jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1344670 [1/2] - in /jackrabbit/oak/trunk/oak-jcr/src/test: java/org/apache/jackrabbit/oak/jcr/ java/org/apache/jackrabbit/oak/jcr/security/ java/org/apache/jackrabbit/oak/jcr/security/user/ resources/
Date Thu, 31 May 2012 12:17:03 GMT
Author: angela
Date: Thu May 31 12:17:02 2012
New Revision: 1344670

URL: http://svn.apache.org/viewvc?rev=1344670&view=rev
Log:
OAK-50 : Implement User Management (WIP)

- tests + test setup that allows to extend from AbstractJcrTest

Added:
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/OakRepositoryStub.java
      - copied, changed from r1342288, jackrabbit/oak/trunk/oak-it/jcr/src/test/java/org/apache/jackrabbit/oak/jcr/OakRepositoryStub.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/TestContentLoader.java
      - copied, changed from r1342288, jackrabbit/oak/trunk/oak-it/jcr/src/test/java/org/apache/jackrabbit/oak/jcr/TestContentLoader.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractUserTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImplTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImplTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImplTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/resources/repositoryStubImpl.properties
      - copied, changed from r1342288, jackrabbit/oak/trunk/oak-it/jcr/src/test/resources/repositoryStubImpl.properties

Copied: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/OakRepositoryStub.java (from r1342288, jackrabbit/oak/trunk/oak-it/jcr/src/test/java/org/apache/jackrabbit/oak/jcr/OakRepositoryStub.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/OakRepositoryStub.java?p2=jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/OakRepositoryStub.java&p1=jackrabbit/oak/trunk/oak-it/jcr/src/test/java/org/apache/jackrabbit/oak/jcr/OakRepositoryStub.java&r1=1342288&r2=1344670&rev=1344670&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-it/jcr/src/test/java/org/apache/jackrabbit/oak/jcr/OakRepositoryStub.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/OakRepositoryStub.java Thu May 31 12:17:02 2012
@@ -23,7 +23,6 @@ import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.UnsupportedRepositoryOperationException;
-
 import java.io.IOException;
 import java.security.Principal;
 import java.util.Properties;
@@ -37,7 +36,7 @@ public class OakRepositoryStub extends R
      * 
      * @param settings repository settings
      * @throws javax.jcr.RepositoryException If an error occurs.
-     * @throws IOException 
+     * @throws java.io.IOException
      */
     public OakRepositoryStub(Properties settings) throws RepositoryException, IOException {
         super(settings);

Copied: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/TestContentLoader.java (from r1342288, jackrabbit/oak/trunk/oak-it/jcr/src/test/java/org/apache/jackrabbit/oak/jcr/TestContentLoader.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/TestContentLoader.java?p2=jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/TestContentLoader.java&p1=jackrabbit/oak/trunk/oak-it/jcr/src/test/java/org/apache/jackrabbit/oak/jcr/TestContentLoader.java&r1=1342288&r2=1344670&rev=1344670&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-it/jcr/src/test/java/org/apache/jackrabbit/oak/jcr/TestContentLoader.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/TestContentLoader.java Thu May 31 12:17:02 2012
@@ -16,19 +16,11 @@
  */
 package org.apache.jackrabbit.oak.jcr;
 
-import java.io.ByteArrayInputStream;
 import java.io.IOException;
-import java.util.Calendar;
-
 import javax.jcr.Node;
 import javax.jcr.PathNotFoundException;
-import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
-import javax.jcr.ValueFactory;
-
-import org.apache.jackrabbit.commons.JcrUtils;
-import org.apache.jackrabbit.value.BinaryValue;
 
 public class TestContentLoader {
 
@@ -38,13 +30,7 @@ public class TestContentLoader {
     private static final String ENCODING = "UTF-8";
 
     public void loadTestContent(Session session) throws RepositoryException, IOException {
-
         Node data = getOrAddNode(session.getRootNode(), "testdata");
-        addPropertyTestData(getOrAddNode(data, "property"));
-        addQueryTestData(getOrAddNode(data, "query"));
-        addNodeTestData(getOrAddNode(data, "node"));
-        addExportTestData(getOrAddNode(data, "docViewTest"));
-
         session.save();
     }
 
@@ -55,127 +41,4 @@ public class TestContentLoader {
             return node.addNode(name);
         }
     }
-
-    /**
-     * Creates a boolean, double, long, calendar and a path property at the
-     * given node.
-     */
-    private void addPropertyTestData(Node node) throws RepositoryException {
-        node.setProperty("boolean", true);
-        node.setProperty("double", Math.PI);
-        node.setProperty("long", 90834953485278298l);
-        Calendar c = Calendar.getInstance();
-        c.set(2005, 6, 18, 17, 30);
-        node.setProperty("calendar", c);
-        ValueFactory factory = node.getSession().getValueFactory();
-        node.setProperty("path", factory.createValue("/", PropertyType.PATH));
-        node.setProperty("multi", new String[] { "one", "two", "three" });
-    }
-
-    /**
-     * Creates four nodes under the given node. Each node has a String property
-     * named "prop1" with some content set.
-     */
-    private void addQueryTestData(Node node) throws RepositoryException {
-        while (node.hasNode("node1")) {
-            node.getNode("node1").remove();
-        }
-        getOrAddNode(node, "node1").setProperty("prop1", "You can have it good, cheap, or fast. Any two.");
-        getOrAddNode(node, "node1").setProperty("prop1", "foo bar");
-        getOrAddNode(node, "node1").setProperty("prop1", "Hello world!");
-        getOrAddNode(node, "node2").setProperty("prop1", "Apache Jackrabbit");
-    }
-
-    /**
-     * Creates three nodes under the given node: one of type nt:resource and the
-     * other nodes referencing it.
