jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1479955 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ oak-jcr/ oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/
Date Tue, 07 May 2013 15:55:49 GMT
Author: angela
Date: Tue May  7 15:55:49 2013
New Revision: 1479955

URL: http://svn.apache.org/r1479955
Log:
OAK-414 : fix UserImporter (uncomment tests)
OAK-615 : cyclic group membership (add simple verification to GroupImpl, move failing test
to UserValidatorTest)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java
    jackrabbit/oak/trunk/oak-jcr/pom.xml
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportBestEffortTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java?rev=1479955&r1=1479954&r2=1479955&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
Tue May  7 15:55:49 2013
@@ -108,8 +108,8 @@ class GroupImpl extends AuthorizableImpl
                 log.debug(msg);
                 return false;
             }
-            if (((Group) authorizableImpl).isMember(this)) {
-                log.debug("Attempt to create circular group membership.");
+            if (isCyclicMembership(authorizableImpl)) {
+                log.warn("Attempt to create circular group membership.");
                 return false;
             }
         }
@@ -122,6 +122,26 @@ class GroupImpl extends AuthorizableImpl
         return getMembershipProvider().addMember(getTree(), authorizableImpl.getTree());
     }
 
+    /**
+     * Returns {@code true} if the given {@code newMember} is a Group
+     * and contains {@code this} Group as declared or inherited member.
+     *
+     * @param newMember The new member to be tested for cyclic membership.
+     * @return true if the 'newMember' is a group and 'this' is an declared or
+     * inherited member of it.
+     */
+    private boolean isCyclicMembership(AuthorizableImpl newMember) {
+        if (newMember.isGroup()) {
+            MembershipProvider mProvider = getMembershipProvider();
+            String contentId = mProvider.getContentID(getTree());
+            if (mProvider.isCyclicMembership(newMember.getTree(), contentId)) {
+                // found cyclic group membership
+                return true;
+            }
+        }
+        return false;
+    }
+
     @Override
     public boolean removeMember(Authorizable authorizable) throws RepositoryException {
         if (!isValidAuthorizableImpl(authorizable)) {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProvider.java?rev=1479955&r1=1479954&r2=1479955&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProvider.java
Tue May  7 15:55:49 2013
@@ -229,6 +229,29 @@ class MembershipProvider extends Authori
         return false;
     }
 
+    /**
+     * Returns {@code true} if the given {@code newMember} is a Group
+     * and contains {@code this} Group as declared or inherited member.
+     *
+     * @param newMemberTree The new member to be tested for cyclic membership.
+     * @param groupContentId The content ID of the group.
+     * @return true if the 'newMember' is a group and 'this' is an declared or
+     * inherited member of it.
+     */
+    boolean isCyclicMembership(Tree newMemberTree, String groupContentId) {
+        if (UserUtility.isType(newMemberTree, AuthorizableType.GROUP)) {
+            for (Iterator<String> it = getMembers(newMemberTree, AuthorizableType.GROUP,
true); it.hasNext(); ) {
+                Tree tree = root.getTree(it.next());
+                String contentId = getContentID(tree);
+                if (groupContentId.equals(contentId)) {
+                    // found cyclic group membership
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+
     //-----------------------------------------< private MembershipProvider >---
 
     private PropertyBuilder<String> getMembersPropertyBuilder(Tree groupTree) {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java?rev=1479955&r1=1479954&r2=1479955&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
Tue May  7 15:55:49 2013
@@ -16,8 +16,6 @@
  */
 package org.apache.jackrabbit.oak.security.user;
 
-import static com.google.common.base.Preconditions.checkNotNull;
-
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
@@ -37,6 +35,8 @@ import org.apache.jackrabbit.oak.spi.sta
 import org.apache.jackrabbit.oak.util.TreeUtil;
 import org.apache.jackrabbit.util.Text;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+
 /**
  * Validator that enforces user management specific constraints. Please note that
  * is this validator is making implementation specific assumptions; if the
@@ -207,8 +207,7 @@ class UserValidator extends DefaultValid
         }
     }
 
-    private static CommitFailedException constraintViolation(
-            int code, @Nonnull String message) {
+    private static CommitFailedException constraintViolation(int code, @Nonnull String message)
{
         return new CommitFailedException("Constraint", code, message);
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java?rev=1479955&r1=1479954&r2=1479955&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java
Tue May  7 15:55:49 2013
@@ -16,32 +16,38 @@
  */
 package org.apache.jackrabbit.oak.security.user;
 
