jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r653726 - in /jackrabbit/trunk: jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication...
Date Tue, 06 May 2008 09:52:56 GMT
Author: angela
Date: Tue May  6 02:52:55 2008
New Revision: 653726

URL: http://svn.apache.org/viewvc?rev=653726&view=rev
Log:
JCR-1104 : JSR 283 support (security work in progress)

- user API: improve creation of new users
- user API: add distinction between declared and indirect group membership
- user Impl: move group membership to authorizable node type
- javadoc
- minor fixes/improvements

Modified:
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AbstractUserTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/ImpersonationTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerCreateUserTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserManagerImplTest.java

Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/UserManager.java Tue May  6 02:52:55 2008
@@ -17,7 +17,6 @@
 package org.apache.jackrabbit.api.security.user;
 
 import javax.jcr.RepositoryException;
-import javax.jcr.Credentials;
 import java.security.Principal;
 import java.util.Iterator;
 
@@ -63,19 +62,20 @@
     Iterator findAuthorizable(String propertyName, String value) throws RepositoryException;
 
     /**
-     * Creates an User for the given userID that authenitcates with the given
-     * {@link javax.jcr.Credentials Credentials}.<br>
-     * Neither of the specified parameters can be <code>null</code>.
+     * Creates an User for the given userID / password pair; neither of the
+     * specified parameters can be <code>null</code>.<br>
+     * Same as {@link #createUser(String,String,Principal,String)} where
+     * the specified userID is equal to the principal name and the intermediate
+     * path is <code>null</code>.
      *
      * @param userID
-     * @param credentials
-     * @param principal
+     * @param password The initial password of this user.
      * @return The new <code>User</code>.
      * @throws AuthorizableExistsException in case the given userID is already
      * in use or another Authorizable with the same principal name exists.
      * @throws RepositoryException If another error occurs.
      */
-    User createUser(String userID, Credentials credentials, Principal principal) throws AuthorizableExistsException, RepositoryException;
+    User createUser(String userID, String password) throws AuthorizableExistsException, RepositoryException;
 
     /**
      * Creates an User for the given userID that authenitcates with the given
@@ -87,7 +87,7 @@
      * parameters can be <code>null</code>.
      *
      * @param userID
-     * @param credentials
+     * @param password
      * @param principal
      * @param intermediatePath
      * @return The new <code>User</code>.
@@ -96,7 +96,7 @@
      * @throws RepositoryException If the current Session is
      * not allowed to create users or some another error occurs.
      */
-    User createUser(String userID, Credentials credentials, Principal principal,
+    User createUser(String userID, String password, Principal principal,
                     String intermediatePath) throws AuthorizableExistsException, RepositoryException;
 
     /**

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java Tue May  6 02:52:55 2008
@@ -53,7 +53,6 @@
 import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
-import javax.jcr.SimpleCredentials;
 import javax.security.auth.Subject;
 import java.security.Principal;
 import java.util.HashMap;
@@ -408,8 +407,7 @@
         if (adminId != null) {
             Authorizable admin = systemUserManager.getAuthorizable(adminId);
             if (admin == null) {
-                Credentials creds = new SimpleCredentials(adminId, adminId.toCharArray());
-                admin = systemUserManager.createUser(adminId, creds, new PrincipalImpl(adminId));
+                admin = systemUserManager.createUser(adminId, adminId);
                 log.info("...created admin-user with id \'" + adminId + "\' ...");
                 admins.addMember(admin);
                 log.info("...added admin \'" + adminId + "\' as member of the administrators group.");
@@ -419,8 +417,7 @@
         if (anonymousId != null) {
             Authorizable anonymous = systemUserManager.getAuthorizable(anonymousId);
             if (anonymous == null) {
-                Credentials creds = new SimpleCredentials(anonymousId, new char[0]);
-                systemUserManager.createUser(anonymousId, creds, new PrincipalImpl(anonymousId));
+                systemUserManager.createUser(anonymousId, "");
                 log.info("...created anonymous-user with id \'" + anonymousId + "\' ...");
             }
         }

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java Tue May  6 02:52:55 2008
@@ -60,7 +60,7 @@
         if (algo == null) {
             // password is plain text
             algorithm = SecurityConstants.DEFAULT_DIGEST;
-            cryptedPassword = crypt(algorithm, password);
+            cryptedPassword = crypt(password, algorithm);
         } else {
             // password is already encrypted
             algorithm = algo;
@@ -75,18 +75,15 @@
     }
 
     public CryptedSimpleCredentials(String userId, String password) throws NoSuchAlgorithmException, UnsupportedEncodingException {
-        if (userId == null || userId.length() == 0) {
-            throw new IllegalArgumentException();
-        }
-        if (password == null) {
-            throw new IllegalArgumentException();
+        if (userId == null || userId.length() == 0 || password == null) {
+            throw new IllegalArgumentException("Invalid userID or password. Neither may be null, the userID must have a length > 0.");
         }
         this.userId = userId;
         String algo =  getAlgorithm(password);
         if (algo == null) {
             // password is plain text
             algorithm = SecurityConstants.DEFAULT_DIGEST;
-            cryptedPassword = crypt(algorithm, password);
+            cryptedPassword = crypt(password, algorithm);
         } else {
             // password is already encrypted
             algorithm = algo;
@@ -121,8 +118,8 @@
      * it with the current Digest.
      *
      * @param credentials
-     * @return true if {@link SimpleCredentials#getUserID() UserID}
-     *              and {@link SimpleCredentials#getPassword() Password} match
+     * @return true if {@link SimpleCredentials#getUserID() UserID} and
+     * {@link SimpleCredentials#getPassword() Password} match.
      * @throws NoSuchAlgorithmException
      * @throws UnsupportedEncodingException
      */
@@ -135,10 +132,10 @@
 
