inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged BRANCHES/DEV/V4.0-BUG-FIX to HEAD:

Browse Source 
35637: RemoteCredentialsService and RemoteAlfrescoTicketService, with tests


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@35639 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Nick Burch
2012-04-24 16:12:47 +00:00
parent e542141b84
commit d0fdeafa2c
36 changed files with 4692 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
source/java/org/alfresco/repo/remotecredentials/AbstractCredentialsImpl.java Normal file
View File

@@ -0,0 +1,121 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.remotecredentials;
import org.alfresco.service.cmr.remotecredentials.BaseCredentialsInfo;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
/**
* This class is the parent of a set of Remote Credentials
*
* @author Nick Burch
* @since Odin
*/
public abstract class AbstractCredentialsImpl implements BaseCredentialsInfo
{
private static final long serialVersionUID = 1825070334051269906L;
private QName type;
private NodeRef nodeRef;
private String remoteSystemName;
private NodeRef remoteSystemContainerNodeRef;
private String remoteUsername;
private boolean lastAuthenticationSucceeded;
/**
* Creates a new, empty {@link AbstractCredentialsImpl} ready
* to be stored later
*/
public AbstractCredentialsImpl(QName type)
{
this.type = type;
// Default is that the authentication worked, unless told otherwise
this.lastAuthenticationSucceeded = true;
}
public AbstractCredentialsImpl(NodeRef nodeRef, QName type, String remoteSystemName, NodeRef remoteSystemContainerNodeRef)
{
this(type);
// Record the node details
this.nodeRef = nodeRef;
this.remoteSystemName = remoteSystemName;
this.remoteSystemContainerNodeRef = remoteSystemContainerNodeRef;
}
/**
* @return the NodeRef of the underlying credentials
*/
public NodeRef getNodeRef()
{
return nodeRef;
}
/**
* @return the Type of the underlying credentials
*/
public QName getCredentialsType()
{
return type;
}
/**
* @return the Remote System Name the credentials belong to
*/
public String getRemoteSystemName()
{
return remoteSystemName;
}
/**
* @return the NodeRef of the container for the Remote System
*/
public NodeRef getRemoteSystemContainerNodeRef()
{
return remoteSystemContainerNodeRef;
}
/**
* @return the Remote Username
*/
public String getRemoteUsername()
{
return remoteUsername;
}
public void setRemoteUsername(String username)
{
this.remoteUsername = username;
}
/**
* @return whether the last authentication attempt succeeded
*/
public boolean getLastAuthenticationSucceeded()
{
return lastAuthenticationSucceeded;
}
public void setLastAuthenticationSucceeded(boolean succeeded)
{
this.lastAuthenticationSucceeded = succeeded;
}
}

99
source/java/org/alfresco/repo/remotecredentials/OAuth1CredentialsFactory.java Normal file
View File

