/** * {@inheritDoc} * * <p> * Implementation copied from {@link org.apache.jackrabbit.core.security.simple.SimpleLoginModule}. Delegates to * a {@code PrincipalProvider}. * </p> */ @Override protected Principal getPrincipal( final Credentials credentials ) { String userId = getUserID( credentials ); Principal principal = principalProvider.getPrincipal( userId ); if ( principal == null || principal instanceof Group ) { // no matching user principal return null; } else { return principal; } }
/** * @see org.apache.jackrabbit.core.security.JackrabbitSecurityManager#close() */ @Override public void close() { super.close(); synchronized (monitor) { for (PrincipalProviderRegistry registry : ppRegistries.values()) { registry.getDefault().close(); } ppRegistries.clear(); } }
/** * {@inheritDoc} */ public PrincipalIterator findPrincipals(String simpleFilter, int searchType) { checkIsValid(); List<CheckedIteratorEntry> entries = new ArrayList<CheckedIteratorEntry>(providers.length); for (PrincipalProvider pp : providers) { PrincipalIterator it = pp.findPrincipals(simpleFilter, searchType); if (it.hasNext()) { entries.add(new CheckedIteratorEntry(it, pp)); } } return new CheckedPrincipalIterator(entries); }
/** * @param principalName the name of the principal * @return The principal with the given name or <code>null</code> if none * of the providers knows that principal of if the Session is not allowed * to see it. */ private Principal internalGetPrincipal(String principalName) { checkIsValid(); for (PrincipalProvider provider : providers) { Principal principal = provider.getPrincipal(principalName); if (principal != null && provider.canReadPrincipal(session, principal)) { return disguise(principal, provider); } } // nothing found or not allowed to see it. return null; }
public void testEveryonePrincipal() throws Exception { Principal p = principalProvider.getPrincipal(EveryonePrincipal.NAME); assertNotNull(p); assertEquals(EveryonePrincipal.getInstance(), p); PrincipalIterator pit = principalProvider.findPrincipals(EveryonePrincipal.NAME); assertNotNull(pit); if (pit.getSize() == -1) { assertTrue(pit.hasNext()); assertEquals(EveryonePrincipal.getInstance(), pit.nextPrincipal()); assertFalse(pit.hasNext()); } else { assertEquals(1, pit.getSize()); assertEquals(EveryonePrincipal.getInstance(), pit.nextPrincipal()); } }
public void testNegativeCacheEntries() throws RepositoryException, NotExecutableException { String unknownName = "UnknownPrincipal"; PrincipalProvider caching = new DummyProvider(); Properties options = new Properties(); options.setProperty(DefaultPrincipalProvider.NEGATIVE_ENTRY_KEY, "true"); caching.init(options); // accessing from wrapper must not throw! as negative entry is expected // to be in the cache (default behavior of the DefaultPrincipalProvider) assertNull(caching.getPrincipal(unknownName)); assertNull(caching.getPrincipal(unknownName)); PrincipalProvider throwing = new DummyProvider(); options = new Properties(); options.setProperty(DefaultPrincipalProvider.NEGATIVE_ENTRY_KEY, "false"); throwing.init(options); // however: the noNegativeCacheProvider configured NOT to cache null-results // is expected to call 'providePrincipal' for each call to 'getPrincipal' // with a principalName that doesn't exist. assertNull(throwing.getPrincipal(unknownName)); try { throwing.getPrincipal(unknownName); fail("exception expected"); } catch (UnsupportedOperationException e) { // success } }
/** * * @throws Exception */ public void testCacheDoesntContainTestPrincipalImpl() throws Exception { Set<Principal> principals = getPrincipalSetFromSession(superuser); for (Principal p : principals) { Principal testPrinc = new TestPrincipal(p.getName()); principalProvider.getGroupMembership(testPrinc); Principal fromProvider = principalProvider.getPrincipal(p.getName()); assertNotSame(testPrinc, fromProvider); assertFalse(fromProvider instanceof TestPrincipal); } }