             if (algr == null && algorithm != null) {
                 // uncrypted pw to match -> crypt with algorithm present here.
-                return crypt(algorithm, toMatch).equals(cryptedPassword);
+                return crypt(toMatch, algorithm).equals(cryptedPassword);
             } else if (algr != null && algorithm == null) {
                 // crypted pw to match but unkown algorithm here -> crypt this pw
-                return crypt(cryptedPassword, algr).equals(toMatch);
+                return crypt(algr, cryptedPassword).equals(toMatch);
             }
 
             // both pw to compare define a algorithm and are crypted
@@ -148,7 +145,7 @@
         return false;
     }
 
-    private static String crypt(String algorithm, String pwd)
+    private static String crypt(String pwd, String algorithm)
             throws NoSuchAlgorithmException, UnsupportedEncodingException {
 
         StringBuffer password = new StringBuffer();

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java Tue May  6 02:52:55 2008
@@ -27,6 +27,7 @@
 import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials;
 import org.apache.jackrabbit.core.security.principal.ItemBasedPrincipal;
+import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.spi.Name;
 import org.apache.jackrabbit.spi.commons.name.NameConstants;
 import org.apache.jackrabbit.util.Text;
@@ -34,13 +35,11 @@
 import org.slf4j.LoggerFactory;
 
 import javax.jcr.AccessDeniedException;
-import javax.jcr.Credentials;
 import javax.jcr.Item;
 import javax.jcr.ItemExistsException;
 import javax.jcr.Node;
 import javax.jcr.NodeIterator;
 import javax.jcr.RepositoryException;
-import javax.jcr.SimpleCredentials;
 import javax.jcr.Value;
 import javax.jcr.lock.LockException;
 import javax.jcr.nodetype.ConstraintViolationException;
@@ -147,7 +146,6 @@
     /**
      * Creates a new Node on the repository with the specified
      * <code>userName</code>.<br>
-     * The <code>userID</code> is expected to be a valid JCR-<code>Name</code>.
      * The User will be created relative to path of the User who represents the
      * Session this UserManager has been created for.<br>
      * If the {@link javax.jcr.Credentials Credentials} are of type
@@ -155,29 +153,28 @@
      * crypted.
      *
      * @param userID
-     * @param credentials
-     * @see UserManager#createUser(String, Credentials, Principal principal)
+     * @param password
+     * @see UserManager#createUser(String,String)
      * @inheritDoc
      */
-    public User createUser(String userID, Credentials credentials,
-                           Principal principal) throws RepositoryException {
-        return createUser(userID, credentials, principal, null);
+    public User createUser(String userID, String password) throws RepositoryException {
+        return createUser(userID, password, new PrincipalImpl(userID), null);
     }
 
     /**
      *
      * @param userID
-     * @param credentials
+     * @param password
      * @param principal
      * @param intermediatePath
      * @return
      * @throws AuthorizableExistsException
      * @throws RepositoryException
      */
-    public User createUser(String userID, Credentials credentials,
+    public User createUser(String userID, String password,
                            Principal principal, String intermediatePath)
             throws AuthorizableExistsException, RepositoryException {
-        if (userID == null || credentials == null || principal == null) {
+        if (userID == null || password == null || principal == null) {
             throw new IllegalArgumentException("Not possible to create user with null parameters");
         }
         if (getAuthorizable(userID) != null) {
@@ -186,11 +183,6 @@
         if (hasAuthorizableOrReferee(principal)) {
             throw new AuthorizableExistsException("Authorizable for '" + principal.getName() + "' already exists");
         }
-        if (!(credentials instanceof SimpleCredentials)) {
-            throw new RepositoryException("SimpleCredentials required. Found " + credentials.getClass());
-        } else if (!userID.equals(((SimpleCredentials) credentials).getUserID())) {
-            throw new RepositoryException("UserID mismatch: " + userID + " <-> " + ((SimpleCredentials) credentials).getUserID());
-        }
 
         NodeImpl parent = null;
         try {
@@ -200,8 +192,8 @@
             Name nodeName = session.getQName(Text.escapeIllegalJcrChars(userID));
             NodeImpl userNode = addSecurityNode(parent, nodeName, NT_REP_USER);
 
-            setSecurityProperty(userNode, P_USERID, getValue(userID));
-            CryptedSimpleCredentials creds = new CryptedSimpleCredentials((SimpleCredentials) credentials);
+            CryptedSimpleCredentials creds = new CryptedSimpleCredentials(userID, password);
+            setSecurityProperty(userNode, P_USERID, getValue(creds.getUserID()));
             setSecurityProperty(userNode, P_PASSWORD, getValue(creds.getPassword()));
             setSecurityProperty(userNode, P_PRINCIPAL_NAME, getValue(principal.getName()));
             parent.save();

