jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1479877 [1/2] - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ oak-jcr/ oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/
Date Tue, 07 May 2013 12:17:03 GMT
Author: angela
Date: Tue May  7 12:17:02 2013
New Revision: 1479877

URL: http://svn.apache.org/r1479877
Log:
OAK-414 : fix UserImporter
OAK-50 : Implement User Management  (minor adjustment to fix UserImporter)

Added:
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportAbortTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportBestEffortTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportIgnoreTest.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
    jackrabbit/oak/trunk/oak-jcr/pom.xml
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractImportTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/MemberNodeImportTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java?rev=1479877&r1=1479876&r2=1479877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java Tue May  7 12:17:02 2013
@@ -16,11 +16,8 @@
  */
 package org.apache.jackrabbit.oak.security.user;
 
-import static org.apache.jackrabbit.oak.api.Type.STRING;
-
 import java.util.Collections;
 import java.util.Iterator;
-
 import javax.annotation.Nonnull;
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
@@ -37,6 +34,8 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import static org.apache.jackrabbit.oak.api.Type.STRING;
+
 /**
  * Base class for {@code User} and {@code Group} implementations.
  */
@@ -49,9 +48,9 @@ abstract class AuthorizableImpl implemen
 
     private final String id;
     private final Tree tree;
-    private final String principalName;
     private final UserManagerImpl userManager;
 
+    private String principalName;
     private AuthorizableProperties properties;
     private int hashCode;
 
@@ -62,15 +61,6 @@ abstract class AuthorizableImpl implemen
         this.id = id;
         this.tree = tree;
         this.userManager = userManager;
-
-        PropertyState pNameProp = tree.getProperty(REP_PRINCIPAL_NAME);
-        if (pNameProp != null) {
-            principalName = pNameProp.getValue(STRING);
-        } else {
-            String msg = "Authorizable without principal name " + id;
-            log.warn(msg);
-            throw new RepositoryException(msg);
-        }
     }
 
     abstract void checkValidTree(Tree tree) throws RepositoryException;
@@ -191,6 +181,16 @@ abstract class AuthorizableImpl implemen
 
     @Nonnull
     String getPrincipalName() throws RepositoryException {
+        if (principalName == null) {
+            PropertyState pNameProp = tree.getProperty(REP_PRINCIPAL_NAME);
+            if (pNameProp != null) {
+                principalName = pNameProp.getValue(STRING);
+            } else {
+                String msg = "Authorizable without principal name " + id;
+                log.warn(msg);
+                throw new RepositoryException(msg);
+            }
+        }
         return principalName;
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java?rev=1479877&r1=1479876&r2=1479877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java Tue May  7 12:17:02 2013
@@ -31,8 +31,8 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.api.Type;
-import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalIteratorAdapter;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.slf4j.Logger;

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java?rev=1479877&r1=1479876&r2=1479877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java Tue May  7 12:17:02 2013
@@ -143,8 +143,12 @@ class UserImporter implements ProtectedP
      */
     private Map<String, String> currentPw = new HashMap<String, String>(1);
 
+    /**
+     * Remember all new principals for impersonation handling.
+     */
+    private Map<String, Principal> principals;
+
     UserImporter(ConfigurationParameters config) {
-        // TODO: review definition of import-behavior configuration
         String importBehaviorStr = config.getConfigValue(PARAM_IMPORT_BEHAVIOR, ImportBehavior.nameFromValue(ImportBehavior.IGNORE));
         importBehavior = ImportBehavior.valueFromString(importBehaviorStr);
     }
@@ -215,25 +219,33 @@ class UserImporter implements ProtectedP
     public boolean handlePropInfo(Tree parent, PropInfo propInfo, PropertyDefinition def) throws RepositoryException {
         checkInitialized();
 
-        // FIXME: remove hack that processes principal name first
         String propName = propInfo.getName();
-        Authorizable a = null;
-        // FIXME: remove try/catch that ignores exception
-        try {
-            a = userManager.getAuthorizable(parent);
-        } catch (RepositoryException ignore) {}
+        Authorizable a = userManager.getAuthorizable(parent);
 
-        if (a == null && !REP_PRINCIPAL_NAME.equals(propName)) {
+        if (a == null) {
             log.warn("Cannot handle protected PropInfo " + propInfo + ". Node " + parent + " doesn't represent a valid Authorizable.");
             return false;
         }
+
         if (REP_PRINCIPAL_NAME.equals(propName)) {
             if (!isValid(def, NT_REP_AUTHORIZABLE, false)) {
                 return false;
             }
 