-     */
-    private void addNodeTestData(Node node) throws RepositoryException, IOException {
-        if (node.hasNode("multiReference")) {
-            node.getNode("multiReference").remove();
-        }
-        if (node.hasNode("resReference")) {
-            node.getNode("resReference").remove();
-        }
-        if (node.hasNode("myResource")) {
-            node.getNode("myResource").remove();
-        }
-
-        Node resource = node.addNode("myResource", "nt:resource");
-        // nt:resource not longer referenceable since JCR 2.0
-        resource.addMixin("mix:referenceable");
-        resource.setProperty("jcr:encoding", ENCODING);
-        resource.setProperty("jcr:mimeType", "text/plain");
-        resource.setProperty("jcr:data", new BinaryValue("Hello w\u00F6rld.".getBytes(ENCODING)));
-        resource.setProperty("jcr:lastModified", Calendar.getInstance());
-
-        // TODO: re-add once we have referenceable nodes
-        // Node resReference = getOrAddNode(node, "reference");
-        // resReference.setProperty("ref", resource);
-        // // make this node itself referenceable
-        // resReference.addMixin("mix:referenceable");
-        //
-        // Node multiReference = node.addNode("multiReference");
-        // ValueFactory factory = node.getSession().getValueFactory();
-        // multiReference.setProperty("ref", new Value[] {
-        // factory.createValue(resource),
-        // factory.createValue(resReference)
-        // });
-
-        // NodeDefTest requires a test node with a mandatory child node
-        JcrUtils.putFile(node, "testFile", "text/plain", new ByteArrayInputStream("Hello, World!".getBytes("UTF-8")));
-    }
-
-    private void addExportTestData(Node node) throws RepositoryException, IOException {
-        getOrAddNode(node, "invalidXmlName").setProperty("propName", "some text");
-
-        // three nodes which should be serialized as xml text in docView export
-        // separated with spaces
-        getOrAddNode(node, "jcr:xmltext").setProperty("jcr:xmlcharacters", "A text without any special character.");
-        getOrAddNode(node, "some-element");
-        getOrAddNode(node, "jcr:xmltext").setProperty("jcr:xmlcharacters",
-                " The entity reference characters: <, ', ,&, >,  \" should" + " be escaped in xml export. ");
-        getOrAddNode(node, "some-element");
-        getOrAddNode(node, "jcr:xmltext").setProperty("jcr:xmlcharacters", "A text without any special character.");
-
-        Node big = getOrAddNode(node, "bigNode");
-        big.setProperty("propName0", "SGVsbG8gd8O2cmxkLg==;SGVsbG8gd8O2cmxkLg==".split(";"), PropertyType.BINARY);
-        big.setProperty("propName1", "text 1");
-        big.setProperty("propName2", "multival text 1;multival text 2;multival text 3".split(";"));
-        big.setProperty("propName3", "text 1");
-
-        addExportValues(node, "propName");
-        addExportValues(node, "Prop<>prop");
-    }
-
-    /**
-     * create nodes with following properties binary & single binary & multival
-     * notbinary & single notbinary & multival
-     */
-    private void addExportValues(Node node, String name) throws RepositoryException, IOException {
-        String prefix = "valid";
-        if (name.indexOf('<') != -1) {
-            prefix = "invalid";
-        }
-        node = getOrAddNode(node, prefix + "Names");
-
-        String[] texts = new String[] { "multival text 1", "multival text 2", "multival text 3" };
-        getOrAddNode(node, prefix + "MultiNoBin").setProperty(name, texts);
-
-        Node resource = getOrAddNode(node, prefix + "MultiBin");
-        resource.setProperty("jcr:encoding", ENCODING);
-        resource.setProperty("jcr:mimeType", "text/plain");
-        String[] values = new String[] { "SGVsbG8gd8O2cmxkLg==", "SGVsbG8gd8O2cmxkLg==" };
-        resource.setProperty(name, values, PropertyType.BINARY);
-        resource.setProperty("jcr:lastModified", Calendar.getInstance());
-
-        getOrAddNode(node, prefix + "NoBin").setProperty(name, "text 1");
-
-        resource = getOrAddNode(node, "invalidBin");
-        resource.setProperty("jcr:encoding", ENCODING);
-        resource.setProperty("jcr:mimeType", "text/plain");
-        byte[] bytes = "Hello w\u00F6rld.".getBytes(ENCODING);
-        resource.setProperty(name, new BinaryValue(bytes));
-        resource.setProperty("jcr:lastModified", Calendar.getInstance());
-    }
 }

Added: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractUserTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractUserTest.java?rev=1344670&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractUserTest.java (added)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractUserTest.java Thu May 31 12:17:02 2012
@@ -0,0 +1,115 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.jcr.security.user;
+
+import java.security.Principal;
+import java.util.Collections;
+import java.util.UUID;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.security.auth.Subject;
+
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.test.AbstractJCRTest;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.junit.After;
+import org.junit.Before;
+
+/**
+ * AbstractUserTest...
+ */
+public abstract class AbstractUserTest extends AbstractJCRTest {
+
+    protected UserManager userMgr;
+    protected User user;
+    protected Group group;
+
+    @Before
+    @Override
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        userMgr = getUserManager(superuser);
+
+        Principal p = getTestPrincipal();
+        user = userMgr.createUser(p.getName(), "pw");
+        group = userMgr.createGroup(getTestPrincipal());
+        superuser.save();
+    }
+
+    @After
+    @Override
+    protected void tearDown() throws Exception {
+        try {
+            if (user != null) {
+                user.remove();
+            }
+            if (group != null) {
+                group.remove();
+            }
+            superuser.save();
+        } finally {
+            super.tearDown();
+        }
+    }
+
+    protected static UserManager getUserManager(Session session) throws RepositoryException, NotExecutableException {
+        if (!(session instanceof JackrabbitSession)) {
+            throw new NotExecutableException();
+        }
+        try {
+            return ((JackrabbitSession) session).getUserManager();
+        } catch (UnsupportedRepositoryOperationException e) {
+            throw new NotExecutableException(e.getMessage());
+        } catch (UnsupportedOperationException e) {
+            throw new NotExecutableException(e.getMessage());
+        }
+    }
+
+    protected static Subject buildSubject(Principal p) {
+        return new Subject(true, Collections.singleton(p), Collections.emptySet(), Collections.emptySet());
+    }
+
+    protected Principal getTestPrincipal() throws RepositoryException {
+        String pn = "any_principal" + UUID.randomUUID();
+        return getTestPrincipal(pn);
+    }
+
+    protected Principal getTestPrincipal(final String name) throws RepositoryException {
+        return new Principal() {
+
+            @Override
+            public String getName() {
+                return name;
+            }
+        };
+    }
+
+    protected User getTestUser(Session session) throws NotExecutableException, RepositoryException {
+        Authorizable auth = getUserManager(session).getAuthorizable(session.getUserID());
+        if (auth != null && !auth.isGroup()) {
+            return (User) auth;
+        }
+        // should never happen. An Session should always have a corresponding User.
+        throw new NotExecutableException("Unable to retrieve a User.");
+    }
+}
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImplTest.java?rev=1344670&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImplTest.java (added)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImplTest.java Thu May 31 12:17:02 2012
@@ -0,0 +1,432 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.jcr.security.user;
+
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.value.StringValue;
+import org.junit.Test;
+
+import javax.jcr.Node;
+import javax.jcr.Property;
+import javax.jcr.PropertyIterator;
+import javax.jcr.PropertyType;
+import javax.jcr.RangeIterator;
+import javax.jcr.RepositoryException;
+import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.jcr.Value;
+import javax.jcr.nodetype.ConstraintViolationException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * AuthorizableImplTest...