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AbstractUserTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AbstractUserTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AbstractUserTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AbstractUserTest.java Tue May  6 02:52:55 2008
@@ -19,22 +19,26 @@
 import org.apache.jackrabbit.api.JackrabbitSession;
 import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.core.security.TestPrincipal;
+import org.apache.jackrabbit.core.security.SecurityConstants;
 import org.apache.jackrabbit.test.AbstractJCRTest;
 import org.apache.jackrabbit.test.NotExecutableException;
 import org.apache.jackrabbit.uuid.UUID;
+import org.apache.jackrabbit.util.Text;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.jcr.Credentials;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
-import javax.jcr.SimpleCredentials;
 import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.jcr.Credentials;
+import javax.jcr.SimpleCredentials;
 import javax.security.auth.Subject;
 import java.security.Principal;
+import java.security.NoSuchAlgorithmException;
 import java.util.Collections;
 import java.util.Iterator;
 import java.util.Set;
+import java.io.UnsupportedEncodingException;
 
 /**
  * <code>AbstractUserTest</code>...
@@ -74,13 +78,29 @@
         return p;
     }
 
-    protected Credentials buildCredentials(String uid, String pw) {
-        // todo: retrieve creds impl from config
-        return new SimpleCredentials(uid, pw.toCharArray());
+    protected String buildPassword(String uid, boolean createDigest) throws IllegalArgumentException {
+        if (createDigest) {
+            try {
+                StringBuffer password = new StringBuffer();
+                password.append("{").append(SecurityConstants.DEFAULT_DIGEST).append("}");
+                password.append(Text.digest(SecurityConstants.DEFAULT_DIGEST, uid.getBytes("UTF-8")));
+                return password.toString();
+            } catch (NoSuchAlgorithmException e) {
+                throw new IllegalArgumentException(e);
+            } catch (UnsupportedEncodingException e) {
+                throw new IllegalArgumentException(e);
+            }
+        } else {
+            return uid;
+        }
+    }
+
+    protected String buildPassword(Principal p) {
+        return buildPassword(p.getName(), false);
     }
 
-    protected Credentials buildCredentials(Principal p) {
-        return buildCredentials(p.getName(), p.getName());
+    protected Credentials buildCredentials(String uID, String pw) {
+        return new SimpleCredentials(uID, pw.toCharArray());
     }
 
     protected static Set getPrincipalSetFromSession(Session session) throws NotExecutableException {

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/ImpersonationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/ImpersonationTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/ImpersonationTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/ImpersonationTest.java Tue May  6 02:52:55 2008
@@ -41,8 +41,9 @@
         super.setUp();
 
         Principal test = getTestPrincipal();
-        Credentials creds = buildCredentials(test);
-        newUser = userMgr.createUser(test.getName(), creds, test);
+        String pw = buildPassword(test);
+        Credentials creds = buildCredentials(test.getName(), pw);
+        newUser = userMgr.createUser(test.getName(), pw);
         impersonation = newUser.getImpersonation();
     }
 
@@ -85,7 +86,7 @@
         User u = null;
         Principal test = getTestPrincipal();
         try {
-            u = userMgr.createUser(test.getName(), buildCredentials(test), test);
+            u = userMgr.createUser(test.getName(), buildPassword(test));
             assertTrue("Admin should be allowed to edit impersonation and grant to another test-user.", impersonation.grantImpersonation(test));
         }  finally {
             impersonation.revokeImpersonation(test);
@@ -99,7 +100,7 @@
         Principal test = getTestPrincipal();
         User u = null;
         try {
-            u = userMgr.createUser(test.getName(), buildCredentials(test), test);
+            u = userMgr.createUser(test.getName(), buildPassword(test));
             impersonation.grantImpersonation(test);
             // try again
             assertFalse("Granting impersonation twice should not succeed.", impersonation.grantImpersonation(test));
@@ -115,7 +116,7 @@
         User u = null;
         Principal test = getTestPrincipal();
         try {
-            u = userMgr.createUser(test.getName(), buildCredentials(test), test);
+            u = userMgr.createUser(test.getName(), buildPassword(test));
             impersonation.grantImpersonation(test);
 
             assertTrue(impersonation.revokeImpersonation(test));
@@ -130,7 +131,7 @@
         User u = null;
         Principal test = getTestPrincipal();
         try {
-            u = userMgr.createUser(test.getName(), buildCredentials(test), test);
+            u = userMgr.createUser(test.getName(), buildPassword(test));
             impersonation.grantImpersonation(test);
             impersonation.revokeImpersonation(test);
             // try again
@@ -187,7 +188,7 @@
     }
 
     private Subject createSubject(Principal p) throws RepositoryException {
-        Set creds = Collections.singleton(buildCredentials(p));
+        Set creds = Collections.singleton(buildCredentials(p.getName(), buildPassword(p)));
         Subject subject = new Subject(true, Collections.singleton(p), creds, creds);
         return subject;
     }

