jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1396189 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ oak-jcr/ oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/ oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/
Date Tue, 09 Oct 2012 18:46:55 GMT
Author: angela
Date: Tue Oct  9 18:46:54 2012
New Revision: 1396189

URL: http://svn.apache.org/viewvc?rev=1396189&view=rev
Log:
OAK-50 : Implement User Management (WIP)

Added:
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AdministratorTest.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
    jackrabbit/oak/trunk/oak-jcr/pom.xml
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/RepositoryTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractUserTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java?rev=1396189&r1=1396188&r2=1396189&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
Tue Oct  9 18:46:54 2012
@@ -50,16 +50,28 @@ class UserValidator extends DefaultValid
     @Override
     public void propertyAdded(PropertyState after) throws CommitFailedException {
         String name = after.getName();
-        if (REP_DISABLED.equals(name) && isAdminUser()) {
-            throw new CommitFailedException("Admin user cannot be disabled.");
+        if (REP_DISABLED.equals(name) && isAdminUser(parentAfter)) {
+            String msg = "Admin user cannot be disabled.";
+            fail(msg);
         }
     }
 
     @Override
     public void propertyChanged(PropertyState before, PropertyState after) throws CommitFailedException
{
         String name = before.getName();
-        if (REP_PRINCIPAL_NAME.equals(name) || REP_AUTHORIZABLE_ID.equals(name)) {
-            throw new CommitFailedException("Authorizable property " + name + " may not be
altered after user/group creation.");
+        if (isAuthorizableNode(parentBefore) && (REP_PRINCIPAL_NAME.equals(name)
|| REP_AUTHORIZABLE_ID.equals(name))) {
+            String msg = "Authorizable property " + name + " may not be altered after user/group
creation.";
+            fail(msg);
+        }
+    }
+
+
+    @Override
+    public void propertyDeleted(PropertyState before) throws CommitFailedException {
+        String name = before.getName();
+        if (isAuthorizableNode(parentBefore) && (REP_PASSWORD.equals(name) || REP_PRINCIPAL_NAME.equals(name)
|| REP_AUTHORIZABLE_ID.equals(name))) {
+            String msg = "Authorizable property " + name + " may not be removed.";
+            fail(msg);
         }
     }
 
@@ -84,6 +96,16 @@ class UserValidator extends DefaultValid
         return new UserValidator(parentBefore.getChild(name), parentAfter.getChild(name),
provider);
     }
 
+    @Override
+    public Validator childNodeDeleted(String name, NodeState before) throws CommitFailedException
{
+        NodeUtil node = parentBefore.getChild(name);
+        if (isAdminUser(node)) {
+            String msg = "The admin user cannot be removed.";
+            fail(msg);
+        }
+        return null;
+    }
+
     //------------------------------------------------------------< private >---
 
     /**
@@ -96,23 +118,31 @@ class UserValidator extends DefaultValid
      */
     private void assertHierarchy(NodeUtil userNode, String pathConstraint) throws CommitFailedException
{
         if (!Text.isDescendant(pathConstraint, userNode.getTree().getPath())) {
-            Exception e = new ConstraintViolationException("Attempt to create user/group
outside of configured scope " + pathConstraint);
-            throw new CommitFailedException(e);
+            String msg = "Attempt to create user/group outside of configured scope " + pathConstraint;
+            fail(msg);
         }
 
         NodeUtil parent = userNode.getParent();
         while (!parent.getTree().isRoot()) {
             if (!parent.hasPrimaryNodeTypeName(NT_REP_AUTHORIZABLE_FOLDER)) {
                 String msg = "Cannot create user/group: Intermediate folders must be of type
rep:AuthorizableFolder.";
-                Exception e = new ConstraintViolationException(msg);
-                throw new CommitFailedException(e);
+                fail(msg);
             }
             parent = parent.getParent();
         }
     }
 
