jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r832359 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/security/authentication/ main/java/org/apache/jackrabbit/core/security/principal/ main/java/org/apache/jackrabbit/core/security/user/ test/java/org/apa...
Date Tue, 03 Nov 2009 09:26:39 GMT
Author: angela
Date: Tue Nov  3 09:26:38 2009
New Revision: 832359

URL: http://svn.apache.org/viewvc?rev=832359&view=rev
Log:
JCR-2313 - Improvements to user management (2) [work in progress] 

- cryptedsimplecreds should compare userID case insensitive
- user generics, override annotations
- fix/improve javadoc
- tests

Added:
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentialsTest.java
Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProvider.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalIteratorAdapter.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/principal/PrincipalManagerTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/TestAll.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java?rev=832359&r1=832358&r2=832359&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.java
Tue Nov  3 09:26:38 2009
@@ -113,9 +113,8 @@
     }
 
     /**
-     * Compair this instance with an instance of SimpleCredentials.
-     * If one the other Credentials' Password is plain-text treies to encode
-     * it with the current Digest.
+     * Compares this instance with the given <code>SimpleCredentials</code> and
+     * returns <code>true</code> if both match.
      *
      * @param credentials
      * @return true if {@link SimpleCredentials#getUserID() UserID} and
@@ -126,7 +125,7 @@
     public boolean matches(SimpleCredentials credentials)
             throws NoSuchAlgorithmException, UnsupportedEncodingException {
 
-        if (getUserID().matches(credentials.getUserID())) {
+        if (getUserID().equalsIgnoreCase(credentials.getUserID())) {
             String toMatch = new String(credentials.getPassword());
             String algr = getAlgorithm(toMatch);
 
@@ -148,7 +147,7 @@
     private static String crypt(String pwd, String algorithm)
             throws NoSuchAlgorithmException, UnsupportedEncodingException {
 
-        StringBuffer password = new StringBuffer();
+        StringBuilder password = new StringBuilder();
         password.append("{").append(algorithm).append("}");
         password.append(Text.digest(algorithm, pwd.getBytes("UTF-8")));
         return password.toString();

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProvider.java?rev=832359&r1=832358&r2=832359&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProvider.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/DefaultPrincipalProvider.java
Tue Nov  3 09:26:38 2009
@@ -120,6 +120,7 @@
      * This implementation uses the user and node resolver to find the
      * appropriate nodes.
      */
+    @Override
     protected Principal providePrincipal(String principalName) {
         // check for 'everyone'
         if (everyonePrincipal.getName().equals(principalName)) {
@@ -206,6 +207,7 @@
     /**
      * @see PrincipalProvider#close()
      */
+    @Override
     public synchronized void close() {
         super.close();
         membershipCache.clear();
@@ -354,6 +356,7 @@
         /**
          * @see org.apache.jackrabbit.core.security.principal.AbstractPrincipalIterator#seekNext()
          */
+        @Override
         protected Principal seekNext() {
             while (authorizableItr.hasNext()) {
                 try {

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalIteratorAdapter.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalIteratorAdapter.java?rev=832359&r1=832358&r2=832359&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalIteratorAdapter.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalIteratorAdapter.java
Tue Nov  3 09:26:38 2009
@@ -42,7 +42,7 @@
      *
      * @param iterator iterator of {@link Principal}s
      */
-    public PrincipalIteratorAdapter(Iterator iterator) {
+    public PrincipalIteratorAdapter(Iterator<? extends Principal> iterator) {
         super(new RangeIteratorAdapter(iterator));
     }
 
@@ -51,7 +51,7 @@
      *
      * @param collection collection of {@link Principal} objects.
      */
-    public PrincipalIteratorAdapter(Collection collection) {
+    public PrincipalIteratorAdapter(Collection<? extends Principal> collection) {
         super(new RangeIteratorAdapter(collection));
     }
 

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java?rev=832359&r1=832358&r2=832359&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java
Tue Nov  3 09:26:38 2009
@@ -133,7 +133,7 @@
         }
         // additional entry for the 'everyone' group
         if (!(principal instanceof EveryonePrincipal)) {
-            Iterator it = Collections.singletonList(getEveryone()).iterator();
+            Iterator<Principal> it = Collections.singletonList(getEveryone()).iterator();
             entries.add(new CheckedIteratorEntry(it, null));
         }
         return new CheckedPrincipalIterator(entries);
@@ -230,7 +230,7 @@
         }
 
         public Enumeration<? extends Principal> members() {
-            Iterator it = Collections.list(delegatee.members()).iterator();
+            Iterator<? extends Principal> it = Collections.list(delegatee.members()).iterator();
             final PrincipalIterator members = new CheckedPrincipalIterator(it, provider);
             return new Enumeration<Principal>() {
                 public boolean hasMoreElements() {
@@ -247,10 +247,12 @@
         }
 