             String principalName = propInfo.getTextValue().getString();
-            userManager.setPrincipal(parent, new TreeBasedPrincipal(principalName, parent, namePathMapper));
+            Principal principal = new PrincipalImpl(principalName);
+            userManager.checkValidPrincipal(principal, a.isGroup());
+            userManager.setPrincipal(parent, principal);
+
+            /*
+             Remember principal of new user/group for further processing
+             of impersonators
+             */
+            if (principals == null) {
+                principals = new HashMap<String, Principal>();
+            }
+            principals.put(principalName, a.getPrincipal());
+
             /*
             Execute authorizable actions for a NEW group as this is the
             same place in the userManager#createGroup that the actions
@@ -284,6 +296,7 @@ class UserImporter implements ProtectedP
                 log.warn("Unexpected authorizable or definition for property rep:impersonators");
                 return false;
             }
+
             // since impersonators may be imported later on, postpone processing
             // to the end.
             // see -> process References
@@ -598,7 +611,10 @@ class UserImporter implements ProtectedP
             }
             List<String> nonExisting = new ArrayList<String>();
             for (String principalName : toAdd) {
-                if (!imp.grantImpersonation(new PrincipalImpl(principalName))) {
+                Principal principal = (principals.containsKey(principalName)) ?
+                        principals.get(principalName) :
+                        new PrincipalImpl(principalName);
+                if (!imp.grantImpersonation(principal)) {
                     handleFailure("Failed to grant impersonation for " + principalName + " on " + a);
                     if (importBehavior == ImportBehavior.BESTEFFORT &&
                             getPrincipalManager().getPrincipal(principalName) == null) {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?rev=1479877&r1=1479876&r2=1479877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java Tue May  7 12:17:02 2013
@@ -16,14 +16,11 @@
  */
 package org.apache.jackrabbit.oak.security.user;
 
-import static com.google.common.base.Preconditions.checkNotNull;
-
 import java.io.UnsupportedEncodingException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
 import java.util.Iterator;
 import java.util.List;
-
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
@@ -55,6 +52,8 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+
 /**
  * UserManagerImpl...
  */
@@ -343,7 +342,7 @@ public class UserManagerImpl implements 
         }
     }
 
-    private void checkValidPrincipal(Principal principal, boolean isGroup) throws RepositoryException {
+    void checkValidPrincipal(Principal principal, boolean isGroup) throws RepositoryException {
         if (principal == null || principal.getName() == null || "".equals(principal.getName())) {
             throw new IllegalArgumentException("Principal may not be null and must have a valid name.");
         }

Modified: jackrabbit/oak/trunk/oak-jcr/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/pom.xml?rev=1479877&r1=1479876&r2=1479877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-jcr/pom.xml Tue May  7 12:17:02 2013
@@ -291,17 +291,8 @@
       org.apache.jackrabbit.oak.jcr.security.authorization.AccessControlImporterTest#testImportACLRemoveACE <!-- OAK-414 -->
       org.apache.jackrabbit.oak.jcr.security.authorization.AccessControlImporterTest#testImportACLUnknown   <!-- OAK-414 -->
       org.apache.jackrabbit.oak.jcr.security.authorization.AccessControlImporterTest#testImportPolicyExists <!-- OAK-414 -->
-      org.apache.jackrabbit.oak.jcr.security.user.UserImportTest#testImportGroupIntoUsersTree               <!-- OAK-414 -->
-      org.apache.jackrabbit.oak.jcr.security.user.UserImportTest#testExistingPrincipal                      <!-- OAK-414 -->
-      org.apache.jackrabbit.oak.jcr.security.user.UserImportTest#testConflictingPrincipalsWithinImport      <!-- OAK-414 -->
-      org.apache.jackrabbit.oak.jcr.security.user.UserImportTest#testMultiValuedPrincipalName               <!-- OAK-414 -->
-      org.apache.jackrabbit.oak.jcr.security.user.UserImportTest#testMultiValuedPassword                    <!-- OAK-414 -->
-      org.apache.jackrabbit.oak.jcr.security.user.UserImportTest#testIncompleteUser                         <!-- OAK-414 -->
-      org.apache.jackrabbit.oak.jcr.security.user.UserImportTest#testImportImpersonation                    <!-- OAK-414 -->
-      org.apache.jackrabbit.oak.jcr.security.user.UserImportTest#testImportNonExistingMemberAbort           <!-- OAK-414 -->
-      org.apache.jackrabbit.oak.jcr.security.user.UserImportTest#testImportSelfAsGroupAbort                 <!-- OAK-414 -->
-      org.apache.jackrabbit.oak.jcr.security.user.UserImportTest#testImportInvalidImpersonationAbort        <!-- OAK-414 -->
-      org.apache.jackrabbit.oak.jcr.security.user.UserImportTest#testImportGroupMembersFromNodesBestEffort  <!-- OAK-414 -->
+      org.apache.jackrabbit.oak.jcr.security.user.UserImportBestEffortTest#testImportNonExistingMemberBestEffort   <!-- OAK-414 -->
+      org.apache.jackrabbit.oak.jcr.security.user.UserImportBestEffortTest#testImportNonExistingMemberBestEffort2  <!-- OAK-414 -->
       org.apache.jackrabbit.oak.jcr.security.user.MemberNodeImportTest                                      <!-- OAK-414, OAK-482 -->
 
       org.apache.jackrabbit.oak.jcr.security.authorization.AccessControlManagementTest#testRemoveMixin              <!-- OAK-767 -->

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractImportTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractImportTest.java?rev=1479877&r1=1479876&r2=1479877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractImportTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractImportTest.java Tue May  7 12:17:02 2013
@@ -18,30 +18,146 @@ package org.apache.jackrabbit.oak.jcr.se
 
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
+import java.util.HashMap;
 import java.util.Iterator;
+import java.util.Map;
+import java.util.concurrent.Executors;
 import javax.jcr.ImportUUIDBehavior;
+import javax.jcr.Node;
+import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 
+import com.google.common.collect.ImmutableMap;
+import org.apache.jackrabbit.api.JackrabbitSession;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.mk.core.MicroKernelImpl;
+import org.apache.jackrabbit.oak.jcr.Jcr;
+import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
+import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
+import org.apache.jackrabbit.test.AbstractJCRTest;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.junit.After;
+import org.junit.Before;
 
