Make security model easier to use in unit tests

author Mathieu Baudier <mbaudier@argeo.org>

Thu, 6 Sep 2012 13:31:52 +0000 (13:31 +0000)

committer Mathieu Baudier <mbaudier@argeo.org>

Thu, 6 Sep 2012 13:31:52 +0000 (13:31 +0000)
author Mathieu Baudier <mbaudier@argeo.org>
Thu, 6 Sep 2012 13:31:52 +0000 (13:31 +0000)
committer Mathieu Baudier <mbaudier@argeo.org>
Thu, 6 Sep 2012 13:31:52 +0000 (13:31 +0000)
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrSecurityModel.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrSecurityModel.java

index 3fffa1ac8bf9ab890ee7930fbc398948b620d83e..a8ae4ab42f4fce4e131eb017ada2532036af5fa0 100644 (file)
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrSecurityModel.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrSecurityModel.java
@@ -42,7 +42,7 @@ public class JcrSecurityModel {
                                 userHome.setProperty(ArgeoNames.ARGEO_USER_ID, username);
                                 session.save();
  
-                               JcrUtils.clearAccesControList(session, homePath, username);
+                               JcrUtils.clearAccessControList(session, homePath, username);
                                 JcrUtils.addPrivilege(session, homePath, username,
                                                 Privilege.JCR_ALL);
                         }
@@ -64,7 +64,7 @@ public class JcrSecurityModel {
                                                 ArgeoNames.ARGEO_CREDENTIALS_NON_EXPIRED, true);
                                 session.save();
  
-                               JcrUtils.clearAccesControList(session, userProfile.getPath(),
+                               JcrUtils.clearAccessControList(session, userProfile.getPath(),
                                                 username);
                                 JcrUtils.addPrivilege(session, userProfile.getPath(), username,
                                                 Privilege.JCR_READ);
diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java

index 244207bc59dd6f80cb838296cb3eece79531abd7..00c674580076d7bcbf7d6bdef5b2a343fc47ca6e 100644 (file)
--- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
+++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
@@ -37,7 +37,6 @@ import org.apache.jackrabbit.core.DefaultSecurityManager;
  import org.apache.jackrabbit.core.security.AnonymousPrincipal;
  import org.apache.jackrabbit.core.security.SecurityConstants;
  import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
-import org.argeo.ArgeoException;
  import org.springframework.security.Authentication;
  import org.springframework.security.GrantedAuthority;
  
@@ -72,30 +71,35 @@ public class ArgeoSecurityManager extends DefaultSecurityManager {
                 Authentication authen;
                 Set<Authentication> authens = subject
                                 .getPrincipals(Authentication.class);
-               if (authens.size() == 0)
-                       throw new ArgeoException("No Spring authentication found in "
-                                       + subject);
-               else
+               String userId;
+               if (authens.size() == 0) {
+                       // make sure that logged-in user has a Principal, useful for testing
+                       // using an admin user
+                       userId = super.getUserID(subject, workspaceName);
+                       UserManager systemUm = getSystemUserManager(null);
+                       if (systemUm.getAuthorizable(userId) == null)
+                               systemUm.createUser(userId, "");
+               } else {// Spring Security
                         authen = authens.iterator().next();
  
-               String userId = authen.getName();
-               StringBuffer roles = new StringBuffer("");
-               GrantedAuthority[] authorities = authen.getAuthorities();
-               for (GrantedAuthority ga : authorities) {
-                       roles.append(ga.toString());
-               }
-
-               // do not sync if not changed
-               if (userRolesCache.containsKey(userId)
-                               && userRolesCache.get(userId).equals(roles.toString()))
-                       return userId;
+                       userId = authen.getName();
+                       StringBuffer roles = new StringBuffer("");
+                       GrantedAuthority[] authorities = authen.getAuthorities();
+                       for (GrantedAuthority ga : authorities) {
+                               roles.append(ga.toString());
+                       }
  
-               // sync Spring and Jackrabbit
-               // workspace is irrelevant here
-               UserManager systemUm = getSystemUserManager(null);
-               syncSpringAndJackrabbitSecurity(systemUm, authen);
-               userRolesCache.put(userId, roles.toString());
+                       // do not sync if not changed
+                       if (userRolesCache.containsKey(userId)
+                                       && userRolesCache.get(userId).equals(roles.toString()))
+                               return userId;
  
+                       // sync Spring and Jackrabbit
+                       // workspace is irrelevant here
+                       UserManager systemUm = getSystemUserManager(null);
+                       syncSpringAndJackrabbitSecurity(systemUm, authen);
+                       userRolesCache.put(userId, roles.toString());
+               }
                 return userId;
         }
  
diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/JackrabbitSecurityModel.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/JackrabbitSecurityModel.java

index 75345edc8495afe03bb177d42ed57f1614bc2d63..d6cd1b1b417eb0f171a1e75898ff887826e1a8a1 100644 (file)
--- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/JackrabbitSecurityModel.java
+++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/JackrabbitSecurityModel.java
@@ -9,7 +9,6 @@ import org.apache.jackrabbit.api.security.user.User;
  import org.apache.jackrabbit.api.security.user.UserManager;
  import org.argeo.ArgeoException;
  import org.argeo.security.jcr.JcrSecurityModel;
-import org.argeo.util.security.SimplePrincipal;
  
  /** Make sure that user authorizable exists before syncing user directories. */
  public class JackrabbitSecurityModel extends JcrSecurityModel {
@@ -20,8 +19,7 @@ public class JackrabbitSecurityModel extends JcrSecurityModel {
                         if (session instanceof JackrabbitSession) {
                                 UserManager userManager = ((JackrabbitSession) session)
                                                 .getUserManager();
-                               User user = (User) userManager
-                                               .getAuthorizable(new SimplePrincipal(username));
+                               User user = (User) userManager.getAuthorizable(username);
                                 if (user == null)
                                         userManager.createUser(username, "");
                         }
diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java

index 0d889626ec065c2f9d7848a2ac3f7032187a06ba..a33f6d407780c4ef83b8666e7da885c7e1ae56a5 100644 (file)
--- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java
+++ b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java
@@ -1331,7 +1331,7 @@ public class JcrUtils implements ArgeoJcrConstants {
         }
  
         /** Clear authorizations for a user at this path */
-       public static void clearAccesControList(Session session, String path,
+       public static void clearAccessControList(Session session, String path,
                         String username) throws RepositoryException {
                 AccessControlManager acm = session.getAccessControlManager();
                 AccessControlList acl = getAccessControlList(acm, path);
author	Mathieu Baudier <mbaudier@argeo.org>
	Thu, 6 Sep 2012 13:31:52 +0000 (13:31 +0000)
committer	Mathieu Baudier <mbaudier@argeo.org>
	Thu, 6 Sep 2012 13:31:52 +0000 (13:31 +0000)
security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrSecurityModel.java		patch \| blob \| history
security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java		patch \| blob \| history
security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/JackrabbitSecurityModel.java		patch \| blob \| history
server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java		patch \| blob \| history