org.apache.jackrabbit.api.security.user.Authorizable Java Examples

The following examples show how to use org.apache.jackrabbit.api.security.user.Authorizable. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: Activator.java    From aem-password-reset with Apache License 2.0 6 votes vote down vote up
@Activate
public void start(ActivatorConfiguration config) {
    String[] authorizableIds = config.pwdreset_authorizables();

    Session session = null;
    try {
        ResourceResolver resolver = resolverFactory.getAdministrativeResourceResolver(null);

        UserManager userManager = resolver.adaptTo(UserManager.class);
        session = resolver.adaptTo(Session.class);

        for (String authorizable : authorizableIds) {
            try {
                Authorizable user = userManager.getAuthorizable(authorizable);
                if (user != null) {
                    ((User) user).changePassword(authorizable);
                    if (!userManager.isAutoSave()) {
                        session.save();
                    }
                    log.info("Changed the password for {}", authorizable);
                } else {
                    log.error("Could not find authorizable {}", authorizable);
                }
            } catch (RepositoryException repEx) {
                log.error("Could not change password for {}", authorizable, repEx);
            }
        }
    } catch (LoginException loginEx) {
        log.error("Could not login to the repository", loginEx);
    } finally {
        if(session != null) {
            session.logout();
        }
    }
}
 
Example #2
Source File: JackrabbitACLImporter.java    From jackrabbit-filevault with Apache License 2.0 6 votes vote down vote up
private ImportedPrincipalAcList(DocViewNode node) {
    String principalName = node.getValue("rep:principalName");
     Principal p = pMgr.getPrincipal(principalName);
     if (p == null) {
         try {
             Authorizable a = session.getUserManager().getAuthorizableByPath(accessControlledPath);
             if (a != null) {
                 p = a.getPrincipal();
             }
         } catch (RepositoryException e) {
             log.debug("Error while trying to retrieve user/group from access controlled path {}, {}", accessControlledPath, e.getMessage());
         }
         if (p == null) {
             p = getPrincipal(principalName);
         }
     }
     principal = p;
}
 
Example #3
Source File: TestUserContentPackage.java    From jackrabbit-filevault with Apache License 2.0 6 votes vote down vote up
@Test
public void installUserA_Profile_NonExistingUser() throws RepositoryException, IOException, PackageException {
    UserManager mgr = ((JackrabbitSession) admin).getUserManager();
    assertNull("test-user-a must not exist", mgr.getAuthorizable(ID_TEST_USER_A));

    // install profile
    JcrPackage pack = packMgr.upload(getStream("/test-packages/test_user_a_profile.zip"), false);
    assertNotNull(pack);
    pack.install(getDefaultOptions());

    Authorizable user = mgr.getAuthorizable(ID_TEST_USER_A);
    assertNotNull("test-user-a must exist", user);

    // profile must exist
    assertProperty(user.getPath() + "/" + NAME_PROFILE_PROPERTY, "a");
}
 
Example #4
Source File: TestACLAndMerge.java    From jackrabbit-filevault with Apache License 2.0 6 votes vote down vote up
@Override
public void tearDown() throws Exception {
    // remove test node
    if (admin.nodeExists("/testroot")) {
        admin.getNode("/testroot").remove();
        admin.save();
    }
    try {
        Authorizable testUser = uMgr.getAuthorizable(NAME_TEST_USER);
        testUser.remove();
        admin.save();
    } catch (RepositoryException e) {
        // ignore
    }
    super.tearDown();
}
 
Example #5
Source File: TestAceOrder.java    From jackrabbit-filevault with Apache License 2.0 6 votes vote down vote up
@Override
public void tearDown() throws Exception {
    try {
        if (admin.nodeExists("/testroot")) {
            admin.getNode("/testroot").remove();
            admin.save();
        }
        Authorizable testUser = uMgr.getAuthorizable(NAME_TEST_USER);
        if (testUser != null) {
            testUser.remove();
            admin.save();
        }
    } finally {
        super.tearDown();
    }
}
 
