/** * Retrieves the repository authorizable that corresponds to the given external identity * @param external the external identity * @param type the authorizable type * @return the repository authorizable or {@code null} if not found. * @throws RepositoryException if an error occurs. * @throws SyncException if the repository contains a colliding authorizable with the same name. */ @Nullable protected <T extends Authorizable> T getAuthorizable(@NotNull ExternalIdentity external, @NotNull Class<T> type) throws RepositoryException, SyncException { Authorizable authorizable = userManager.getAuthorizable(external.getId()); if (authorizable == null) { authorizable = userManager.getAuthorizable(external.getPrincipalName()); } if (authorizable == null) { return null; } else if (type.isInstance(authorizable)) { //noinspection unchecked return (T) authorizable; } else { log.error("Unable to process external {}: {}. Colliding authorizable exists in repository.", type.getSimpleName(), external.getId()); throw new SyncException("Unexpected authorizable: " + authorizable); } }
/** * Recursively collect the principal names of the given declared group * references up to the given depth. * * @param principalNames The set used to collect the names of the group principals. * @param declaredGroupIdRefs The declared group references for a user or a group. * @param depth Configured membership nesting; the recursion will be stopped once depths is < 1. * @throws ExternalIdentityException If an error occurs while resolving the the external group references. */ private void collectPrincipalNames(@NotNull Set<String> principalNames, @NotNull Iterable<ExternalIdentityRef> declaredGroupIdRefs, long depth) throws ExternalIdentityException { boolean shortcut = (depth <= 1 && idp instanceof PrincipalNameResolver); for (ExternalIdentityRef ref : declaredGroupIdRefs) { if (shortcut) { principalNames.add(((PrincipalNameResolver) idp).fromExternalIdentityRef(ref)); } else { // get group from the IDP ExternalIdentity extId = idp.getIdentity(ref); if (extId instanceof ExternalGroup) { principalNames.add(extId.getPrincipalName()); // recursively apply further membership until the configured depth is reached if (depth > 1) { collectPrincipalNames(principalNames, extId.getDeclaredGroups(), depth - 1); } } else { log.debug("Not an external group ({}) => ignore.", extId); } } } } }
@Nullable @Override public Principal apply(ExternalIdentityRef input) { try { return new PrincipalImpl(idp.getIdentity(input).getPrincipalName()); } catch (ExternalIdentityException e) { throw new RuntimeException(e); } }; }));
@NotNull @Override public String fromExternalIdentityRef(@NotNull ExternalIdentityRef externalIdentityRef) throws ExternalIdentityException { ExternalIdentity identity = getIdentity(externalIdentityRef); if (identity == null) { throw new ExternalIdentityException(); } else { return identity.getPrincipalName(); } } }
public TestIdentity(@NotNull ExternalIdentity base) { userId = base.getId(); principalName = base.getPrincipalName(); id = base.getExternalId(); }
private void calcExpectedPrincipalNames(@NotNull ExternalIdentity identity, long depth, @NotNull Set<String> expected) throws Exception { if (depth <= 0) { return; } for (ExternalIdentityRef ref : identity.getDeclaredGroups()) { ExternalIdentity groupIdentity = idp.getIdentity(ref); expected.add(groupIdentity.getPrincipalName()); calcExpectedPrincipalNames(groupIdentity, depth-1, expected); } }
private void collectGroupPrincipals(Set<String> pNames, @NotNull Iterable<ExternalIdentityRef> declaredGroups, long depth) throws ExternalIdentityException { if (depth <= 0) { return; } for (ExternalIdentityRef ref : declaredGroups) { ExternalIdentity ei = idp.getIdentity(ref); pNames.add(ei.getPrincipalName()); collectGroupPrincipals(pNames, ei.getDeclaredGroups(), depth - 1); } }
private void collectExpectedPrincipals(Set<Principal> grPrincipals, @NotNull Iterable<ExternalIdentityRef> declaredGroups, long depth) throws Exception { if (depth <= 0) { return; } for (ExternalIdentityRef ref : declaredGroups) { ExternalIdentity ei = idp.getIdentity(ref); grPrincipals.add(new PrincipalImpl(ei.getPrincipalName())); collectExpectedPrincipals(grPrincipals, ei.getDeclaredGroups(), depth - 1); } }
