantImpersonation(user2Principal)); superuser.save(); assertTrue(impers.allows(subject)); assertTrue(impers.revokeImpersonation(user2Principal)); assertFalse(impers.revokeImpersonation(user2Principal)); superuser.save(); assertFalse(impers.allows(subject)); }
for (PrincipalIterator pit = imp.getImpersonators(); pit.hasNext(); ) { Principal p = pit.nextPrincipal(); toRemove.put(p.getName(), p); if (!imp.revokeImpersonation(p)) { String principalName = p.getName(); handleFailure("Failed to revoke impersonation for " + principalName + " on " + a); principals.get(principalName) : new PrincipalImpl(principalName); if (!imp.grantImpersonation(principal)) { handleFailure("Failed to grant impersonation for " + principalName + " on " + a); if (importBehavior == ImportBehavior.BESTEFFORT &&
public void testGrantImpersonatingForOneself() throws RepositoryException { Principal main = newUser.getPrincipal(); try { assertFalse(impersonation.grantImpersonation(main)); } finally { impersonation.revokeImpersonation(main); } }
public void testModifyOthersImpersonators() throws RepositoryException { Principal p = uMgr.getAuthorizable(uID).getPrincipal(); User other = (User) uMgr.getAuthorizable(otherUID); try { boolean success = other.getImpersonation().grantImpersonation(p); // omit save call assertFalse("A simple user may not add itself as impersonator to another user.",success); } catch (AccessDeniedException e) { // fine as well -> access denied. } assertFalse("A simple user may not add itself as impersonator to another user.", other.getImpersonation().allows(buildSubject(p))); }
@NotNull @Override public Boolean perform() throws RepositoryException { return impersonationDelegate.revokeImpersonation(principal); } });
Subject s = new Subject(); s.getPrincipals().add(new PrincipalImpl(principalName)); assertFalse(imp.allows(s)); for (PrincipalIterator it = imp.getImpersonators(); it.hasNext();) { assertFalse(principalName.equals(it.nextPrincipal().getName()));
public void testAdminPrincipalAsImpersonator() throws RepositoryException, NotExecutableException { Principal adminPrincipal = new AdminPrincipal() { @Override public String getName() { return "some-admin-name"; } }; // admin cannot be add/remove to set of impersonators of 'u' but is // always allowed to impersonate that user. Impersonation impersonation = user.getImpersonation(); assertFalse(impersonation.grantImpersonation(adminPrincipal)); assertFalse(impersonation.revokeImpersonation(adminPrincipal)); assertTrue(impersonation.allows(buildSubject(adminPrincipal))); } }
for (PrincipalIterator pit = imp.getImpersonators(); pit.hasNext(); ) { Principal p = pit.nextPrincipal(); toRemove.put(p.getName(), p); if (!imp.revokeImpersonation(p)) { String principalName = p.getName(); handleFailure("Failed to revoke impersonation for " + principalName + " on " + a); principals.get(principalName) : new PrincipalImpl(principalName); if (!imp.grantImpersonation(principal)) { handleFailure("Failed to grant impersonation for " + principalName + " on " + a); if (importBehavior == ImportBehavior.BESTEFFORT &&
public void testGrantImpersonationUnknownUser() throws RepositoryException, NotExecutableException { Principal test = getTestPrincipal(); try { assertFalse("Granting impersonation to an unknown principal should not be successful.", impersonation.grantImpersonation(test)); } finally { impersonation.revokeImpersonation(test); save(superuser); } }
public void testImpersonationOfOtherUser() throws RepositoryException, NotExecutableException { UserManager umgr = getUserManager(uSession); Principal selfPrinc = umgr.getAuthorizable(uID).getPrincipal(); User child = (User) umgr.getAuthorizable(getYetAnotherID()); Impersonation impers = child.getImpersonation(); assertFalse(impers.allows(buildSubject(selfPrinc))); try { assertFalse(impers.grantImpersonation(selfPrinc)); save(uSession); } catch (AccessDeniedException e) { // ok. } assertFalse(impers.allows(buildSubject(selfPrinc))); User parent = (User) umgr.getAuthorizable(otherUID); impers = parent.getImpersonation(); assertFalse(impers.allows(buildSubject(selfPrinc))); try { assertFalse(impers.grantImpersonation(selfPrinc)); save(uSession); } catch (AccessDeniedException e) { // ok. } assertFalse(impers.allows(buildSubject(selfPrinc))); }
@NotNull @Override public Boolean perform() throws RepositoryException { return impersonationDelegate.revokeImpersonation(principal); } });
Subject s = new Subject(); s.getPrincipals().add(new PrincipalImpl(principalName)); assertFalse(imp.allows(s)); for (PrincipalIterator it = imp.getImpersonators(); it.hasNext();) { assertFalse(principalName.equals(it.nextPrincipal().getName()));
public void testSystemPrincipalAsImpersonator() throws RepositoryException { Principal systemPrincipal = new SystemPrincipal(); assertNull(userMgr.getAuthorizable(systemPrincipal)); // system cannot be add/remove to set of impersonators of 'u' nor // should it be allowed to impersonate a given user... User u = (User) userMgr.getAuthorizable(uID); Impersonation impersonation = u.getImpersonation(); assertFalse(impersonation.grantImpersonation(systemPrincipal)); assertFalse(impersonation.revokeImpersonation(systemPrincipal)); assertFalse(impersonation.allows(buildSubject(systemPrincipal))); } }
for (PrincipalIterator pit = imp.getImpersonators(); pit.hasNext(); ) { Principal p = pit.nextPrincipal(); toRemove.put(p.getName(), p); if (!imp.revokeImpersonation(p)) { String principalName = p.getName(); handleFailure("Failed to revoke impersonation for " + principalName + " on " + a); principals.get(principalName) : new PrincipalImpl(principalName); if (!imp.grantImpersonation(principal)) { handleFailure("Failed to grant impersonation for " + principalName + " on " + a); if (importBehavior == ImportBehavior.BESTEFFORT &&
public void testCannotGrantImpersonationForAdministrator() throws RepositoryException, NotExecutableException { User admin = getTestUser(superuser); try { assertFalse(impersonation.grantImpersonation(admin.getPrincipal())); } finally { impersonation.revokeImpersonation(admin.getPrincipal()); } }
@Override public boolean allows(Subject subject) throws RepositoryException { return dlg.allows(subject); } }
@NotNull @Override public Boolean perform() throws RepositoryException { return impersonationDelegate.grantImpersonation(principal); } });