+ */
+public class AuthorizableImplTest extends AbstractUserTest {
+
+    private List<String> protectedUserProps = new ArrayList<String>();
+    private List<String> protectedGroupProps = new ArrayList<String>();
+
+    @Override
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        protectedUserProps.add(UserConstants.REP_PASSWORD);
+        protectedUserProps.add(UserConstants.REP_IMPERSONATORS);
+        protectedUserProps.add(UserConstants.REP_PRINCIPAL_NAME);
+
+        protectedUserProps.add(UserConstants.REP_MEMBERS);
+        protectedGroupProps.add(UserConstants.REP_PRINCIPAL_NAME);
+    }
+
+    private static void checkProtected(Property prop) throws RepositoryException {
+        assertTrue(prop.getDefinition().isProtected());
+    }
+
+    @Test
+    public void testRemoveAdmin() {
+        String adminID = superuser.getUserID();
+        try {
+            Authorizable admin = userMgr.getAuthorizable(adminID);
+            admin.remove();
+            fail("The admin user cannot be removed.");
+        } catch (RepositoryException e) {
+            // OK superuser cannot be removed. not even by the superuser itself.
+        }
+    }
+
+    @Test
+    public void testSetSpecialProperties() throws NotExecutableException, RepositoryException {
+        Value v = superuser.getValueFactory().createValue("any_value");
+
+        for (String pName : protectedUserProps) {
+            try {
+                user.setProperty(pName, v);
+                superuser.save();
+                fail("changing the '" + pName + "' property on a User should fail.");
+            } catch (RepositoryException e) {
+                // success
+            }
+        }
+
+        for (String pName : protectedGroupProps) {
+            try {
+                group.setProperty(pName, v);
+                superuser.save();
+                fail("changing the '" + pName + "' property on a Group should fail.");
+            } catch (RepositoryException e) {
+                // success
+            }
+        }
+    }
+
+    @Test
+    public void testRemoveSpecialProperties() throws NotExecutableException, RepositoryException {
+        for (String pName : protectedUserProps) {
+            try {
+                user.removeProperty(pName);
+                superuser.save();
+                fail("removing the '" + pName + "' property on a User should fail.");
+            } catch (RepositoryException e) {
+                // success
+            }
+        }
+        for (String pName : protectedGroupProps) {
+            try {
+                group.removeProperty(pName);
+                superuser.save();
+                fail("removing the '" + pName + "' property on a Group should fail.");
+            } catch (RepositoryException e) {
+                // success
+            }
+        }
+    }
+
+    @Test
+    public void testProtectedUserProperties() throws NotExecutableException, RepositoryException {
+        UserImpl user = (UserImpl) getTestUser(superuser);
+        Node n = user.getNode();
+
+        checkProtected(n.getProperty(UserConstants.REP_PASSWORD));
+        if (n.hasProperty(UserConstants.REP_PRINCIPAL_NAME)) {
+            checkProtected(n.getProperty(UserConstants.REP_PRINCIPAL_NAME));
+        }
+        if (n.hasProperty(UserConstants.REP_IMPERSONATORS)) {
+           checkProtected(n.getProperty(UserConstants.REP_IMPERSONATORS));
+        }
+    }
+
+    @Test
+    public void testProtectedGroupProperties() throws NotExecutableException, RepositoryException {
+        Node n = ((GroupImpl) group).getNode();
+
+        if (n.hasProperty(UserConstants.REP_PRINCIPAL_NAME)) {
+            checkProtected(n.getProperty(UserConstants.REP_PRINCIPAL_NAME));
+        }
+        if (n.hasProperty(UserConstants.REP_MEMBERS)) {
+            checkProtected(n.getProperty(UserConstants.REP_MEMBERS));
+        }
+    }
+
+    @Test
+    public void testMembersPropertyType() throws NotExecutableException, RepositoryException {
+        Node n = ((GroupImpl) group).getNode();
+
+        if (!n.hasProperty(UserConstants.REP_MEMBERS)) {
+            group.addMember(getTestUser(superuser));
+        }
+
+        Property p = n.getProperty(UserConstants.REP_MEMBERS);
+        for (Value v : p.getValues()) {
+            assertEquals(PropertyType.WEAKREFERENCE, v.getType());
+        }
+    }
+
+    @Test
+    public void testMemberOfRangeIterator() throws NotExecutableException, RepositoryException {
+        Authorizable auth = null;
+        Group group = null;
+
+        try {
+            auth = userMgr.createUser(getTestPrincipal().getName(), "pw");
+            group = userMgr.createGroup(getTestPrincipal());
+            superuser.save();
+
+            Iterator<Group> groups = auth.declaredMemberOf();
+            assertTrue(groups instanceof RangeIterator);
+            assertEquals(0, ((RangeIterator) groups).getSize());
+            groups = auth.memberOf();
+            assertTrue(groups instanceof RangeIterator);
+            assertEquals(0, ((RangeIterator) groups).getSize());
+
+            group.addMember(auth);
+            groups = auth.declaredMemberOf();
+            assertTrue(groups instanceof RangeIterator);
+            assertEquals(1, ((RangeIterator) groups).getSize());
+
+            groups = auth.memberOf();
+            assertTrue(groups instanceof RangeIterator);
+            assertEquals(1, ((RangeIterator) groups).getSize());
+
+        } finally {
+            if (auth != null) {
+                auth.remove();
+            }
+            if (group != null) {
+                group.remove();
+            }
+            superuser.save();
+        }
+    }
+
+    @Test
+    public void testSetSpecialPropertiesDirectly() throws NotExecutableException, RepositoryException {
+        AuthorizableImpl user = (AuthorizableImpl) getTestUser(superuser);
+        Node n = user.getNode();
+        try {
+            String pName = user.getPrincipalName();
+            n.setProperty(UserConstants.REP_PRINCIPAL_NAME, new StringValue("any-value"));
+
+            // should have failed => change value back.
+            n.setProperty(UserConstants.REP_PRINCIPAL_NAME, new StringValue(pName));
+            fail("Attempt to change protected property rep:principalName should fail.");
+        } catch (ConstraintViolationException e) {
+            // ok.
+        }
+
+        try {
+            String imperson = "anyimpersonator";
+            n.setProperty(
+                    UserConstants.REP_IMPERSONATORS,
+                    new Value[] {new StringValue(imperson)},
+                    PropertyType.STRING);
+            fail("Attempt to change protected property rep:impersonators should fail.");
+        } catch (ConstraintViolationException e) {
+            // ok.
+        }
+    }
+
+    @Test
+    public void testRemoveSpecialUserPropertiesDirectly() throws RepositoryException, NotExecutableException {
+        AuthorizableImpl g = (AuthorizableImpl) getTestUser(superuser);
+        Node n = g.getNode();
+        try {
+            n.getProperty(UserConstants.REP_PASSWORD).remove();
+            fail("Attempt to remove protected property rep:password should fail.");
+        } catch (ConstraintViolationException e) {
+            // ok.
+        }
+        try {
+            if (n.hasProperty(UserConstants.REP_PRINCIPAL_NAME)) {
+                n.getProperty(UserConstants.REP_PRINCIPAL_NAME).remove();
+                fail("Attempt to remove protected property rep:principalName should fail.");
+            }
+        } catch (ConstraintViolationException e) {
+            // ok.