-import static org.junit.Assert.fail;
-
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
+import java.util.Set;
 import java.util.UUID;
-
 import javax.jcr.RepositoryException;
 
 import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.api.CommitFailedException;
+import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.util.Text;
 import org.junit.Before;
+import org.junit.Ignore;
 import org.junit.Test;
 
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.fail;
+
 /**
  * @since OAK 1.0
  */
-public class UserValidatorTest extends AbstractSecurityTest {
+public class UserValidatorTest extends AbstractSecurityTest implements UserConstants {
 
     private String userPath;
 
@@ -55,7 +61,7 @@ public class UserValidatorTest extends A
     public void removePassword() throws Exception {
         try {
             Tree userTree = root.getTree(userPath);
-            userTree.removeProperty(UserConstants.REP_PASSWORD);
+            userTree.removeProperty(REP_PASSWORD);
             root.commit();
             fail("removing password should fail");
         } catch (CommitFailedException e) {
@@ -69,7 +75,7 @@ public class UserValidatorTest extends A
     public void removePrincipalName() throws Exception {
         try {
             Tree userTree = root.getTree(userPath);
-            userTree.removeProperty(UserConstants.REP_PRINCIPAL_NAME);
+            userTree.removeProperty(REP_PRINCIPAL_NAME);
             root.commit();
             fail("removing principal name should fail");
         } catch (CommitFailedException e) {
@@ -83,7 +89,7 @@ public class UserValidatorTest extends A
     public void removeAuthorizableId() throws Exception {
         try {
             Tree userTree = root.getTree(userPath);
-            userTree.removeProperty(UserConstants.REP_AUTHORIZABLE_ID);
+            userTree.removeProperty(REP_AUTHORIZABLE_ID);
             root.commit();
             fail("removing authorizable id should fail");
         } catch (CommitFailedException e) {
@@ -98,7 +104,7 @@ public class UserValidatorTest extends A
         try {
             User user = getUserManager().createUser("withoutPrincipalName", "pw");
             Tree tree = root.getTree(userPath);
-            tree.removeProperty(UserConstants.REP_PRINCIPAL_NAME);
+            tree.removeProperty(REP_PRINCIPAL_NAME);
             root.commit();
 
             fail("creating user with invalid jcr:uuid should fail");
@@ -143,7 +149,7 @@ public class UserValidatorTest extends A
     public void changePrincipalName() throws Exception {
         try {
             Tree userTree = root.getTree(userPath);
-            userTree.setProperty(UserConstants.REP_PRINCIPAL_NAME, "another");
+            userTree.setProperty(REP_PRINCIPAL_NAME, "another");
             root.commit();
             fail("changing the principal name should fail");
         } catch (CommitFailedException e) {
@@ -157,7 +163,7 @@ public class UserValidatorTest extends A
     public void changeAuthorizableId() throws Exception {
         try {
             Tree userTree = root.getTree(userPath);
-            userTree.setProperty(UserConstants.REP_AUTHORIZABLE_ID, "modified");
+            userTree.setProperty(REP_AUTHORIZABLE_ID, "modified");
             root.commit();
             fail("changing the authorizable id should fail");
         } catch (CommitFailedException e) {
@@ -171,7 +177,7 @@ public class UserValidatorTest extends A
     public void changePasswordToPlainText() throws Exception {
         try {
             Tree userTree = root.getTree(userPath);
-            userTree.setProperty(UserConstants.REP_PASSWORD, "plaintext");
+            userTree.setProperty(REP_PASSWORD, "plaintext");
             root.commit();
             fail("storing a plaintext password should fail");
         } catch (CommitFailedException e) {
@@ -184,7 +190,7 @@ public class UserValidatorTest extends A
     @Test
     public void testRemoveAdminUser() throws Exception {
         try {
-            String adminId = getConfig().getConfigValue(UserConstants.PARAM_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID);
+            String adminId = getConfig().getConfigValue(PARAM_ADMIN_ID, DEFAULT_ADMIN_ID);
             UserManager userMgr = getUserManager();
             Authorizable admin = userMgr.getAuthorizable(adminId);
             if (admin == null) {
@@ -205,7 +211,7 @@ public class UserValidatorTest extends A
     @Test
     public void testDisableAdminUser() throws Exception {
         try {
-            String adminId = getConfig().getConfigValue(UserConstants.PARAM_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID);
+            String adminId = getConfig().getConfigValue(PARAM_ADMIN_ID, DEFAULT_ADMIN_ID);
             UserManager userMgr = getUserManager();
             Authorizable admin = userMgr.getAuthorizable(adminId);
             if (admin == null) {
@@ -213,7 +219,7 @@ public class UserValidatorTest extends A
                 root.commit();
             }
 