@@ -0,0 +1,99 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.remotecredentials;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.repo.node.encryption.MetadataEncryptor;
import org.alfresco.service.cmr.remotecredentials.BaseCredentialsInfo;
import org.alfresco.service.cmr.remotecredentials.OAuth1CredentialsInfo;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
/**
* The Factory for building {@link OAuth1CredentialsInfo} objects
*
* @author Nick Burch
* @since Odin
*/
public class OAuth1CredentialsFactory implements RemoteCredentialsInfoFactory
{
private MetadataEncryptor metadataEncryptor;
public void setMetadataEncryptor(MetadataEncryptor metadataEncryptor)
{
this.metadataEncryptor = metadataEncryptor;
}
/**
* Creates a new {@link OAuth1CredentialsInfo} based on the details of the underlying node.
*/
public OAuth1CredentialsInfo createCredentials(QName type, NodeRef nodeRef, String remoteSystemName,
NodeRef remoteSystemContainerNodeRef, Map<QName,Serializable> properties)
{
// Decrypt the token and secret
String token = (String)metadataEncryptor.decrypt(
RemoteCredentialsModel.PROP_OAUTH1_TOKEN, properties.get(RemoteCredentialsModel.PROP_OAUTH1_TOKEN));
String secret = (String)metadataEncryptor.decrypt(
RemoteCredentialsModel.PROP_OAUTH1_TOKEN_SECRET, properties.get(RemoteCredentialsModel.PROP_OAUTH1_TOKEN_SECRET));
// Build the object
OAuth1CredentialsInfoImpl credentials =
new OAuth1CredentialsInfoImpl(nodeRef, remoteSystemName, remoteSystemContainerNodeRef);
// Populate
RemoteCredentialsInfoFactory.FactoryHelper.setCoreCredentials(credentials, properties);
credentials.setOAuthToken(token);
credentials.setOAuthSecret(secret);
// All done
return credentials;
}
/**
* Serializes the given {@link BaseCredentialsInfo} object to node properties.
*
* @param info The Credentials object to serialize
* @param coreProperties The core rc:credentialBase properties for the node
* @return The final set of properties to be serialized for the node
*/
public Map<QName,Serializable> serializeCredentials(BaseCredentialsInfo info)
{
if (! (info instanceof OAuth1CredentialsInfo))
{
throw new IllegalStateException("Incorrect registration, info must be a OAuth1CredentialsInfo");
}
// Encrypt the details
OAuth1CredentialsInfo credentials = (OAuth1CredentialsInfo)info;
Serializable tokenEncrypted = metadataEncryptor.encrypt(
RemoteCredentialsModel.PROP_OAUTH1_TOKEN, credentials.getOAuthToken());
Serializable secretEncrypted = metadataEncryptor.encrypt(
RemoteCredentialsModel.PROP_OAUTH1_TOKEN_SECRET, credentials.getOAuthSecret());
// Store our specific types and return
Map<QName,Serializable> properties = new HashMap<QName, Serializable>();
properties.put(RemoteCredentialsModel.PROP_OAUTH1_TOKEN, tokenEncrypted);
properties.put(RemoteCredentialsModel.PROP_OAUTH1_TOKEN_SECRET, secretEncrypted);
return properties;
}
}

72
source/java/org/alfresco/repo/remotecredentials/OAuth1CredentialsInfoImpl.java Normal file
View File

@@ -0,0 +1,72 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.remotecredentials;
import org.alfresco.service.cmr.remotecredentials.OAuth1CredentialsInfo;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
/**
* This class represents an OAuth 1.0 based set of credentials
*
* @author Nick Burch
* @since Odin
*/
public class OAuth1CredentialsInfoImpl extends AbstractCredentialsImpl implements OAuth1CredentialsInfo
{
private static final long serialVersionUID = 4739556616590284462L;
private static final QName TYPE = RemoteCredentialsModel.TYPE_OAUTH1_CREDENTIALS;
private String oauthToken;
private String oauthTokenSecret;
public OAuth1CredentialsInfoImpl()
{
super(TYPE);
}
public OAuth1CredentialsInfoImpl(NodeRef nodeRef, String remoteSystemName, NodeRef remoteSystemContainerNodeRef)
{
super(nodeRef, TYPE, remoteSystemName, remoteSystemContainerNodeRef);
}
/**
* @return the OAuth Token Identifier
*/
public String getOAuthToken()
{
return oauthToken;
}
public void setOAuthToken(String token)
{
this.oauthToken = token;
}
/**
* @return the OAuth Token Secret
*/
public String getOAuthSecret()
{
return oauthTokenSecret;
}
public void setOAuthSecret(String secret)
{
this.oauthTokenSecret = secret;
}
}

108
source/java/org/alfresco/repo/remotecredentials/OAuth2CredentialsFactory.java Normal file
View File