         //---------------------------------------------------------< Object >---
+        @Override
         public int hashCode() {
             return delegatee.hashCode();
         }
 
+        @Override
         public boolean equals(Object obj) {
             return delegatee.equals(obj);
         }
@@ -284,7 +286,7 @@
 
         private final List<CheckedIteratorEntry> entries;
 
-        private CheckedPrincipalIterator(Iterator it, PrincipalProvider provider) {
+        private CheckedPrincipalIterator(Iterator<? extends Principal> it, PrincipalProvider
provider) {
             entries = new ArrayList<CheckedIteratorEntry>(1);
             entries.add(new CheckedIteratorEntry(it, provider));
             next = seekNext();
@@ -298,13 +300,14 @@
         /**
          * @see org.apache.jackrabbit.core.security.principal.AbstractPrincipalIterator#seekNext()
          */
+        @Override
         protected final Principal seekNext() {
             while (!entries.isEmpty()) {
                 // first test if current iterator has more elements
                 CheckedIteratorEntry current = entries.get(0);
-                Iterator iterator = current.iterator;
+                Iterator<? extends Principal> iterator = current.iterator;
                 while (iterator.hasNext()) {
-                    Principal chk = (Principal) iterator.next();
+                    Principal chk = iterator.next();
                     if (current.provider == null ||
                         current.provider.canReadPrincipal(session, chk)) {
                         return disguise(chk, current.provider);
@@ -324,9 +327,9 @@
     private static class CheckedIteratorEntry {
 
         private final PrincipalProvider provider;
-        private final Iterator iterator;
+        private final Iterator<? extends Principal> iterator;
 
-        private CheckedIteratorEntry(Iterator iterator, PrincipalProvider provider) {
+        private CheckedIteratorEntry(Iterator<? extends Principal> iterator, PrincipalProvider
provider) {
             this.iterator = iterator;
             this.provider = provider;
         }

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java?rev=832359&r1=832358&r2=832359&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
Tue Nov  3 09:26:38 2009
@@ -27,8 +27,8 @@
 import org.apache.jackrabbit.core.ProtectedItemModifier;
 import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.core.SessionListener;
-import org.apache.jackrabbit.core.id.NodeId;
 import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
+import org.apache.jackrabbit.core.id.NodeId;
 import org.apache.jackrabbit.spi.Name;
 import org.apache.jackrabbit.util.Text;
 import org.slf4j.Logger;
@@ -386,16 +386,6 @@
     }
 
     /**
-     * Creates a new Node on the repository with the specified
-     * <code>userName</code>.<br>
-     * The User will be created relative to path of the User who represents the
-     * Session this UserManager has been created for.<br>
-     * If the {@link javax.jcr.Credentials Credentials} are of type
-     * {@link javax.jcr.SimpleCredentials SimpleCredentials} they will be
-     * crypted.
-     *
-     * @param userID
-     * @param password
      * @see UserManager#createUser(String,String)
      */
     public User createUser(String userID, String password) throws RepositoryException {
@@ -403,14 +393,7 @@
     }
 
     /**
-     *
-     * @param userID
-     * @param password
-     * @param principal
-     * @param intermediatePath Is always ignored.
-     * @return
-     * @throws AuthorizableExistsException
-     * @throws RepositoryException
+     * @see UserManager#createUser(String, String, java.security.Principal, String)
      */
     public User createUser(String userID, String password,
                            Principal principal, String intermediatePath)
@@ -464,7 +447,8 @@
      * principal name != ID) the principal name is expanded by a suffix;
      * otherwise the resulting group ID equals the principal name.
      *
-     * @param principal
+     * @param principal A principal that doesn't yet represent an existing user
+     * or group.
      * @param intermediatePath Is always ignored.
      * @return A new group.
      * @throws AuthorizableExistsException
@@ -516,6 +500,14 @@
     }
 