-    private boolean isAdminUser() {
-        // FIXME: add implementation
-        return false;
+    private boolean isAuthorizableNode(NodeUtil node) {
+        return node.hasPrimaryNodeTypeName(NT_REP_USER) || node.hasPrimaryNodeTypeName(NT_REP_GROUP);
+    }
+
+    private boolean isAdminUser(NodeUtil userNode) {
+        // FIXME: add proper implementation
+        return userNode.hasPrimaryNodeTypeName(NT_REP_USER) && "admin".equals(userNode.getName());
+    }
+
+    private static void fail(String msg) throws CommitFailedException {
+        Exception e = new ConstraintViolationException(msg);
+        throw new CommitFailedException(e);
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-jcr/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/pom.xml?rev=1396189&r1=1396188&r2=1396189&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-jcr/pom.xml Tue Oct  9 18:46:54 2012
@@ -266,9 +266,18 @@
       org.apache.jackrabbit.oak.jcr.security.user.UserManagerTest#testCreateGroupWithExistingPrincipal3
 <!-- OAK-343 -->
       org.apache.jackrabbit.oak.jcr.security.user.UserManagerTest#testEnforceAuthorizableFolderHierarchy
<!-- OAK-343 -->
       org.apache.jackrabbit.oak.jcr.security.user.UserManagerTest#testCreateGroupWithExistingPrincipal2
 <!-- OAK-343 -->
-      org.apache.jackrabbit.oak.jcr.security.user.GroupTest#testDeeplyNestedGroups      
          <!-- OAK-343 -->
-      org.apache.jackrabbit.oak.jcr.security.user.GroupTest#testInheritedMembers        
          <!-- OAK-343 -->
-      org.apache.jackrabbit.oak.jcr.security.user.GroupTest#testCyclicGroups            
          <!-- OAK-343 -->
+      org.apache.jackrabbit.oak.jcr.security.user.GroupTest#testDeeplyNestedGroups      
                <!-- OAK-343 -->
+      org.apache.jackrabbit.oak.jcr.security.user.GroupTest#testInheritedMembers        
                <!-- OAK-343 -->
+      org.apache.jackrabbit.oak.jcr.security.user.GroupTest#testCyclicGroups            
                <!-- OAK-343 -->
+      org.apache.jackrabbit.oak.jcr.security.user.AuthorizableTest#testRemoveListedAuthorizable
         <!-- OAK-343 -->
+      org.apache.jackrabbit.oak.jcr.security.user.AuthorizableTest#testSetPropertyInvalidRelativePath
   <!-- OAK-369 -->
+      org.apache.jackrabbit.oak.jcr.security.user.AuthorizableTest#testSetSpecialProperties
                <!-- protected properties not detected -->
+      org.apache.jackrabbit.oak.jcr.security.user.AuthorizableTest#testRemoveSpecialProperties
             <!-- protected properties not detected -->
+      org.apache.jackrabbit.oak.jcr.security.user.AuthorizableTest#testProtectedUserProperties
             <!-- protected properties not detected -->
+      org.apache.jackrabbit.oak.jcr.security.user.AuthorizableTest#testProtectedGroupProperties
            <!-- protected properties not detected -->
+      org.apache.jackrabbit.oak.jcr.security.user.AuthorizableTest#testSetSpecialPropertiesDirectly
        <!-- protected properties not detected -->
+      org.apache.jackrabbit.oak.jcr.security.user.AuthorizableTest#testRemoveSpecialUserPropertiesDirectly
 <!-- protected properties not detected -->
+      org.apache.jackrabbit.oak.jcr.security.user.AuthorizableTest#testRemoveSpecialGroupPropertiesDirectly
<!-- protected properties not detected -->
       org.apache.jackrabbit.oak.jcr.security.user.UserManagerTest#testUnknownUserLogin  
          <!-- due to dummy login -->
       org.apache.jackrabbit.oak.jcr.security.user.UserTest#testChangePassword2          
          <!-- due to dummy login -->
       org.apache.jackrabbit.oak.jcr.security.user.UserTest#testChangePasswordWithOldPassword2
     <!-- due to dummy login -->