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerCreateUserTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerCreateUserTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerCreateUserTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserManagerCreateUserTest.java Tue May  6 02:52:55 2008
@@ -19,7 +19,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.jcr.Credentials;
 import javax.jcr.RepositoryException;
 import java.security.Principal;
 import java.util.ArrayList;
@@ -51,7 +50,7 @@
     public void testCreateUser() throws RepositoryException {
         Principal p = getTestPrincipal();
         String uid = p.getName();
-        User user = userMgr.createUser(uid, buildCredentials(uid, uid), p);
+        User user = userMgr.createUser(uid, buildPassword(uid, false));
         createdUsers.add(user);
 
         assertNotNull(user.getID());
@@ -61,7 +60,17 @@
     public void testCreateUserWithPath() throws RepositoryException {
         Principal p = getTestPrincipal();
         String uid = p.getName();
-        User user = userMgr.createUser(uid, buildCredentials(uid, uid), p, "/any/path/to/the/new/user");
+        User user = userMgr.createUser(uid, buildPassword(uid, true), p, "/any/path/to/the/new/user");
+        createdUsers.add(user);
+
+        assertNotNull(user.getID());
+        assertEquals(p.getName(), user.getPrincipal().getName());
+    }
+
+    public void testCreateUserWithDifferentPrincipalName() throws RepositoryException {
+        Principal p = getTestPrincipal();
+        String uid = getTestPrincipal().getName();
+        User user = userMgr.createUser(uid, buildPassword(uid, true), p, "/any/path/to/the/new/user");
         createdUsers.add(user);
 
         assertNotNull(user.getID());
@@ -70,7 +79,16 @@
 
     public void testCreateUserWithNullParamerters() throws RepositoryException {
         try {
-            User user = userMgr.createUser(null, null, null);
+            User user = userMgr.createUser(null, null);
+            createdUsers.add(user);
+
+            fail("A User cannot be built from 'null' parameters");
+        } catch (Exception e) {
+            // ok
+        }
+
+        try {
+            User user = userMgr.createUser(null, null, null, null);
             createdUsers.add(user);
 
             fail("A User cannot be built from 'null' parameters");
@@ -82,8 +100,7 @@
     public void testCreateUserWithNullUserID() throws RepositoryException {
         try {
             Principal p = getTestPrincipal();
-            Credentials creds = buildCredentials(p.getName(), "");
-            User user = userMgr.createUser(null, creds, p);
+            User user = userMgr.createUser(null, "anyPW");
             createdUsers.add(user);
 
             fail("A User cannot be built with 'null' userID");
@@ -92,11 +109,48 @@
         }
     }
 
+    public void testCreateUserWithEmptyUserID() throws RepositoryException {
+        try {
+            User user = userMgr.createUser("", "anyPW");
+            createdUsers.add(user);
+
+            fail("A User cannot be built with 'null' userID");
+        } catch (Exception e) {
+            // ok
+        }
+        try {
+            User user = userMgr.createUser("", "anyPW", getTestPrincipal(), null);
+            createdUsers.add(user);
+
+            fail("A User cannot be built with 'null' userID");
+        } catch (Exception e) {
+            // ok
+        }
+    }
+
+    public void testCreateUserWithNullPassword() throws RepositoryException {
+        try {
+            Principal p = getTestPrincipal();
+            User user = userMgr.createUser(p.getName(), null);
+            createdUsers.add(user);
+
+            fail("A User cannot be built with 'null' password");
+        } catch (Exception e) {
+            // ok
+        }
+    }
+
+    public void testCreateUserWithEmptyPassword() throws RepositoryException {
+        Principal p = getTestPrincipal();
+        User user = userMgr.createUser(p.getName(), "");
+        createdUsers.add(user);
+    }
+
     public void testCreateUserWithNullPrincipal() throws RepositoryException {
         try {
             Principal p = getTestPrincipal();
             String uid = p.getName();
-            User user = userMgr.createUser(uid, buildCredentials(uid, uid), null);
+            User user = userMgr.createUser(uid, buildPassword(uid, true), null, "/a/b/c");
             createdUsers.add(user);
 
             fail("A User cannot be built with 'null' Principal");
@@ -106,15 +160,12 @@
     }
 
     public void testCreateTwiceWithSameUserID() throws RepositoryException {
-        Principal p = getTestPrincipal();
-        String uid = p.getName();
-        Credentials creds = buildCredentials(uid, uid);
-        User user = userMgr.createUser(uid, creds, p);
+        String uid = getTestPrincipal().getName();
+        User user = userMgr.createUser(uid, buildPassword(uid, false));
         createdUsers.add(user);
 
         try {
-            p = getTestPrincipal();
-            User user2 = userMgr.createUser(uid, creds, p);
+            User user2 = userMgr.createUser(uid, buildPassword("anyPW", true));
             createdUsers.add(user2);
 
             fail("Creating 2 users with the same UserID should throw AuthorizableExistsException.");
@@ -126,15 +177,12 @@
     public void testCreateTwiceWithSamePrincipal() throws RepositoryException {
         Principal p = getTestPrincipal();
         String uid = p.getName();
-        Credentials creds = buildCredentials(uid, uid);
-        User user = userMgr.createUser(uid, creds, p);
+        User user = userMgr.createUser(uid, buildPassword(uid, true), p, "a/b/c");
         createdUsers.add(user);
 
         try {
             uid = getTestPrincipal().getName();
-            creds = buildCredentials(uid, uid);
-
-            User user2 = userMgr.createUser(uid, creds, p);
+            User user2 = userMgr.createUser(uid, buildPassword(uid, false), p, null);
             createdUsers.add(user2);
 
             fail("Creating 2 users with the same Principal should throw AuthorizableExistsException.");
@@ -147,7 +195,7 @@
         Principal p = getTestPrincipal();
         String uid = p.getName();
 
-        User user = userMgr.createUser(uid, buildCredentials(uid, uid), p);
+        User user = userMgr.createUser(uid, buildPassword(uid, false));
         createdUsers.add(user);
 
         assertNotNull(userMgr.getAuthorizable(user.getID()));

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java Tue May  6 02:52:55 2008
@@ -49,7 +49,7 @@
  */
 public abstract class AbstractEvaluationTest extends AbstractAccessControlTest {
 