     //--------------------------------------------------------------------------
+    /**
+     *
+     * @param node The new user/group node.
+     * @param principal A valid non-null principal.
+     * @throws AuthorizableExistsException If there is already another user/group
+     * with the same principal name.
+     * @throws RepositoryException If another error occurs.
+     */
     void setPrincipal(NodeImpl node, Principal principal) throws AuthorizableExistsException,
RepositoryException {
         if (!isValidPrincipal(principal)) {
             throw new IllegalArgumentException("Cannot create Authorizable: Principal may
not be null and must have a valid name.");
@@ -575,9 +567,9 @@
      * - isn't placed underneith the configured user/group tree.
      * </pre>
      *
-     * @param n
+     * @param n A user/group node.
      * @return An authorizable or <code>null</code>.
-     * @throws RepositoryException
+     * @throws RepositoryException If an error occurs.
      */
     Authorizable getAuthorizable(NodeImpl n) throws RepositoryException {
         Authorizable authorz = null;
@@ -603,7 +595,7 @@
      *
      * @param principalName to be used as hint for the groupid.
      * @return a group id.
-     * @throws RepositoryException
+     * @throws RepositoryException If an error occurs.
      */
     private String getGroupId(String principalName) throws RepositoryException {
         String groupID = principalName;
@@ -650,7 +642,7 @@
     }
 
     /**
-     * @param userID
+     * @param userID A userID.
      * @return true if the given userID belongs to the administrator user.
      */
     boolean isAdminId(String userID) {
@@ -660,9 +652,10 @@
     /**
      * Build the User object from the given user node.
      *
-     * @param userNode
-     * @return
-     * @throws RepositoryException
+     * @param userNode The new user node.
+     * @return An instance of <code>User</code>.
+     * @throws RepositoryException If the node isn't a child of the configured
+     * usersPath-node or if another error occurs.
      */
     User createUser(NodeImpl userNode) throws RepositoryException {
         if (userNode == null || !userNode.isNodeType(NT_REP_USER)) {
@@ -690,9 +683,10 @@
     /**
      * Build the Group object from the given group node.
      *
-     * @param groupNode
-     * @return
-     * @throws RepositoryException
+     * @param groupNode The new group node.
+     * @return An instance of <code>Group</code>.
+     * @throws RepositoryException If the node isn't a child of the configured
+     * groupsPath-node or if another error occurs.
      */
     Group createGroup(NodeImpl groupNode) throws RepositoryException {
         if (groupNode == null || !groupNode.isNodeType(NT_REP_GROUP)) {

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/principal/PrincipalManagerTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/principal/PrincipalManagerTest.java?rev=832359&r1=832358&r2=832359&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/principal/PrincipalManagerTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/principal/PrincipalManagerTest.java
Tue Nov  3 09:26:38 2009
@@ -27,7 +27,6 @@
 import java.security.acl.Group;
 import java.util.Enumeration;
 import java.util.HashSet;
-import java.util.Iterator;
 import java.util.Set;
 
 /**
@@ -145,9 +144,9 @@
         while (it.hasNext()) {
             Principal p = it.nextPrincipal();
             if (isGroup(p) && !p.equals(principalMgr.getEveryone())) {
-                Enumeration en = ((java.security.acl.Group) p).members();
+                Enumeration<? extends Principal> en = ((java.security.acl.Group) p).members();
                 while (en.hasMoreElements()) {
-                    Principal memb = (Principal) en.nextElement();
+                    Principal memb = en.nextElement();
                     assertTrue(principalMgr.hasPrincipal(memb.getName()));
                 }
             }
@@ -198,9 +197,9 @@
 
             assertTrue(isGroup(p));
 
-            Enumeration members = ((java.security.acl.Group) p).members();
+            Enumeration<? extends Principal> members = ((java.security.acl.Group) p).members();
             while (members.hasMoreElements()) {
-                Principal memb = (Principal) members.nextElement();
+                Principal memb = members.nextElement();
 
                 Principal group = null;
                 PrincipalIterator mship = principalMgr.getGroupMembership(memb);
@@ -221,7 +220,7 @@
             if (pcpl.equals(everyone)) {
                 continue;
             }
-            Iterator it = principalMgr.findPrincipals(pcpl.getName());
+            PrincipalIterator it = principalMgr.findPrincipals(pcpl.getName());
             // search must find at least a single principal
             assertTrue("findPrincipals does not find principal with filter " + pcpl.getName(),
it.hasNext());
         }
@@ -236,12 +235,12 @@
             }
 