@@ -0,0 +1,108 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.remotecredentials;
import java.io.Serializable;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.repo.node.encryption.MetadataEncryptor;
import org.alfresco.service.cmr.remotecredentials.BaseCredentialsInfo;
import org.alfresco.service.cmr.remotecredentials.OAuth2CredentialsInfo;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
/**
* The Factory for building {@link OAuth2CredentialsInfo} objects
*
* @author Nick Burch
* @since Odin
*/
public class OAuth2CredentialsFactory implements RemoteCredentialsInfoFactory
{
private MetadataEncryptor metadataEncryptor;
public void setMetadataEncryptor(MetadataEncryptor metadataEncryptor)
{
this.metadataEncryptor = metadataEncryptor;
}
/**
* Creates a new {@link OAuth2CredentialsInfo} based on the details of the underlying node.
*/
public OAuth2CredentialsInfo createCredentials(QName type, NodeRef nodeRef, String remoteSystemName,
NodeRef remoteSystemContainerNodeRef, Map<QName,Serializable> properties)
{
// Decrypt the token details
String accessToken = (String)metadataEncryptor.decrypt(
RemoteCredentialsModel.PROP_OAUTH2_ACCESS_TOKEN, properties.get(RemoteCredentialsModel.PROP_OAUTH2_ACCESS_TOKEN));
String refreshToken = (String)metadataEncryptor.decrypt(
RemoteCredentialsModel.PROP_OAUTH2_REFRESH_TOKEN, properties.get(RemoteCredentialsModel.PROP_OAUTH2_REFRESH_TOKEN));
// Get the dates
Date tokenIssuedAt = (Date)properties.get(RemoteCredentialsModel.PROP_OAUTH2_TOKEN_ISSUED_AT);
Date tokenExpiresAt = (Date)properties.get(RemoteCredentialsModel.PROP_OAUTH2_TOKEN_EXPIRES_AT);
// Build the object
OAuth2CredentialsInfoImpl credentials =
new OAuth2CredentialsInfoImpl(nodeRef, remoteSystemName, remoteSystemContainerNodeRef);
// Populate
RemoteCredentialsInfoFactory.FactoryHelper.setCoreCredentials(credentials, properties);
credentials.setOauthAccessToken(accessToken);
credentials.setOauthRefreshToken(refreshToken);
credentials.setOauthTokenIssuedAt(tokenIssuedAt);
credentials.setOauthTokenExpiresAt(tokenExpiresAt);
// All done
return credentials;
}
/**
* Serializes the given {@link BaseCredentialsInfo} object to node properties.
*
* @param info The Credentials object to serialize
* @param coreProperties The core rc:credentialBase properties for the node
* @return The final set of properties to be serialized for the node
*/
public Map<QName,Serializable> serializeCredentials(BaseCredentialsInfo info)
{
if (! (info instanceof OAuth2CredentialsInfo))
{
throw new IllegalStateException("Incorrect registration, info must be a OAuth2CredentialsInfo");
}
// Encrypt the token details
OAuth2CredentialsInfo credentials = (OAuth2CredentialsInfo)info;
Serializable accessTokenEncrypted = metadataEncryptor.encrypt(
RemoteCredentialsModel.PROP_OAUTH2_ACCESS_TOKEN, credentials.getOAuthAccessToken());
Serializable refreshTokenEncrypted = metadataEncryptor.encrypt(
RemoteCredentialsModel.PROP_OAUTH2_REFRESH_TOKEN, credentials.getOAuthRefreshToken());
// Store our specific types and return
Map<QName,Serializable> properties = new HashMap<QName, Serializable>();
properties.put(RemoteCredentialsModel.PROP_OAUTH2_ACCESS_TOKEN, accessTokenEncrypted);
properties.put(RemoteCredentialsModel.PROP_OAUTH2_REFRESH_TOKEN, refreshTokenEncrypted);
properties.put(RemoteCredentialsModel.PROP_OAUTH2_TOKEN_ISSUED_AT, credentials.getOAuthTicketIssuedAt());
properties.put(RemoteCredentialsModel.PROP_OAUTH2_TOKEN_EXPIRES_AT, credentials.getOAuthTicketExpiresAt());
return properties;
}
}