Example #6
Source File: AdminPermissionCheckerTest.java    From jackrabbit-filevault with Apache License 2.0 6 votes vote down vote up
@Test
public void testNotAdminUser() throws Exception {
    JackrabbitSession jackrabbitSession = (JackrabbitSession) admin;
    Authorizable vip = jackrabbitSession.getUserManager().getAuthorizable(TEST_USER);
    assertNull("test user must not exist", vip);

    jackrabbitSession.getUserManager().createUser(TEST_USER, TEST_USER);
    admin.save();

    Session session = repository.login(new SimpleCredentials(TEST_USER, TEST_USER.toCharArray()));
    try {
        assertFalse(
                "\"" + TEST_USER + "\" is not admin/system and doesn't belong to administrators thus shouldn't have admin permissions",
                AdminPermissionChecker.hasAdministrativePermissions(session));
    } finally {
        session.logout();
    }
}
 
Example #7
Source File: AdminPermissionCheckerTest.java    From jackrabbit-filevault with Apache License 2.0 6 votes vote down vote up
@Test
public void testAdminGroup() throws Exception {
    JackrabbitSession jackrabbitSession = (JackrabbitSession) admin;
    Authorizable admins = jackrabbitSession.getUserManager().getAuthorizable("administrators");
    if (admins == null) {
        admins = jackrabbitSession.getUserManager().createGroup("administrators");
    }
    Group adminsGroup = (Group) admins;
    User testUser = (User) jackrabbitSession.getUserManager().getAuthorizable(TEST_USER);
    if (testUser == null) {
        testUser = jackrabbitSession.getUserManager().createUser(TEST_USER, TEST_USER);
    }
    adminsGroup.addMember(testUser);
    admin.save();
    Session session = repository.login(new SimpleCredentials(TEST_USER, TEST_USER.toCharArray()));
    try {
        assertTrue(
                "user \"" + TEST_USER + "\" has been added to administrators group thus should have admin permissions",
                AdminPermissionChecker.hasAdministrativePermissions(session));
    } finally {
        session.logout();
    }
}
 
Example #8
Source File: AdminPermissionCheckerTest.java    From jackrabbit-filevault with Apache License 2.0 6 votes vote down vote up
@Test
public void testAdditionalAdminUser() throws AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException {
    JackrabbitSession jackrabbitSession = (JackrabbitSession) admin;
    Authorizable vip = jackrabbitSession.getUserManager().getAuthorizable(TEST_USER);
    assertNull("test user must not exist", vip);

    jackrabbitSession.getUserManager().createUser(TEST_USER, TEST_USER);
    admin.save();

    Session session = repository.login(new SimpleCredentials(TEST_USER, TEST_USER.toCharArray()));
    try {
        assertTrue(
                "\"" + TEST_USER + "\" is additional admin/system thus should have admin permissions",
                AdminPermissionChecker.hasAdministrativePermissions(session, TEST_USER));
    } finally {
        session.logout();
    }
}
 
Example #9
Source File: AdminPermissionCheckerTest.java    From jackrabbit-filevault with Apache License 2.0 6 votes vote down vote up
@Test
public void testAdditionalAdminGroup() throws Exception {
    JackrabbitSession jackrabbitSession = (JackrabbitSession) admin;
    Authorizable admins = jackrabbitSession.getUserManager().getAuthorizable("myadmins");
    if (admins == null) {
        admins = jackrabbitSession.getUserManager().createGroup("myadmins");
    }
    Group adminsGroup = (Group) admins;
    User testUser = (User) jackrabbitSession.getUserManager().getAuthorizable(TEST_USER);
    if (testUser == null) {
        testUser = jackrabbitSession.getUserManager().createUser(TEST_USER, TEST_USER);
    }
    adminsGroup.addMember(testUser);
    admin.save();
    Session session = repository.login(new SimpleCredentials(TEST_USER, TEST_USER.toCharArray()));
    try {
        assertTrue(
                "user \"" + TEST_USER + "\" has been added to additional administrators group thus should have admin permissions",
                AdminPermissionChecker.hasAdministrativePermissions(session, "myadmins"));
    } finally {
        session.logout();
    }
}
 
