private boolean isBuiltInUser(@NotNull Authorizable authorizable) throws RepositoryException { ConfigurationParameters userConfig = securityProvider.getConfiguration(UserConfiguration.class).getParameters(); String userId = authorizable.getID(); return UserUtil.getAdminId(userConfig).equals(userId) || UserUtil.getAnonymousId(userConfig).equals(userId); }
@Override void checkValidTree(@NotNull Tree tree) { if (!UserUtil.isType(tree, AuthorizableType.GROUP)) { throw new IllegalArgumentException("Invalid group node: node type rep:Group expected."); } }
@Override public <T extends Authorizable> T getAuthorizable(String id, Class<T> authorizableClass) throws RepositoryException { return UserUtil.castAuthorizable(getAuthorizable(id), authorizableClass); }
@Nullable private Principal createPrincipal(@Nullable Tree authorizableTree) { if (authorizableTree != null) { AuthorizableType type = UserUtil.getType(authorizableTree); if (AuthorizableType.GROUP == type) { return createGroupPrincipal(authorizableTree); } else if (AuthorizableType.USER == type) { return createUserPrincipal(UserUtil.getAuthorizableId(authorizableTree, type), authorizableTree); } } return null; }
private boolean isAdminUser(@Nonnull Tree userTree) { if (userTree.exists() && isUser(userTree)) { String id = UserUtil.getAuthorizableId(userTree); return UserUtil.getAdminId(provider.getConfig()).equals(id); } else { return false; } }
private String getAnonymousId() { SecurityProvider sp = getSecurityProvider(); if (sp == null) { return null; } else { ConfigurationParameters params = sp.getConfiguration(UserConfiguration.class).getParameters(); return UserUtil.getAnonymousId(params); } }
@Nullable private Authorizable getAuthorizable(@Nullable String id, @Nullable Tree tree) throws RepositoryException { if (id == null || tree == null) { return null; } if (UserUtil.isType(tree, AuthorizableType.USER)) { if (UserUtil.isSystemUser(tree)) { return new SystemUserImpl(id, tree, this); } else { return new UserImpl(id, tree, this); } } else if (UserUtil.isType(tree, AuthorizableType.GROUP)) { return new GroupImpl(id, tree, this); } else { throw new RepositoryException("Not a user or group tree " + tree.getPath() + '.'); } }
UserValidator(Tree parentBefore, Tree parentAfter, UserValidatorProvider provider) { this.parentBefore = parentBefore; this.parentAfter = parentAfter; this.provider = provider; authorizableType = (parentAfter == null) ? null : UserUtil.getType(parentAfter); }
public static boolean isAdmin(@NotNull ConfigurationParameters parameters, @NotNull String userId) { return getAdminId(parameters).equals(userId); }
@Nullable private static String getPrincipalName(@NotNull Tree tree) { PropertyState principalName = tree.getProperty(UserConstants.REP_PRINCIPAL_NAME); if (principalName != null) { return principalName.getValue(STRING); } else { String msg = "Authorizable without principal name " + UserUtil.getAuthorizableId(tree); log.warn(msg); return null; } }
@Nullable private Principal createUserPrincipal(@NotNull String id, @NotNull Tree userTree) { String principalName = getPrincipalName(userTree); if (principalName == null) { return null; } if (UserUtil.isSystemUser(userTree)) { return new SystemUserPrincipalImpl(principalName, userTree, namePathMapper); } else if (UserUtil.isAdmin(config.getParameters(), id)) { return new AdminPrincipalImpl(principalName, userTree, namePathMapper); } else { return new TreeBasedPrincipal(principalName, userTree, namePathMapper); } }
private void validateAuthorizable(@NotNull Tree tree, @Nullable AuthorizableType type) throws CommitFailedException { boolean isSystemUser = (type == AuthorizableType.USER) && UserUtil.isSystemUser(tree); String authRoot = UserUtil.getAuthorizableRootPath(provider.getConfig(), type); if (isSystemUser) { String sysRelPath = provider.getConfig().getConfigValue(PARAM_SYSTEM_RELATIVE_PATH, DEFAULT_SYSTEM_RELATIVE_PATH); authRoot = authRoot + '/' + sysRelPath; } if (authRoot != null) { assertHierarchy(tree, authRoot); // assert rep:principalName is present (that should actually by covered // by node type validator) if (TreeUtil.getString(tree, REP_PRINCIPAL_NAME) == null) { throw constraintViolation(26, "Mandatory property rep:principalName missing."); } if (isSystemUser) { if (TreeUtil.getString(tree, REP_PASSWORD) != null) { throw constraintViolation(32, "Attempt to set password with system user."); } if (tree.hasChild(REP_PWD)) { throw constraintViolation(33, "Attempt to add rep:pwd node to a system user."); } } } }
static boolean canHavePasswordExpired(@NotNull String userId, @NotNull ConfigurationParameters config) { return !UserUtil.isAdmin(config, userId) || config.getConfigValue(UserAuthentication.PARAM_PASSWORD_EXPIRY_FOR_ADMIN, false); }
UserImporter(ConfigurationParameters config) { importBehavior = UserUtil.getImportBehavior(config); }
/** * Determine the search root for the given authorizable type based on the * configured root path. * * @param type The authorizable type. * @param config The configuration parameters. * @return The path of search root for the specified authorizable type. */ @NotNull public static String getSearchRoot(AuthorizableType type, ConfigurationParameters config) { String path = UserUtil.getAuthorizableRootPath(config, type); return QueryConstants.SEARCH_ROOT_PATH + path; }
@Override void checkValidTree(@NotNull Tree tree) throws RepositoryException { super.checkValidTree(tree); if (!UserUtil.isSystemUser(tree)) { throw new IllegalArgumentException("Invalid user node: node type rep:SystemUser expected."); } }
private boolean isAdminUser(@NotNull Tree userTree) { if (userTree.exists() && isUser(userTree)) { String id = UserUtil.getAuthorizableId(userTree); return UserUtil.getAdminId(provider.getConfig()).equals(id); } else { return false; } }
private String getAnonymousId() { SecurityProvider sp = getSecurityProvider(); if (sp == null) { return null; } else { ConfigurationParameters params = sp.getConfiguration(UserConfiguration.class).getParameters(); return UserUtil.getAnonymousId(params); } }
@Nullable private Authorizable getAuthorizable(@Nullable String id, @Nullable Tree tree) throws RepositoryException { if (id == null || tree == null) { return null; } if (UserUtil.isType(tree, AuthorizableType.USER)) { if (UserUtil.isSystemUser(tree)) { return new SystemUserImpl(id, tree, this); } else { return new UserImpl(id, tree, this); } } else if (UserUtil.isType(tree, AuthorizableType.GROUP)) { return new GroupImpl(id, tree, this); } else { throw new RepositoryException("Not a user or group tree " + tree.getPath() + '.'); } }
UserValidator(Tree parentBefore, Tree parentAfter, UserValidatorProvider provider) { this.parentBefore = parentBefore; this.parentAfter = parentAfter; this.provider = provider; authorizableType = (parentAfter == null) ? null : UserUtil.getType(parentAfter); }