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/RepositoryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/RepositoryTest.java?rev=1396189&r1=1396188&r2=1396189&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/RepositoryTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/RepositoryTest.java
Tue Oct  9 18:46:54 2012
@@ -172,6 +172,25 @@ public class RepositoryTest extends Abst
     }
 
     @Test
+    public void getNode2() throws RepositoryException {
+        Node node = getNode("/foo");
+        Node same = node.getNode(".");
+        assertNotNull(same);
+        assertEquals("foo", same.getName());
+        assertTrue(same.isSame(node));
+    }
+
+    @Ignore // FIXME OAK-369
+    @Test
+    public void getNode3() throws RepositoryException {
+        Node node = getNode("/foo");
+        Node root = node.getNode("..");
+        assertNotNull(root);
+        assertEquals("", root.getName());
+        assertTrue("/".equals(root.getPath()));
+    }
+
+    @Test
     public void getNode() throws RepositoryException {
         Node node = getNode("/foo");
         assertNotNull(node);

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractUserTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractUserTest.java?rev=1396189&r1=1396188&r2=1396189&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractUserTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractUserTest.java
Tue Oct  9 18:46:54 2012
@@ -36,7 +36,7 @@ import org.junit.After;
 import org.junit.Before;
 
 /**
- * AbstractUserTest...
+ * Base class for user mgt related tests
  */
 public abstract class AbstractUserTest extends AbstractJCRTest {
 

Added: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AdministratorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AdministratorTest.java?rev=1396189&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AdministratorTest.java
(added)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AdministratorTest.java
Tue Oct  9 18:46:54 2012
@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.jcr.security.user;
+
+import javax.jcr.Node;
+import javax.jcr.RepositoryException;
+
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * AdministratorTest...
+ */
+public class AdministratorTest extends AbstractUserTest {
+
+    private User admin;
+
+    @Before
+    @Override
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        Authorizable a = userMgr.getAuthorizable(superuser.getUserID());
+        if (a == null || a.isGroup()) {
+            throw new NotExecutableException("Admin user does not exist");
+        }
+        admin = (User) a;
+    }
+
+    @Test
+    public void testIsAdmin() throws NotExecutableException, RepositoryException {
+        assertTrue(admin.isAdmin());
+    }
+
+    @Test
+    public void testDisable() throws NotExecutableException, RepositoryException {
+        try {
+            admin.disable("-> out");
+            superuser.save();
+            fail("The admin cannot be disabled");
+        } catch (RepositoryException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testRemoveAdmin() throws NotExecutableException {
+        try {
+            admin.remove();
+            superuser.save();
+            fail("The admin user cannot be removed.");
+        } catch (RepositoryException e) {
+            // OK superuser cannot be removed. not even by the superuser itself.
+        }
+    }
+
+    @Test
+    public void testRemoveAdminNode() throws RepositoryException, NotExecutableException
{
+        String adminId = admin.getID();
+        // access the node corresponding to the admin user and remove it
+        Node adminNode = superuser.getNode(admin.getPath());
+
+        try {
+            adminNode.remove();
+            // use session obtained from the node as usermgr may point to a dedicated
+            // system workspace different from the superusers workspace.
+            superuser.save();
+            fail("Admin user node cannot be removed.");
+        } catch (Exception e) {
+            // success -> get rid of possibly pending transient modifications
+            superuser.refresh(false);
+        }
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableTest.java?rev=1396189&r1=1396188&r2=1396189&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableTest.java
Tue Oct  9 18:46:54 2012
@@ -18,6 +18,7 @@ package org.apache.jackrabbit.oak.jcr.se
 
 import java.security.Principal;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
@@ -26,7 +27,6 @@ import javax.jcr.Node;
 import javax.jcr.Property;
 import javax.jcr.PropertyIterator;
 import javax.jcr.PropertyType;
-import javax.jcr.RangeIterator;
 import javax.jcr.RepositoryException;
 import javax.jcr.UnsupportedRepositoryOperationException;
 import javax.jcr.Value;
@@ -38,14 +38,13 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.util.Text;
 import org.apache.jackrabbit.value.StringValue;
-import org.junit.Ignore;
 import org.junit.Test;
 