Example #10
Source File: TestUserContentPackage.java    From jackrabbit-filevault with Apache License 2.0 6 votes vote down vote up
@Test
public void installUserA_Profile_Picture_NonExistingUser() throws RepositoryException, IOException, PackageException {
    UserManager mgr = ((JackrabbitSession) admin).getUserManager();
    assertNull("test-user-a must not exist", mgr.getAuthorizable(ID_TEST_USER_A));

    // install updated profile
    JcrPackage pack = packMgr.upload(getStream("/test-packages/test_user_a_profile_picture.zip"), false);
    assertNotNull(pack);
    pack.install(getDefaultOptions());

    Authorizable user = mgr.getAuthorizable(ID_TEST_USER_A);
    assertNotNull("test-user-a must exist", user);

    // image profile must exist
    assertNodeExists(user.getPath() + "/" + NAME_PROFILE_PICTURE_NODE);
}
 
Example #11
Source File: CheckAuthorizableExists.java    From APM with Apache License 2.0 6 votes vote down vote up
public ActionResult process(final Context context, boolean execute) {
  ActionResult actionResult = context.createActionResult();
  try {
    Authorizable authorizable = null;
    if (shouldBeGroup) {
      authorizable = context.getAuthorizableManager().getGroupIfExists(id);
    } else {
      authorizable = context.getAuthorizableManager().getUserIfExists(id);
    }

    if (checkIfAuthIsNull(execute, actionResult, authorizable)) {
      return actionResult;
    }

    checkPath(actionResult, authorizable, execute);

  } catch (RepositoryException | ActionExecutionException e) {
    actionResult.logError(MessagingUtils.createMessage(e));
  }
  return actionResult;
}
 
Example #12
Source File: AuthorizableManagerImpl.java    From APM with Apache License 2.0 6 votes vote down vote up
private <T extends Authorizable> T getAuthorizable(Class<T> authorizableClass, String id)
    throws ActionExecutionException, RepositoryException {
  if (checkIfRemoved(id)) {
    throw new ActionExecutionException(
        format("%s with id %s not found", authorizableClass.getSimpleName(), id));
  }

  Authorizable authorizable = existingAuthorizables.get(id);

  if (authorizable == null) {
    authorizable = userManager.getAuthorizable(id);
  }

  if (authorizable == null) {
    throw new ActionExecutionException(
        format("%s with id %s not found", authorizableClass.getSimpleName(), id));
  }

  if (!authorizableClass.isInstance(authorizable)) {
    throw new ActionExecutionException(
        format("Authorizable with id %s exists but is a ", authorizableClass.getSimpleName()));
  }

  existingAuthorizables.put(id, authorizable);
  return authorizableClass.cast(authorizable);
}
 
Example #13
Source File: CheckProperty.java    From APM with Apache License 2.0 6 votes vote down vote up
private ActionResult process(final Context context, boolean execute) {
  ActionResult actionResult = context.createActionResult();
  try {
    Authorizable authorizable = context.getAuthorizableManager().getAuthorizable(authorizableId);

    if (!checkIfAuthHasProperty(execute, actionResult, authorizable)) {
      return actionResult;
    }

    if (checkPropertyExists(authorizable)) {
      return actionResult;
    }

    actionResult.logError(
        "Authorizable " + authorizableId + ": unexpected value of property: " + propertyName);
    if (execute) {
      actionResult.logError(ActionUtils.ASSERTION_FAILED_MSG);
    }
  } catch (final RepositoryException | ActionExecutionException e) {
    actionResult.logError(MessagingUtils.createMessage(e));
  }
  return actionResult;
}
 
Example #14
Source File: AuthorizableManagerImpl.java    From APM with Apache License 2.0 6 votes vote down vote up
private <T extends Authorizable> T getAuthorizableIfExists(Class<T> authorizableClass, String id)
    throws ActionExecutionException, RepositoryException {
  if (checkIfRemoved(id)) {
    return null;
  }

  Authorizable authorizable = existingAuthorizables.get(id);

  if (authorizable == null) {
    authorizable = userManager.getAuthorizable(id);
  }

  if (authorizable == null) {
    return null;
  }

  if (!authorizableClass.isInstance(authorizable)) {
    throw new ActionExecutionException(
        format("Authorizable with id %s exists but is a ", authorizableClass.getSimpleName()));
  }

  existingAuthorizables.put(id, authorizable);
  return authorizableClass.cast(authorizable);
}
 