GroupPrincipal getGroupPrincipal(@NotNull ExternalIdentityRef ref) throws Exception { String principalName = idp.getIdentity(ref).getPrincipalName(); Principal p = principalProvider.getPrincipal(principalName); assertNotNull(p); assertTrue(p instanceof GroupPrincipal); return (GroupPrincipal) p; }
@Test public void testGetPrincipalUnderscoreSign() throws Exception { ExternalUser externalUser = idp.getUser(USER_ID); for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) { String pName = idp.getIdentity(ref).getPrincipalName(); for (String n : new String[]{"_", "_" + pName.substring(1), pName.substring(0, pName.length() - 1) + "_"}) { assertNull(principalProvider.getPrincipal(n)); } } }
@Test public void testGetPrincipalPercentSign() throws Exception { ExternalUser externalUser = idp.getUser(USER_ID); for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) { String pName = idp.getIdentity(ref).getPrincipalName(); for (String n : new String[] {"%", "%" + pName, pName + "%", pName.charAt(0) + "%"}) { assertNull(principalProvider.getPrincipal(n)); } } }
@Test public void testGetPrincipalInheritedGroups() throws Exception { ImmutableSet<ExternalIdentityRef> declared = ImmutableSet.<ExternalIdentityRef>copyOf(idp.getUser(USER_ID).getDeclaredGroups()); for (ExternalIdentityRef ref : declared) { for (ExternalIdentityRef inheritedGroupRef : idp.getIdentity(ref).getDeclaredGroups()) { if (declared.contains(inheritedGroupRef)) { continue; } String inheritedPrincName = idp.getIdentity(inheritedGroupRef).getPrincipalName(); assertNull(principalProvider.getPrincipal(inheritedPrincName)); } } }
@Test public void testGetPrincipalGroupsWithQueryWildCard() throws Exception { ExternalUser externalUser = idp.getUser(TestIdentityProvider.ID_WILDCARD_USER); sync(externalUser); for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) { String pName = idp.getIdentity(ref).getPrincipalName(); Principal p = principalProvider.getPrincipal(pName); assertNotNull(p); assertEquals(pName, p.getName()); } }
@Override @Test public void testGetPrincipalDynamicGroup() throws Exception { for (ExternalIdentityRef ref : idp.getUser(USER_ID).getDeclaredGroups()) { String princName = idp.getIdentity(ref).getPrincipalName(); Principal principal = principalProvider.getPrincipal(princName); assertNotNull(principal); assertTrue(principal instanceof GroupPrincipal); } }
@Test public void testGetPrincipalDynamicGroup() throws Exception { for (ExternalIdentityRef ref : idp.getUser(USER_ID).getDeclaredGroups()) { String princName = idp.getIdentity(ref).getPrincipalName(); Principal principal = principalProvider.getPrincipal(princName); assertNotNull(principal); assertTrue(principal instanceof GroupPrincipal); } }
@Test public void testSyncExternalUserDepth1() throws Exception { syncConfig.user().setMembershipNestingDepth(1); ExternalUser externalUser = idp.getUser(USER_ID); sync(externalUser, SyncResult.Status.ADD); Tree tree = r.getTree(userManager.getAuthorizable(USER_ID).getPath()); PropertyState extPrincipalNames = tree.getProperty(ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES); assertNotNull(extPrincipalNames); Set<String> pNames = Sets.newHashSet(extPrincipalNames.getValue(Type.STRINGS)); for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) { assertTrue(pNames.remove(idp.getIdentity(ref).getPrincipalName())); } assertTrue(pNames.isEmpty()); }
@Override @Test public void testGetPrincipalInheritedGroups() throws Exception { ExternalUser externalUser = idp.getUser(USER_ID); for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) { ExternalIdentity externalGroup = idp.getIdentity(ref); Principal grPrincipal = principalProvider.getPrincipal(externalGroup.getPrincipalName()); for (ExternalIdentityRef inheritedGroupRef : externalGroup.getDeclaredGroups()) { String inheritedPrincName = idp.getIdentity(inheritedGroupRef).getPrincipalName(); Principal principal = principalProvider.getPrincipal(inheritedPrincName); assertNotNull(principal); assertTrue(principal instanceof GroupPrincipal); GroupPrincipal inheritedGrPrincipal = (GroupPrincipal) principal; assertTrue(inheritedGrPrincipal.isMember(new PrincipalImpl(externalUser.getPrincipalName()))); assertFalse(inheritedGrPrincipal.isMember(grPrincipal)); } } }