-    protected static final long DEFAULT_WAIT_TIMEOUT = 5000;
+    protected static final long DEFAULT_WAIT_TIMEOUT = 50;
 
     protected Credentials creds;
     protected User testUser;
@@ -72,11 +72,13 @@
 
         UserManager uMgr = getUserManager(superuser);
         Principal princ = new TestPrincipal("anyUser");
-        creds = new SimpleCredentials("anyUser", "anyUser".toCharArray());
+        String uid = "anyUser";
+        String pw = "anyUser";
+        creds = new SimpleCredentials(uid, pw.toCharArray());
 
         Authorizable a = uMgr.getAuthorizable(princ);
         if (a == null) {
-            testUser = uMgr.createUser("anyUser", creds, princ);
+            testUser = uMgr.createUser(uid, pw);
         } else if (a.isGroup()) {
             throw new NotExecutableException();
         } else {
@@ -140,19 +142,45 @@
     protected abstract String[] getRestrictions(String path);
 
     protected PolicyTemplate givePrivileges(String nPath, int privileges, String[] restrictions) throws NotExecutableException, RepositoryException {
-        PolicyTemplate tmpl = getPolicyTemplate(acMgr, nPath);
-        tmpl.setEntry(createEntry(testUser.getPrincipal(), privileges, true, restrictions));
-        acMgr.setPolicy(tmpl.getPath(), tmpl);
-        superuser.save();
-        return tmpl;
+        ObservationManager obsMgr = superuser.getWorkspace().getObservationManager();
+        EventResult listener = new EventResult(((JUnitTest) this).log);
+        try {
+            obsMgr.addEventListener(listener, Event.PROPERTY_CHANGED, nPath,
+                    true, new String[0], new String[] {"rep:ACE"}, false);
+
+            PolicyTemplate tmpl = getPolicyTemplate(acMgr, nPath);
+            tmpl.setEntry(createEntry(testUser.getPrincipal(), privileges, true, restrictions));
+            acMgr.setPolicy(tmpl.getPath(), tmpl);
+            superuser.save();
+
+            obsMgr.removeEventListener(listener);
+            Event[] evts = listener.getEvents(DEFAULT_WAIT_TIMEOUT);
+
+            return tmpl;
+        } finally {
+            obsMgr.removeEventListener(listener);
+        }
     }
 
     protected PolicyTemplate withdrawPrivileges(String nPath, int privileges, String[] restrictions) throws NotExecutableException, RepositoryException {
-        PolicyTemplate tmpl = getPolicyTemplate(acMgr, nPath);
-        tmpl.setEntry(createEntry(testUser.getPrincipal(), privileges, false, restrictions));
-        acMgr.setPolicy(tmpl.getPath(), tmpl);
-        superuser.save();
-        return tmpl;
+        ObservationManager obsMgr = superuser.getWorkspace().getObservationManager();
+        EventResult listener = new EventResult(((JUnitTest) this).log);
+        try {
+            obsMgr.addEventListener(listener, Event.PROPERTY_CHANGED | Event.PROPERTY_REMOVED, nPath,
+                    true, new String[0], new String[] {"rep:ACE"}, false);
+
+            PolicyTemplate tmpl = getPolicyTemplate(acMgr, nPath);
+            tmpl.setEntry(createEntry(testUser.getPrincipal(), privileges, false, restrictions));
+            acMgr.setPolicy(tmpl.getPath(), tmpl);
+            superuser.save();
+
+            obsMgr.removeEventListener(listener);
+            Event[] evts = listener.getEvents(DEFAULT_WAIT_TIMEOUT);
+
+            return tmpl;
+        } finally {
+            obsMgr.removeEventListener(listener);
+        }
     }
 
     protected void checkReadOnly(String path) throws RepositoryException {

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationTest.java Tue May  6 02:52:55 2008
@@ -131,6 +131,7 @@
                 testUser.getPrincipal(),
                 new Privilege[] {PrivilegeRegistry.WRITE_PRIVILEGE});
         testSession.save();
+
         assertTrue(testAcMgr.hasPrivileges(path,
                 new Privilege[] {PrivilegeRegistry.REMOVE_CHILD_NODES_PRIVILEGE}));
 

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProviderTest.java Tue May  6 02:52:55 2008
@@ -75,7 +75,7 @@
         Group gr1 = null;
         Group gr2 = null;
         try {
-            u = userMgr.createUser(up.getName(), buildCredentials(up), up);
+            u = userMgr.createUser(up.getName(), buildPassword(up));
             gr1 = userMgr.createGroup(getTestPrincipal());
             gr2 = userMgr.createGroup(getTestPrincipal());
 

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/GroupAdministratorTest.java Tue May  6 02:52:55 2008
@@ -56,19 +56,20 @@
 
         // create a first user
         Principal p = getTestPrincipal();
-        UserImpl pUser = (UserImpl) userMgr.createUser(p.getName(), buildCredentials(p), p);
+        UserImpl pUser = (UserImpl) userMgr.createUser(p.getName(), buildPassword(p));
         parentUID = pUser.getID();
 
         // create a second user 'below' the first user and make it group-admin
         p = getTestPrincipal();
-        Credentials creds = buildCredentials(p);
-        User u = userMgr.createUser(p.getName(), creds, p, pUser.getNode().getPath());
+        String pw = buildPassword(p);
+        Credentials creds = buildCredentials(p.getName(), pw);
+        User u = userMgr.createUser(p.getName(), pw, p, pUser.getNode().getPath());
         uID = u.getID();
         uPath = ((UserImpl) u).getNode().getPath();
 
