jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1400158 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorizat...
Date Fri, 19 Oct 2012 16:42:51 GMT
Author: angela
Date: Fri Oct 19 16:42:50 2012
New Revision: 1400158

URL: http://svn.apache.org/viewvc?rev=1400158&view=rev
Log:
 OAK-91 - Implement Authentication Support (WIP)

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/SystemPrincipal.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
Fri Oct 19 16:42:50 2012
@@ -21,6 +21,7 @@ package org.apache.jackrabbit.oak.core;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 import javax.annotation.Nonnull;
 import javax.security.auth.Subject;
@@ -38,6 +39,7 @@ import org.apache.jackrabbit.oak.spi.que
 import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
 import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
 import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
 import org.apache.jackrabbit.oak.spi.state.NodeStateDiff;
@@ -126,20 +128,17 @@ public class RootImpl implements Root {
 
     public RootImpl(NodeStore store) {
         this.store = checkNotNull(store);
-        this.subject = new Subject();
+        // TODO review again (see also comment in RepositoryCallback)
+        this.subject = new Subject(true, Collections.singleton(SystemPrincipal.INSTANCE),
Collections.<Object>emptySet(), Collections.<Object>emptySet());
         this.accProvider = new OpenAccessControlProvider();
         this.indexProvider = new CompositeQueryIndexProvider();
         refresh();
     }
 
-    public void setConflictHandler(ConflictHandler conflictHandler) {
+    void setConflictHandler(ConflictHandler conflictHandler) {
         this.conflictHandler = conflictHandler;
     }
 
-    public ConflictHandler getConflictHandler() {
-        return conflictHandler;
-    }
-
     protected void checkLive() {
 
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
Fri Oct 19 16:42:50 2012
@@ -81,12 +81,6 @@ public class TokenProviderImpl implement
      */
     private static final Logger log = LoggerFactory.getLogger(TokenProviderImpl.class);
 
-    /**
-     * Constant for the token attribute passed with simple credentials to
-     * trigger the generation of a new token.
-     */
-    public static final String TOKEN_ATTRIBUTE = ".token";
-
     private static final String TOKEN_ATTRIBUTE_EXPIRY = TOKEN_ATTRIBUTE + ".exp";
     private static final String TOKEN_ATTRIBUTE_KEY = TOKEN_ATTRIBUTE + ".key";
     private static final String TOKENS_NODE_NAME = ".tokens";

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java
Fri Oct 19 16:42:50 2012
@@ -24,6 +24,7 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.authorization.AllPermissions;
 import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
 import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
+import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
 
 /**
  * PermissionProviderImpl... TODO
@@ -41,7 +42,7 @@ class AccessControlContextImpl implement
     @Override
     public CompiledPermissions getPermissions() {
         Set<Principal> principals = subject.getPrincipals();
-        if (isAdmin(principals)) {
+        if (principals.contains(SystemPrincipal.INSTANCE) || isAdmin(principals)) {
             return AllPermissions.getInstance();
         } else {
             // TODO: replace with permissions based on ac evaluation

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
Fri Oct 19 16:42:50 2012
@@ -129,7 +129,6 @@ public class PrincipalProviderImpl imple
 
     private Set<Group> getGroupMembership(Authorizable authorizable) {
         Set<java.security.acl.Group> groupPrincipals = new HashSet<Group>();
-        groupPrincipals.add(EveryonePrincipal.getInstance());
         try {
             Iterator<org.apache.jackrabbit.api.security.user.Group> groups = authorizable.memberOf();
             while (groups.hasNext()) {
@@ -141,6 +140,7 @@ public class PrincipalProviderImpl imple
         } catch (RepositoryException e) {
             log.debug(e.getMessage());
         }
+        groupPrincipals.add(EveryonePrincipal.getInstance());
         return groupPrincipals;
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java
Fri Oct 19 16:42:50 2012
@@ -31,14 +31,13 @@ import org.apache.jackrabbit.oak.spi.sta
  */
 public class RepositoryCallback implements Callback {
 
