From 5c83877a10b02faf5bc065c59250f31a0befe0f6 Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Thu, 6 Sep 2012 13:31:52 +0000 Subject: [PATCH] Make security model easier to use in unit tests git-svn-id: https://svn.argeo.org/commons/trunk@5564 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- .../argeo/security/jcr/JcrSecurityModel.java | 4 +- .../jackrabbit/ArgeoSecurityManager.java | 46 ++++++++++--------- .../jackrabbit/JackrabbitSecurityModel.java | 4 +- .../src/main/java/org/argeo/jcr/JcrUtils.java | 2 +- 4 files changed, 29 insertions(+), 27 deletions(-) diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrSecurityModel.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrSecurityModel.java index 3fffa1ac8..a8ae4ab42 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrSecurityModel.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrSecurityModel.java @@ -42,7 +42,7 @@ public class JcrSecurityModel { userHome.setProperty(ArgeoNames.ARGEO_USER_ID, username); session.save(); - JcrUtils.clearAccesControList(session, homePath, username); + JcrUtils.clearAccessControList(session, homePath, username); JcrUtils.addPrivilege(session, homePath, username, Privilege.JCR_ALL); } @@ -64,7 +64,7 @@ public class JcrSecurityModel { ArgeoNames.ARGEO_CREDENTIALS_NON_EXPIRED, true); session.save(); - JcrUtils.clearAccesControList(session, userProfile.getPath(), + JcrUtils.clearAccessControList(session, userProfile.getPath(), username); JcrUtils.addPrivilege(session, userProfile.getPath(), username, Privilege.JCR_READ); diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java index 244207bc5..00c674580 100644 --- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java +++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java @@ -37,7 +37,6 @@ import org.apache.jackrabbit.core.DefaultSecurityManager; import org.apache.jackrabbit.core.security.AnonymousPrincipal; import org.apache.jackrabbit.core.security.SecurityConstants; import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager; -import org.argeo.ArgeoException; import org.springframework.security.Authentication; import org.springframework.security.GrantedAuthority; @@ -72,30 +71,35 @@ public class ArgeoSecurityManager extends DefaultSecurityManager { Authentication authen; Set authens = subject .getPrincipals(Authentication.class); - if (authens.size() == 0) - throw new ArgeoException("No Spring authentication found in " - + subject); - else + String userId; + if (authens.size() == 0) { + // make sure that logged-in user has a Principal, useful for testing + // using an admin user + userId = super.getUserID(subject, workspaceName); + UserManager systemUm = getSystemUserManager(null); + if (systemUm.getAuthorizable(userId) == null) + systemUm.createUser(userId, ""); + } else {// Spring Security authen = authens.iterator().next(); - String userId = authen.getName(); - StringBuffer roles = new StringBuffer(""); - GrantedAuthority[] authorities = authen.getAuthorities(); - for (GrantedAuthority ga : authorities) { - roles.append(ga.toString()); - } - - // do not sync if not changed - if (userRolesCache.containsKey(userId) - && userRolesCache.get(userId).equals(roles.toString())) - return userId; + userId = authen.getName(); + StringBuffer roles = new StringBuffer(""); + GrantedAuthority[] authorities = authen.getAuthorities(); + for (GrantedAuthority ga : authorities) { + roles.append(ga.toString()); + } - // sync Spring and Jackrabbit - // workspace is irrelevant here - UserManager systemUm = getSystemUserManager(null); - syncSpringAndJackrabbitSecurity(systemUm, authen); - userRolesCache.put(userId, roles.toString()); + // do not sync if not changed + if (userRolesCache.containsKey(userId) + && userRolesCache.get(userId).equals(roles.toString())) + return userId; + // sync Spring and Jackrabbit + // workspace is irrelevant here + UserManager systemUm = getSystemUserManager(null); + syncSpringAndJackrabbitSecurity(systemUm, authen); + userRolesCache.put(userId, roles.toString()); + } return userId; } diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/JackrabbitSecurityModel.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/JackrabbitSecurityModel.java index 75345edc8..d6cd1b1b4 100644 --- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/JackrabbitSecurityModel.java +++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/JackrabbitSecurityModel.java @@ -9,7 +9,6 @@ import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.api.security.user.UserManager; import org.argeo.ArgeoException; import org.argeo.security.jcr.JcrSecurityModel; -import org.argeo.util.security.SimplePrincipal; /** Make sure that user authorizable exists before syncing user directories. */ public class JackrabbitSecurityModel extends JcrSecurityModel { @@ -20,8 +19,7 @@ public class JackrabbitSecurityModel extends JcrSecurityModel { if (session instanceof JackrabbitSession) { UserManager userManager = ((JackrabbitSession) session) .getUserManager(); - User user = (User) userManager - .getAuthorizable(new SimplePrincipal(username)); + User user = (User) userManager.getAuthorizable(username); if (user == null) userManager.createUser(username, ""); } diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java index 0d889626e..a33f6d407 100644 --- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java +++ b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java @@ -1331,7 +1331,7 @@ public class JcrUtils implements ArgeoJcrConstants { } /** Clear authorizations for a user at this path */ - public static void clearAccesControList(Session session, String path, + public static void clearAccessControList(Session session, String path, String username) throws RepositoryException { AccessControlManager acm = session.getAccessControlManager(); AccessControlList acl = getAccessControlList(acm, path); -- 2.30.2