         // create a third child user below
         p = getTestPrincipal();
-        childUID = userMgr.createUser(p.getName(), buildCredentials(p), p, uPath).getID();
+        childUID = userMgr.createUser(p.getName(), buildPassword(p), p, uPath).getID();
 
         // make other user a group-administrator:
         Authorizable groupAdmin = userMgr.getAuthorizable(UserConstants.GROUP_ADMIN_GROUP_NAME);
@@ -116,7 +117,7 @@
         // create a new user -> must succeed and user must be create below 'other'
         try {
             Principal p = getTestPrincipal();
-            u = (UserImpl) umgr.createUser(p.getName(), buildCredentials(p), p);
+            u = (UserImpl) umgr.createUser(p.getName(), buildPassword(p));
             fail("Group administrator should not be allowed to create a new user.");
             u.remove();
         } catch (AccessDeniedException e) {
@@ -339,9 +340,9 @@
             // let superuser create a group and a user a make user member of group
             nGr = userMgr.createGroup(getTestPrincipal());
             Principal p = getTestPrincipal();
-            nUs = userMgr.createUser(p.getName(), buildCredentials(p), p);
+            nUs = userMgr.createUser(p.getName(), buildPassword(p));
             p = getTestPrincipal();
-            nUs2 = userMgr.createUser(p.getName(), buildCredentials(p), p);
+            nUs2 = userMgr.createUser(p.getName(), buildPassword(p));
             nGr.addMember(nUs);
             nGr.addMember(nUs2);
 
@@ -380,7 +381,7 @@
             // let superuser create a group and a user a make user member of group
             nGr = userMgr.createGroup(getTestPrincipal());
             Principal p = getTestPrincipal();
-            nUs = userMgr.createUser(p.getName(), buildCredentials(p), p);
+            nUs = userMgr.createUser(p.getName(), buildPassword(p));
             nGr.addMember(nUs);
 
             Group gr = (Group) getUserManager(uSession).getAuthorizable(nGr.getID());

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java Tue May  6 02:52:55 2008
@@ -51,16 +51,18 @@
         // create a first user and retrieve the UserManager from the session
         // created for that new user.
         Principal p = getTestPrincipal();
-        creds = buildCredentials(p);
-        UserImpl u = (UserImpl) userMgr.createUser(p.getName(), creds, p);
+        String pw = buildPassword(p);
+        creds = buildCredentials(p.getName(), pw);
+        UserImpl u = (UserImpl) userMgr.createUser(p.getName(), pw);
         uID = u.getID();
         uSession = helper.getRepository().login(creds);
         uMgr = getUserManager(uSession);
 
         // create a second user 'below' the first user.
         p = getTestPrincipal();
-        otherCreds = buildCredentials(p);
-        User u2 = userMgr.createUser(p.getName(), otherCreds, p, u.getNode().getPath());
+        pw = buildPassword(p);
+        otherCreds = buildCredentials(p.getName(), pw);
+        User u2 = userMgr.createUser(p.getName(), pw, p, u.getNode().getPath());
         otherUID = u2.getID();
     }
 

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.java Tue May  6 02:52:55 2008
@@ -28,9 +28,9 @@
 import org.slf4j.LoggerFactory;
 
 import javax.jcr.AccessDeniedException;
-import javax.jcr.Credentials;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
 import java.security.Principal;
 import java.util.Iterator;
 
@@ -53,13 +53,13 @@
         // create a first user and retrieve the UserManager from the session
         // created for that new user.
         Principal p = getTestPrincipal();
-        Credentials creds = buildCredentials(p);
-        UserImpl u = (UserImpl) userMgr.createUser(p.getName(), creds, p);
+        String pw = buildPassword(p);
+        UserImpl u = (UserImpl) userMgr.createUser(p.getName(), pw);
         uID = u.getID();
         uPath = u.getNode().getPath();
 
         // create a session for the other user.
-        uSession = helper.getRepository().login(creds);
+        uSession = helper.getRepository().login(new SimpleCredentials(uID, pw.toCharArray()));
         uMgr = getUserManager(uSession);
     }
 
@@ -80,7 +80,7 @@
     public void testCreateUser() {
         try {
             Principal p = getTestPrincipal();
-            User u = uMgr.createUser(p.getName(), buildCredentials(p), p);
+            User u = uMgr.createUser(p.getName(), buildPassword(p));
             fail("A non-UserAdmin should not be allowed to create a new User.");
 
             // clean-up: let superuser remove the user created by fault.
@@ -96,7 +96,7 @@
     public void testCreateUserWithItermediatePath() {
         try {
             Principal p = getTestPrincipal();
-            User u = uMgr.createUser(p.getName(), buildCredentials(p), p, "/any/intermediate/path");
+            User u = uMgr.createUser(p.getName(), buildPassword(p), p, "/any/intermediate/path");
             fail("A non-UserAdmin should not be allowed to create a new User.");
 