 /**
  * Base class for user import related tests.
  */
-public abstract class AbstractImportTest extends AbstractUserTest {
+public abstract class AbstractImportTest extends AbstractJCRTest {
 
+    private static final String ADMINISTRATORS = "administrators";
     protected static final String USERPATH = "/rep:security/rep:authorizables/rep:users";
     protected static final String GROUPPATH = "/rep:security/rep:authorizables/rep:groups";
 
+
+    private boolean removeAdministrators;
+
+    private Repository repo;
+    protected Session adminSession;
+    protected UserManager userMgr;
+
+    @Override
+    @Before
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        String importBehavior = getImportBehavior();
+        if (importBehavior != null) {
+            Map<String,String> userParams = new HashMap();
+            userParams.put(ProtectedItemImporter.PARAM_IMPORT_BEHAVIOR, getImportBehavior());
+            ConfigurationParameters config = new ConfigurationParameters(ImmutableMap.of(UserConfiguration.PARAM_USER_OPTIONS, new ConfigurationParameters(userParams)));
+
+            SecurityProvider securityProvider = new SecurityProviderImpl(config);
+            String dir = "target/mk-tck-" + System.currentTimeMillis();
+            Jcr jcr = new Jcr(new MicroKernelImpl(dir));
+            jcr.with(Executors.newScheduledThreadPool(1))
+                    .with(securityProvider);
+            repo = jcr.createRepository();
+            adminSession = repo.login(getHelper().getSuperuserCredentials());
+        } else {
+            adminSession = superuser;
+        }
+
+        if (!(adminSession instanceof JackrabbitSession)) {
+            throw new NotExecutableException();
+        }
+        userMgr = ((JackrabbitSession) adminSession).getUserManager();
+
+        // avoid collision with testing a-folders that may have been created
+        // with another test (but not removed as user/groups got removed)
+        String path = USERPATH + "/t";
+        if (adminSession.nodeExists(path)) {
+            adminSession.getNode(path).remove();
+        }
+        path = GROUPPATH + "/g";
+        if (adminSession.nodeExists(path)) {
+            adminSession.getNode(path).remove();
+        }
+
+        // make sure the target node for group-import exists
+        Authorizable administrators = userMgr.getAuthorizable(ADMINISTRATORS);
+        if (administrators == null) {
+            userMgr.createGroup(new PrincipalImpl(ADMINISTRATORS));
+            adminSession.save();
+            removeAdministrators = true;
+        } else if (!administrators.isGroup()) {
+            throw new NotExecutableException("Expected " + administrators.getID() + " to be a group.");
+        }
+        adminSession.save();
+    }
+
+    @Override
+    @After
+    protected void tearDown() throws Exception {
+        try {
+            adminSession.refresh(false);
+
+            String path = USERPATH + "/t";
+            if (adminSession.nodeExists(path)) {
+                adminSession.getNode(path).remove();
+            }
+            path = GROUPPATH + "/g";
+            if (adminSession.nodeExists(path)) {
+                adminSession.getNode(path).remove();
+            }
+            if (removeAdministrators) {
+                Authorizable a = userMgr.getAuthorizable(ADMINISTRATORS);
+                if (a != null) {
+                    a.remove();
+                }
+            }
+            adminSession.save();
+        } finally {
+            if (getImportBehavior() != null) {
+                adminSession.logout();
+                repo = null;
+            }
+            super.tearDown();
+        }
+    }
+
+    protected abstract String getImportBehavior();
+
+    protected String getExistingUUID() throws RepositoryException {
+        Node n = adminSession.getRootNode();
+        n.addMixin(mixReferenceable);
+        return n.getUUID();
+    }
+
     protected void doImport(String parentPath, String xml) throws Exception {
         InputStream in = new ByteArrayInputStream(xml.getBytes("UTF-8"));
-        superuser.importXML(parentPath, in, ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW);
+        adminSession.importXML(parentPath, in, ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW);
     }
 
     protected void doImport(String parentPath, String xml, int importUUIDBehavior) throws Exception {
         InputStream in = new ByteArrayInputStream(xml.getBytes("UTF-8"));
-        superuser.importXML(parentPath, in, importUUIDBehavior);
+        adminSession.importXML(parentPath, in, importUUIDBehavior);
     }
 
     protected static void assertNotDeclaredMember(Group gr, String potentialID, Session session ) throws RepositoryException {

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/MemberNodeImportTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/MemberNodeImportTest.java?rev=1479877&r1=1479876&r2=1479877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/MemberNodeImportTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/MemberNodeImportTest.java Tue May  7 12:17:02 2013
@@ -17,9 +17,11 @@
 package org.apache.jackrabbit.oak.jcr.security.user;
 
 import java.util.ArrayList;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.UUID;
 import javax.jcr.Node;
+import javax.jcr.NodeIterator;
 import javax.jcr.PropertyType;
 import javax.jcr.Value;
 
@@ -42,9 +44,67 @@ public class MemberNodeImportTest extend
     @Override
     @Before
     public void setUp() throws Exception {
+        super.setUp();
         // FIXME: create JCR repository with user mgt setup that stores group members in a tree structure (blocked by OAK-482)
     }
 