100
source/java/org/alfresco/repo/remotecredentials/OAuth2CredentialsInfoImpl.java Normal file
View File

@@ -0,0 +1,100 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.remotecredentials;
import java.util.Date;
import org.alfresco.service.cmr.remotecredentials.OAuth2CredentialsInfo;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
/**
* This class represents an OAuth 2.0 based set of credentials
*
* @author Nick Burch
* @since Odin
*/
public class OAuth2CredentialsInfoImpl extends AbstractCredentialsImpl implements OAuth2CredentialsInfo
{
private static final long serialVersionUID = 4739556616590284462L;
private static final QName TYPE = RemoteCredentialsModel.TYPE_OAUTH2_CREDENTIALS;
private String oauthAccessToken;
private String oauthRefreshToken;
private Date oauthTokenExpiresAt;
private Date oauthTokenIssuedAt;
public OAuth2CredentialsInfoImpl()
{
super(TYPE);
}
public OAuth2CredentialsInfoImpl(NodeRef nodeRef, String remoteSystemName, NodeRef remoteSystemContainerNodeRef)
{
super(nodeRef, TYPE, remoteSystemName, remoteSystemContainerNodeRef);
}
/**
* @return the OAuth Access Token
*/
public String getOAuthAccessToken()
{
return oauthAccessToken;
}
public void setOauthAccessToken(String oauthAccessToken)
{
this.oauthAccessToken = oauthAccessToken;
}
/**
* @return the OAuth Refresh
*/
public String getOAuthRefreshToken()
{
return oauthRefreshToken;
}
public void setOauthRefreshToken(String oauthRefreshToken)
{
this.oauthRefreshToken = oauthRefreshToken;
}
/**
* @return When the Access Token was Issued
*/
public Date getOAuthTicketIssuedAt()
{
return oauthTokenIssuedAt;
}
public void setOauthTokenIssuedAt(Date oauthTokenIssuedAt)
{
this.oauthTokenIssuedAt = oauthTokenIssuedAt;
}
/**
* @return When the Access Token will Expire
*/
public Date getOAuthTicketExpiresAt()
{
return oauthTokenExpiresAt;
}
public void setOauthTokenExpiresAt(Date oauthTokenExpiresAt)
{
this.oauthTokenExpiresAt = oauthTokenExpiresAt;
}
}

92
source/java/org/alfresco/repo/remotecredentials/PasswordCredentialsFactory.java Normal file
View File

