@Override public boolean allows(final Subject subject) throws RepositoryException { return delegate.allows(subject); } }
@Override public boolean allows(Subject subject) throws RepositoryException { return dlg.allows(subject); } }
@Override public boolean allows(Subject subject) throws RepositoryException { return dlg.allows(subject); } }
@Override public boolean allows(Subject subject) throws RepositoryException { return dlg.allows(subject); } }
@NotNull @Override public Boolean perform() throws RepositoryException { return impersonationDelegate.allows(subject); } });
@NotNull @Override public Boolean perform() throws RepositoryException { return impersonationDelegate.allows(subject); } });
@Nonnull @Override public Boolean perform() throws RepositoryException { return impersonationDelegate.allows(subject); } });
private boolean impersonate(AuthInfo info, User user) { try { if (user.getID().equals(info.getUserID())) { log.debug("User " + info.getUserID() + " wants to impersonate himself -> success."); return true; } else { log.debug("User " + info.getUserID() + " wants to impersonate " + user.getID()); Subject subject = new Subject(true, info.getPrincipals(), Collections.emptySet(), Collections.emptySet()); return user.getImpersonation().allows(subject); } } catch (RepositoryException e) { log.debug("Error while validating impersonation: {}", e.getMessage()); } return false; }
private boolean impersonate(AuthInfo info, User user) { try { if (user.getID().equals(info.getUserID())) { log.debug("User " + info.getUserID() + " wants to impersonate himself -> success."); return true; } else { log.debug("User " + info.getUserID() + " wants to impersonate " + user.getID()); Subject subject = new Subject(true, info.getPrincipals(), Collections.emptySet(), Collections.emptySet()); return user.getImpersonation().allows(subject); } } catch (RepositoryException e) { log.debug("Error while validating impersonation: {}", e.getMessage()); } return false; }
private boolean impersonate(AuthInfo info, User user) { try { if (user.getID().equals(info.getUserID())) { log.debug("User " + info.getUserID() + " wants to impersonate himself -> success."); return true; } else { log.debug("User " + info.getUserID() + " wants to impersonate " + user.getID()); Subject subject = new Subject(true, info.getPrincipals(), Collections.emptySet(), Collections.emptySet()); return user.getImpersonation().allows(subject); } } catch (RepositoryException e) { log.debug("Error while validating impersonation: {}", e.getMessage()); } return false; }
public void testImpersonatingOneself() throws RepositoryException { Subject subject = createSubject(newUser); assertFalse(impersonation.allows(subject)); }
public void testAdministratorCanImpersonate() throws RepositoryException, NotExecutableException { User admin = getTestUser(superuser); Subject subject = createSubject(admin); assertTrue(impersonation.allows(subject)); }
public void testUnknownCannotImpersonate() throws RepositoryException { Principal test = getTestPrincipal(); Subject subject = createSubject(test); assertFalse("An unknown principal should not be allowed to impersonate.", impersonation.allows(subject)); }
@Test public void testImpersonation() throws RepositoryException, NotExecutableException { Principal user2Principal = user2.getPrincipal(); Subject subject = new Subject(true, Collections.singleton(user2Principal), Collections.<Object>emptySet(), Collections.<Object>emptySet()); Impersonation impers = user.getImpersonation(); assertFalse(impers.allows(subject)); assertTrue(impers.grantImpersonation(user2Principal)); assertFalse(impers.grantImpersonation(user2Principal)); superuser.save(); assertTrue(impers.allows(subject)); assertTrue(impers.revokeImpersonation(user2Principal)); assertFalse(impers.revokeImpersonation(user2Principal)); superuser.save(); assertFalse(impers.allows(subject)); }
/** * @see <a href="https://issues.apache.org/jira/browse/JCR-2931">JCR-2931</a> */ public void testAdminImpersonatingOneself() throws RepositoryException, NotExecutableException { User admin = getTestUser(superuser); Subject subject = createSubject(admin); assertTrue(admin.getImpersonation().allows(subject)); }
public void testImpersonateGroup() throws RepositoryException, NotExecutableException { Session s = getHelper().getReadOnlySession(); try { Principal group = getTestGroup(s).getPrincipal(); Subject subject = createSubject(group); assertFalse("An group principal should not be allowed to impersonate.", impersonation.allows(subject)); } finally { s.logout(); } }
public void testAdminPrincipalAsImpersonator() throws RepositoryException, NotExecutableException { Principal adminPrincipal = new AdminPrincipal() { @Override public String getName() { return "some-admin-name"; } }; // admin cannot be add/remove to set of impersonators of 'u' but is // always allowed to impersonate that user. Impersonation impersonation = user.getImpersonation(); assertFalse(impersonation.grantImpersonation(adminPrincipal)); assertFalse(impersonation.revokeImpersonation(adminPrincipal)); assertTrue(impersonation.allows(buildSubject(adminPrincipal))); } }
public void testModifyOwnImpersonation() throws RepositoryException, NotExecutableException { User u = (User) uMgr.getAuthorizable(uID); if (!uSession.hasPermission(((UserImpl) u).getNode().getPath(), "set_property")) { throw new NotExecutableException("Users should be able to modify their properties -> Check repository config."); } Principal otherP = uMgr.getAuthorizable(otherUID).getPrincipal(); Impersonation impers = u.getImpersonation(); assertFalse(impers.allows(buildSubject(otherP))); assertTrue(impers.grantImpersonation(otherP)); save(uSession); assertTrue(impers.allows(buildSubject(otherP))); assertTrue(impers.revokeImpersonation(otherP)); save(uSession); assertFalse(impers.allows(buildSubject(otherP))); }
public void testModifyOthersImpersonators() throws RepositoryException { Principal p = uMgr.getAuthorizable(uID).getPrincipal(); User other = (User) uMgr.getAuthorizable(otherUID); try { boolean success = other.getImpersonation().grantImpersonation(p); // omit save call assertFalse("A simple user may not add itself as impersonator to another user.",success); } catch (AccessDeniedException e) { // fine as well -> access denied. } assertFalse("A simple user may not add itself as impersonator to another user.", other.getImpersonation().allows(buildSubject(p))); }
public void testSystemPrincipalAsImpersonator() throws RepositoryException { Principal systemPrincipal = new SystemPrincipal(); assertNull(userMgr.getAuthorizable(systemPrincipal)); // system cannot be add/remove to set of impersonators of 'u' nor // should it be allowed to impersonate a given user... User u = (User) userMgr.getAuthorizable(uID); Impersonation impersonation = u.getImpersonation(); assertFalse(impersonation.grantImpersonation(systemPrincipal)); assertFalse(impersonation.revokeImpersonation(systemPrincipal)); assertFalse(impersonation.allows(buildSubject(systemPrincipal))); } }