+        }
+    }
+
+    @Test
+    public void testRemoveSpecialGroupPropertiesDirectly() throws RepositoryException, NotExecutableException {
+        Node n = ((GroupImpl) group).getNode();
+        try {
+            if (n.hasProperty(UserConstants.REP_PRINCIPAL_NAME)) {
+                n.getProperty(UserConstants.REP_PRINCIPAL_NAME).remove();
+                fail("Attempt to remove protected property rep:principalName should fail.");
+            }
+        } catch (ConstraintViolationException e) {
+            // ok.
+        }
+        try {
+            if (n.hasProperty(UserConstants.REP_MEMBERS)) {
+                n.getProperty(UserConstants.REP_MEMBERS).remove();
+                fail("Attempt to remove protected property rep:members should fail.");
+            }
+        } catch (ConstraintViolationException e) {
+            // ok.
+        }
+    }
+
+    @Test
+    public void testUserGetProperties() throws RepositoryException, NotExecutableException {
+        AuthorizableImpl user = (AuthorizableImpl) getTestUser(superuser);
+        Node n = user.getNode();
+
+        for (PropertyIterator it = n.getProperties(); it.hasNext();) {
+            Property p = it.nextProperty();
+            if (p.getDefinition().isProtected()) {
+                assertFalse(user.hasProperty(p.getName()));
+                assertNull(user.getProperty(p.getName()));
+            } else {
+                // authorizable defined property
+                assertTrue(user.hasProperty(p.getName()));
+                assertNotNull(user.getProperty(p.getName()));
+            }
+        }
+    }
+
+    @Test
+    public void testGroupGetProperties() throws RepositoryException, NotExecutableException {
+        Node n = ((GroupImpl) group).getNode();
+
+        for (PropertyIterator it = n.getProperties(); it.hasNext();) {
+            Property prop = it.nextProperty();
+            if (prop.getDefinition().isProtected()) {
+                assertFalse(group.hasProperty(prop.getName()));
+                assertNull(group.getProperty(prop.getName()));
+            } else {
+                // authorizable defined property
+                assertTrue(group.hasProperty(prop.getName()));
+                assertNotNull(group.getProperty(prop.getName()));
+            }
+        }
+    }
+
+    @Test
+    public void testSingleToMultiValued() throws Exception {
+        AuthorizableImpl user = (AuthorizableImpl) getTestUser(superuser);
+        UserManager uMgr = getUserManager(superuser);
+        try {
+            Value v = superuser.getValueFactory().createValue("anyValue");
+            user.setProperty("someProp", v);
+            if (!uMgr.isAutoSave()) {
+                superuser.save();
+            }
+            Value[] vs = new Value[] {v, v};
+            user.setProperty("someProp", vs);
+            if (!uMgr.isAutoSave()) {
+                superuser.save();
+            }
+        } finally {
+            if (user.removeProperty("someProp") && !uMgr.isAutoSave()) {
+                superuser.save();
+            }
+        }
+    }
+
+    @Test
+    public void testMultiValuedToSingle() throws Exception {
+        AuthorizableImpl user = (AuthorizableImpl) getTestUser(superuser);
+        UserManager uMgr = getUserManager(superuser);
+        try {
+            Value v = superuser.getValueFactory().createValue("anyValue");
+            Value[] vs = new Value[] {v, v};
+            user.setProperty("someProp", vs);
+            if (!uMgr.isAutoSave()) {
+                superuser.save();
+            }
+            user.setProperty("someProp", v);
+            if (!uMgr.isAutoSave()) {
+                superuser.save();
+            }
+        } finally {
+            if (user.removeProperty("someProp") && !uMgr.isAutoSave()) {
+                superuser.save();
+            }
+        }
+    }
+
+    @Test
+    public void testObjectMethods() throws Exception {
+        final AuthorizableImpl user = (AuthorizableImpl) getTestUser(superuser);
+        AuthorizableImpl user2 = (AuthorizableImpl) getTestUser(superuser);
+
+        assertEquals(user, user2);
+        assertEquals(user.hashCode(), user2.hashCode());
+        Set<Authorizable> s = new HashSet<Authorizable>();
+        s.add(user);
+        assertFalse(s.add(user2));
+
+        Authorizable user3 = new Authorizable() {
+
+            public String getID() throws RepositoryException {
+                return user.getID();
+            }
+
+            public boolean isGroup() {
+                return user.isGroup();
+            }
+
+            public Principal getPrincipal() throws RepositoryException {
+                return user.getPrincipal();
+            }
+
+            public Iterator<Group> declaredMemberOf() throws RepositoryException {
+                return user.declaredMemberOf();
+            }
+
+            public Iterator<Group> memberOf() throws RepositoryException {
+                return user.memberOf();
+            }
+
+            public void remove() throws RepositoryException {
+                user.remove();
+            }
+
+            public Iterator<String> getPropertyNames() throws RepositoryException {
+                return user.getPropertyNames();
+            }
+
+            public Iterator<String> getPropertyNames(String relPath) throws RepositoryException {
+                return user.getPropertyNames(relPath);
+            }
+
+            public boolean hasProperty(String name) throws RepositoryException {
+                return user.hasProperty(name);
+            }
+
+            public void setProperty(String name, Value value) throws RepositoryException {
+                user.setProperty(name, value);
+            }
+
+            public void setProperty(String name, Value[] values) throws RepositoryException {
+                user.setProperty(name, values);
+            }
+
+            public Value[] getProperty(String name) throws RepositoryException {
+                return user.getProperty(name);
+            }
+
+            public boolean removeProperty(String name) throws RepositoryException {
+                return user.removeProperty(name);
+            }
+
+            public String getPath() throws UnsupportedRepositoryOperationException, RepositoryException {
+                return user.getPath();
+            }
+        };
+
+        assertFalse(user.equals(user3));
+        assertTrue(s.add(user3));
+    }
+
+    @Test
+    public void testGetPath() throws Exception {
+        AuthorizableImpl user = (AuthorizableImpl) getTestUser(superuser);
+        try {
+            assertEquals(user.getNode().getPath(), user.getPath());
+        } catch (UnsupportedRepositoryOperationException e) {
+            // ok.
