Source Code of org.apache.jackrabbit.oak.AbstractSecurityTest

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.jackrabbit.oak;

import java.util.UUID;
import javax.annotation.Nullable;
import javax.jcr.Credentials;
import javax.jcr.NoSuchWorkspaceException;
import javax.jcr.RepositoryException;
import javax.jcr.SimpleCredentials;
import javax.jcr.ValueFactory;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginException;

import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.ContentRepository;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexEditorProvider;
import org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexProvider;
import org.apache.jackrabbit.oak.plugins.nodetype.RegistrationEditorProvider;
import org.apache.jackrabbit.oak.plugins.nodetype.write.InitialContent;
import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
import org.junit.After;
import org.junit.Before;

/**
 * AbstractOakTest is the base class for oak test execution.
 */
public abstract class AbstractSecurityTest {

    private ContentRepository contentRepository;
    private UserManager userManager;
    private User testUser;
    private PrivilegeManager privMgr;

    protected NamePathMapper namePathMapper = NamePathMapper.DEFAULT;
    protected SecurityProvider securityProvider;
    protected ContentSession adminSession;
    protected Root root;

    @Before
    public void before() throws Exception {
        contentRepository = new Oak()
                .with(new InitialContent())
                .with(new PropertyIndexEditorProvider())
                .with(new PropertyIndexProvider())
                .with(new RegistrationEditorProvider())
                .with(getSecurityProvider())
                .createContentRepository();

        adminSession = login(getAdminCredentials());
        root = adminSession.getLatestRoot();

        Configuration.setConfiguration(getConfiguration());
    }

    @After
    public void after() throws Exception {
        try {
            if (testUser != null) {
                testUser.remove();
                root.commit();
            }
        } finally {
            if (adminSession != null) {
                adminSession.close();
            }
            Configuration.setConfiguration(null);
        }
    }

    protected SecurityProvider getSecurityProvider() {
        if (securityProvider == null) {
            securityProvider = new SecurityProviderImpl(getSecurityConfigParameters());
        }
        return securityProvider;
    }

    protected ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.EMPTY;
    }

    protected Configuration getConfiguration() {
        return ConfigurationUtil.getDefaultConfiguration(getSecurityConfigParameters());
    }

    protected ContentSession login(@Nullable Credentials credentials)
            throws LoginException, NoSuchWorkspaceException {
        return contentRepository.login(credentials, null);
    }

    protected Credentials getAdminCredentials() {
        String adminId = UserUtility.getAdminId(getUserConfiguration().getConfigurationParameters());
        return new SimpleCredentials(adminId, adminId.toCharArray());
    }

    protected NamePathMapper getNamePathMapper() {
        return namePathMapper;
    }

    protected UserConfiguration getUserConfiguration() {
        return getSecurityProvider().getUserConfiguration();
    }

    protected UserManager getUserManager() {
        if (userManager == null) {
            userManager = getUserConfiguration().getUserManager(root, namePathMapper);
        }
        return userManager;
    }

    protected PrincipalManager getPrincipalManager() {
        return getSecurityProvider().getPrincipalConfiguration().getPrincipalManager(root, getNamePathMapper());
    }

    protected JackrabbitAccessControlManager getAccessControlManager(Root root) {
        AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root, NamePathMapper.DEFAULT);
        if (acMgr instanceof JackrabbitAccessControlManager) {
            return (JackrabbitAccessControlManager) acMgr;
        } else {
            throw new UnsupportedOperationException("Expected JackrabbitAccessControlManager found " + acMgr.getClass());
        }
    }

    protected Privilege[] privilegesFromNames(String... privilegeNames) throws RepositoryException {
        Privilege[] privs = new Privilege[privilegeNames.length];
        for (int i = 0; i < privilegeNames.length; i++) {
            privs[i] = getPrivilegeManager().getPrivilege(privilegeNames[i]);
        }
        return privs;
    }

    protected PrivilegeManager getPrivilegeManager() {
        if (privMgr == null) {
            privMgr = getSecurityProvider().getPrivilegeConfiguration().getPrivilegeManager(root, getNamePathMapper());
        }
        return privMgr;
    }

    protected ValueFactory getValueFactory() {
        return new ValueFactoryImpl(root.getBlobFactory(), getNamePathMapper());
    }

    protected User getTestUser() throws Exception {
        if (testUser == null) {
            String uid = "testUser" + UUID.randomUUID();
            testUser = getUserManager().createUser(uid, uid);
            root.commit();
        }
        return testUser;
    }

    protected ContentSession createTestSession() throws Exception {
        String uid = getTestUser().getID();
        return login(new SimpleCredentials(uid, uid.toCharArray()));
    }
}