             // clean-up: let superuser remove the user created by fault.
@@ -122,7 +122,7 @@
     public void testRemoveChildUser() throws RepositoryException {
         // let superuser create a child-user.
         Principal p = getTestPrincipal();
-        String childID = userMgr.createUser(p.getName(), buildCredentials(p), p, uPath).getID();
+        String childID = userMgr.createUser(p.getName(), buildPassword(p), p, uPath).getID();
         try {
             Authorizable a = uMgr.getAuthorizable(childID);
             a.remove();
@@ -141,7 +141,7 @@
     public void testRemoveOtherUser() throws RepositoryException {
         // let superuser create a child-user.
         Principal p = getTestPrincipal();
-        String childID = userMgr.createUser(p.getName(), buildCredentials(p), p, "/any/intermediate/path").getID();
+        String childID = userMgr.createUser(p.getName(), buildPassword(p), p, "/any/intermediate/path").getID();
         try {
             Authorizable a = uMgr.getAuthorizable(childID);
             a.remove();
@@ -160,7 +160,7 @@
     public void testModifyImpersonation() throws RepositoryException {
         // let superuser create a child-user.
         Principal p = getTestPrincipal();
-        Authorizable child = userMgr.createUser(p.getName(), buildCredentials(p), p, uPath);
+        Authorizable child = userMgr.createUser(p.getName(), buildPassword(p), p, uPath);
         try {
             p = child.getPrincipal();
 
@@ -182,15 +182,14 @@
     public void testModifyImpersonationOfChildUser() throws RepositoryException {
         // let superuser create a child-user.
         Principal p = getTestPrincipal();
-        String childID = userMgr.createUser(p.getName(), buildCredentials(p), p, uPath).getID();
+        String childID = userMgr.createUser(p.getName(), buildPassword(p), p, uPath).getID();
         try {
-            Authorizable a = uMgr.getAuthorizable(childID);
+            Authorizable child = uMgr.getAuthorizable(childID);
 
-            Impersonation impers = ((User) a).getImpersonation();
+            Impersonation impers = ((User) child).getImpersonation();
             Principal himselfP = uMgr.getAuthorizable(uID).getPrincipal();
             assertFalse(impers.allows(buildSubject(himselfP)));
-            assertTrue(impers.grantImpersonation(himselfP));
-            assertFalse(impers.allows(buildSubject(himselfP)));
+            impers.grantImpersonation(himselfP);
             fail("A non-administrator user should not be allowed modify Impersonation of a child user.");
         } catch (AccessDeniedException e) {
             // success

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAdministratorTest.java Tue May  6 02:52:55 2008
@@ -56,13 +56,14 @@
         // create a first user and retrieve the UserManager from the session
         // created for that new user.
         Principal p = getTestPrincipal();
-        UserImpl u = (UserImpl) userMgr.createUser(p.getName(), buildCredentials(p), p);
+        UserImpl u = (UserImpl) userMgr.createUser(p.getName(), buildPassword(p));
         uID = u.getID();
 
         // create a second user 'below' the first user.
         p = getTestPrincipal();
-        Credentials otherCreds = buildCredentials(p);
-        User other = userMgr.createUser(p.getName(), otherCreds, p, u.getNode().getPath());
+        String pw = buildPassword(p);
+        Credentials otherCreds = buildCredentials(p.getName(), pw);
+        User other = userMgr.createUser(p.getName(), pw, p, u.getNode().getPath());
         otherUID = other.getID();
         otherPath = ((UserImpl) other).getNode().getPath();
 
@@ -117,7 +118,7 @@
         // create a new user -> must succeed and user must be create below 'other'
         try {
             Principal p = getTestPrincipal();
-            u = (UserImpl) umgr.createUser(p.getName(), buildCredentials(p), p);
+            u = (UserImpl) umgr.createUser(p.getName(), buildPassword(p));
             assertTrue(Text.isDescendant(otherPath, u.getNode().getPath()));
         } finally {
             if (u != null) {
@@ -133,7 +134,7 @@
         // -> must succeed and user must be create below 'other'
         try {
             Principal p = getTestPrincipal();
-            u = (UserImpl) umgr.createUser(p.getName(), buildCredentials(p), p, "/some/intermediate/path");
+            u = (UserImpl) umgr.createUser(p.getName(), buildPassword(p), p, "/some/intermediate/path");
             assertTrue(Text.isDescendant(otherPath, u.getNode().getPath()));
             assertTrue(Text.isDescendant(otherPath + "/some/intermediate/path", u.getNode().getPath()));
         } finally {
@@ -175,7 +176,7 @@
         // create a new user -> must succeed and user must be create below 'other'
         try {
             Principal p = getTestPrincipal();
-            u = umgr.createUser(p.getName(), buildCredentials(p), p);
+            u = umgr.createUser(p.getName(), buildPassword(p));
 
             Impersonation impers = u.getImpersonation();
             assertFalse(impers.allows(buildSubject(otherP)));
@@ -248,7 +249,7 @@
         Principal cp = getTestPrincipal();
         User childU = null;
         try {
-            childU = umgr.createUser(cp.getName(), buildCredentials(cp), cp);
+            childU = umgr.createUser(cp.getName(), buildPassword(cp));
             for (Iterator it = ((UserManagerImpl) umgr).findGroups(""); it.hasNext();) {
                 Group gr = (Group) it.next();
                 try {

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java Tue May  6 02:52:55 2008
@@ -29,6 +29,7 @@
 import javax.jcr.Credentials;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
 import java.security.Principal;
 
 /**
@@ -47,8 +48,9 @@
         super.setUp();
 