+        }
+    }
+}
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java?rev=1344670&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java (added)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java Thu May 31 12:17:02 2012
@@ -0,0 +1,123 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.jcr.security.user;
+
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.junit.Test;
+
+import javax.jcr.RepositoryException;
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+/**
+ * Tests for the group associated with {@code EveryonePrincipal}
+ */
+public class EveryoneGroupTest extends AbstractUserTest {
+
+    private Group everyone;
+
+    @Override
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        everyone = userMgr.createGroup(EveryonePrincipal.NAME);
+        superuser.save();
+    }
+
+    @Override
+    protected void tearDown() throws Exception {
+        try {
+            everyone.remove();
+            superuser.save();
+        } finally {
+            super.tearDown();
+        }
+    }
+
+    @Test
+    public void testEveryoneGroup() throws RepositoryException, NotExecutableException {
+        assertEquals(EveryonePrincipal.NAME, everyone.getPrincipal().getName());
+    }
+
+    @Test
+    public void testPrincipal() throws RepositoryException {
+        assertEquals(EveryonePrincipal.getInstance(), everyone.getPrincipal());
+    }
+
+    @Test
+    public void testGroupPrincipal() throws Exception {
+        Principal everonePrincipal = everyone.getPrincipal();
+        assertTrue(everonePrincipal instanceof java.security.acl.Group);
+
+        java.security.acl.Group gr = (java.security.acl.Group) everonePrincipal;
+        assertFalse(gr.isMember(everonePrincipal));
+        assertTrue(gr.isMember(getTestUser(superuser).getPrincipal()));
+        assertTrue(gr.isMember(new Principal() {
+            public String getName() {
+                return "test";
+            }
+        }));
+    }
+
+    @Test
+    public void testMembers() throws RepositoryException, NotExecutableException {
+        assertTrue(everyone.isDeclaredMember(getTestUser(superuser)));
+        assertTrue(everyone.isMember(getTestUser(superuser)));
+
+        Iterator<Authorizable> it = everyone.getDeclaredMembers();
+        assertTrue(it.hasNext());
+        Set<Authorizable> members = new HashSet<Authorizable>();
+        while (it.hasNext()) {
+            members.add(it.next());
+        }
+
+        it = everyone.getMembers();
+        assertTrue(it.hasNext());
+        while (it.hasNext()) {
+            assertTrue(members.contains(it.next()));
+        }
+    }
+
+    @Test
+    public void testEditMembers() throws RepositoryException, NotExecutableException {
+        assertFalse(everyone.addMember(getTestUser(superuser)));
+        assertFalse(everyone.removeMember(getTestUser(superuser)));
+
+        Group anotherGroup =  null;
+        try {
+            anotherGroup = userMgr.createGroup("testGroup");
+            superuser.save();
+
+            assertFalse(everyone.addMember(anotherGroup));
+            assertFalse(everyone.removeMember(anotherGroup));
+
+            assertFalse(anotherGroup.addMember(everyone));
+            assertFalse(anotherGroup.removeMember(everyone));
+
+        } finally {
+            if (anotherGroup != null) {
+                anotherGroup.remove();
+                superuser.save();
+            }
+        }
+    }
+}
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImplTest.java?rev=1344670&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImplTest.java (added)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImplTest.java Thu May 31 12:17:02 2012
@@ -0,0 +1,672 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.jcr.security.user;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+import javax.jcr.RepositoryException;
+
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * GroupImplTest...
+ */
+public class GroupImplTest extends AbstractUserTest {
+
+    private List<String> members = new ArrayList<String>();
+
+    @Before
+    @Override
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        group.addMember(userMgr.getAuthorizable(superuser.getUserID()));
+        group.addMember(user);
+
+        members.add(superuser.getUserID());
+        members.add(user.getID());
+
+        superuser.save();
+    }
+
+    private static void assertTrueIsMember(Iterator<Authorizable> members, Authorizable auth) throws RepositoryException {
+        boolean contained = false;
+        while (members.hasNext() && !contained) {
+            Object next = members.next();
+            assertTrue(next instanceof Authorizable);
+            contained = ((Authorizable)next).getID().equals(auth.getID());
+        }
+        assertTrue("The given set of members must contain '" + auth.getID() + '\'', contained);
+    }
+
+    private static void assertFalseIsMember(Iterator<Authorizable> members, Authorizable auth) throws RepositoryException {
+        boolean contained = false;
+        while (members.hasNext() && !contained) {
+            Object next = members.next();
+            assertTrue(next instanceof Authorizable);
+            contained = ((Authorizable)next).getID().equals(auth.getID());
+        }
+        assertFalse("The given set of members must not contain '" + auth.getID() + '\'', contained);
+    }
+
+    private static void assertTrueMemberOfContainsGroup(Iterator<Group> groups, Group gr) throws RepositoryException {
+        boolean contained = false;
+        while (groups.hasNext() && !contained) {
+            Object next = groups.next();
+            assertTrue(next instanceof Group);
+            contained = ((Group)next).getID().equals(gr.getID());
+        }
+        assertTrue("All members of a group must contain that group upon 'memberOf'.", contained);
+    }
+
+    private static void assertFalseMemberOfContainsGroup(Iterator<Group> groups, Group gr) throws RepositoryException {
+        boolean contained = false;
+        while (groups.hasNext() && !contained) {
+            Object next = groups.next();
+            assertTrue(next instanceof Group);
+            contained = ((Group)next).getID().equals(gr.getID());
+        }
+        assertFalse("All members of a group must contain that group upon 'memberOf'.", contained);
+    }
+
+    @Test
+    public void testIsGroup() throws NotExecutableException, RepositoryException {
+        assertTrue(group.isGroup());
+    }
+
+    @Test
+    public void testGetDeclaredMembers() throws NotExecutableException, RepositoryException {
+        Iterator<Authorizable> it = group.getDeclaredMembers();
+        assertNotNull(it);
+        while (it.hasNext()) {
+            Authorizable a = it.next();
+            assertNotNull(a);
+            members.remove(a.getID());
+        }
+        assertTrue(members.isEmpty());
+    }
+
+    @Test
+    public void testGetMembers() throws NotExecutableException, RepositoryException {
+        Iterator<Authorizable> it = group.getMembers();
+        assertNotNull(it);
+        while (it.hasNext()) {
+            assertTrue(it.next() != null);
+        }
+    }
+
+    @Test
+    public void testGetMembersAgainstIsMember() throws NotExecutableException, RepositoryException {
+        Iterator<Authorizable> it = group.getMembers();
+        while (it.hasNext()) {
+            Authorizable auth = it.next();
+            assertTrue(group.isMember(auth));
+        }
+    }
+
+    @Test
+    public void testGetMembersAgainstMemberOf() throws NotExecutableException, RepositoryException {