Example #15
Source File: ClearFromGroupDetacher.java    From APM with Apache License 2.0 6 votes vote down vote up
public ActionResult detachMembersFromGroup() {
  ActionResult actionResult = context.createActionResult();

  try {
    Authorizable authorizable = context.getCurrentAuthorizable();

    if (authorizable.isGroup()) {
      final Group group = context.getCurrentGroup();
      LOGGER.info(String.format("Removing all members of group with id = %s", group.getID()));
      Iterator<Authorizable> groupMembers = getGroupMembers(actionResult, group);

      detachAllMembers(actionResult, group, groupMembers);
    } else {
      actionResult.logError("Child members can only be removed from groups");
    }
  } catch (RepositoryException | ActionExecutionException e) {
    actionResult.logError(MessagingUtils.createMessage(e));
  }
  return actionResult;
}
 
Example #16
Source File: RemoveProperty.java    From APM with Apache License 2.0 6 votes vote down vote up
private ActionResult process(final Context context, boolean simulate) {
  ActionResult actionResult = context.createActionResult();

  try {
    Authorizable authorizable = context.getCurrentAuthorizable();
    actionResult.setAuthorizable(authorizable.getID());
    LOGGER.info(String.format("Removing property %s from authorizable with id = %s", nameProperty,
        authorizable.getID()));
    if (!simulate) {
      authorizable.removeProperty(nameProperty);
    }

    actionResult.logMessage("Property " + nameProperty + " for " + authorizable.getID() + " removed");
  } catch (RepositoryException | ActionExecutionException e) {
    actionResult.logError(MessagingUtils.createMessage(e));
  }
  return actionResult;
}
 
Example #17
Source File: SetProperty.java    From APM with Apache License 2.0 6 votes vote down vote up
private ActionResult process(final Context context, boolean simulate) {
  ActionResult actionResult = context.createActionResult();

  try {
    Authorizable authorizable = context.getCurrentAuthorizable();
    actionResult.setAuthorizable(authorizable.getID());
    LOGGER.info(String.format("Setting property %s for authorizable with id = %s", nameProperty,
        authorizable.getID()));
    final Value value = context.getValueFactory().createValue(valueProperty);

    if (!simulate) {
      authorizable.setProperty(nameProperty, value);
    }

    actionResult.logMessage(
        "Property " + nameProperty + " for " + authorizable.getID() + " added vith value: "
            + valueProperty);
  } catch (RepositoryException | ActionExecutionException e) {
    actionResult.logError(MessagingUtils.createMessage(e));
  }
  return actionResult;
}
 
Example #18
Source File: CreateAuthorizable.java    From APM with Apache License 2.0 6 votes vote down vote up
public ActionResult process(final Context context, boolean simulate) {
  ActionResult actionResult = context.createActionResult();
  try {
    Authorizable authorizable = context.getAuthorizableManager().getAuthorizableIfExists(id);
    LOGGER.info("Creating authorizable with id = " + id);
    if (authorizable != null) {
      logMessage(actionResult, authorizable);
    } else {
      authorizable = createStrategy.create(id, password, path, context, actionResult, simulate);
    }
    context.setCurrentAuthorizable(authorizable);
  } catch (RepositoryException e) {
    actionResult.logError(MessagingUtils.createMessage(e));
  }
  return actionResult;
}
 
Example #19
Source File: CheckNotExists.java    From APM with Apache License 2.0 6 votes vote down vote up
private boolean checkAuthorizables(final Context context, ActionResult actionResult,
    List<String> errors) {
  boolean checkFailed = false;
  for (String authorizableId : ids) {
    try {
      Authorizable authorizable = context.getAuthorizableManager().getAuthorizableIfExists(authorizableId);
      if (authorizable != null) {
        actionResult.logError("Authorizable " + authorizableId + " exists");
        checkFailed = true;
      }
    } catch (final RepositoryException e) {
      errors.add(MessagingUtils.createMessage(e));
    }
  }
  return checkFailed;
}
 