+    @Override
+    protected String getImportBehavior() {
+        return ImportBehavior.NAME_BESTEFFORT;
+    }
+
+    @Test
+    public void testImportGroupMembersFromNodesBestEffort() throws Exception {
+        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"s\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:sling=\"http://sling.apache.org/jcr/sling/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AuthorizableFolder</sv:value></sv:property><sv:property sv:name=\"jcr:created\" sv:type=\"Date\"><sv:value>2010-08-17T18:22:20.086+02:00</sv:value></sv:property><sv:property sv:name=\"jcr:createdBy\" sv:type=\"String\"><sv:value>admin</sv:value></sv:property><sv:node sv:name=\"sh\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AuthorizableFolder</sv:value></sv:property><sv:property sv:name=\"jcr
 :created\" sv:type=\"Date\"><sv:value>2010-08-17T18:22:20.086+02:00</sv:value></sv:property><sv:property sv:name=\"jcr:createdBy\" sv:type=\"String\"><sv:value>admin</sv:value></sv:property><sv:node sv:name=\"shrimps\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Group</sv:value></sv:property><sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>08429aec-6f09-30db-8c83-1a2a57fc760c</sv:value></sv:property><sv:property sv:name=\"jcr:created\" sv:type=\"Date\">" +
+                "<sv:value>2010-08-17T18:22:20.086+02:00</sv:value></sv:property><sv:property sv:name=\"jcr:createdBy\" sv:type=\"String\"><sv:value>admin</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>shrimps</sv:value></sv:property><sv:node sv:name=\"rep:members\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:node sv:name=\"adi\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:node sv:name=\"adi\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:property sv:name=\"adi\" sv:type=\"WeakReference\"><sv:value>c46335eb-267e-3e1c-9e5b-017acb4cd799</sv:value></sv:property><sv:property sv:name=\"admin\" sv:type=\"WeakReference\"><sv:value>21232f29-7a57-35a7-8389-4a0e4a801fc3</sv:value></sv:property></sv:node><sv:node sv:name=\"angi\"><sv:property sv:name=
 \"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:property sv:name=\"angi\" sv:type=\"WeakReference\"><sv:value>a468b64f-b1df-377c-b325-20d97aaa1ad9</sv:value></sv:property><sv:property sv:name=\"anonymous\" sv:type=\"WeakReference\"><sv:value>294de355-7d9d-30b3-92d8-a1e6aab028cf</sv:value></sv:property><sv:property sv:name=\"cati\" sv:type=\"WeakReference\"><sv:value>f08910b6-41c8-3cb9-a648-1dddd14b132d</sv:value></sv:property></sv:node></sv:node><sv:n" +
+                "ode sv:name=\"debbi\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:node sv:name=\"debbi\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:property sv:name=\"debbi\" sv:type=\"WeakReference\"><sv:value>d53bedf9-ebb8-3117-a8b8-162d32b4bee2</sv:value></sv:property><sv:property sv:name=\"eddi\" sv:type=\"WeakReference\"><sv:value>1795fa1a-3d20-3a64-996e-eaaeb520a01e</sv:value></sv:property><sv:property sv:name=\"gabi\" sv:type=\"WeakReference\"><sv:value>a0d499c7-5105-3663-8611-a32779a57104</sv:value></sv:property><sv:property sv:name=\"hansi\" sv:type=\"WeakReference\"><sv:value>9ea4d671-8ed1-399a-8401-59487a14d00a</sv:value></sv:property></sv:node><sv:node sv:name=\"hari\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:property sv:name=\"hari\" sv:type=\"WeakReference\"><sv:value
 >a9bcf1e4-d7b9-3a22-a297-5c812d938889</sv:value></sv:property><sv:property sv:name=\"lisi\" sv:type=\"WeakReference\"><sv:value>dc3a8f16-70d6-3bea-a9b7-b65048a0ac40</sv:value></sv:property></sv:node><sv:node sv:name=\"luzi\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Members</sv:value></sv:property><sv:property sv:name=\"luzi\" sv:type=\"WeakReference\"><sv:value>9ec299fd-3461-3f1a-9749-92a76f2516eb</sv:value></sv:property><sv:property sv:name=\"pipi\" sv:type=" +
+                "\"WeakReference\"><sv:value>16d5d24f-5b09-3199-9bd4-e5f57bf11237</sv:value></sv:property><sv:property sv:name=\"susi\" sv:type=\"WeakReference\"><sv:value>536931d8-0dec-318c-b3db-9612bdd004d4</sv:value></sv:property></sv:node></sv:node></sv:node></sv:node></sv:node></sv:node>";
+
+        List<String> createdUsers = new LinkedList<String>();
+        Node groupsNode = superuser.getNode(GROUPPATH);
+        try {
+            String[] users = {"angi", "adi", "hansi", "lisi", "luzi", "susi", "pipi", "hari", "gabi", "eddi",
+                    "debbi", "cati", "admin", "anonymous"};
+
+            doImport(groupsNode.getPath(), xml);
+            superuser.save();
+
+            for (String user : users) {
+                if (userMgr.getAuthorizable(user) == null) {
+                    userMgr.createUser(user, user);
+                    createdUsers.add(user);
+                }
+            }
+            superuser.save();
+
+            Authorizable aShrimps = userMgr.getAuthorizable("shrimps");
+            assertNotNull(aShrimps);
+            assertTrue(aShrimps.isGroup());
+
+            Group gShrimps = (Group) aShrimps;
+            for (String user : users) {
+                assertTrue(user + " should be member of " + gShrimps, gShrimps.isMember(userMgr.getAuthorizable(user)));
+            }
+
+
+        } finally {
+            superuser.refresh(false);
+            for (String user : createdUsers) {
+                Authorizable a = userMgr.getAuthorizable(user);
+                if (a != null && !a.isGroup()) {
+                    a.remove();
+                }
+            }
+            superuser.save();
+            for (NodeIterator it = groupsNode.getNodes(); it.hasNext(); ) {
+                it.nextNode().remove();
+            }
+            if (!userMgr.isAutoSave()) {
+                superuser.save();
+            }
+        }
+    }
+
     @Test
     public void testImportNonExistingMemberBestEffort() throws Exception {
         Node n = testRootNode.addNode(nodeName1, ntUnstructured);
@@ -66,7 +126,7 @@ public class MemberNodeImportTest extend
                     "</sv:node>";
             try {
                 // BESTEFFORT behavior -> must import non-existing members.
-                doImport(GROUPPATH, xml, ImportBehavior.BESTEFFORT);
+                doImport(GROUPPATH, xml);
                 Authorizable a = userMgr.getAuthorizable("g1");
                 if (a.isGroup()) {
                     // the rep:members property must contain the invalid value
@@ -121,7 +181,7 @@ public class MemberNodeImportTest extend
 