+        Iterator<Authorizable> it = group.getMembers();
+        while (it.hasNext()) {
+            Authorizable auth = it.next();
+            assertTrueMemberOfContainsGroup(auth.memberOf(), group);
+        }
+    }
+
+    @Test
+    public void testGetDeclaredMembersAgainstDeclaredMemberOf() throws NotExecutableException, RepositoryException {
+        Iterator<Authorizable> it = group.getDeclaredMembers();
+        while (it.hasNext()) {
+            Authorizable auth = it.next();
+            assertTrueMemberOfContainsGroup(auth.declaredMemberOf(), group);
+        }
+    }
+
+    @Test
+    public void testGetMembersContainsDeclaredMembers() throws NotExecutableException, RepositoryException {
+        List<String> l = new ArrayList<String>();
+        for (Iterator<Authorizable> it = group.getMembers(); it.hasNext();) {
+            l.add(it.next().getID());
+        }
+        for (Iterator<Authorizable> it = group.getDeclaredMembers(); it.hasNext();) {
+            assertTrue("All declared members must also be part of the Iterator " +
+                    "returned upon getMembers()",l.contains(it.next().getID()));
+        }
+    }
+
+    @Test
+    public void testAddMember() throws NotExecutableException, RepositoryException {
+        User auth = getTestUser(superuser);
+        Group newGroup = null;
+        try {
+            newGroup = userMgr.createGroup(getTestPrincipal());
+            superuser.save();
+
+            assertFalse(newGroup.isMember(auth));
+            assertFalse(newGroup.removeMember(auth));
+            superuser.save();
+
+            assertTrue(newGroup.addMember(auth));
+            superuser.save();
+            assertTrue(newGroup.isMember(auth));
+            assertTrue(newGroup.isMember(userMgr.getAuthorizable(auth.getID())));
+
+        } finally {
+            if (newGroup != null) {
+                newGroup.removeMember(auth);
+                newGroup.remove();
+                superuser.save();
+            }
+        }
+    }
+
+    @Test
+    public void testAddMembers() throws NotExecutableException, RepositoryException {
+        User auth = getTestUser(superuser);
+        Group newGroup = null;
+        int size = 100;
+        List<User> users = new ArrayList<User>(size);
+        try {
+            newGroup = userMgr.createGroup(getTestPrincipal());
+            superuser.save();
+
+            for (int k = 0; k < size; k++) {
+                users.add(userMgr.createUser("user_" + k, "pass_" + k));
+            }
+            superuser.save();
+
+            for (User user : users) {
+                assertTrue(newGroup.addMember(user));
+            }
+            superuser.save();
+
+            for (User user : users) {
+                assertTrue(newGroup.isMember(user));
+            }
+
+            for (User user : users) {
+                assertTrue(newGroup.removeMember(user));
+            }
+            superuser.save();
+
+            for (User user : users) {
+                assertFalse(newGroup.isMember(user));
+            }
+        } finally {
+            for (User user : users) {
+                user.remove();
+                superuser.save();
+            }
+            if (newGroup != null) {
+                newGroup.removeMember(auth);
+                newGroup.remove();
+                superuser.save();
+            }
+        }
+    }
+
+    @Test
+    public void testAddRemoveMember() throws NotExecutableException, RepositoryException {
+        User auth = getTestUser(superuser);
+        Group newGroup1 = null;
+        Group newGroup2 = null;
+        try {
+            newGroup1 = userMgr.createGroup(getTestPrincipal());
+            newGroup2 = userMgr.createGroup(getTestPrincipal());
+            superuser.save();
+
+            assertFalse(newGroup1.isMember(auth));
+            assertFalse(newGroup1.removeMember(auth));
+            superuser.save();
+            assertFalse(newGroup2.isMember(auth));
+            assertFalse(newGroup2.removeMember(auth));
+            superuser.save();
+
+            assertTrue(newGroup1.addMember(auth));
+            superuser.save();
+            assertTrue(newGroup1.isMember(auth));
+            assertTrue(newGroup1.isMember(userMgr.getAuthorizable(auth.getID())));
+
+            assertTrue(newGroup2.addMember(auth));
+            superuser.save();
+            assertTrue(newGroup2.isMember(auth));
+            assertTrue(newGroup2.isMember(userMgr.getAuthorizable(auth.getID())));
+
+            assertTrue(newGroup1.removeMember(auth));
+            superuser.save();
+            assertTrue(newGroup2.removeMember(auth));
+            superuser.save();
+
+            assertTrue(newGroup1.addMember(auth));
+            superuser.save();
+            assertTrue(newGroup1.isMember(auth));
+            assertTrue(newGroup1.isMember(userMgr.getAuthorizable(auth.getID())));
+            assertTrue(newGroup1.removeMember(auth));
+            superuser.save();
+
+
+        } finally {
+            if (newGroup1 != null) {
+                newGroup1.removeMember(auth);
+                newGroup1.remove();
+                superuser.save();
+            }
+            if (newGroup2 != null) {
+                newGroup2.removeMember(auth);
+                newGroup2.remove();
+                superuser.save();
+            }
+        }
+    }
+
+    @Test
+    public void testIsDeclaredMember() throws RepositoryException, NotExecutableException {
+        User auth = getTestUser(superuser);
+        Group newGroup1 = null;
+        Group newGroup2 = null;
+        try {
+            newGroup1 = userMgr.createGroup(getTestPrincipal());
+            newGroup2 = userMgr.createGroup(getTestPrincipal());
+            superuser.save();
+
+            assertFalse(newGroup1.isDeclaredMember(auth));
+            assertFalse(newGroup2.isDeclaredMember(auth));
+
+            assertTrue(newGroup2.addMember(auth));
+            superuser.save();
+            assertTrue(newGroup2.isDeclaredMember(auth));
+            assertTrue(newGroup2.isDeclaredMember(userMgr.getAuthorizable(auth.getID())));
+
+            assertTrue(newGroup1.addMember(newGroup2));
+            superuser.save();
+            assertTrue(newGroup1.isDeclaredMember(newGroup2));
+            assertTrue(newGroup1.isDeclaredMember(userMgr.getAuthorizable(newGroup2.getID())));
+            assertTrue(newGroup1.isMember(auth));
+            assertTrue(newGroup1.isMember(userMgr.getAuthorizable(auth.getID())));
+            assertFalse(newGroup1.isDeclaredMember(auth));
+            assertFalse(newGroup1.isDeclaredMember(userMgr.getAuthorizable(auth.getID())));
+        } finally {
+            if (newGroup1 != null) {
+                newGroup1.remove();
+                superuser.save();
+            }
+            if (newGroup2 != null) {
+                newGroup2.remove();
+                superuser.save();
+            }
+        }
+    }
+
+    @Test
+    public void testAddMemberTwice() throws NotExecutableException, RepositoryException {
+        User auth = getTestUser(superuser);
+        Group newGroup = null;
+        try {
+            newGroup = userMgr.createGroup(getTestPrincipal());
+            superuser.save();
+
+            assertTrue(newGroup.addMember(auth));
+            superuser.save();
+            assertFalse(newGroup.addMember(auth));
+            superuser.save();
+            assertTrue(newGroup.isMember(auth));
+
+        } finally {
+            if (newGroup != null) {