Example #20
Source File: CheckIncludes.java    From APM with Apache License 2.0 6 votes vote down vote up
private boolean checkMembers(final Context context, final ActionResult actionResult,
    final Group authorizable, final List<String> errors) {
  boolean checkFailed = false;
  for (String id : groupIds) {
    try {
      Authorizable group = context.getAuthorizableManager().getAuthorizable(id);

      if (!authorizable.isMember(group)) {
        actionResult.logError(id + " is excluded from group " + authorizableId);
        checkFailed = true;
      }
      actionResult.logMessage(id + " is a member of group " + authorizableId);
    } catch (RepositoryException | ActionExecutionException e) {
      errors.add(MessagingUtils.createMessage(e));
    }
  }
  return checkFailed;
}
 
Example #21
Source File: CheckExcludes.java    From APM with Apache License 2.0 6 votes vote down vote up
private boolean checkMembers(final Context context, final ActionResult actionResult, final Group group,
    final List<String> errors) {
  boolean checkFailed = false;
  for (String authorizableId : authorizableIds) {
    try {
      Authorizable authorizable = context.getAuthorizableManager().getAuthorizableIfExists(authorizableId);
      if (authorizable == null) {
        actionResult.logWarning(MessagingUtils.authorizableNotExists(authorizableId));
        continue;
      }
      if (group.isMember(authorizable)) {
        actionResult.logError(authorizable.getID() + " belongs to group " + groupId);
        checkFailed = true;
      }
    } catch (RepositoryException e) {
      errors.add(MessagingUtils.createMessage(e));
    }
  }
  return checkFailed;
}
 
Example #22
Source File: RemoveAll.java    From APM with Apache License 2.0 6 votes vote down vote up
private ActionResult process(final Context context, boolean execute) {
  ActionResult actionResult = context.createActionResult();
  try {
    Authorizable authorizable = context.getCurrentAuthorizable();
    actionResult.setAuthorizable(authorizable.getID());
    LOGGER.info(String.format("Removing all priveleges for authorizable with id = %s on path = %s",
        authorizable.getID(), path));
    if (execute) {
      removeAll(context, authorizable);
    }
    actionResult.logMessage("Removed all privileges for " + authorizable.getID() + " on " + path);
  } catch (RepositoryException | ActionExecutionException e) {
    actionResult.logError(MessagingUtils.createMessage(e));
  }
  return actionResult;
}
 
Example #23
Source File: Purge.java    From APM with Apache License 2.0 6 votes vote down vote up
private ActionResult process(final Context context, boolean execute) {
  ActionResult actionResult = context.createActionResult();
  try {
    Authorizable authorizable = context.getCurrentAuthorizable();
    actionResult.setAuthorizable(authorizable.getID());
    LOGGER.info(String.format("Purging privileges for authorizable with id = %s under path = %s",
        authorizable.getID(), path));
    if (execute) {
      purge(context, actionResult);
    }
    actionResult.logMessage("Purged privileges for " + authorizable.getID() + " on " + path);
  } catch (RepositoryException | ActionExecutionException e) {
    actionResult.logError(MessagingUtils.createMessage(e));
  }

  return actionResult;
}
 
Example #24
Source File: AdminPermissionCheckerTest.java    From jackrabbit-filevault with Apache License 2.0 5 votes vote down vote up
@After
public void after() throws RepositoryException {
    JackrabbitSession jackrabbitSession = (JackrabbitSession) admin;
    jackrabbitSession.refresh(false);
    Authorizable vip = jackrabbitSession.getUserManager().getAuthorizable(TEST_USER);
    if (vip != null) {
        vip.remove();
    }
    jackrabbitSession.save();
}
 
Example #25
Source File: Activator.java    From publick-sling-blog with Apache License 2.0 5 votes vote down vote up
/**
 * Create user groups for authors and testers.
 *
 * @param bundleContext The bundle context provided by the component.
 */
private void createGroups(BundleContext bundleContext){
    ServiceReference SlingRepositoryFactoryReference = bundleContext.getServiceReference(SlingRepository.class.getName());
    SlingRepository repository = (SlingRepository)bundleContext.getService(SlingRepositoryFactoryReference);