         try {
             // BESTEFFORT behavior -> must import non-existing members.
-            doImport(GROUPPATH, xml, ImportBehavior.BESTEFFORT);
+            doImport(GROUPPATH, xml);
             Authorizable g1 = userMgr.getAuthorizable("g1");
             if (g1.isGroup()) {
                 // the rep:members property must contain the invalid value
@@ -148,7 +208,7 @@ public class MemberNodeImportTest extend
             - g is member of g1
             - g1 isn't member of g
             */
-            doImport(GROUPPATH + "/gFolder", xml2, ImportBehavior.BESTEFFORT);
+            doImport(GROUPPATH + "/gFolder", xml2);
 
             Authorizable g = userMgr.getAuthorizable("g");
             assertNotNull(g);

Added: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportAbortTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportAbortTest.java?rev=1479877&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportAbortTest.java (added)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportAbortTest.java Tue May  7 12:17:02 2013
@@ -0,0 +1,144 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.jcr.security.user;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+import javax.jcr.RepositoryException;
+import javax.security.auth.Subject;
+
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
+import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;
+import org.junit.Test;
+
+/**
+ * Testing {@link ImportBehavior#ABORT} for user/group import
+ */
+public class UserImportAbortTest extends AbstractImportTest {
+
+    @Override
+    protected String getImportBehavior() {
+        return ImportBehavior.NAME_ABORT;
+    }
+
+    @Test
+    public void testImportNonExistingMemberAbort() throws Exception {
+        List<String> invalid = new ArrayList<String>();
+        invalid.add(UUID.randomUUID().toString()); // random uuid
+        invalid.add(getExistingUUID()); // uuid of non-authorizable node
+
+        for (String id : invalid) {
+            String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+                    "<sv:node sv:name=\"gFolder\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                    "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AuthorizableFolder</sv:value></sv:property>" +
+                        "<sv:node sv:name=\"g1\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Group</sv:value></sv:property>" +
+                        "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>0120a4f9-196a-3f9e-b9f5-23f31f914da7</sv:value></sv:property>" +
+                        "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>g1</sv:value></sv:property>" +
+                        "   <sv:property sv:name=\"rep:members\" sv:type=\"WeakReference\"><sv:value>" +id+ "</sv:value></sv:property>" +
+                        "</sv:node>" +
+                    "</sv:node>";
+            try {
+                doImport(GROUPPATH, xml);
+                // import behavior ABORT -> should throw.
+                fail("importing invalid members -> must throw.");
+            } catch (RepositoryException e) {
+                // success as well
+            } finally {
+                adminSession.refresh(false);
+            }
+        }
+    }
+
+    @Test
+    public void testImportSelfAsGroupAbort() throws Exception {
+
+        String invalidId = "0120a4f9-196a-3f9e-b9f5-23f31f914da7"; // uuid of the group itself
+        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+                "<sv:node sv:name=\"gFolder\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AuthorizableFolder</sv:value></sv:property>" +
+                "<sv:node sv:name=\"g1\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Group</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>"+invalidId+"</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>g1</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"rep:members\" sv:type=\"WeakReference\"><sv:value>" +invalidId+ "</sv:value></sv:property>" +
+                "</sv:node>" +
+                "</sv:node>";
+        try {
+            doImport(GROUPPATH, xml);
+            fail("Importing self as group with ImportBehavior.ABORT must fail.");
+        } catch (RepositoryException e) {
+            // success.
+        }finally {
+            adminSession.refresh(false);
+        }
+    }
+
+    @Test
+    public void testImportInvalidImpersonationAbort() throws Exception {
+        List<String> invalid = new ArrayList<String>();
+        invalid.add("administrators"); // a group
+        invalid.add("t"); // principal of the user itself.
+
+        for (String principalName : invalid) {
+            String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
+                    "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                    "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" +
+                    "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" +
+                    "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" +
+                    "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property><sv:property sv:name=\"rep:impersonators\" sv:type=\"String\"><sv:value>" +principalName+ "</sv:value></sv:property>" +
+                    "</sv:node>";
+            Subject subj = new Subject();
+            subj.getPrincipals().add(new PrincipalImpl(principalName));
+
+            try {
+                doImport(USERPATH, xml);
+                fail("UserImporter.ImportBehavior.ABORT -> importing invalid impersonators must throw.");
+            } catch (RepositoryException e) {
+                // success
+            } finally {
+                adminSession.refresh(false);
+            }
+        }
+    }
+
+    @Test
+    public void testImportNonExistingImpersonationAbort() throws Exception {
+        List<String> nonExisting = new ArrayList<String>();
+        nonExisting.add("anybody"); // an non-existing princ-name
+
+        for (String principalName : nonExisting) {
+            String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
+                    "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                    "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" +
+                    "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" +
