jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1471019 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/user/ main/java/org/apache/jackrabbit/oak/spi/security/ main/java/org/apache/jackrabbit/oak/spi/security/user/ test/java/org/apache/jackrabbit/oa...
Date Tue, 23 Apr 2013 15:46:12 GMT
Author: angela
Date: Tue Apr 23 15:46:11 2013
New Revision: 1471019

URL: http://svn.apache.org/r1471019
Log:
OAK-50 : Implement User Management  (TODO in UserInitializer)

- default pw for the admin user is only used if the configuration doesn't provide a value
- if the configuration contains 'null' value the password property for the admin user is not
set forcing
   applications to set the password before the admin can login.
- if the configuration param is missing the same behavior applies as in jr 2.x

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/ConfigurationParametersTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java?rev=1471019&r1=1471018&r2=1471019&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java
Tue Apr 23 15:46:11 2013
@@ -33,6 +33,7 @@ import org.apache.jackrabbit.oak.spi.com
 import org.apache.jackrabbit.oak.spi.commit.EmptyHook;
 import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
 import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.OpenSecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
@@ -119,12 +120,12 @@ public class UserInitializer implements 
                 IndexUtils.createIndexDefinition(index, "members", false, new String[]{UserConstants.REP_MEMBERS},
null);
             }
 
-            String adminId = userConfiguration.getConfigurationParameters().getConfigValue(PARAM_ADMIN_ID,
DEFAULT_ADMIN_ID);
+            ConfigurationParameters params = userConfiguration.getConfigurationParameters();
+            String adminId = params.getConfigValue(PARAM_ADMIN_ID, DEFAULT_ADMIN_ID);
             if (userManager.getAuthorizable(adminId) == null) {
-                // TODO: init admin with null password and force application to set it.
-                userManager.createUser(adminId, adminId);
+                userManager.createUser(adminId, params.getConfigValue(PARAM_ADMIN_PW, adminId));
             }
-            String anonymousId = userConfiguration.getConfigurationParameters().getConfigValue(PARAM_ANONYMOUS_ID,
DEFAULT_ANONYMOUS_ID);
+            String anonymousId = params.getConfigValue(PARAM_ANONYMOUS_ID, DEFAULT_ANONYMOUS_ID);
             if (userManager.getAuthorizable(anonymousId) == null) {
                 userManager.createUser(anonymousId, null);
             }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java?rev=1471019&r1=1471018&r2=1471019&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java
Tue Apr 23 15:46:11 2013
@@ -56,7 +56,7 @@ public class ConfigurationParameters {
     @SuppressWarnings("unchecked")
     private static <T> T convert(Object configProperty, T defaultValue) {
         if (configProperty == null) {
-            return defaultValue;
+            return null;
         }
 
         T value;

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java?rev=1471019&r1=1471018&r2=1471019&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java
Tue Apr 23 15:46:11 2013
@@ -61,6 +61,11 @@ public interface UserConstants {
     String PARAM_ADMIN_ID = "adminId";
 
     /**
+     * Configuration option defining the ID of the administrator user.
+     */
+    String PARAM_ADMIN_PW = "adminPw";
+
+    /**
      * Default value for {@link #PARAM_ADMIN_ID}
      */
     String DEFAULT_ADMIN_ID = "admin";

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/ConfigurationParametersTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/ConfigurationParametersTest.java?rev=1471019&r1=1471018&r2=1471019&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/ConfigurationParametersTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/ConfigurationParametersTest.java
Tue Apr 23 15:46:11 2013
@@ -41,6 +41,16 @@ public class ConfigurationParametersTest
     public void tearDown() {}
 
