Return-Path: X-Original-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Delivered-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 75E9CD703 for ; Thu, 18 Oct 2012 11:20:59 +0000 (UTC) Received: (qmail 93767 invoked by uid 500); 18 Oct 2012 11:11:56 -0000 Delivered-To: apmail-jackrabbit-oak-commits-archive@jackrabbit.apache.org Received: (qmail 93710 invoked by uid 500); 18 Oct 2012 11:11:54 -0000 Mailing-List: contact oak-commits-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: oak-dev@jackrabbit.apache.org Delivered-To: mailing list oak-commits@jackrabbit.apache.org Received: (qmail 93608 invoked by uid 99); 18 Oct 2012 11:11:49 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Oct 2012 11:11:49 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Oct 2012 11:11:45 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 38C622388962; Thu, 18 Oct 2012 11:11:02 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1399580 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/ oa... Date: Thu, 18 Oct 2012 11:11:00 -0000 To: oak-commits@jackrabbit.apache.org From: angela@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20121018111102.38C622388962@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: angela Date: Thu Oct 18 11:10:59 2012 New Revision: 1399580 URL: http://svn.apache.org/viewvc?rev=1399580&view=rev Log: OAK-90 : Implement Principal Management (WIP) OAK-50 : User Management (WIP) Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/AdminPrincipalImpl.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/AdminPrincipal.java jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationTest.java Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java?rev=1399580&r1=1399579&r2=1399580&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java Thu Oct 18 11:10:59 2012 @@ -38,9 +38,7 @@ import org.apache.jackrabbit.oak.spi.sec import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration; import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration; -import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider; import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration; -import org.apache.jackrabbit.oak.spi.security.user.UserProvider; import org.apache.jackrabbit.oak.spi.state.NodeStore; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -120,10 +118,7 @@ public class SecurityProviderImpl implem @Nonnull @Override public PrincipalProvider getPrincipalProvider(Root root, NamePathMapper namePathMapper) { - UserConfiguration userConfiguration = getUserConfiguration(); - UserProvider userProvider = userConfiguration.getUserProvider(root); - MembershipProvider msProvider = userConfiguration.getMembershipProvider(root); - return new PrincipalProviderImpl(userProvider, msProvider, namePathMapper); + return new PrincipalProviderImpl(root, getUserConfiguration(), namePathMapper); } }; } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java?rev=1399580&r1=1399579&r2=1399580&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java Thu Oct 18 11:10:59 2012 @@ -41,11 +41,21 @@ class AccessControlContextImpl implement @Override public CompiledPermissions getPermissions() { Set principals = subject.getPrincipals(); - if (principals.contains(AdminPrincipal.INSTANCE)) { + if (isAdmin(principals)) { return AllPermissions.getInstance(); } else { // TODO: replace with permissions based on ac evaluation return new CompiledPermissionImpl(principals); } } + + //-------------------------------------------------------------------------- + private static boolean isAdmin(Set principals) { + for (Principal principal : principals) { + if (principal instanceof AdminPrincipal) { + return true; + } + } + return false; + } } Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/AdminPrincipalImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/AdminPrincipalImpl.java?rev=1399580&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/AdminPrincipalImpl.java (added) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/AdminPrincipalImpl.java Thu Oct 18 11:10:59 2012 @@ -0,0 +1,36 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.security.principal; + +import org.apache.jackrabbit.oak.api.Tree; +import org.apache.jackrabbit.oak.namepath.PathMapper; +import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal; +import org.apache.jackrabbit.oak.spi.security.principal.TreeBasedPrincipal; + +/** + * AdminPrincipalImpl... TODO + */ +public class AdminPrincipalImpl extends TreeBasedPrincipal implements AdminPrincipal { + + public AdminPrincipalImpl(Tree tree, PathMapper pathMapper) { + super(tree, pathMapper); + } + + public AdminPrincipalImpl(String principalName, Tree tree, PathMapper pathMapper) { + super(principalName, tree, pathMapper); + } +} \ No newline at end of file Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java?rev=1399580&r1=1399579&r2=1399580&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java Thu Oct 18 11:10:59 2012 @@ -29,14 +29,15 @@ import com.google.common.base.Function; import com.google.common.base.Predicates; import com.google.common.collect.Iterators; import org.apache.jackrabbit.api.security.principal.PrincipalManager; +import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.namepath.PathMapper; -import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal; import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal; import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider; import org.apache.jackrabbit.oak.spi.security.principal.TreeBasedPrincipal; import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType; import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider; +import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration; import