@@ -0,0 +1,92 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.remotecredentials;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.repo.node.encryption.MetadataEncryptor;
import org.alfresco.service.cmr.remotecredentials.BaseCredentialsInfo;
import org.alfresco.service.cmr.remotecredentials.PasswordCredentialsInfo;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
/**
* The Factory for building {@link PasswordCredentialsInfo} objects
*
* @author Nick Burch
* @since Odin
*/
public class PasswordCredentialsFactory implements RemoteCredentialsInfoFactory
{
private MetadataEncryptor metadataEncryptor;
public void setMetadataEncryptor(MetadataEncryptor metadataEncryptor)
{
this.metadataEncryptor = metadataEncryptor;
}
/**
* Creates a new {@link PasswordCredentialsInfo} based on the details of the underlying node.
*/
public PasswordCredentialsInfo createCredentials(QName type, NodeRef nodeRef, String remoteSystemName,
NodeRef remoteSystemContainerNodeRef, Map<QName,Serializable> properties)
{
// Decrypt the password
String password = (String)metadataEncryptor.decrypt(
RemoteCredentialsModel.PROP_REMOTE_PASSWORD, properties.get(RemoteCredentialsModel.PROP_REMOTE_PASSWORD));
// Build the object
PasswordCredentialsInfoImpl credentials =
new PasswordCredentialsInfoImpl(nodeRef, remoteSystemName, remoteSystemContainerNodeRef);
// Populate
RemoteCredentialsInfoFactory.FactoryHelper.setCoreCredentials(credentials, properties);
credentials.setRemotePassword(password);
// All done
return credentials;
}
/**
* Serializes the given {@link BaseCredentialsInfo} object to node properties.
*
* @param info The Credentials object to serialize
* @param coreProperties The core rc:credentialBase properties for the node
* @return The final set of properties to be serialized for the node
*/
public Map<QName,Serializable> serializeCredentials(BaseCredentialsInfo info)
{
if (! (info instanceof PasswordCredentialsInfo))
{
throw new IllegalStateException("Incorrect registration, info must be a PasswordCredentialsInfo");
}
// Encrypt the password
PasswordCredentialsInfo credentials = (PasswordCredentialsInfo)info;
Serializable passwordEncrypted = metadataEncryptor.encrypt(
RemoteCredentialsModel.PROP_REMOTE_PASSWORD, credentials.getRemotePassword());
// Store our specific types and return
Map<QName,Serializable> properties = new HashMap<QName, Serializable>();
properties.put(RemoteCredentialsModel.PROP_REMOTE_PASSWORD, passwordEncrypted);
return properties;
}
}

58
source/java/org/alfresco/repo/remotecredentials/PasswordCredentialsInfoImpl.java Normal file
View File

@@ -0,0 +1,58 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.remotecredentials;
import org.alfresco.service.cmr.remotecredentials.PasswordCredentialsInfo;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
/**
* This class represents a password based set of credentials
*
* @author Nick Burch
* @since Odin
*/
public class PasswordCredentialsInfoImpl extends AbstractCredentialsImpl implements PasswordCredentialsInfo
{
private static final long serialVersionUID = -5351115540931076949L;
private static final QName TYPE = RemoteCredentialsModel.TYPE_PASSWORD_CREDENTIALS;
private String remotePassword;
public PasswordCredentialsInfoImpl()
{
super(TYPE);
}
public PasswordCredentialsInfoImpl(NodeRef nodeRef, String remoteSystemName, NodeRef remoteSystemContainerNodeRef)
{
super(nodeRef, TYPE, remoteSystemName, remoteSystemContainerNodeRef);
}
/**
* @return the Remote Password
*/
public String getRemotePassword()
{
return remotePassword;
}
public void setRemotePassword(String password)
{
remotePassword = password;
}
}

94
source/java/org/alfresco/repo/remotecredentials/RemoteCredentialsInfoFactory.java Normal file
View File