     @Test
+    public void testGetConfigValue() {
+        Map<String, String> map = new HashMap<String, String>();
+        map.put("o1", "v");
+        ConfigurationParameters options = new ConfigurationParameters(map);
+
+        assertEquals("v", options.getConfigValue("o1", null));
+        assertEquals("v", options.getConfigValue("o1", "v2"));
+    }
+
+    @Test
     public void testDefaultValue() {
         TestObject testObject = new TestObject("t");
         Integer int1000 = new Integer(1000);
@@ -108,13 +118,10 @@ public class ConfigurationParametersTest
         ConfigurationParameters options = new ConfigurationParameters(Collections.singletonMap("test",
null));
 
         assertNull(options.getConfigValue("test", null));
-        assertEquals("value", options.getConfigValue("test", "value"));
-        TestObject testObject = new TestObject("t");
-        assertEquals(testObject, options.getConfigValue("test", testObject));
+        assertNull(options.getConfigValue("test", "value"));
+        assertNull(options.getConfigValue("test", new TestObject("t")));
     }
 
-
-
     private class TestObject {
 
         private final String name;

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java?rev=1471019&r1=1471018&r2=1471019&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java
Tue Apr 23 15:46:11 2013
@@ -16,14 +16,35 @@
  */
 package org.apache.jackrabbit.oak.security.user;
 
+import java.security.PrivilegedExceptionAction;
+import java.util.HashMap;
+import java.util.Map;
+import javax.jcr.SimpleCredentials;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+
+import com.google.common.collect.ImmutableMap;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.Oak;
+import org.apache.jackrabbit.oak.api.ContentRepository;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.index.IndexConstants;
+import org.apache.jackrabbit.oak.plugins.index.p2.Property2IndexHookProvider;
+import org.apache.jackrabbit.oak.plugins.index.p2.Property2IndexProvider;
+import org.apache.jackrabbit.oak.plugins.nodetype.RegistrationEditorProvider;
+import org.apache.jackrabbit.oak.plugins.nodetype.write.InitialContent;
+import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
+import org.apache.jackrabbit.oak.security.authentication.SystemSubject;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
 import org.apache.jackrabbit.oak.util.TreeUtil;
@@ -34,7 +55,9 @@ import static org.junit.Assert.assertArr
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 
 /**
  * @since OAK 1.0
@@ -109,6 +132,54 @@ public class UserInitializerTest extends
         assertIndexDefinition(members, UserConstants.REP_MEMBERS, false);
     }
 
+    @Test
+    public void testAdminConfiguration() throws Exception {
+        Map<String,String> userParams = new HashMap();
+        userParams.put(UserConstants.PARAM_ADMIN_ID, "admin");
+        userParams.put(UserConstants.PARAM_ADMIN_PW, null);
+
+        ConfigurationParameters params = new ConfigurationParameters(ImmutableMap.of(UserConfiguration.PARAM_USER_OPTIONS,
new ConfigurationParameters(userParams)));
+        SecurityProvider sp = new SecurityProviderImpl(params);
+        final ContentRepository repo = new Oak().with(new InitialContent())
+                .with(new Property2IndexHookProvider())
+                .with(new Property2IndexProvider())
+                .with(new RegistrationEditorProvider())
+                .with(sp)
+                .createContentRepository();
+
+        ContentSession cs = Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction<ContentSession>()
{
+            @Override
+            public ContentSession run() throws Exception {
+                return repo.login(null, null);
+            }
+        });
+        try {
+            Root root = cs.getLatestRoot();
+            UserManager umgr = sp.getUserConfiguration().getUserManager(root, NamePathMapper.DEFAULT);
+            Authorizable adminUser = umgr.getAuthorizable("admin");
+            assertNotNull(adminUser);
+
+            Tree adminTree = root.getTree(adminUser.getPath());
+            assertNotNull(adminTree);
+            assertNull(adminTree.getProperty(UserConstants.REP_PASSWORD));
+        } finally {
+            cs.close();
+        }
+
+        // login as admin should fail
+        ContentSession adminSession = null;
+        try {
+            adminSession = repo.login(new SimpleCredentials("admin", new char[0]), null);
+            fail();
+        } catch (LoginException e) {
+            //success
+        } finally {
+            if (adminSession != null) {
+                adminSession.close();
+            }
+        }
+    }
+
     private static void assertIndexDefinition(Tree tree, String propName, boolean isUnique)
{
         assertNotNull(tree);
 



Mime
View raw message