 /**
  * AuthorizableTest...
  */
-@Ignore // FIXME: enable again
 public class AuthorizableTest extends AbstractUserTest {
 
     private List<String> protectedUserProps = new ArrayList<String>();
@@ -68,17 +67,355 @@ public class AuthorizableTest extends Ab
     }
 
     @Test
-    public void testRemoveAdmin() throws NotExecutableException {
-        String adminID = superuser.getUserID();
+    public void testSetProperty() throws NotExecutableException, RepositoryException {
+        Authorizable auth = getTestUser(superuser);
+
+        String propName = "Fullname";
+        Value v = superuser.getValueFactory().createValue("Super User");
+        try {
+            auth.setProperty(propName, v);
+            superuser.save();
+        } catch (RepositoryException e) {
+            throw new NotExecutableException("Cannot test 'Authorizable.setProperty'.");
+        }
+
+        try {
+            boolean found = false;
+            for (Iterator<String> it = auth.getPropertyNames(); it.hasNext() &&
!found;) {
+                found = propName.equals(it.next());
+            }
+            assertTrue(found);
+
+            found = false;
+            for (Iterator<String> it = auth.getPropertyNames("."); it.hasNext() &&
!found;) {
+                found = propName.equals(it.next());
+            }
+            assertTrue(found);
+
+            assertTrue(auth.hasProperty(propName));
+            assertTrue(auth.hasProperty("./" + propName));
+            
+            assertTrue(auth.getProperty(propName).length == 1);
+
+            assertEquals(v, auth.getProperty(propName)[0]);
+            assertEquals(v, auth.getProperty("./" + propName)[0]);
+
+            assertTrue(auth.removeProperty(propName));
+            assertFalse(auth.hasProperty(propName));
+            
+            superuser.save();
+        } finally {
+            // try to remove the property again even if previous calls failed.
+            auth.removeProperty(propName);
+            superuser.save();
+        }
+    }
+
+    @Test
+    public void testSetMultiValueProperty() throws NotExecutableException, RepositoryException
{
+        Authorizable auth = getTestUser(superuser);
+
+        String propName = "Fullname";
+        Value[] v = new Value[] {superuser.getValueFactory().createValue("Super User")};
+        try {
+            auth.setProperty(propName, v);
+            superuser.save();
+        } catch (RepositoryException e) {
+            throw new NotExecutableException("Cannot test 'Authorizable.setProperty'.");
+        }
+
+        try {
+            boolean found = false;
+            for (Iterator<String> it = auth.getPropertyNames(); it.hasNext() &&
!found;) {
+                found = propName.equals(it.next());
+            }
+            assertTrue(found);
+
+            found = false;
+            for (Iterator<String> it = auth.getPropertyNames("."); it.hasNext() &&
!found;) {
+                found = propName.equals(it.next());
+            }
+            assertTrue(found);
+            
+            assertTrue(auth.hasProperty(propName));
+            assertTrue(auth.hasProperty("./" + propName));
+            
+            assertEquals(Arrays.asList(v), Arrays.asList(auth.getProperty(propName)));
+            assertEquals(Arrays.asList(v), Arrays.asList(auth.getProperty("./" + propName)));
+
+            assertTrue(auth.removeProperty(propName));
+            assertFalse(auth.hasProperty(propName));
+            
+            superuser.save();
+        } finally {
+            // try to remove the property again even if previous calls failed.
+            auth.removeProperty(propName);
+            superuser.save();
+        }
+    }
+
+    @Test
+    public void testSetPropertyByRelPath() throws NotExecutableException, RepositoryException
{
+        Authorizable auth = getTestUser(superuser);
+        Value[] v = new Value[] {superuser.getValueFactory().createValue("Super User")};
+
+        List<String> relPaths = new ArrayList<String>();
+        relPaths.add("testing/Fullname");
+        relPaths.add("testing/Email");
+        relPaths.add("testing/testing/testing/Fullname");
+        relPaths.add("testing/testing/testing/Email");
+
+        for (String relPath : relPaths) {
+            try {
+                auth.setProperty(relPath, v);
+                superuser.save();
+
+                assertTrue(auth.hasProperty(relPath));
+                String propName = Text.getName(relPath);
+                assertFalse(auth.hasProperty(propName));
+            } finally {