+                    "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" +
+                    "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property><sv:property sv:name=\"rep:impersonators\" sv:type=\"String\"><sv:value>" +principalName+ "</sv:value></sv:property>" +
+                    "</sv:node>";
+            Subject subj = new Subject();
+            subj.getPrincipals().add(new PrincipalImpl(principalName));
+
+            try {
+                doImport(USERPATH, xml);
+                fail("UserImporter.ImportBehavior.ABORT -> importing invalid impersonators must throw.");
+            } catch (RepositoryException e) {
+                // success
+            } finally {
+                adminSession.refresh(false);
+            }
+        }
+    }
+}
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportBestEffortTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportBestEffortTest.java?rev=1479877&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportBestEffortTest.java (added)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportBestEffortTest.java Tue May  7 12:17:02 2013
@@ -0,0 +1,294 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.jcr.security.user;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+import javax.jcr.ImportUUIDBehavior;
+import javax.jcr.ItemExistsException;
+import javax.jcr.Node;
+import javax.jcr.PropertyType;
+import javax.jcr.Value;
+import javax.security.auth.Subject;
+
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.Impersonation;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
+import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.junit.Ignore;
+import org.junit.Test;
+
+/**
+ * Testing {@link ImportBehavior#BESTEFFORT} for user/group import
+ */
+public class UserImportBestEffortTest extends AbstractImportTest {
+
+    @Override
+    protected String getImportBehavior() {
+        return ImportBehavior.NAME_BESTEFFORT;
+    }
+
+    @Ignore("OAK-414") // FIXME
+    @Test
+    public void testImportNonExistingMemberBestEffort() throws Exception {
+        List<String> invalid = new ArrayList<String>();
+        invalid.add(UUID.randomUUID().toString()); // random uuid
+        invalid.add(getExistingUUID()); // uuid of non-authorizable node
+
+        for (String id : invalid) {
+            String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+                    "<sv:node sv:name=\"gFolder\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                    "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AuthorizableFolder</sv:value></sv:property>" +
+                        "<sv:node sv:name=\"g1\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Group</sv:value></sv:property>" +
+                        "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>0120a4f9-196a-3f9e-b9f5-23f31f914da7</sv:value></sv:property>" +
+                        "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>g1</sv:value></sv:property>" +
+                        "   <sv:property sv:name=\"rep:members\" sv:type=\"WeakReference\"><sv:value>" +id+ "</sv:value></sv:property>" +
+                        "</sv:node>" +
+                    "</sv:node>";
+            try {
+                // BESTEFFORT behavior -> must import non-existing members.
+                doImport(GROUPPATH, xml);
+                Authorizable a = userMgr.getAuthorizable("g1");
+                if (a.isGroup()) {
+                    // the rep:members property must contain the invalid value
+                    boolean found = false;
+                    Node grNode = adminSession.getNode(a.getPath());
+                    for (Value memberValue : grNode.getProperty(UserConstants.REP_MEMBERS).getValues()) {
+                        assertEquals(PropertyType.WEAKREFERENCE, memberValue.getType());
+                        if (id.equals(memberValue.getString())) {
+                            found = true;
+                            break;
+                        }
+                    }
+                    assertTrue("ImportBehavior.BESTEFFORT must import non-existing members.",found);
+
+                    // declared members must not list the invalid entry.
+                    assertNotDeclaredMember((Group) a, id, adminSession);
+                } else {
+                    fail("'g1' was not imported as Group.");
+                }
+            } finally {
+                adminSession.refresh(false);
+            }
+        }
+    }
+
+    @Ignore("OAK-414") // FIXME
+    @Test
+    public void testImportNonExistingMemberBestEffort2() throws Exception {
+
+        String g1Id = "0120a4f9-196a-3f9e-b9f5-23f31f914da7";
+        String nonExistingId = "b2f5ff47-4366-31b6-a533-d8dc3614845d"; // groupId of 'g' group.
+        if (userMgr.getAuthorizable("g") != null) {
+            throw new NotExecutableException();
+        }
+
+        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+                "<sv:node sv:name=\"gFolder\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AuthorizableFolder</sv:value></sv:property>" +
+                "<sv:node sv:name=\"g1\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Group</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>" + g1Id + "</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>g1</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"rep:members\" sv:type=\"WeakReference\"><sv:value>" +nonExistingId+ "</sv:value></sv:property>" +
+                "</sv:node>" +
+                "</sv:node>";
+
+        String xml2 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+                "   <sv:node sv:name=\"g\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                "       <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Group</sv:value></sv:property>" +
+                "       <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>" + nonExistingId + "</sv:value></sv:property>" +
+                "       <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>g</sv:value></sv:property>" +
+                "       <sv:property sv:name=\"rep:members\" sv:type=\"WeakReference\"><sv:value>" + g1Id + "</sv:value></sv:property>" +
+                "   </sv:node>";
+
+        // BESTEFFORT behavior -> must import non-existing members.