@@ -0,0 +1,94 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.remotecredentials;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.service.cmr.remotecredentials.BaseCredentialsInfo;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
/**
* The interface which controls how implementations of
* {@link BaseCredentialsInfo} are serialized
*
* @author Nick Burch
* @since Odin
*/
public interface RemoteCredentialsInfoFactory
{
/**
* Creates a new {@link BaseCredentialsInfo} object of the appropriate
* type, based on the details of the underlying node.
*
* @param type The type of the credentials node, a child of rc:credentialBase
* @param nodeRef The NodeRef of the credentials node
* @param properties All the node properties
*/
public BaseCredentialsInfo createCredentials(QName type, NodeRef nodeRef, String remoteSystemName,
NodeRef remoteSystemContainerNodeRef, Map<QName,Serializable> properties);
/**
* Serializes the given {@link BaseCredentialsInfo} object to node properties.
*
* @param info The Credentials object to serialize
* @return The properties to be serialized for the node
*/
public Map<QName,Serializable> serializeCredentials(BaseCredentialsInfo info);
/**
* Helper class for implementations of {@link RemoteCredentialsInfoFactory}
*/
public static class FactoryHelper
{
/**
* Sets the core properties on a {@link AbstractCredentialsImpl}
*/
public static void setCoreCredentials(AbstractCredentialsImpl credentials, Map<QName,Serializable> properties)
{
credentials.setRemoteUsername(
(String)properties.get(RemoteCredentialsModel.PROP_REMOTE_USERNAME)
);
Boolean succeeded = (Boolean)properties.get(RemoteCredentialsModel.PROP_LAST_AUTHENTICATION_SUCCEEDED);
if (succeeded != null)
{
credentials.setLastAuthenticationSucceeded(succeeded.booleanValue());
}
else
{
// Default is that it did
credentials.setLastAuthenticationSucceeded(true);
}
}
/**
* Generates the core properties for a {@link BaseCredentialsInfo}
*/
public static Map<QName,Serializable> getCoreCredentials(BaseCredentialsInfo credentials)
{
Map<QName,Serializable> properties = new HashMap<QName, Serializable>();
properties.put(RemoteCredentialsModel.PROP_REMOTE_USERNAME, credentials.getRemoteUsername());
properties.put(RemoteCredentialsModel.PROP_LAST_AUTHENTICATION_SUCCEEDED, credentials.getLastAuthenticationSucceeded());
return properties;
}
}
}

63
source/java/org/alfresco/repo/remotecredentials/RemoteCredentialsModel.java Normal file
View File

@@ -0,0 +1,63 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.remotecredentials;
import org.alfresco.service.namespace.QName;
/**
* Remote Credentials models constants
*
* @author Nick Burch
* @since Odin
*/
public interface RemoteCredentialsModel
{
/** Remote Credentials Model */
public static final String REMOTE_CREDENTIALS_MODEL_URL = "http://www.alfresco.org/model/remotecredentials/1.0";
public static final String REMOTE_CREDENTIALS_MODEL_PREFIX = "rc";
/** Applied to something that holds rc:remoteCredentialsSystem objects */
public static final QName ASPECT_REMOTE_CREDENTIALS_SYSTEM_CONTAINER = QName.createQName(REMOTE_CREDENTIALS_MODEL_URL, "remoteCredentialsSystemContainer");
public static final QName ASSOC_CREDENTIALS_SYSTEM = QName.createQName(REMOTE_CREDENTIALS_MODEL_URL, "credentialsSystem");
/** Remote Credentials Holder */
public static final QName TYPE_REMOTE_CREDENTIALS_SYSTEM = QName.createQName(REMOTE_CREDENTIALS_MODEL_URL, "remoteCredentialsSystem");
public static final QName ASSOC_CREDENTIALS = QName.createQName(REMOTE_CREDENTIALS_MODEL_URL, "credentials");
/** Credentials Base */
public static final QName TYPE_CREDENTIALS_BASE = QName.createQName(REMOTE_CREDENTIALS_MODEL_URL, "credentialBase");
public static final QName PROP_REMOTE_USERNAME = QName.createQName(REMOTE_CREDENTIALS_MODEL_URL, "remoteUsername");
public static final QName PROP_LAST_AUTHENTICATION_SUCCEEDED = QName.createQName(REMOTE_CREDENTIALS_MODEL_URL, "lastAuthenticationSucceeded");
/** Password Credentials */
public static final QName TYPE_PASSWORD_CREDENTIALS = QName.createQName(REMOTE_CREDENTIALS_MODEL_URL, "passwordCredentials");
public static final QName PROP_REMOTE_PASSWORD = QName.createQName(REMOTE_CREDENTIALS_MODEL_URL, "remotePassword");
/** OAuth 1.0 Credentials */
public static final QName TYPE_OAUTH1_CREDENTIALS = QName.createQName(REMOTE_CREDENTIALS_MODEL_URL, "oauth1Credentials");
public static final QName PROP_OAUTH1_TOKEN = QName.createQName(REMOTE_CREDENTIALS_MODEL_URL, "oauth1Token");
public static final QName PROP_OAUTH1_TOKEN_SECRET = QName.createQName(REMOTE_CREDENTIALS_MODEL_URL, "oauth1TokenSecret");
/** OAuth 2.0 Credentials */
public static final QName TYPE_OAUTH2_CREDENTIALS = QName.createQName(REMOTE_CREDENTIALS_MODEL_URL, "oauth2Credentials");
public static final QName PROP_OAUTH2_ACCESS_TOKEN = QName.createQName(REMOTE_CREDENTIALS_MODEL_URL, "oauth2AccessToken");
public static final QName PROP_OAUTH2_REFRESH_TOKEN = QName.createQName(REMOTE_CREDENTIALS_MODEL_URL, "oauth2RefreshToken");
public static final QName PROP_OAUTH2_TOKEN_ISSUED_AT = QName.createQName(REMOTE_CREDENTIALS_MODEL_URL, "oauth2TokenIssuedAt");
public static final QName PROP_OAUTH2_TOKEN_EXPIRES_AT = QName.createQName(REMOTE_CREDENTIALS_MODEL_URL, "oauth2TokenExpiresAt");
}