+                // try to remove the property even if previous calls failed.
+                auth.removeProperty(relPath);
+                superuser.save();
+            }
+        }
+    }
+
+    @Test
+    public void testSetPropertyInvalidRelativePath() throws NotExecutableException, RepositoryException
{
+        Authorizable auth = getTestUser(superuser);
+        Value[] v = new Value[] {superuser.getValueFactory().createValue("Super User")};
+
+        List<String> invalidPaths = new ArrayList<String>();
+        // try setting outside of tree defined by the user.
+        invalidPaths.add("../testing/Fullname");
+        invalidPaths.add("../../testing/Fullname");
+        invalidPaths.add("testing/testing/../../../Fullname");
+        // try absolute path -> must fail
+        invalidPaths.add("/testing/Fullname");
+
+        for (String invalidRelPath : invalidPaths) {
+            try {
+                auth.setProperty(invalidRelPath, v);
+                fail("Modifications outside of the scope of the authorizable must fail. Path
was: " + invalidRelPath);
+            } catch (Exception e) {
+                // success.
+            } finally {
+                superuser.refresh(false);
+            }
+        }
+    }
+
+    @Test
+    public void testGetPropertyByInvalidRelativePath() throws NotExecutableException, RepositoryException
{
+        Authorizable auth = getTestUser(superuser);
+
+        List<String> wrongPaths = new ArrayList<String>();
+        wrongPaths.add("../jcr:primaryType");
+        wrongPaths.add("../../jcr:primaryType");
+        wrongPaths.add("../testing/jcr:primaryType");
+        for (String path : wrongPaths) {
+            assertNull(auth.getProperty(path));
+        }
+
+        List<String> invalidPaths = new ArrayList<String>();
+        invalidPaths.add("/testing/jcr:primaryType");
+        invalidPaths.add("..");
+        invalidPaths.add(".");
+        invalidPaths.add(null);
+        for (String invalidPath : invalidPaths) {
+            try {
+                assertNull(auth.getProperty(invalidPath));
+            } catch (Exception e) {
+                // success
+            }
+        }
+    }
+
+    @Test
+    public void testHasPropertyByInvalidRelativePath() throws NotExecutableException, RepositoryException
{
+        Authorizable auth = getTestUser(superuser);
+
+        List<String> wrongPaths = new ArrayList<String>();
+        wrongPaths.add("../jcr:primaryType");
+        wrongPaths.add("../../jcr:primaryType");
+        wrongPaths.add("../testing/jcr:primaryType");
+        for (String path : wrongPaths) {
+            assertFalse(auth.hasProperty(path));
+        }
+
+
+        List<String> invalidPaths = new ArrayList<String>();
+        invalidPaths.add("..");
+        invalidPaths.add(".");
+        invalidPaths.add(null);
+
+        for (String invalidPath : invalidPaths) {
+            try {
+                assertFalse(auth.hasProperty(invalidPath));
+            } catch (Exception e) {
+                // success
+            }
+        }
+    }
+
+    @Test
+    public void testGetPropertyNames() throws NotExecutableException, RepositoryException
{
+        Authorizable auth = getTestUser(superuser);
+
+        String propName = "Fullname";
+        Value v = superuser.getValueFactory().createValue("Super User");
+        try {
+            auth.setProperty(propName, v);
+            superuser.save();
+        } catch (RepositoryException e) {
+            throw new NotExecutableException("Cannot test 'Authorizable.setProperty'.");
+        }
+
         try {
-            Authorizable admin = userMgr.getAuthorizable(adminID);
-            if (admin == null) {
-                throw new NotExecutableException("Admin user does not exist");
+            for (Iterator<String> it = auth.getPropertyNames(); it.hasNext();) {
+                String name = it.next();
+                assertTrue(auth.hasProperty(name));
+                assertNotNull(auth.getProperty(name));
             }
-            admin.remove();
-            fail("The admin user cannot be removed.");
+        } finally {
+            // try to remove the property again even if previous calls failed.
+            auth.removeProperty(propName);
+            superuser.save();
+        }
+    }
+
+    @Test
+    public void testGetPropertyNamesByRelPath() throws NotExecutableException, RepositoryException
{
+        Authorizable auth = getTestUser(superuser);
+
+        String relPath = "testing/Fullname";
+        Value v = superuser.getValueFactory().createValue("Super User");