+        doImport(GROUPPATH, xml);
+        Authorizable g1 = userMgr.getAuthorizable("g1");
+        if (g1.isGroup()) {
+            // the rep:members property must contain the invalid value
+            boolean found = false;
+            Node grNode = adminSession.getNode(g1.getPath());
+            for (Value memberValue : grNode.getProperty(UserConstants.REP_MEMBERS).getValues()) {
+                assertEquals(PropertyType.WEAKREFERENCE, memberValue.getType());
+                if (nonExistingId.equals(memberValue.getString())) {
+                    found = true;
+                    break;
+                }
+            }
+            assertTrue("ImportBehavior.BESTEFFORT must import non-existing members.",found);
+        } else {
+            fail("'g1' was not imported as Group.");
+        }
+
+        /*
+        now try to import the 'g' group that has a circular group
+        membership references.
+        expected:
+        - group is imported
+        - circular membership is ignored
+        - g is member of g1
+        - g1 isn't member of g
+        */
+        doImport(GROUPPATH + "/gFolder", xml2);
+
+        Authorizable g = userMgr.getAuthorizable("g");
+        assertNotNull(g);
+        if (g.isGroup()) {
+            assertNotDeclaredMember((Group) g, g1Id, adminSession);
+        } else {
+            fail("'g' was not imported as Group.");
+        }
+    }
+
+    @Test
+    public void testImportUuidCollisionRemoveExisting() throws Exception {
+        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
+                "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property>" +
+                "</sv:node>";
+
+        doImport(USERPATH, xml);
+
+        // re-import should succeed if UUID-behavior is set accordingly
+        doImport(USERPATH, xml, ImportUUIDBehavior.IMPORT_UUID_COLLISION_REMOVE_EXISTING);
+
+        // saving changes of the import -> must succeed. add mandatory
+        // props should have been created.
+        adminSession.save();
+    }
+
+    /**
+     * Same as {@link #testImportUuidCollisionRemoveExisting} with the single
+     * difference that the inital import is saved before being overwritten.
+     */
+    @Test
+    public void testImportUuidCollisionRemoveExisting2() throws Exception {
+        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
+                "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property>" +
+                "</sv:node>";
+
+        doImport(USERPATH, xml);
+        adminSession.save();
+
+        // re-import should succeed if UUID-behavior is set accordingly
+        doImport(USERPATH, xml, ImportUUIDBehavior.IMPORT_UUID_COLLISION_REMOVE_EXISTING);
+
+        // saving changes of the import -> must succeed. add mandatory
+        // props should have been created.
+        adminSession.save();
+    }
+
+    @Test
+    public void testImportUuidCollisionThrow() throws Exception {
+        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
+                "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property>" +
+                "</sv:node>";
+
+        try {
+            doImport(USERPATH, xml);
+            doImport(USERPATH, xml, ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW);
+            fail("UUID collision must be handled according to the uuid behavior.");
+
+        } catch (ItemExistsException e) {
+            // success.
+        } finally {
+            adminSession.refresh(false);
+        }
+    }
+
+    @Test
+    public void testImportImpersonationBestEffort() throws Exception {
+        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+                "<sv:node sv:name=\"uFolder\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AuthorizableFolder</sv:value></sv:property>" +
+                    "<sv:node sv:name=\"t\">" +
+                    "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" +
+                    "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" +
+                    "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property>" +
+                    "   <sv:property sv:name=\"rep:impersonators\" sv:type=\"String\"><sv:value>g</sv:value></sv:property>" +
+                    "</sv:node>" +
+                    "<sv:node sv:name=\"g\">" +
+                    "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" +
+                    "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>b2f5ff47-4366-31b6-a533-d8dc3614845d</sv:value></sv:property>" +
+                    "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>g</sv:value></sv:property>" +
+                    "</sv:node>" +
+                "</sv:node>";
+        try {
+            doImport(USERPATH, xml);
+
+            Authorizable newUser = userMgr.getAuthorizable("t");
+            assertNotNull(newUser);
+
+            Authorizable u2 = userMgr.getAuthorizable("g");
+            assertNotNull(u2);
+
+            Subject subj = new Subject();
+            subj.getPrincipals().add(u2.getPrincipal());
+
+            Impersonation imp = ((User) newUser).getImpersonation();
+            assertTrue(imp.allows(subj));
+
+        } finally {
+            superuser.refresh(false);
+        }
+    }
+
+    @Test
+    public void testImportNonExistingImpersonationBestEffort() throws Exception {
+        String principalName = "anybody"; // an non-existing princ-name
+        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
+                "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property><sv:property sv:name=\"rep:impersonators\" sv:type=\"String\"><sv:value>" +principalName+ "</sv:value></sv:property>" +
+                "</sv:node>";
+
+        doImport(USERPATH, xml);
+
+        Authorizable a = userMgr.getAuthorizable("t");
+        assertFalse(a.isGroup());
+
+        boolean found = false;
+        PrincipalIterator it = ((User) a).getImpersonation().getImpersonators();
+        while (it.hasNext()) {
+            Principal p = it.nextPrincipal();
+            if (principalName.equals(p.getName())) {
+                found = true;
+                break;
+            }
+        }
+        assertTrue(found);
+    }
+}