707
source/java/org/alfresco/repo/remotecredentials/RemoteCredentialsServiceImpl.java Normal file
View File

@@ -0,0 +1,707 @@
/*
* Copyright (C) 2005-2012 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.remotecredentials;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.query.EmptyPagingResults;
import org.alfresco.query.ListBackedPagingResults;
import org.alfresco.query.PagingRequest;
import org.alfresco.query.PagingResults;
import org.alfresco.repo.model.Repository;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.remotecredentials.BaseCredentialsInfo;
import org.alfresco.service.cmr.remotecredentials.RemoteCredentialsService;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.datatype.TypeConversionException;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.namespace.RegexQNamePattern;
import org.alfresco.util.GUID;
import org.alfresco.util.Pair;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* An Implementation of the {@link RemoteCredentialsService}
*
* @author Nick Burch
* @since Odin
*/
public class RemoteCredentialsServiceImpl implements RemoteCredentialsService
{
/**
* The logger
*/
private static Log logger = LogFactory.getLog(RemoteCredentialsServiceImpl.class);
/**
* The name of the System Container used to hold Shared Credentials.
* This isn't final, as unit tests change it to avoid trampling on
* the real credentials.
*/
private static String SHARED_CREDENTIALS_CONTAINER_NAME = "remote_credentials";
private Repository repositoryHelper;
private NodeService nodeService;
private NamespaceService namespaceService;
private DictionaryService dictionaryService;
/**
* Controls which Factory will be used to create {@link BaseCredentialsInfo}
* instances for a given node, based on the type.
* eg rc:passwordCredentials -> PasswordCredentialsFactory
*/
private Map<QName,RemoteCredentialsInfoFactory> credentialsFactories = new HashMap<QName, RemoteCredentialsInfoFactory>();
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
public void setNamespaceService(NamespaceService namespaceService)
{
this.namespaceService = namespaceService;
}
public void setDictionaryService(DictionaryService dictionaryService)
{
this.dictionaryService = dictionaryService;
}
public void setRepositoryHelper(Repository repositoryHelper)
{
this.repositoryHelper = repositoryHelper;
}
/**
* Registers a number of new factories
*/
public void setCredentialsFactories(Map<String,RemoteCredentialsInfoFactory> factories)
{
// Convert, eg rc:passwordCredentials -> qname version, then register
for (String type : factories.keySet())
{
RemoteCredentialsInfoFactory factory = factories.get(type);
QName typeQ = QName.createQName(type, namespaceService);
registerCredentialsFactory(typeQ, factory);
}
}
/**
* Registers a new Factory to produce {@link BaseCredentialsInfo} objects
* for a given data type.
* This provides an alternative to {@link #setCredentialsFactories(Map)}
* to allow the registering of a new type without overriding all of them.
*
* @param credentialsType The object type
* @param factory The Factory to use to create this type with
*/
public void registerCredentialsFactory(QName credentialsType, RemoteCredentialsInfoFactory factory)
{
// Check the hierarchy is valid