/** * Creates the default principal provider used to create the * {@link PrincipalProviderRegistry}. * * @return An new instance of <code>DefaultPrincipalProvider</code>. * @throws RepositoryException If an error occurs. */ protected PrincipalProvider createDefaultPrincipalProvider(Properties[] moduleConfig) throws RepositoryException { boolean initialized = false; PrincipalProvider defaultPP = new DefaultPrincipalProvider(this.systemSession, (UserManagerImpl) systemUserManager); for (Properties props : moduleConfig) { //GRANITE-4470: apply config to DefaultPrincipalProvider if there is no explicit PrincipalProvider configured if (!props.containsKey(LoginModuleConfig.PARAM_PRINCIPAL_PROVIDER_CLASS) && props.containsKey(AbstractPrincipalProvider.MAXSIZE_KEY)) { defaultPP.init(props); initialized = true; break; } } if (!initialized) { defaultPP.init(new Properties()); } return defaultPP; }
/** * @return a Collection of principals that contains the current user * principal and all groups it is member of. */ protected Set<Principal> getPrincipals() { // use linked HashSet instead of HashSet in order to maintain the order // of principals (as in the Subject). Set<Principal> principals = new LinkedHashSet<Principal>(); principals.add(principal); PrincipalIterator groups = principalProvider.getGroupMembership(principal); while (groups.hasNext()) { principals.add(groups.nextPrincipal()); } return principals; }
/** * {@inheritDoc} * @param searchType */ public PrincipalIterator getPrincipals(int searchType) { checkIsValid(); List<CheckedIteratorEntry> entries = new ArrayList<CheckedIteratorEntry>(providers.length); for (PrincipalProvider pp : providers) { PrincipalIterator it = pp.getPrincipals(searchType); if (it.hasNext()) { entries.add(new CheckedIteratorEntry(it, pp)); } } return new CheckedPrincipalIterator(entries); }
/** * @see org.apache.jackrabbit.core.security.principal.AbstractPrincipalIterator#seekNext() */ @Override protected final Principal seekNext() { while (!entries.isEmpty()) { // first test if current iterator has more elements CheckedIteratorEntry current = entries.get(0); Iterator<? extends Principal> iterator = current.iterator; while (iterator.hasNext()) { Principal chk = iterator.next(); if (current.provider == null || current.provider.canReadPrincipal(session, chk)) { return disguise(chk, current.provider); } } // no more elements in current iterator -> move to next iterator. entries.remove(0); } return null; } }
public void testEveryonePrincipal2() throws Exception { Group g = null; try { g = userMgr.createGroup(EveryonePrincipal.NAME); save(superuser); Principal p = principalProvider.getPrincipal(EveryonePrincipal.NAME); assertNotNull(p); assertEquals(EveryonePrincipal.getInstance(), p); PrincipalIterator pit = principalProvider.findPrincipals(EveryonePrincipal.NAME); assertNotNull(pit); if (pit.getSize() == -1) { assertTrue(pit.hasNext()); assertEquals(EveryonePrincipal.getInstance(), pit.nextPrincipal()); assertFalse(pit.hasNext()); } else { assertEquals(1, pit.getSize()); assertEquals(EveryonePrincipal.getInstance(), pit.nextPrincipal()); } } finally { if (g != null) { g.remove(); save(superuser); } } }
/** * Creates the default principal provider used to create the * {@link PrincipalProviderRegistry}. * * @return An new instance of <code>DefaultPrincipalProvider</code>. * @throws RepositoryException If an error occurs. */ protected PrincipalProvider createDefaultPrincipalProvider(Properties[] moduleConfig) throws RepositoryException { boolean initialized = false; PrincipalProvider defaultPP = new DefaultPrincipalProvider(this.systemSession, (UserManagerImpl) systemUserManager); for (Properties props : moduleConfig) { //GRANITE-4470: apply config to DefaultPrincipalProvider if there is no explicit PrincipalProvider configured if (!props.containsKey(LoginModuleConfig.PARAM_PRINCIPAL_PROVIDER_CLASS) && props.containsKey(AbstractPrincipalProvider.MAXSIZE_KEY)) { defaultPP.init(props); initialized = true; break; } } if (!initialized) { defaultPP.init(new Properties()); } return defaultPP; }