+        try {
+            auth.setProperty(relPath, v);
+            superuser.save();
         } catch (RepositoryException e) {
-            // OK superuser cannot be removed. not even by the superuser itself.
+            throw new NotExecutableException("Cannot test 'Authorizable.setProperty'.");
+        }
+
+        try {
+            for (Iterator<String> it = auth.getPropertyNames(); it.hasNext();) {
+                String name = it.next();
+                assertFalse("Fullname".equals(name));
+            }
+
+            for (Iterator<String> it = auth.getPropertyNames("testing"); it.hasNext();)
{
+                String name = it.next();
+                String rp = "testing/" + name;
+                
+                assertFalse(auth.hasProperty(name));
+                assertNull(auth.getProperty(name));
+
+                assertTrue(auth.hasProperty(rp));
+                assertNotNull(auth.getProperty(rp));
+            }
+            for (Iterator<String> it = auth.getPropertyNames("./testing"); it.hasNext();)
{
+                String name = it.next();
+                String rp = "testing/" + name;
+
+                assertFalse(auth.hasProperty(name));
+                assertNull(auth.getProperty(name));
+
+                assertTrue(auth.hasProperty(rp));
+                assertNotNull(auth.getProperty(rp));
+            }
+        } finally {
+            // try to remove the property again even if previous calls failed.
+            auth.removeProperty(relPath);
+            superuser.save();
+        }
+    }
+
+    @Test
+    public void testGetPropertyNamesByInvalidRelPath() throws NotExecutableException, RepositoryException
{
+        Authorizable auth = getTestUser(superuser);
+
+        List<String> invalidPaths = new ArrayList<String>();
+        invalidPaths.add("../");
+        invalidPaths.add("../../");
+        invalidPaths.add("../testing");
+        invalidPaths.add("/testing");
+        invalidPaths.add(null);
+
+        for (String invalidRelPath : invalidPaths) {
+            try {
+                auth.getPropertyNames(invalidRelPath);
+                fail("Calling Authorizable#getPropertyNames with " + invalidRelPath + " must
fail.");
+            } catch (Exception e) {
+                // success
+            }
+        }
+    }
+
+    @Test
+    public void testGetNotExistingProperty() throws RepositoryException, NotExecutableException
{
+        Authorizable auth = getTestUser(superuser);
+        String hint = "Fullname";
+        String propName = hint;
+        int i = 0;
+        while (auth.hasProperty(propName)) {
+            propName = hint + i;
+            i++;
+        }
+        assertNull(auth.getProperty(propName));
+        assertFalse(auth.hasProperty(propName));
+    }
+
+    @Test
+    public void testRemoveNotExistingProperty() throws RepositoryException, NotExecutableException
{
+        Authorizable auth = getTestUser(superuser);
+        String hint = "Fullname";
+        String propName = hint;
+        int i = 0;
+        while (auth.hasProperty(propName)) {
+            propName = hint + i;
+            i++;
+        }
+        assertFalse(auth.removeProperty(propName));
+        superuser.save();
+    }
+
+    /**
+     * Removing an authorizable that is still listed as member of a group.
+     * @throws javax.jcr.RepositoryException
+     * @throws org.apache.jackrabbit.test.NotExecutableException
+     */
+    public void testRemoveListedAuthorizable() throws RepositoryException, NotExecutableException
{
+        String newUserId = null;
+        Group newGroup = null;
+
+        try {
+            Principal uP = getTestPrincipal();
+            User newUser = userMgr.createUser(uP.getName(), uP.getName());
+            superuser.save();
+            newUserId = newUser.getID();
+
+            newGroup = userMgr.createGroup(getTestPrincipal());
+            newGroup.addMember(newUser);
+            superuser.save();
+
+            // remove the new user that is still listed as member.
+            newUser.remove();
+            superuser.save();
+        } finally {
+            if (newUserId != null) {
+                Authorizable u = userMgr.getAuthorizable(newUserId);
+                if (u != null) {
+                    if (newGroup != null) {
+                        newGroup.removeMember(u);
+                    }
+                    u.remove();
+                }
+            }
+            if (newGroup != null) {
+                newGroup.remove();
+            }
+            superuser.save();
         }
     }
 