+    // TODO: base on a system-ContentSession that was passed to this
+    // TODO: callback handler in order have the appropriate set of indexes,
+    // TODO: valiators, commit-hooks etc...
+
     private NodeStore nodeStore;
     private String workspaceName;
 
-    @CheckForNull
-    public NodeStore getNodeStore() {
-        return nodeStore;
-    }
-
     public String getWorkspaceName() {
         return workspaceName;
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java
Fri Oct 19 16:42:50 2012
@@ -26,6 +26,12 @@ import javax.jcr.Credentials;
 public interface TokenProvider {
 
     /**
+     * Constant for the token attribute passed with valid simple credentials to
+     * trigger the generation of a new token.
+     */
+    public static final String TOKEN_ATTRIBUTE = ".token";
+
+    /**
      * Optional configuration parameter to set the token expiration time in ms.
      */
     String PARAM_TOKEN_EXPIRATION = "tokenExpiration";

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java
Fri Oct 19 16:42:50 2012
@@ -16,16 +16,17 @@
  */
 package org.apache.jackrabbit.oak.spi.security.principal;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 import java.security.Principal;
 import java.util.Enumeration;
 
+import org.apache.jackrabbit.api.security.principal.JackrabbitPrincipal;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 /**
  * Built-in principal group that has every other principal as member.
  */
-public class EveryonePrincipal implements java.security.acl.Group {
+public class EveryonePrincipal implements JackrabbitPrincipal, java.security.acl.Group {
 
     /**
      * logger instance

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/SystemPrincipal.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/SystemPrincipal.java?rev=1400158&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/SystemPrincipal.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/SystemPrincipal.java
Fri Oct 19 16:42:50 2012
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.principal;
+
+import java.security.Principal;
+
+/**
+ * Principal to mark an system internal subject.
+ */
+public final class SystemPrincipal implements Principal {
+
+    public static final SystemPrincipal INSTANCE = new SystemPrincipal();
+
+    private SystemPrincipal() { }
+
+    //----------------------------------------------------------< Principal >---
+    @Override
+    public String getName() {
+        return "system";
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java
Fri Oct 19 16:42:50 2012
@@ -115,8 +115,6 @@ public class DefaultLoginModuleTest exte
 
     @Test
     public void testUserLogin() throws Exception {
-        String anonymousID = UserUtility.getAnonymousId(securityProvider.getUserConfiguration().getConfigurationParameters());
-
         Root root = admin.getLatestRoot();
         UserManager userManager = securityProvider.getUserConfiguration().getUserManager(root,
NamePathMapper.DEFAULT);
 

