/** * Returns true if the passed principal is a member of the group. * @param principal the principal whose members are being checked. * @param member the principal whose membership is to be checked. * @return true if the principal is a member of this group, false otherwise. */ public static boolean isMember(@NotNull Principal principal, @NotNull Principal member) { if (principal instanceof Group) { return ((Group) principal).isMember(member); } if (principal instanceof GroupPrincipal) { return ((GroupPrincipal) principal).isMember(member); } return false; }
/** * Returns true if the passed principal is a member of the group. * @param principal the principal whose members are being checked. * @param member the principal whose membership is to be checked. * @return true if the principal is a member of this group, false otherwise. */ public static boolean isMember(Principal principal, Principal member) { if (principal instanceof Group) { return ((Group) principal).isMember(member); } if (principal instanceof GroupPrincipal) { return ((GroupPrincipal) principal).isMember(member); } return false; } }
/** * Returns true if the passed principal is a member of the group. * @param principal the principal whose members are being checked. * @param member the principal whose membership is to be checked. * @return true if the principal is a member of this group, false otherwise. */ public static boolean isMember(Principal principal, Principal member) { if (principal instanceof Group) { return ((Group) principal).isMember(member); } if (principal instanceof GroupPrincipal) { return ((GroupPrincipal) principal).isMember(member); } return false; } }
public void testEveryoneIsMemberofEveryone() throws RepositoryException { GroupPrincipal everyone = (GroupPrincipal) principalManager.getEveryone(); PrincipalIterator it = principalManager.getPrincipals(PrincipalManager.SEARCH_TYPE_ALL); // EXERCISE: discuss the dynamic nature of the everyone group principal while (it.hasNext()) { Principal principal = it.nextPrincipal(); if (everyone.equals(principal)) { assertFalse(everyone.isMember(principal)); } else { assertTrue(everyone.isMember(principal)); } } }
public void testSuperUserIsEveryOne() { Principal[] pcpls = getPrincipals(superuser); for (Principal pcpl : pcpls) { if (!(pcpl.equals(everyone))) { assertTrue(everyone.isMember(pcpl)); } } }
@Test public void testSuperUserIsEveryOne() { for (Principal pcpl : adminPrincipals) { if (!(pcpl.equals(everyone))) { assertTrue(everyone.isMember(pcpl)); } } }
@Test public void testIsMemberExternalGroup() throws Exception { GroupPrincipal principal = getGroupPrincipal(); Iterable<String> exGroupPrincNames = Iterables.transform(ImmutableList.copyOf(idp.listGroups()), new Function<ExternalGroup, String>() { @Nullable @Override public String apply(ExternalGroup input) { return input.getPrincipalName(); } }); for (String principalName : exGroupPrincNames) { assertFalse(principal.isMember(new PrincipalImpl(principalName))); } }
public void testReadOnlyIsEveryOne() throws RepositoryException { Session s = getHelper().getReadOnlySession(); try { Principal[] pcpls = getPrincipals(s); for (Principal pcpl : pcpls) { if (!(pcpl.equals(everyone))) { assertTrue(everyone.isMember(pcpl)); } } } finally { s.logout(); } }
@Test public void testIsMember() throws Exception { ExternalUser externalUser = idp.getUser(USER_ID); GroupPrincipal principal = getGroupPrincipal(externalUser.getDeclaredGroups().iterator().next()); assertTrue(principal.isMember(new PrincipalImpl(externalUser.getPrincipalName()))); assertTrue(principal.isMember(getUserManager(root).getAuthorizable(USER_ID).getPrincipal())); }
public void testEveryoneGroupPrincipal() throws Exception { Group g = null; try { g = userMgr.createGroup(EveryonePrincipal.NAME); save(superuser); GroupPrincipal principal = (GroupPrincipal) g.getPrincipal(); assertTrue(principal.isMember(new Principal() { public String getName() { return "test"; } })); assertFalse(principal.isMember(principal)); } finally { if (g != null) { g.remove(); save(superuser); } } } }
@Test public void testGroupPrincipal() throws Exception { Principal everyonePrincipal = everyone.getPrincipal(); assertTrue(everyonePrincipal instanceof GroupPrincipal); assertTrue(everyonePrincipal.equals(EveryonePrincipal.getInstance())); assertTrue(EveryonePrincipal.getInstance().equals(everyonePrincipal)); GroupPrincipal gr = (GroupPrincipal) everyonePrincipal; assertFalse(gr.isMember(everyonePrincipal)); assertTrue(gr.isMember(getTestUser(superuser).getPrincipal())); assertTrue(gr.isMember(new PrincipalImpl("test"))); }