@@ -180,43 +517,6 @@ public class AuthorizableTest extends Ab
     }
 
     @Test
-    public void testMemberOfRangeIterator() throws NotExecutableException, RepositoryException
{
-        Authorizable auth = null;
-        Group group = null;
-
-        try {
-            auth = userMgr.createUser(createUserId(), "pw");
-            group = userMgr.createGroup(createGroupId());
-            superuser.save();
-
-            Iterator<Group> groups = auth.declaredMemberOf();
-            assertTrue(groups instanceof RangeIterator);
-            assertEquals(0, ((RangeIterator) groups).getSize());
-            groups = auth.memberOf();
-            assertTrue(groups instanceof RangeIterator);
-            assertEquals(0, ((RangeIterator) groups).getSize());
-
-            group.addMember(auth);
-            groups = auth.declaredMemberOf();
-            assertTrue(groups instanceof RangeIterator);
-            assertEquals(1, ((RangeIterator) groups).getSize());
-
-            groups = auth.memberOf();
-            assertTrue(groups instanceof RangeIterator);
-            assertEquals(1, ((RangeIterator) groups).getSize());
-
-        } finally {
-            if (auth != null) {
-                auth.remove();
-            }
-            if (group != null) {
-                group.remove();
-            }
-            superuser.save();
-        }
-    }
-
-    @Test
     public void testSetSpecialPropertiesDirectly() throws NotExecutableException, RepositoryException
{
         Authorizable user = getTestUser(superuser);
         Node n = getNode(user, superuser);
@@ -436,14 +736,4 @@ public class AuthorizableTest extends Ab
         assertFalse(user.equals(user3));
         assertTrue(s.add(user3));
     }
-
-    @Test
-    public void testGetPath() throws Exception {
-        Authorizable user = getTestUser(superuser);
-        try {
-            assertEquals(getNode(user, superuser).getPath(), user.getPath());
-        } catch (UnsupportedRepositoryOperationException e) {
-            // ok.
-        }
-    }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java?rev=1396189&r1=1396188&r2=1396189&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java
Tue Oct  9 18:46:54 2012
@@ -22,6 +22,7 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 import javax.jcr.RepositoryException;
+import javax.jcr.UnsupportedRepositoryOperationException;
 
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
@@ -98,6 +99,29 @@ public class GroupTest extends AbstractU
     }
 
     @Test
+    public void testGetID() throws NotExecutableException, RepositoryException {
+        assertNotNull(group.getID());
+        assertNotNull(userMgr.getAuthorizable(group.getID()).getID());
+    }
+
+    @Test
+    public void testGetPrincipal() throws RepositoryException, NotExecutableException {
+        assertNotNull(group.getPrincipal());
+        assertNotNull(userMgr.getAuthorizable(group.getID()).getPrincipal());
+    }
+
+    @Test
+    public void testGetPath() throws RepositoryException, NotExecutableException {
+        assertNotNull(group.getPath());
+        assertNotNull(userMgr.getAuthorizable(group.getID()).getPath());
+        try {
+            assertEquals(getNode(group, superuser).getPath(), group.getPath());
+        } catch (UnsupportedRepositoryOperationException e) {
+            // ok.
+        }
+    }
+
+    @Test
     public void testGetDeclaredMembers() throws NotExecutableException, RepositoryException
{
         Iterator<Authorizable> it = group.getDeclaredMembers();
         assertNotNull(it);