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java?rev=1400158&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java
Fri Oct 19 16:42:50 2012
@@ -0,0 +1,205 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication;
+
+import java.util.Collections;
+import javax.jcr.GuestCredentials;
+import javax.jcr.SimpleCredentials;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginException;
+
+import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule;
+import org.apache.jackrabbit.oak.security.authentication.token.TokenProviderImpl;
+import org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.fail;
+
+/**
+ * TokenDefaultLoginModuleTest...
+ */
+public class TokenDefaultLoginModuleTest extends AbstractSecurityTest {
+
+    @Override
+    protected Configuration getConfiguration() {
+        return new TokenDefaultConfiguration();
+    }
+
+    @Test
+    public void testNullLogin() throws Exception {
+        ContentSession cs = null;
+        try {
+            cs = login(null);
+            fail("Null login should fail");
+        } catch (LoginException e) {
+            // success
+        } finally {
+            if (cs != null) {
+                cs.close();
+            }
+        }
+    }
+
+    @Test
+    public void testGuestLogin() throws Exception {
+        ContentSession cs = null;
+        try {
+            cs = login(new GuestCredentials());
+        } finally {
+            if (cs != null) {
+                cs.close();
+            }
+        }
+    }
+
+    @Test
+    public void testInvalidSimpleCredentials() throws Exception {
+        ContentSession cs = null;
+        try {
+            SimpleCredentials sc = new SimpleCredentials("test", new char[0]);
+            cs = login(sc);
+            fail("Invalid simple credentials login should fail");
+        } catch (LoginException e) {
+            // success
+        } finally {
+            if (cs != null) {
+                cs.close();
+            }
+        }
+    }
+
+    @Test
+    public void testInvalidSimpleCredentialsWithAttribute() throws Exception {
+        ContentSession cs = null;
+        try {
+            SimpleCredentials sc = new SimpleCredentials("test", new char[0]);
+            sc.setAttribute(TokenProviderImpl.TOKEN_ATTRIBUTE, "");
+
+            cs = login(sc);
+            fail("Invalid simple credentials login should fail");
+        } catch (LoginException e) {
+            // success
+        } finally {
+            if (cs != null) {
+                cs.close();
+            }
+        }
+    }
+
+    @Test
+    public void testSimpleCredentials() throws Exception {
+        ContentSession cs = null;
+        try {
+            cs = login(getAdminCredentials());
+        } finally {
+            if (cs != null) {
+                cs.close();
+            }
+        }
+    }
+
+    @Test
+    public void testSimpleCredentialsWithAttribute() throws Exception {
+        ContentSession cs = null;
+        try {
+            SimpleCredentials sc = (SimpleCredentials) getAdminCredentials();
+            sc.setAttribute(TokenProviderImpl.TOKEN_ATTRIBUTE, "");
+            cs = login(sc);
+        } finally {
+            if (cs != null) {
+                cs.close();
+            }
+        }
+    }
+
+    @Test
+    public void testTokenCreationAndLogin() throws Exception {
+        ContentSession cs = null;
+        try {
+            SimpleCredentials sc = (SimpleCredentials) getAdminCredentials();
+            sc.setAttribute(TokenProvider.TOKEN_ATTRIBUTE, "");
+            cs = login(sc);
+
+            Object token = sc.getAttribute(TokenProvider.TOKEN_ATTRIBUTE).toString();
+            assertNotNull(token);
+            TokenCredentials tc = new TokenCredentials(token.toString());
+
+            cs.close();
+            cs = login(tc);
+        } finally {
+            if (cs != null) {
+                cs.close();
+            }
+        }
+    }
+
+    @Test
+    public void testInvalidTokenCredentials() throws Exception {
+        ContentSession cs = null;
+        try {
+            cs = login(new TokenCredentials("invalid"));
+            fail("Invalid token credentials login should fail");
+        } catch (LoginException e) {
+            // success
+        } finally {
+            if (cs != null) {
+                cs.close();
+            }
+        }
+    }
+
+    @Test
+    public void testValidTokenCredentials() throws Exception {
+        Root root = admin.getLatestRoot();
+        TokenProvider tp = securityProvider.getTokenProvider(root);
+
+        SimpleCredentials sc = (SimpleCredentials) getAdminCredentials();
+        TokenInfo info = tp.createToken(sc.getUserID(), Collections.<String, Object>emptyMap());
+
+        ContentSession cs = login(new TokenCredentials(info.getToken()));
+        try {
+            assertEquals(sc.getUserID(), cs.getAuthInfo().getUserID());
+        } finally {
+            cs.close();
+        }
+    }
+
+    private class TokenDefaultConfiguration extends Configuration {
+
+        @Override
+        public AppConfigurationEntry[] getAppConfigurationEntry(String s) {
+            AppConfigurationEntry tokenEntry = new AppConfigurationEntry(
+                    TokenLoginModule.class.getName(),
+                    AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT,
+                    Collections.<String, Object>emptyMap());
+            AppConfigurationEntry defaultEntry = new AppConfigurationEntry(
+                    LoginModuleImpl.class.getName(),
+                    AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
+                    Collections.<String, Object>emptyMap());
+            return new AppConfigurationEntry[] {tokenEntry, defaultEntry};
+        }
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java
Fri Oct 19 16:42:50 2012
@@ -28,7 +28,6 @@ import org.apache.jackrabbit.oak.api.Con
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule;
-import org.apache.jackrabbit.oak.security.authentication.token.TokenProviderImpl;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
 import org.junit.Test;
@@ -77,11 +76,27 @@ public class TokenLoginModuleTest extend
     }
 