/** * @param principalName the name of the principal * @return The principal with the given name or <code>null</code> if none * of the providers knows that principal of if the Session is not allowed * to see it. */ private Principal internalGetPrincipal(String principalName) { checkIsValid(); for (PrincipalProvider provider : providers) { Principal principal = provider.getPrincipal(principalName); if (principal != null && provider.canReadPrincipal(session, principal)) { return disguise(principal, provider); } } // nothing found or not allowed to see it. return null; }
/** * @return a Collection of principals that contains the current user * principal and all groups it is member of. */ protected Set<Principal> getPrincipals() { // use linked HashSet instead of HashSet in order to maintain the order // of principals (as in the Subject). Set<Principal> principals = new LinkedHashSet<Principal>(); principals.add(principal); PrincipalIterator groups = principalProvider.getGroupMembership(principal); while (groups.hasNext()) { principals.add(groups.nextPrincipal()); } return principals; }
/** * {@inheritDoc} * @param searchType */ public PrincipalIterator getPrincipals(int searchType) { checkIsValid(); List<CheckedIteratorEntry> entries = new ArrayList<CheckedIteratorEntry>(providers.length); for (PrincipalProvider pp : providers) { PrincipalIterator it = pp.getPrincipals(searchType); if (it.hasNext()) { entries.add(new CheckedIteratorEntry(it, pp)); } } return new CheckedPrincipalIterator(entries); }
/** * @see org.apache.jackrabbit.core.security.principal.AbstractPrincipalIterator#seekNext() */ @Override protected final Principal seekNext() { while (!entries.isEmpty()) { // first test if current iterator has more elements CheckedIteratorEntry current = entries.get(0); Iterator<? extends Principal> iterator = current.iterator; while (iterator.hasNext()) { Principal chk = iterator.next(); if (current.provider == null || current.provider.canReadPrincipal(session, chk)) { return disguise(chk, current.provider); } } // no more elements in current iterator -> move to next iterator. entries.remove(0); } return null; } }
/** * Uses the configured {@link org.apache.jackrabbit.core.security.principal.PrincipalProvider} to retrieve the principal. * It takes the {@link org.apache.jackrabbit.core.security.principal.PrincipalProvider#getPrincipal(String)} for the User-ID * resolved by {@link #getUserID(Credentials)}, assuming that * User-ID and the corresponding principal name are always identical. * * @param credentials Credentials for which the principal should be resolved. * @return principal or <code>null</code> if the principal provider does * not contain a user-principal with the given userID/principal name. * * @see AbstractLoginModule#getPrincipal(Credentials) */ @Override protected Principal getPrincipal(Credentials credentials) { String userId = getUserID(credentials); Principal principal = principalProvider.getPrincipal(userId); if (principal == null || GroupPrincipals.isGroup(principal)) { // no matching user principal return null; } else { return principal; } } }
Class pc = Class.forName(className, true, BeanConfig.getDefaultClassLoader()); PrincipalProvider pp = (PrincipalProvider) pc.newInstance(); pp.init(config); return pp; } catch (ClassNotFoundException e) {
/** * {@inheritDoc} */ public PrincipalIterator getGroupMembership(Principal principal) { checkIsValid(); List<CheckedIteratorEntry> entries = new ArrayList<CheckedIteratorEntry>(providers.length + 1); for (PrincipalProvider pp : providers) { PrincipalIterator groups = pp.getGroupMembership(principal); if (groups.hasNext()) { entries.add(new CheckedIteratorEntry(groups, pp)); } } // additional entry for the 'everyone' group if (!(principal instanceof EveryonePrincipal)) { Iterator<Principal> it = Collections.singletonList(getEveryone()).iterator(); entries.add(new CheckedIteratorEntry(it, null)); } return new CheckedPrincipalIterator(entries); }