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationTest.java?rev=1396189&r1=1396188&r2=1396189&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationTest.java
Tue Oct  9 18:46:54 2012
@@ -24,14 +24,13 @@ import javax.security.auth.Subject;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.Impersonation;
 import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
 import org.apache.jackrabbit.test.NotExecutableException;
-import org.junit.Ignore;
 import org.junit.Test;
 
 /**
  * ImpersonationTest...
  */
-@Ignore // FIXME: enable again
 public class ImpersonationTest extends AbstractUserTest {
 
     private User user2;
@@ -76,7 +75,7 @@ public class ImpersonationTest extends A
     }
 
     @Test
-    public void testAdminPrincipalAsImpersonator() throws RepositoryException, NotExecutableException
{
+    public void testAdminAsImpersonator() throws RepositoryException, NotExecutableException
{
         String adminId = superuser.getUserID();
         Authorizable admin = userMgr.getAuthorizable(adminId);
         if (admin == null || admin.isGroup() || !((User) admin).isAdmin()) {
@@ -100,4 +99,17 @@ public class ImpersonationTest extends A
         assertFalse(adminImpersonation.revokeImpersonation(adminPrincipal));
         assertTrue(impersonation.allows(buildSubject(adminPrincipal)));
     }
+
+    public void testAdminPrincipalAsImpersonator() throws RepositoryException, NotExecutableException
{
+
+        Principal adminPrincipal = AdminPrincipal.INSTANCE;
+
+        // admin cannot be add/remove to set of impersonators of 'u' but is
+        // always allowed to impersonate that user.
+        Impersonation impersonation = user.getImpersonation();
+
+        assertFalse(impersonation.grantImpersonation(adminPrincipal));
+        assertFalse(impersonation.revokeImpersonation(adminPrincipal));
+        assertTrue(impersonation.allows(buildSubject(adminPrincipal)));
+    }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserTest.java?rev=1396189&r1=1396188&r2=1396189&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserTest.java
Tue Oct  9 18:46:54 2012
@@ -20,12 +20,12 @@ import javax.jcr.LoginException;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.SimpleCredentials;
+import javax.jcr.UnsupportedRepositoryOperationException;
 
 import org.apache.jackrabbit.api.JackrabbitSession;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.test.NotExecutableException;
-import org.junit.Ignore;
 import org.junit.Test;
 
 /**
@@ -45,17 +45,31 @@ public class UserTest extends AbstractUs
     }
 
     @Test
-    public void testIsAdmin() throws NotExecutableException, RepositoryException {
-        assertFalse(user.isAdmin());
+    public void testGetId() throws NotExecutableException, RepositoryException {
+        assertNotNull(user.getID());
+        assertNotNull(userMgr.getAuthorizable(user.getID()).getID());
+    }
+
+    @Test
+    public void testGetPrincipal() throws RepositoryException, NotExecutableException {
+        assertNotNull(user.getPrincipal());
+        assertNotNull(userMgr.getAuthorizable(user.getID()).getPrincipal());
     }
 
     @Test
-    public void testAdminIsAdmin() throws NotExecutableException, RepositoryException {
-        User admin = (User) userMgr.getAuthorizable(superuser.getUserID());
-        if (admin == null) {
-            throw new NotExecutableException("Admin user does not exist");
+    public void testGetPath() throws RepositoryException, NotExecutableException {
+        assertNotNull(user.getPath());
+        assertNotNull(userMgr.getAuthorizable(user.getID()).getPath());
+        try {
+            assertEquals(getNode(user, superuser).getPath(), user.getPath());
+        } catch (UnsupportedRepositoryOperationException e) {
+            // ok.
         }
-        assertTrue(admin.isAdmin());
+    }
+
+    @Test
+    public void testIsAdmin() throws NotExecutableException, RepositoryException {
+        assertFalse(user.isAdmin());
     }
 
     @Test



Mime
View raw message