-            root.getTree(admin.getPath()).setProperty(UserConstants.REP_DISABLED, "disabled");
+            root.getTree(admin.getPath()).setProperty(REP_DISABLED, "disabled");
             root.commit();
             fail("Admin user cannot be disabled");
         } catch (CommitFailedException e) {
@@ -228,9 +234,9 @@ public class UserValidatorTest extends A
         List<String> invalid = new ArrayList<String>();
         invalid.add("/");
         invalid.add("/jcr:system");
-        String groupRoot = getConfig().getConfigValue(UserConstants.PARAM_GROUP_PATH, UserConstants.DEFAULT_GROUP_PATH);
+        String groupRoot = getConfig().getConfigValue(PARAM_GROUP_PATH, DEFAULT_GROUP_PATH);
         invalid.add(groupRoot);
-        String userRoot = getConfig().getConfigValue(UserConstants.PARAM_USER_PATH, UserConstants.DEFAULT_USER_PATH);
+        String userRoot = getConfig().getConfigValue(PARAM_USER_PATH, DEFAULT_USER_PATH);
         invalid.add(Text.getRelativeParent(userRoot, 1));
         invalid.add(userPath);
         invalid.add(userPath + "/folder");
@@ -245,15 +251,15 @@ public class UserValidatorTest extends A
                         Tree next = parent.getChild(segment);
                         if (!next.exists()) {
                             next = parent.addChild(segment);
-                            next.setProperty(JcrConstants.JCR_PRIMARYTYPE, UserConstants.NT_REP_AUTHORIZABLE_FOLDER,
Type.NAME);
+                            next.setProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_AUTHORIZABLE_FOLDER,
Type.NAME);
                             parent = next;
                         }
                     }
                 }
                 Tree userTree = parent.addChild("testUser");
-                userTree.setProperty(JcrConstants.JCR_PRIMARYTYPE, UserConstants.NT_REP_USER,
Type.NAME);
+                userTree.setProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_USER, Type.NAME);
                 userTree.setProperty(JcrConstants.JCR_UUID, UserProvider.getContentID("testUser"));
-                userTree.setProperty(UserConstants.REP_PRINCIPAL_NAME, "testUser");
+                userTree.setProperty(REP_PRINCIPAL_NAME, "testUser");
                 root.commit();
                 fail("Invalid hierarchy should be detected");
 
@@ -265,6 +271,46 @@ public class UserValidatorTest extends A
         }
     }
 
+    
+    /**
+     * @since oak 1.0 cyclic group membership added in a single set of transient
+     *        modifications must be detected upon save.
+     */
+    @Ignore("OAK-615")
+    @Test
+    public void testDetectCyclicMembership() throws Exception {
+        Group group1 = null;
+        Group group2 = null;
+        Group group3 = null;
+        
+        UserManager userMgr = getUserManager();
+        try {
+            group1 = userMgr.createGroup("group1");
+            group2 = userMgr.createGroup("group2");
+            group3 = userMgr.createGroup("group3");
+
+            group1.addMember(group2);
+            group2.addMember(group3);
+            
+            assertFalse(group3.addMember(group1));
+            
+            Tree group3Tree = root.getTree(group3.getPath());
+            Set<String> values = Collections.singleton(root.getTree(group1.getPath()).getProperty(JcrConstants.JCR_UUID).getValue(Type.STRING));
+            PropertyState prop = PropertyStates.createProperty(REP_MEMBERS, values, Type.WEAKREFERENCES);
+            group3Tree.setProperty(prop);
+            root.commit();
+            fail("Cyclic group membership must be detected");
+        } catch (CommitFailedException e) {
+            // success
+        } finally {
+            root.refresh();
+            if (group1 != null) group1.remove();
+            if (group2 != null) group2.remove();
+            if (group3 != null) group3.remove();
+            root.commit();
+        }
+    }
+
     private ConfigurationParameters getConfig() {
         return getUserConfiguration().getConfigurationParameters();
     }

Modified: jackrabbit/oak/trunk/oak-jcr/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/pom.xml?rev=1479955&r1=1479954&r2=1479955&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-jcr/pom.xml Tue May  7 15:55:49 2013
@@ -302,11 +302,9 @@
       org.apache.jackrabbit.test.api.lock.LockTest#testCheckedInUnlock
       org.apache.jackrabbit.test.api.observation.GetUserDataTest#testVersioning
 