             if (isGroup(pcpl)) {
-                Iterator it = principalMgr.findPrincipals(pcpl.getName(),
+                PrincipalIterator it = principalMgr.findPrincipals(pcpl.getName(),
                         PrincipalManager.SEARCH_TYPE_GROUP);
                 // search must find at least a single matching group principal
                 assertTrue("findPrincipals does not find principal with filter " + pcpl.getName(),
it.hasNext());
             } else {
-                Iterator it = principalMgr.findPrincipals(pcpl.getName(),
+                PrincipalIterator it = principalMgr.findPrincipals(pcpl.getName(),
                         PrincipalManager.SEARCH_TYPE_NOT_GROUP);
                 // search must find at least a single matching non-group principal
                 assertTrue("findPrincipals does not find principal with filter " + pcpl.getName(),
it.hasNext());

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentialsTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentialsTest.java?rev=832359&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentialsTest.java
(added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentialsTest.java
Tue Nov  3 09:26:38 2009
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authentication;
+
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.test.AbstractJCRTest;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.Credentials;
+import javax.jcr.SimpleCredentials;
+
+/**
+ * <code>CryptedSimpleCredentialsTest</code>...
+ */
+public class CryptedSimpleCredentialsTest extends AbstractJCRTest {
+
+    private String userID;
+    private CryptedSimpleCredentials creds;
+
+    @Override
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        userID = superuser.getUserID();
+        if (superuser instanceof JackrabbitSession) {
+            UserManager umg = ((JackrabbitSession) superuser).getUserManager();
+            User u = (User) umg.getAuthorizable(userID);
+            Credentials crd = u.getCredentials();
+            if (crd instanceof SimpleCredentials) {
+                creds = new CryptedSimpleCredentials((SimpleCredentials) crd);
+            } else {
+                throw new NotExecutableException();
+            }
+        } else {
+            throw new NotExecutableException();
+        }
+    }
+
+    public void testUserIDMatchesCaseInsensitive() throws Exception {
+        String uid = userID.toUpperCase();
+        assertTrue(creds.matches(new SimpleCredentials(uid, creds.getPassword().toCharArray())));
+
+        uid = userID.toLowerCase();
+        assertTrue(creds.matches(new SimpleCredentials(uid, creds.getPassword().toCharArray())));
+    }
+
+    public void testGetUserID() {
+        assertEquals(userID, creds.getUserID());
+    }
+}
\ No newline at end of file

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/TestAll.java?rev=832359&r1=832358&r2=832359&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/TestAll.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/TestAll.java
Tue Nov  3 09:26:38 2009
@@ -16,22 +16,19 @@
  */
 package org.apache.jackrabbit.core.security.authentication;
 
-import junit.framework.TestCase;
 import junit.framework.Test;
+import junit.framework.TestCase;
 import junit.framework.TestSuite;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 /** <code>TestAll</code>... */
 public class TestAll extends TestCase {
 
-    private static Logger log = LoggerFactory.getLogger(TestAll.class);
-
     public static Test suite() {
         TestSuite suite = new TestSuite("core.security.authentication tests");
 
         suite.addTestSuite(GuestLoginTest.class);
         suite.addTestSuite(NullLoginTest.class);
+        suite.addTestSuite(CryptedSimpleCredentialsTest.class);
 
         return suite;
     }

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java?rev=832359&r1=832358&r2=832359&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java
Tue Nov  3 09:26:38 2009
@@ -134,7 +134,9 @@
         NodeImpl n = user.getNode();
 
         checkProtected(n.getProperty(UserConstants.P_PASSWORD));
-        checkProtected(n.getProperty(UserConstants.P_PRINCIPAL_NAME));
+        if (n.hasProperty(UserConstants.P_PRINCIPAL_NAME)) {
+            checkProtected(n.getProperty(UserConstants.P_PRINCIPAL_NAME));
+        }
         if (n.hasProperty(UserConstants.P_IMPERSONATORS)) {
            checkProtected(n.getProperty(UserConstants.P_IMPERSONATORS));
         }
@@ -144,7 +146,9 @@
         GroupImpl gr = (GroupImpl) getTestGroup(superuser);
         NodeImpl n = gr.getNode();
 
-        checkProtected(n.getProperty(UserConstants.P_PRINCIPAL_NAME));
+        if (n.hasProperty(UserConstants.P_PRINCIPAL_NAME)) {
+            checkProtected(n.getProperty(UserConstants.P_PRINCIPAL_NAME));
+        }
         if (n.hasProperty(UserConstants.P_MEMBERS)) {
             checkProtected(n.getProperty(UserConstants.P_MEMBERS));
         }
@@ -187,12 +191,41 @@
         }
     }
 