    Session session = null;

    if (repository != null) {
        try {
            session = repository.loginAdministrative(null);

            if (session != null && session instanceof JackrabbitSession) {
                UserManager userManager = ((JackrabbitSession)session).getUserManager();
                ValueFactory valueFactory = session.getValueFactory();

                Authorizable authors = userManager.getAuthorizable(PublickConstants.GROUP_ID_AUTHORS);

                if (authors == null) {
                    authors = userManager.createGroup(PublickConstants.GROUP_ID_AUTHORS);
                    authors.setProperty(GROUP_DISPLAY_NAME, valueFactory.createValue(PublickConstants.GROUP_DISPLAY_AUTHORS));
                }

                Authorizable testers = userManager.getAuthorizable(PublickConstants.GROUP_ID_TESTERS);

                if (testers == null) {
                    testers = userManager.createGroup(PublickConstants.GROUP_ID_TESTERS);
                    testers.setProperty(GROUP_DISPLAY_NAME, valueFactory.createValue(PublickConstants.GROUP_DISPLAY_TESTERS));
                }
            }
        } catch (RepositoryException e) {
            LOGGER.error("Could not get session", e);
        } finally {
            if (session != null && session.isLive()) {
                session.logout();
                session = null;
            }
        }
    }
}
 
Example #26
Source File: ClearFromGroupDetacher.java    From APM with Apache License 2.0 5 votes vote down vote up
private void detachFromParents(final ActionResult actionResult, final Authorizable authorizable,
    Iterator<Group> groups) throws RepositoryException {
  while (groups.hasNext()) {
    Group currentGroup = groups.next();
    if (currentGroup.isGroup()) {
      if (!simulate) {
        currentGroup.removeMember(authorizable);
      }
      actionResult.logMessage(
          MessagingUtils.removedFromGroup(authorizable.getID(), currentGroup.getID()));
    }
  }
}
 
Example #27
Source File: AuthorizableManagerImpl.java    From APM with Apache License 2.0 5 votes vote down vote up
@Override
public Authorizable getAuthorizableIfExists(String id) throws RepositoryException {
  if (checkIfRemoved(id)) {
    return null;
  }
  Authorizable authorizable = existingAuthorizables.get(id);

  if (authorizable == null) {
    authorizable = userManager.getAuthorizable(id);
  }

  return authorizable;
}
 
Example #28
Source File: ClearFromGroupDetacher.java    From APM with Apache License 2.0 5 votes vote down vote up
private Iterator<Group> getGroupParents(final ActionResult actionResult, final Authorizable authorizable)
    throws RepositoryException {
  String id = authorizable.getID();
  actionResult.setAuthorizable(id);
  Iterator<Group> groups = authorizable.memberOf();
  if (!groups.hasNext()) {
    actionResult.logWarning(MessagingUtils.groupIsMemberOfNoGroups(id));
  }
  return groups;
}
 
Example #29
Source File: RemoveAll.java    From APM with Apache License 2.0 5 votes vote down vote up
private void removeAll(final Context context, Authorizable authorizable) throws RepositoryException {
  final AccessControlManager accessControlManager = context.getAccessControlManager();
  final Principal principal = authorizable.getPrincipal();

  final JackrabbitAccessControlList jackrabbitAcl = JackrabbitAccessControlListUtil
      .getModifiableAcl(accessControlManager, path);
  final AccessControlEntry[] accessControlEntries = jackrabbitAcl.getAccessControlEntries();
  for (final AccessControlEntry accessControlEntry : accessControlEntries) {
    if (accessControlEntry.getPrincipal().equals(principal)) {
      jackrabbitAcl.removeAccessControlEntry(accessControlEntry);
    }
  }
  accessControlManager.setPolicy(path, jackrabbitAcl);
}
 
Example #30
Source File: ClearFromGroupDetacher.java    From APM with Apache License 2.0 5 votes vote down vote up
private Iterator<Authorizable> getGroupMembers(final ActionResult actionResult, final Group group)
    throws RepositoryException {
  String id = group.getID();
  actionResult.setAuthorizable(id);
  Iterator<Authorizable> groupMembers = group.getDeclaredMembers();
  if (!groupMembers.hasNext()) {
    actionResult.logWarning(MessagingUtils.groupHasNoMembers(id));
  }
  return groupMembers;
}