         Principal p = getTestPrincipal();
-        creds = buildCredentials(p);
-        User u = userMgr.createUser(p.getName(), creds, p);
+        String pw = buildPassword(p);
+        creds = new SimpleCredentials(p.getName(), pw.toCharArray());
+        User u = userMgr.createUser(p.getName(), pw);
         uID = u.getID();
         uSession = helper.getRepository().login(creds);
         uMgr = getUserManager(uSession);

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserManagerImplTest.java?rev=653726&r1=653725&r2=653726&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserManagerImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserManagerImplTest.java Tue May  6 02:52:55 2008
@@ -26,9 +26,11 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.jcr.Credentials;
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
+import javax.jcr.Credentials;
+import javax.jcr.SimpleCredentials;
+import javax.jcr.Session;
 import javax.jcr.nodetype.ConstraintViolationException;
 import java.security.Principal;
 import java.util.Iterator;
@@ -95,10 +97,10 @@
     public void testRemoveUserRemovesTree() throws RepositoryException {
         // create 2 new users. the second as child of the first.
         Principal p = getTestPrincipal();
-        User u = userMgr.createUser(p.getName(), buildCredentials(p), p);
+        User u = userMgr.createUser(p.getName(), buildPassword(p));
         String uID = u.getID();
         p = getTestPrincipal();
-        User u2 = userMgr.createUser(p.getName(), buildCredentials(p), p, ((UserImpl)u).getNode().getPath());
+        User u2 = userMgr.createUser(p.getName(), buildPassword(p), p, ((UserImpl)u).getNode().getPath());
         String u2ID = u2.getID();
 
         // removing the first user must also remove the child-users.
@@ -109,35 +111,11 @@
         assertNull(userMgr.getAuthorizable(u2ID));
     }
 
-    public void testCreateUserWithInvalidCredentials() throws RepositoryException {
-        Principal p = getTestPrincipal();
-        try {
-            Credentials creds = new Credentials() {};
-            User u = userMgr.createUser(p.getName(), creds, p);
-            u.remove();
-            fail("creating a user with 'unknown' credentials must fail.");
-        } catch (RepositoryException e) {
-            // success
-        }
-    }
-
-    public void testCreateUserWithUserIDNotMatchingCredentials() throws RepositoryException {
-        Principal p = getTestPrincipal();
-        String uid = getTestUserId(p);
-        try {
-            User u = userMgr.createUser(uid, buildCredentials(p), p);
-            u.remove();
-            fail("creating a user with UserID not matching uid from credentials must fail.");
-        } catch (RepositoryException e) {
-            // success
-        }
-    }
-
-    public void testCreateUserIdEqualsUserId() throws RepositoryException {
+    public void testPrincipalNameEqualsUserID() throws RepositoryException {
         Principal p = getTestPrincipal();
         User u = null;
         try {
-            u = userMgr.createUser(p.getName(), buildCredentials(p), p);
+            u = userMgr.createUser(p.getName(), buildPassword(p));
 
             String msg = "Implementation specific: User.getID() must return the userID pass to createUser.";
             assertEquals(msg, u.getID(), p.getName());
@@ -154,7 +132,7 @@
 
         User u = null;
         try {
-            u = userMgr.createUser(uid, buildCredentials(uid, uid), p);
+            u = userMgr.createUser(uid, buildPassword(uid, true), p, null);
 
             String msg = "Creating a User with principal-name distinct from Principal-name must succeed as long as both are unique.";
             assertEquals(msg, u.getID(), uid);
@@ -174,7 +152,7 @@
         User u = null;
         Group gr = null;
         try {
-            u = userMgr.createUser(uid, buildCredentials(uid, uid), p);
+            u = userMgr.createUser(uid, buildPassword(uid, true), p, null);
             gr = userMgr.createGroup(new TestPrincipal(uid));
 
             String msg = "Creating a Group with a principal-name that exists as UserID -> must create new GroupID but keep PrincipalName.";
@@ -248,8 +226,7 @@
         try {
             Principal p = getTestPrincipal();
             String uid = "UID" + p.getName();
-            Credentials c = buildCredentials(uid, uid);
-            u = userMgr.createUser(uid, c, p);
+            u = userMgr.createUser(uid, buildPassword(uid, false), p, null);
 
             boolean found = false;
             Iterator it = ((UserManagerImpl)userMgr).findUsers("");
@@ -344,4 +321,37 @@
             assertTrue(((Authorizable) it.next()).isGroup());
         }
     }
+
+    public void testNewUserCanLogin() throws RepositoryException {
+        String uid = getTestPrincipal().getName();
+        String pw = buildPassword(uid, false);
+
+        User u = null;
+        Session s = null;
+        try {
+            u = userMgr.createUser(uid, pw);
+            Credentials creds = new SimpleCredentials(uid, pw.toCharArray());
+            s = superuser.getRepository().login(creds);
+        } finally {
+            if (u != null) {
+                u.remove();
+            }
+            if (s != null) {
+                s.logout();
+            }
+        }
+    }
+
+    public void testUnknownUserLogin() throws RepositoryException {
+        String uid = getTestPrincipal().getName();
+        assertNull(userMgr.getAuthorizable(uid));
+        try {
+            Session s = superuser.getRepository().login(new SimpleCredentials(uid, uid.toCharArray()));
+            s.logout();
+
+            fail("An unknown user should not be allowed to execute the login.");
+        } catch (Exception e) {
+            // ok.
+        }
+    }
 }
\ No newline at end of file



Mime
View raw message