     @Test
+    public void testSimpleCredentials() throws Exception {
+        ContentSession cs = null;
+        try {
+            SimpleCredentials sc = new SimpleCredentials("admin", "admin".toCharArray());
+            cs = login(sc);
+            fail("Unsupported credentials login should fail");
+        } catch (LoginException e) {
+            // success
+        } finally {
+            if (cs != null) {
+                cs.close();
+            }
+        }
+    }
+
+    @Test
     public void testSimpleCredentialsWithAttribute() throws Exception {
         ContentSession cs = null;
         try {
             SimpleCredentials sc = new SimpleCredentials("test", new char[0]);
-            sc.setAttribute(TokenProviderImpl.TOKEN_ATTRIBUTE, "");
+            sc.setAttribute(TokenProvider.TOKEN_ATTRIBUTE, "");
 
             cs = login(sc);
             fail("Unsupported credentials login should fail");

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java
Fri Oct 19 16:42:50 2012
@@ -19,11 +19,13 @@ package org.apache.jackrabbit.oak.securi
 import java.security.Principal;
 import java.util.Set;
 
+import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.junit.Test;
 
 import static org.junit.Assert.assertFalse;
@@ -57,4 +59,30 @@ public class PrincipalProviderImplTest e
         }
         assertTrue(containsAdminPrincipal);
     }
+
+    @Test
+    public void testEveryone() throws Exception {
+        Root root = admin.getLatestRoot();
+        UserConfiguration config = securityProvider.getUserConfiguration();
+
+        PrincipalProviderImpl principalProvider = new PrincipalProviderImpl(root, config,
NamePathMapper.DEFAULT);
+
+        Principal everyone = principalProvider.getPrincipal(EveryonePrincipal.NAME);
+        assertTrue(everyone instanceof EveryonePrincipal);
+
+        org.apache.jackrabbit.api.security.user.Group everyoneGroup = null;
+        try {
+            UserManager userMgr = config.getUserManager(root, NamePathMapper.DEFAULT);
+            everyoneGroup = userMgr.createGroup(EveryonePrincipal.NAME);
+            root.commit();
+
+            Principal ep = principalProvider.getPrincipal(EveryonePrincipal.NAME);
+            assertFalse(ep instanceof EveryonePrincipal);
+        } finally {
+            if (everyoneGroup != null) {
+                everyoneGroup.remove();
+                root.commit();
+            }
+        }
+    }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java?rev=1400158&r1=1400157&r2=1400158&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java
Fri Oct 19 16:42:50 2012
@@ -65,11 +65,13 @@ public class EveryoneGroupTest extends A
 
     @Test
     public void testGroupPrincipal() throws Exception {
-        Principal everonePrincipal = everyone.getPrincipal();
-        assertTrue(everonePrincipal instanceof java.security.acl.Group);
+        Principal everyonePrincipal = everyone.getPrincipal();
+        assertTrue(everyonePrincipal instanceof java.security.acl.Group);
+        assertTrue(everyonePrincipal.equals(EveryonePrincipal.getInstance()));
+        assertTrue(EveryonePrincipal.getInstance().equals(everyonePrincipal));
 
-        java.security.acl.Group gr = (java.security.acl.Group) everonePrincipal;
-        assertFalse(gr.isMember(everonePrincipal));
+        java.security.acl.Group gr = (java.security.acl.Group) everyonePrincipal;
+        assertFalse(gr.isMember(everyonePrincipal));
         assertTrue(gr.isMember(getTestUser(superuser).getPrincipal()));
         assertTrue(gr.isMember(new Principal() {
             public String getName() {



Mime
View raw message