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportIgnoreTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportIgnoreTest.java?rev=1479877&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportIgnoreTest.java (added)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportIgnoreTest.java Tue May  7 12:17:02 2013
@@ -0,0 +1,140 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.jcr.security.user;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+import javax.security.auth.Subject;
+
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.Impersonation;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
+import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;
+import org.junit.Test;
+
+/**
+ * Testing {@link ImportBehavior#IGNORE} for user/group import
+ */
+public class UserImportIgnoreTest extends AbstractImportTest {
+
+    @Override
+    protected String getImportBehavior() {
+        return ImportBehavior.NAME_IGNORE;
+    }
+
+    @Test
+    public void testImportSelfAsGroupIgnore() throws Exception {
+        String invalidId = "0120a4f9-196a-3f9e-b9f5-23f31f914da7"; // uuid of the group itself
+        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+                "<sv:node sv:name=\"gFolder\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AuthorizableFolder</sv:value></sv:property>" +
+                "<sv:node sv:name=\"g1\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Group</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>"+invalidId+"</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>g1</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"rep:members\" sv:type=\"WeakReference\"><sv:value>" +invalidId+ "</sv:value></sv:property>" +
+                "</sv:node>" +
+                "</sv:node>";
+        try {
+            doImport(GROUPPATH, xml);
+            // no exception during import -> member must have been ignored though.
+            Authorizable a = userMgr.getAuthorizable("g1");
+            if (a.isGroup()) {
+                assertNotDeclaredMember((Group) a, invalidId, adminSession);
+            } else {
+                fail("'g1' was not imported as Group.");
+            }
+        } finally {
+            adminSession.refresh(false);
+        }
+    }
+
+    @Test
+    public void testImportInvalidImpersonationIgnore() throws Exception {
+        List<String> invalid = new ArrayList<String>();
+        invalid.add("anybody"); // an non-existing princ-name
+        invalid.add("administrators"); // a group
+        invalid.add("t"); // principal of the user itself.
+
+        for (String principalName : invalid) {
+            String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
+                    "<sv:node sv:name=\"t\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                    "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:User</sv:value></sv:property>" +
+                    "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>e358efa4-89f5-3062-b10d-d7316b65649e</sv:value></sv:property>" +
+                    "   <sv:property sv:name=\"rep:password\" sv:type=\"String\"><sv:value>{sha1}8efd86fb78a56a5145ed7739dcb00c78581c5375</sv:value></sv:property>" +
+                    "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>t</sv:value></sv:property><sv:property sv:name=\"rep:impersonators\" sv:type=\"String\"><sv:value>" +principalName+ "</sv:value></sv:property>" +
+                    "</sv:node>";
+            Subject subj = new Subject();
+            subj.getPrincipals().add(new PrincipalImpl(principalName));
+
+            try {
+                doImport(USERPATH, xml);
+                // no exception during import: no impersonation must be granted
+                // for the invalid principal name
+                Authorizable a = userMgr.getAuthorizable("t");
+                if (!a.isGroup()) {
+                    Impersonation imp = ((User)a).getImpersonation();
+                    Subject s = new Subject();
+                    s.getPrincipals().add(new PrincipalImpl(principalName));
+                    assertFalse(imp.allows(s));
+                    for (PrincipalIterator it = imp.getImpersonators(); it.hasNext();) {
+                        assertFalse(principalName.equals(it.nextPrincipal().getName()));
+                    }
+                } else {
+                    fail("Importing 't' didn't create a User.");
+                }
+            } finally {
+                adminSession.refresh(false);
+            }
+        }
+    }
+
+    @Test
+    public void testImportNonExistingMemberIgnore() throws Exception {
+        List<String> invalid = new ArrayList<String>();
+        invalid.add(UUID.randomUUID().toString()); // random uuid
+        invalid.add(getExistingUUID()); // uuid of non-authorizable node
+
+        for (String id : invalid) {
+            String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+                    "<sv:node sv:name=\"gFolder\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                    "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AuthorizableFolder</sv:value></sv:property>" +
+                        "<sv:node sv:name=\"g1\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Group</sv:value></sv:property>" +
+                        "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>0120a4f9-196a-3f9e-b9f5-23f31f914da7</sv:value></sv:property>" +
+                        "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>g1</sv:value></sv:property>" +
+                        "   <sv:property sv:name=\"rep:members\" sv:type=\"WeakReference\"><sv:value>" +id+ "</sv:value></sv:property>" +
+                        "</sv:node>" +
+                    "</sv:node>";
+            try {
+                // there should be no exception during import,
+                // but invalid members must be ignored.
+                doImport(GROUPPATH, xml);
+                Authorizable a = userMgr.getAuthorizable("g1");
+                if (a.isGroup()) {
+                    assertNotDeclaredMember((Group) a, id, adminSession);
+                } else {
+                    fail("'g1' was not imported as Group.");
+                }
+            } finally {
+                adminSession.refresh(false);
+            }
+        }
+    }
+}
\ No newline at end of file



Mime
View raw message