public void testGroupMembership() throws RepositoryException { assertFalse(testSession.nodeExists(testRoot)); assertTrue(((GroupPrincipal) testGroupPrincipal).isMember(testPrincipal)); AccessControlUtils.addAccessControlEntry(superuser, testRoot, testGroupPrincipal, AccessControlUtils.privilegesFromNames(superuser, Privilege.JCR_READ), true); superuser.save(); testSession.refresh(false); boolean expected = false; // EXERCISE assertEquals(expected, testSession.nodeExists(testRoot)); }
@Test public void testGroupPrincipals() throws Exception { // a) force the cache to be created PrincipalProvider pp = createPrincipalProvider(systemRoot); Iterable<? extends Principal> principals = Iterables.filter(pp.getPrincipals(userId), new GroupPredicate()); for (Principal p : principals) { String className = p.getClass().getName(); assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$GroupPrincipalImpl", className); } Principal testPrincipal = getTestUser().getPrincipal(); // b) retrieve principals again (this time from the cache) // -> verify that they are a different implementation Iterable<? extends Principal> principalsAgain = Iterables.filter(pp.getPrincipals(userId), new GroupPredicate()); for (Principal p : principalsAgain) { String className = p.getClass().getName(); assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$CachedGroupPrincipal", className); assertTrue(p instanceof TreeBasedPrincipal); assertEquals(testGroup.getPath(), ((TreeBasedPrincipal) p).getPath()); GroupPrincipal principalGroup = (GroupPrincipal) p; assertTrue(principalGroup.isMember(testPrincipal)); Enumeration<? extends Principal> members = principalGroup.members(); assertTrue(members.hasMoreElements()); assertEquals(testPrincipal, members.nextElement()); assertEquals(testGroup2.getPrincipal(), members.nextElement()); assertFalse(members.hasMoreElements()); } }
@Test public void testReadOnlyIsEveryOne() throws Exception { Session s = getHelper().getReadOnlySession(); try { Principal[] pcpls = getPrincipals(getHelper().getReadOnlyCredentials()); for (Principal pcpl : pcpls) { if (!(pcpl.equals(everyone))) { assertTrue(everyone.isMember(pcpl)); } } } finally { s.logout(); } }
@Test public void testCachedPrincipalsGroupRemoved() throws Exception { // a) force the cache to be created PrincipalProvider pp = createPrincipalProvider(systemRoot); Iterable<? extends Principal> principals = Iterables.filter(pp.getPrincipals(userId), new GroupPredicate()); for (Principal p : principals) { String className = p.getClass().getName(); assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$GroupPrincipalImpl", className); } testGroup.remove(); root.commit(); systemRoot.refresh(); // b) retrieve principals again (this time from the cache) // principal for 'testGroup' is no longer backed by an user mgt group // verify that this doesn't lead to runtime exceptions Iterable<? extends Principal> principalsAgain = Iterables.filter(pp.getPrincipals(userId), new GroupPredicate()); for (Principal p : principalsAgain) { String className = p.getClass().getName(); assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$CachedGroupPrincipal", className); assertTrue(p instanceof TreeBasedPrincipal); assertNull(((TreeBasedPrincipal) p).getPath()); GroupPrincipal principalGroup = (GroupPrincipal) p; assertFalse(principalGroup.isMember(getTestUser().getPrincipal())); Enumeration<? extends Principal> members = principalGroup.members(); assertFalse(members.hasMoreElements()); } }
@Test public void testGroupIsMember() throws Exception { Group group = getUserManager(root).createGroup("testGroup" + UUID.randomUUID()); group.addMember(getTestUser()); root.commit(); try { Principal principal = principalProvider.getPrincipal(group.getPrincipal().getName()); assertTrue(principal instanceof GroupPrincipal); assertTrue(((GroupPrincipal) principal).isMember(getTestUser().getPrincipal())); } finally { group.remove(); root.commit(); } } }
@Override @Test public void testGetPrincipalInheritedGroups() throws Exception { ExternalUser externalUser = idp.getUser(USER_ID); for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) { ExternalIdentity externalGroup = idp.getIdentity(ref); Principal grPrincipal = principalProvider.getPrincipal(externalGroup.getPrincipalName()); for (ExternalIdentityRef inheritedGroupRef : externalGroup.getDeclaredGroups()) { String inheritedPrincName = idp.getIdentity(inheritedGroupRef).getPrincipalName(); Principal principal = principalProvider.getPrincipal(inheritedPrincName); assertNotNull(principal); assertTrue(principal instanceof GroupPrincipal); GroupPrincipal inheritedGrPrincipal = (GroupPrincipal) principal; assertTrue(inheritedGrPrincipal.isMember(new PrincipalImpl(externalUser.getPrincipalName()))); assertFalse(inheritedGrPrincipal.isMember(grPrincipal)); } } }