-    public void testRemoveSpecialPropertiesDirectly() throws RepositoryException, NotExecutableException
{
+    public void testRemoveSpecialUserPropertiesDirectly() throws RepositoryException, NotExecutableException
{
+        AuthorizableImpl g = (AuthorizableImpl) getTestUser(superuser);
+        NodeImpl n = g.getNode();
+        try {
+            n.getProperty(UserConstants.P_PASSWORD).remove();
+            fail("Attempt to remove protected property rep:password should fail.");
+        } catch (ConstraintViolationException e) {
+            // ok.
+        }
+        try {
+            if (n.hasProperty(UserConstants.P_PRINCIPAL_NAME)) {
+                n.getProperty(UserConstants.P_PRINCIPAL_NAME).remove();
+                fail("Attempt to remove protected property rep:principalName should fail.");
+            }
+        } catch (ConstraintViolationException e) {
+            // ok.
+        }
+    }
+
+    public void testRemoveSpecialGroupPropertiesDirectly() throws RepositoryException, NotExecutableException
{
         AuthorizableImpl g = (AuthorizableImpl) getTestGroup(superuser);
         NodeImpl n = g.getNode();
         try {
-            n.getProperty(UserConstants.P_PRINCIPAL_NAME).remove();
-            fail("Attempt to remove protected property rep:principalName should fail.");
+            if (n.hasProperty(UserConstants.P_PRINCIPAL_NAME)) {
+                n.getProperty(UserConstants.P_PRINCIPAL_NAME).remove();
+                fail("Attempt to remove protected property rep:principalName should fail.");
+            }
+        } catch (ConstraintViolationException e) {
+            // ok.
+        }
+        try {
+            if (n.hasProperty(UserConstants.P_MEMBERS)) {
+                n.getProperty(UserConstants.P_MEMBERS).remove();
+                fail("Attempt to remove protected property rep:members should fail.");
+            }
         } catch (ConstraintViolationException e) {
             // ok.
         }

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java?rev=832359&r1=832358&r2=832359&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java
Tue Nov  3 09:26:38 2009
@@ -403,8 +403,9 @@
         /*
          importing a group with a multi-valued rep:principalName property
          - nonProtected node rep:Group must be created.
-         - protected property rep:principalName must be ignored
-         - saving changes must fail with ConstraintViolationEx.
+         - property rep:principalName must be created regularly without being protected
+         - saving changes must fail with ConstraintViolationEx. as the protected
+           mandatory property rep:principalName is missing
          */
         NodeImpl target = (NodeImpl) sImpl.getNode(umgr.getGroupsPath());
         try {
@@ -437,6 +438,52 @@
         }
     }
 
+    public void testMultiValuedPassword() throws RepositoryException, IOException, SAXException,
NotExecutableException {
+        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
+                "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\"
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\"
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>"
+
+                "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>"
+
+                "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>"
+
+                "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property>"
+
+                "</sv:node>";
+        /*
+         importing a user with a multi-valued rep:password property
+         - nonProtected node rep:User must be created.
+         - property rep:password must be created regularly without being protected
+         - saving changes must fail with ConstraintViolationEx. as the protected
+           mandatory property rep:password is missing
+         */
+        NodeImpl target = (NodeImpl) sImpl.getNode(umgr.getUsersPath());
+        try {
+            doImport(target, xml);
+
+            assertTrue(target.isModified());
+            assertTrue(sImpl.hasPendingChanges());
+
+            Authorizable newUser = umgr.getAuthorizable("t");
+            assertNotNull(newUser);
+
+            assertTrue(target.hasNode("t"));
+            assertTrue(target.hasProperty("t/rep:password"));
+            assertFalse(target.getProperty("t/rep:password").getDefinition().isProtected());
+
+            // saving changes of the import -> must fail as mandatory prop is missing
+            try {
+                sImpl.save();
+                fail("Import must be incomplete. Saving changes must fail.");
+            } catch (ConstraintViolationException e) {
+                // success
+            }
+
+        } finally {
+            sImpl.refresh(false);
+            if (target.hasNode("t")) {
+                target.getNode("t").remove();
+                sImpl.save();
+            }
+        }
+    }
+
     public void testIncompleteUser() throws RepositoryException, IOException, SAXException,
NotExecutableException {
         List<String> incompleteXml = new ArrayList();
         incompleteXml.add("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +



Mime
View raw message