-      org.apache.jackrabbit.oak.jcr.security.user.GroupTest#testCyclicGroups2           
                   <!-- OAK-615 -->
       org.apache.jackrabbit.oak.jcr.security.authorization.AccessControlImporterTest#testImportACLRemoveACE
<!-- OAK-414 -->
       org.apache.jackrabbit.oak.jcr.security.authorization.AccessControlImporterTest#testImportACLUnknown
  <!-- OAK-414 -->
       org.apache.jackrabbit.oak.jcr.security.authorization.AccessControlImporterTest#testImportPolicyExists
<!-- OAK-414 -->
-      org.apache.jackrabbit.oak.jcr.security.user.UserImportBestEffortTest#testImportNonExistingMemberBestEffort2
 <!-- OAK-414 -->
       org.apache.jackrabbit.oak.jcr.security.user.MemberNodeImportTest                  
                   <!-- OAK-414, OAK-482 -->
 
       org.apache.jackrabbit.oak.jcr.security.authorization.AccessControlManagementTest#testRemoveMixin
             <!-- OAK-767 -->

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java?rev=1479955&r1=1479954&r2=1479955&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java
Tue May  7 15:55:49 2013
@@ -592,11 +592,6 @@ public class GroupTest extends AbstractU
         }
     }
 
-    /**
-     * @since oak 1.0 cyclic group membership added in a single set of transient
-     *        modifications must be detected upon save.
-     */
-    @Ignore("OAK-615")
     @Test
     public void testCyclicGroups2() throws AuthorizableExistsException, RepositoryException,
NotExecutableException {
         Group group1 = null;
@@ -609,9 +604,7 @@ public class GroupTest extends AbstractU
 
             assertTrue(group1.addMember(group2));
             assertTrue(group2.addMember(group3));
-            assertTrue(group3.addMember(group1));
-            superuser.save();
-            fail("Cyclic group membership must be detected");
+            assertFalse("Cyclic group membership must be detected.", group3.addMember(group1));
         } catch (RepositoryException e) {
             // success
         } finally {

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportBestEffortTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportBestEffortTest.java?rev=1479955&r1=1479954&r2=1479955&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportBestEffortTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportBestEffortTest.java
Tue May  7 15:55:49 2013
@@ -92,7 +92,6 @@ public class UserImportBestEffortTest ex
         }
     }
 
-    @Ignore("OAK-414") // FIXME
     @Test
     public void testImportNonExistingMemberBestEffort2() throws Exception {
 
@@ -138,6 +137,38 @@ public class UserImportBestEffortTest ex
         } else {
             fail("'g1' was not imported as Group.");
         }
+    }
+
+    @Ignore("OAK-615") // FIXME
+    @Test
+    public void testImportCircularMembership() throws Exception {
+
+        String g1Id = "0120a4f9-196a-3f9e-b9f5-23f31f914da7";
+        String nonExistingId = "b2f5ff47-4366-31b6-a533-d8dc3614845d"; // groupId of 'g'
group.
+        if (userMgr.getAuthorizable("g") != null) {
+            throw new NotExecutableException();
+        }
+
+        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+                "<sv:node sv:name=\"gFolder\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\"
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\"
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\"
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">"
+
+                "   <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AuthorizableFolder</sv:value></sv:property>"
+
+                "<sv:node sv:name=\"g1\"><sv:property sv:name=\"jcr:primaryType\"
sv:type=\"Name\"><sv:value>rep:Group</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>"
+ g1Id + "</sv:value></sv:property>" +
+                "   <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>g1</sv:value></sv:property>"
+
+                "   <sv:property sv:name=\"rep:members\" sv:type=\"WeakReference\"><sv:value>"
+nonExistingId+ "</sv:value></sv:property>" +
+                "</sv:node>" +
+                "</sv:node>";
+
+        String xml2 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+                "   <sv:node sv:name=\"g\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\"
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\"
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\"
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">"
+
+                "       <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Group</sv:value></sv:property>"
+
+                "       <sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>"
+ nonExistingId + "</sv:value></sv:property>" +
+                "       <sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>g</sv:value></sv:property>"
+
+                "       <sv:property sv:name=\"rep:members\" sv:type=\"WeakReference\"><sv:value>"
+ g1Id + "</sv:value></sv:property>" +
+                "   </sv:node>";
+
+        // BESTEFFORT behavior -> must import non-existing members.
+        doImport(GROUPPATH, xml);
 
         /*
         now try to import the 'g' group that has a circular group
@@ -181,7 +212,7 @@ public class UserImportBestEffortTest ex
 
     /**
      * Same as {@link #testImportUuidCollisionRemoveExisting} with the single
-     * difference that the inital import is saved before being overwritten.
+     * difference that the initial import is saved before being overwritten.
      */
     @Test
     public void testImportUuidCollisionRemoveExisting2() throws Exception {



Mime
View raw message