+                newGroup.removeMember(auth);
+                newGroup.remove();
+                superuser.save();
+            }
+        }
+    }
+
+    @Test
+    public void testAddMemberModifiesMemberOf() throws NotExecutableException, RepositoryException {
+        User auth = getTestUser(superuser);
+        Group newGroup = null;
+        try {
+            newGroup = userMgr.createGroup(getTestPrincipal());
+            superuser.save();
+
+            assertFalseMemberOfContainsGroup(auth.memberOf(), newGroup);
+            assertTrue(newGroup.addMember(auth));
+            superuser.save();
+
+            assertTrueMemberOfContainsGroup(auth.declaredMemberOf(), newGroup);
+            assertTrueMemberOfContainsGroup(auth.memberOf(), newGroup);
+        } finally {
+            if (newGroup != null) {
+                newGroup.removeMember(auth);
+                newGroup.remove();
+                superuser.save();
+            }
+        }
+    }
+
+    @Test
+    public void testAddMemberModifiesGetMembers() throws NotExecutableException, RepositoryException {
+        User auth = getTestUser(superuser);
+        Group newGroup = null;
+        try {
+            newGroup = userMgr.createGroup(getTestPrincipal());
+            superuser.save();
+
+            assertFalseIsMember(newGroup.getMembers(), auth);
+            assertFalseIsMember(newGroup.getDeclaredMembers(), auth);
+            assertTrue(newGroup.addMember(auth));
+            superuser.save();
+
+            assertTrueIsMember(newGroup.getMembers(), auth);
+            assertTrueIsMember(newGroup.getDeclaredMembers(), auth);
+        } finally {
+            if (newGroup != null) {
+                newGroup.removeMember(auth);
+                newGroup.remove();
+                superuser.save();
+            }
+        }
+    }
+
+    @Test
+    public void testIndirectMembers() throws NotExecutableException, RepositoryException {
+        User auth = getTestUser(superuser);
+        Group newGroup = null;
+        Group newGroup2 = null;
+        try {
+            newGroup = userMgr.createGroup(getTestPrincipal());
+            newGroup2 = userMgr.createGroup(getTestPrincipal());
+            superuser.save();
+
+            newGroup.addMember(newGroup2);
+            superuser.save();
+            assertTrue(newGroup.isMember(newGroup2));
+
+            newGroup2.addMember(auth);
+            superuser.save();
+
+            // testuser must not be declared member of 'newGroup'
+            assertFalseIsMember(newGroup.getDeclaredMembers(), auth);
+            assertFalseMemberOfContainsGroup(auth.declaredMemberOf(), newGroup);
+
+            // testuser must however be member of 'newGroup' (indirect).
+            assertTrueIsMember(newGroup.getMembers(), auth);
+            assertTrueMemberOfContainsGroup(auth.memberOf(), newGroup);
+
+            // testuser cannot be removed from 'newGroup'
+            assertFalse(newGroup.removeMember(auth));
+            superuser.save();
+        } finally {
+            if (newGroup != null) {
+                newGroup.removeMember(newGroup2);
+                newGroup.remove();
+                superuser.save();
+            }
+            if (newGroup2 != null) {
+                newGroup2.removeMember(auth);
+                newGroup2.remove();
+                superuser.save();
+            }
+        }
+    }
+
+    @Test
+    public void testMembersInPrincipal() throws NotExecutableException, RepositoryException {
+        User auth = getTestUser(superuser);
+        Group newGroup = null;
+        Group newGroup2 = null;
+        try {
+            newGroup = userMgr.createGroup(getTestPrincipal());
+            newGroup2 = userMgr.createGroup(getTestPrincipal());
+            superuser.save();
+
+            newGroup.addMember(newGroup2);
+            superuser.save();
+            newGroup2.addMember(auth);
+            superuser.save();
+
+            java.security.acl.Group ngPrincipal = (java.security.acl.Group) newGroup.getPrincipal();
+            java.security.acl.Group ng2Principal = (java.security.acl.Group) newGroup2.getPrincipal();
+
+            assertFalse(ng2Principal.isMember(ngPrincipal));
+
+            // newGroup2 must be member of newGroup's principal
+            assertTrue(ngPrincipal.isMember(newGroup2.getPrincipal()));
+
+            // testuser must be member of newGroup2's and newGroup's principal (indirect)
+            assertTrue(ng2Principal.isMember(auth.getPrincipal()));
+            assertTrue(ngPrincipal.isMember(auth.getPrincipal()));
+
+        } finally {
+            if (newGroup != null) {
+                newGroup.removeMember(newGroup2);
+                newGroup.remove();
+                superuser.save();
+            }
+            if (newGroup2 != null) {
+                newGroup2.removeMember(auth);
+                newGroup2.remove();
+                superuser.save();
+            }
+        }
+    }
+
+    @Test
+    public void testDeeplyNestedGroups() throws NotExecutableException, RepositoryException {
+        Set<Group> groups = new HashSet<Group>();
+        try {
+            User auth = getTestUser(superuser);
+            Group topGroup = userMgr.createGroup(getTestPrincipal());
+
+            // Create chain of nested groups with auth member of bottom group
+            Group bottomGroup = topGroup;
+            for (int k = 0; k < 100; k++) {
+                Group g = userMgr.createGroup(getTestPrincipal());
+                groups.add(g);
+                bottomGroup.addMember(g);
+                bottomGroup = g;
+            }
+            bottomGroup.addMember(auth);
+
+            // Check that every groups has exactly one member
+            for (Group g : groups) {
+                Iterator<Authorizable> declaredMembers = g.getDeclaredMembers();
+                assertTrue(declaredMembers.hasNext());
+                declaredMembers.next();
+                assertFalse(declaredMembers.hasNext());
+            }
+
+            // Check that we get all members from the getMembers call
+            HashSet<Group> allGroups = new HashSet<Group>(groups);
+            for (Iterator<Authorizable> it = topGroup.getMembers(); it.hasNext(); ) {
+                Authorizable a = it.next();
+                assertTrue(a.equals(auth) || allGroups.remove(a));
+            }
+            assertTrue(allGroups.isEmpty());
+        } finally {
+            for (Group g : groups) {
+                g.remove();
+            }
+        }
+    }
+
+    @Test
+    public void testInheritedMembers() throws Exception {
+        Set<Authorizable> authorizables = new HashSet<Authorizable>();
+        try {
+            User testUser = userMgr.createUser(getTestPrincipal().getName(), "pw");
+            authorizables.add(testUser);
+            Group group1 = userMgr.createGroup(getTestPrincipal());
+            authorizables.add(group1);
+            Group group2 = userMgr.createGroup(getTestPrincipal());
+            authorizables.add(group2);
+            Group group3 = userMgr.createGroup(getTestPrincipal());
+
+            group1.addMember(testUser);
+            group2.addMember(testUser);
+            group3.addMember(group1);
+            group3.addMember(group2);
+
+            Iterator<Authorizable> members = group3.getMembers();
+            while (members.hasNext()) {
+                Authorizable a = members.next();
+                assertTrue(authorizables.contains(a));
+                assertTrue(authorizables.remove(a));
+            }
+