org.apache.jackrabbit.oak.spi.security.user.UserConstants; import org.apache.jackrabbit.oak.spi.security.user.UserProvider; import org.slf4j.Logger; @@ -58,11 +59,11 @@ public class PrincipalProviderImpl imple private final MembershipProvider membershipProvider; private final PathMapper pathMapper; - public PrincipalProviderImpl(UserProvider userProvider, - MembershipProvider membershipProvider, + public PrincipalProviderImpl(Root root, + UserConfiguration userConfiguration, PathMapper pathMapper) { - this.userProvider = userProvider; - this.membershipProvider = membershipProvider; + this.userProvider = userConfiguration.getUserProvider(root); + this.membershipProvider = userConfiguration.getMembershipProvider(root); this.pathMapper = pathMapper; } @@ -99,12 +100,15 @@ public class PrincipalProviderImpl imple Tree userTree = userProvider.getAuthorizable(userID, AuthorizableType.USER); if (userTree != null) { principals = new HashSet(); - Principal userPrincipal = new TreeBasedPrincipal(userTree, pathMapper); - principals.add(userPrincipal); - principals.addAll(getGroupMembership(userPrincipal)); + Principal userPrincipal; if (userProvider.isAdminUser(userTree)) { - principals.add(AdminPrincipal.INSTANCE); + userPrincipal = new AdminPrincipalImpl(userTree, pathMapper); + } else { + userPrincipal = new TreeBasedPrincipal(userTree, pathMapper); } + principals.add(userPrincipal); + principals.addAll(getGroupMembership(userPrincipal)); + } else { principals = Collections.emptySet(); } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java?rev=1399580&r1=1399579&r2=1399580&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java Thu Oct 18 11:10:59 2012 @@ -285,19 +285,6 @@ abstract class AuthorizableImpl implemen } //-------------------------------------------------------------------------- - /** - * @return The node associated with this authorizable instance. - * @throws javax.jcr.RepositoryException - */ - @Nonnull - Node getNode() throws RepositoryException { - if (node == null) { - String jcrPath = userManager.getNamePathMapper().getJcrPath(getTree().getPath()); - node = userManager.getSession().getNode(jcrPath); - } - return node; - } - @Nonnull Tree getTree() { Tree tree = getUserProvider().getAuthorizable(id); @@ -347,6 +334,18 @@ abstract class AuthorizableImpl implemen } /** + * @return The node associated with this authorizable instance. + * @throws javax.jcr.RepositoryException + */ + @Nonnull + private Node getNode() throws RepositoryException { + if (node == null) { + node = userManager.getAuthorizableNode(getTree().getPath()); + } + return node; + } + + /** * Returns true if the given property of the authorizable node is one of the * non-protected properties defined by the rep:Authorizable node type or a * some other descendant of the authorizable node. Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java?rev=1399580&r1=1399579&r2=1399580&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java Thu Oct 18 11:10:59 2012 @@ -204,7 +204,7 @@ class ImpersonationImpl implements Imper } private boolean isAdmin(Principal principal) { - if (principal == AdminPrincipal.INSTANCE) { + if (principal instanceof AdminPrincipal) { return true; } else if (principal instanceof Group) { return false; Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java?rev=1399580&r1=1399579&r2=1399580&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java Thu Oct 18 11:10:59 2012 @@ -24,9 +24,10 @@ import javax.jcr.UnsupportedRepositoryOp import org.apache.jackrabbit.api.security.user.Impersonation; import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.oak.api.Tree; +import org.apache.jackrabbit.oak.security.principal.AdminPrincipalImpl; import org.apache.jackrabbit.oak.spi.security.principal.TreeBasedPrincipal; -import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility; import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType; +import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -40,8 +41,11 @@ class UserImpl extends AuthorizableImpl */ private static final Logger log = LoggerFactory.getLogger(UserImpl.class); + private final boolean isAdmin; + UserImpl(String id, Tree tree, UserManagerImpl userManager) throws RepositoryException { super(id, tree, userManager); + isAdmin = userManager.getUserProvider().isAdminUser(tree); } void checkValidTree(Tree tree) throws RepositoryException { @@ -66,7 +70,11 @@ class UserImpl extends AuthorizableImpl public Principal getPrincipal() throws RepositoryException { Tree userTree = getTree(); String principalName = getUserProvider().getPrincipalName(userTree); - return new TreeBasedPrincipal(principalName, userTree, getUserManager().getNamePathMapper()); + if (isAdmin()) { + return new AdminPrincipalImpl(principalName, userTree, getUserManager().getNamePathMapper()); + } else { + return new TreeBasedPrincipal(principalName, userTree, getUserManager().getNamePathMapper()); + } } //---------------------------------------------------------------< User >--- @@ -75,7 +83,7 @@ class UserImpl extends AuthorizableImpl */ @Override public boolean isAdmin() { - return getUserProvider().isAdminUser(getTree()); + return isAdmin; } /** Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?rev=1399580&r1=1399579&r2=1399580&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java Thu Oct 18 11:10:59 2012 @@ -19,6 +19,7 @@ package org.apache.jackrabbit.oak.securi import java.security.Principal; import java.util.Iterator; import javax.annotation.CheckForNull; +import javax.jcr.Node; import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.jcr.UnsupportedRepositoryOperationException; @@ -239,7 +240,7 @@ public class UserManagerImpl implements */ void onCreate(User user, String password) throws RepositoryException { for (AuthorizableAction action : getAuthorizableActions()) { - action.onCreate(user, password, getSession()); + action.onCreate(user, password, session); } } @@ -253,7 +254,7 @@ public class UserManagerImpl implements */ void onCreate(Group group) throws RepositoryException { for (AuthorizableAction action : getAuthorizableActions()) { - action.onCreate(group, getSession()); + action.onCreate(group, session); } } @@ -267,7 +268,7 @@ public class UserManagerImpl implements */ void onRemove(Authorizable authorizable) throws RepositoryException { for (AuthorizableAction action : getAuthorizableActions()) { - action.onRemove(authorizable, getSession()); + action.onRemove(authorizable, session); } } @@ -282,7 +283,7 @@ public class UserManagerImpl implements */ void onPasswordChange(User user, String password) throws RepositoryException { for (AuthorizableAction action : getAuthorizableActions()) { - action.onPasswordChange(user, password, getSession()); + action.onPasswordChange(user, password, session); } } @@ -292,8 +293,9 @@ public class UserManagerImpl implements //-------------------------------------------------------------------------- - Session getSession() { - return session; + Node getAuthorizableNode(String oakPath) throws RepositoryException { + String jcrPath = getNamePathMapper().getJcrPath(oakPath); + return session.getNode(jcrPath); } NamePathMapper getNamePathMapper() { Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/AdminPrincipal.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/AdminPrincipal.java?rev=1399580&r1=1399579&r2=1399580&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/AdminPrincipal.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/AdminPrincipal.java Thu Oct 18 11:10:59 2012 @@ -24,23 +24,6 @@ import java.security.Principal; * special (admin) access permissions. It may be used as the single or as * additional non-group principal. */ -public final class AdminPrincipal implements Principal { +public interface AdminPrincipal extends Principal { - public static final String NAME = "administrator"; - - public static final Principal INSTANCE = new AdminPrincipal(); - - private AdminPrincipal() { } - - //----------------------------------------------------------< Principal >--- - @Override - public String getName() { - return NAME; - } - - //-------------------------------------------------------------< Object >--- - @Override - public String toString() { - return NAME + " principal"; - } } Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java?rev=1399580&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java (added) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java Thu Oct 18 11:10:59 2012 @@ -0,0 +1,81 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.security.principal; + +import java.security.Principal; +import java.util.Set; + +import org.apache.jackrabbit.oak.AbstractOakTest; +import org.apache.jackrabbit.oak.Oak; +import org.apache.jackrabbit.oak.api.ContentRepository; +import org.apache.jackrabbit.oak.api.ContentSession; +import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexHook; +import org.apache.jackrabbit.oak.security.SecurityProviderImpl; +import org.apache.jackrabbit.oak.spi.security.SecurityProvider; +import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal; +import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal; +import org.junit.Before; +import org.junit.Test; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +/** + * PrincipalProviderImplTest... + */ +public class PrincipalProviderImplTest extends AbstractOakTest { + + private SecurityProvider securityProvider = new SecurityProviderImpl(); + private ContentSession admin; + private PrincipalProviderImpl principalProvider; + + @Before + public void before() throws Exception { + super.before(); + + admin = createAdminSession(); + Root root = admin.getLatestRoot(); + principalProvider = new PrincipalProviderImpl(root, securityProvider.getUserConfiguration(), NamePathMapper.DEFAULT); + } + + @Override + protected ContentRepository createRepository() { + return new Oak(createMicroKernelWithInitialContent()).with(new PropertyIndexHook()).with(securityProvider).createContentRepository(); + } + + @Test + public void testGetPrincipals() throws Exception { + String adminId = admin.getAuthInfo().getUserID(); + Set principals = principalProvider.getPrincipals(adminId); + + assertNotNull(principals); + assertFalse(principals.isEmpty()); + assertTrue(principals.contains(EveryonePrincipal.getInstance())); + + boolean containsAdminPrincipal = false; + for (Principal principal : principals) { + assertNotNull(principalProvider.getPrincipal(principal.getName())); + if (principal instanceof AdminPrincipal) { + containsAdminPrincipal = true; + } + } + assertTrue(containsAdminPrincipal); + } +} \ No newline at end of file Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationTest.java?rev=1399580&r1=1399579&r2=1399580&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationTest.java (original) +++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationTest.java Thu Oct 18 11:10:59 2012 @@ -102,7 +102,12 @@ public class ImpersonationTest extends A public void testAdminPrincipalAsImpersonator() throws RepositoryException, NotExecutableException { - Principal adminPrincipal = AdminPrincipal.INSTANCE; + Principal adminPrincipal = new AdminPrincipal() { + @Override + public String getName() { + return "some-admin-name"; + } + }; // admin cannot be add/remove to set of impersonators of 'u' but is // always allowed to impersonate that user.