+            assertTrue(authorizables.isEmpty());
+        } finally {
+            for (Authorizable a : authorizables) {
+                a.remove();
+            }
+        }
+    }
+
+    @Test
+    public void testCyclicGroups() throws AuthorizableExistsException, RepositoryException, NotExecutableException {
+        Group group1 = null;
+        Group group2 = null;
+        Group group3 = null;
+        try {
+            group1 = userMgr.createGroup(getTestPrincipal());
+            group2 = userMgr.createGroup(getTestPrincipal());
+            group3 = userMgr.createGroup(getTestPrincipal());
+
+            group1.addMember(getTestUser(superuser));
+            group2.addMember(getTestUser(superuser));
+
+            assertTrue(group1.addMember(group2));
+            assertTrue(group2.addMember(group3));
+            assertFalse(group3.addMember(group1));
+        }
+        finally {
+            if (group1 != null) group1.remove();
+            if (group2 != null) group2.remove();
+            if (group3 != null) group3.remove();
+        }
+    }
+
+    @Test
+    public void testRemoveMemberTwice() throws NotExecutableException, RepositoryException {
+        User auth = getTestUser(superuser);
+        Group newGroup = null;
+        try {
+            newGroup = userMgr.createGroup(getTestPrincipal());
+            superuser.save();
+
+            assertTrue(newGroup.addMember(auth));
+            superuser.save();
+            assertTrue(newGroup.removeMember(userMgr.getAuthorizable(auth.getID())));
+            superuser.save();
+            assertFalse(newGroup.removeMember(auth));
+            superuser.save();
+        } finally {
+            if (newGroup != null) {
+                newGroup.remove();
+                superuser.save();
+            }
+        }
+    }
+
+    @Test
+    public void testAddItselfAsMember() throws RepositoryException, NotExecutableException {
+        Group newGroup = null;
+        try {
+            newGroup = userMgr.createGroup(getTestPrincipal());
+            superuser.save();
+
+            assertFalse(newGroup.addMember(newGroup));
+            superuser.save();
+            newGroup.removeMember(newGroup);
+            superuser.save();
+        } finally {
+            if (newGroup != null) {
+                newGroup.remove();
+                superuser.save();
+            }
+        }
+    }
+
+    @Test
+    public void testRemoveGroupIfMemberExist() throws RepositoryException, NotExecutableException {
+        User auth = getTestUser(superuser);
+        String newGroupId = null;
+
+        try {
+            Group newGroup = userMgr.createGroup(getTestPrincipal());
+            superuser.save();
+            newGroupId = newGroup.getID();
+
+            assertTrue(newGroup.addMember(auth));
+            newGroup.remove();
+            superuser.save();
+        } finally {
+            Group gr = (Group) userMgr.getAuthorizable(newGroupId);
+            if (gr != null) {
+                gr.removeMember(auth);
+                gr.remove();
+                superuser.save();
+            }
+        }
+    }
+
+    @Test
+    public void testRemoveGroupClearsMembership() throws NotExecutableException, RepositoryException {
+        User auth = getTestUser(superuser);
+        Group newGroup = null;
+        String groupId;
+        try {
+            newGroup = userMgr.createGroup(getTestPrincipal());
+            groupId = newGroup.getID();
+            superuser.save();
+
+            assertTrue(newGroup.addMember(auth));
+            superuser.save();
+
+            boolean isMember = false;
+            Iterator<Group> it = auth.declaredMemberOf();
+            while (it.hasNext() && !isMember) {
+                isMember = groupId.equals(it.next().getID());
+            }
+            assertTrue(isMember);
+
+        } finally {
+            if (newGroup != null) {
+                newGroup.remove();
+                superuser.save();
+            }
+        }
+
+        Iterator<Group> it = auth.declaredMemberOf();
+        while (it.hasNext()) {
+            assertFalse(groupId.equals(it.next().getID()));
+        }
+
+        it = auth.memberOf();
+        while (it.hasNext()) {
+            assertFalse(groupId.equals(it.next().getID()));
+        }
+    }
+}
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImplTest.java?rev=1344670&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImplTest.java (added)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImplTest.java Thu May 31 12:17:02 2012
@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.jcr.security.user;
+
+import java.security.Principal;
+import java.util.Collections;
+import javax.jcr.RepositoryException;
+import javax.security.auth.Subject;
+
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Impersonation;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.junit.Test;
+
+/**
+ * ImpersonationImplTest...
+ */
+public class ImpersonationImplTest extends AbstractUserTest {
+
+    private User user2;
+
+    @Override
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        user2 = userMgr.createUser("user2", "pw");
+        superuser.save();
+    }
+
+    @Override
+    protected void tearDown() throws Exception {
+        try {
+            user2.remove();
+            superuser.save();
+        } finally {
+            super.tearDown();
+        }
+    }
+
+    @Test
+    public void testImpersonation() throws RepositoryException, NotExecutableException {
+        Principal user2Principal = user2.getPrincipal();
+        Subject subject = new Subject(true, Collections.singleton(user2Principal), Collections.<Object>emptySet(), Collections.<Object>emptySet());
+
+        Impersonation impers = user.getImpersonation();
+        assertFalse(impers.allows(subject));
+
+        assertTrue(impers.grantImpersonation(user2Principal));
+        assertFalse(impers.grantImpersonation(user2Principal));
+        superuser.save();
+
+        assertTrue(impers.allows(subject));
+
+        assertTrue(impers.revokeImpersonation(user2Principal));
+        assertFalse(impers.revokeImpersonation(user2Principal));
+        superuser.save();
+
+        assertFalse(impers.allows(subject));
+    }
+
+    @Test
+    public void testAdminPrincipalAsImpersonator() throws RepositoryException, NotExecutableException {
+        String adminId = superuser.getUserID();
+        Authorizable admin = userMgr.getAuthorizable(adminId);
+        if (admin == null || admin.isGroup() || !((User) admin).isAdmin()) {
+            throw new NotExecutableException(adminId + " is not administators ID");
+        }
+
+        Principal adminPrincipal = admin.getPrincipal();
+
+        // admin cannot be add/remove to set of impersonators of 'u' but is
+        // always allowed to impersonate that user.
+        Impersonation impersonation = user.getImpersonation();
+
+        assertFalse(impersonation.grantImpersonation(adminPrincipal));
+        assertFalse(impersonation.revokeImpersonation(adminPrincipal));
+        assertTrue(impersonation.allows(buildSubject(adminPrincipal)));
+
+        // same if the impersonation object of the admin itself is used.
+        Impersonation adminImpersonation = ((User) admin).getImpersonation();
+
+        assertFalse(adminImpersonation.grantImpersonation(adminPrincipal));
+        assertFalse(adminImpersonation.revokeImpersonation(adminPrincipal));
+        assertTrue(impersonation.allows(buildSubject(adminPrincipal)));
+    }
+}
\ No newline at end of file



Mime
View raw message