if (! dictionaryService.isSubClass(credentialsType, RemoteCredentialsModel.TYPE_CREDENTIALS_BASE))
{
logger.warn("Unable to register credentials factory for " + credentialsType +
" as that type doesn't inherit from " + RemoteCredentialsModel.TYPE_CREDENTIALS_BASE);
return;
}
// Log the new type
if (logger.isDebugEnabled())
logger.debug("Registering credentials factory for " + credentialsType + " of " + factory);
// Store it
credentialsFactories.put(credentialsType, factory);
}
// --------------------------------------------------------
private static QName SYSTEM_FOLDER_QNAME =
QName.createQName(NamespaceService.SYSTEM_MODEL_1_0_URI, "system");
private static QName SHARED_CREDENTIALS_CONTAINER_QNAME =
QName.createQName(RemoteCredentialsModel.REMOTE_CREDENTIALS_MODEL_URL, SHARED_CREDENTIALS_CONTAINER_NAME);
/**
* Gets the NodeRef of the holder of shared credentials remote systems.
*
* This is stored under system
*
* Protected, so that unit tests can make use of it
*/
protected NodeRef getSharedContainerNodeRef(boolean required)
{
// Grab the root of the repository, for the current tennant
final NodeRef root = repositoryHelper.getRootHome();
// Locate the system folder, in the root
List<ChildAssociationRef> sysRefs = nodeService.getChildAssocs(
root, ContentModel.ASSOC_CHILDREN, SYSTEM_FOLDER_QNAME);
if (sysRefs.size() != 1)
{
throw new IllegalStateException("System folder missing / duplicated! Found " + sysRefs);
}
final NodeRef system = sysRefs.get(0).getChildRef();
// Find the shared credentials container, under system
List<ChildAssociationRef> containerRefs = nodeService.getChildAssocs(
system, ContentModel.ASSOC_CHILDREN, SHARED_CREDENTIALS_CONTAINER_QNAME);
if (containerRefs.size() > 0)
{
if (containerRefs.size() > 1)
logger.warn("Duplicate Shared Credentials Containers found: " + containerRefs);
NodeRef container = containerRefs.get(0).getChildRef();
return container;
}
else
{
if (required)
{
throw new IllegalStateException("Required System Folder " + SHARED_CREDENTIALS_CONTAINER_QNAME + " is missing!");
}
else
{
if (logger.isInfoEnabled())
logger.info("Required System Folder " + SHARED_CREDENTIALS_CONTAINER_QNAME + " missing, needed for writes");
return null;
}
}
}
/**
* Gets, creating as needed, the person credentials container for the given system
*/
private NodeRef getPersonContainer(String remoteSystem, boolean lazyCreate)
{
// Get the person node
NodeRef person = repositoryHelper.getPerson();
if (person == null)
{
// Something's rather broken, the service security ought to prevent this
throw new IllegalStateException("Person details required but none found! Running as " + AuthenticationUtil.getRunAsUser());
}
// If we're in edit mode, ensure the correct aspect is applied
if (lazyCreate)
{
ensureCredentialsSystemContainer(person);
}
// Find the container
return findRemoteSystemContainer(person, remoteSystem, lazyCreate);
}
/**
* Gets, creating as needed, the shared credentials container for the given system
*/
private NodeRef getSharedContainer(String remoteSystem, boolean lazyCreate)
{
// Find the shared credentials container, under system
NodeRef systemContainer = getSharedContainerNodeRef(lazyCreate);
if (systemContainer == null) return null;
// If we're in edit mode, ensure the correct aspect is applied
if (lazyCreate)
{
ensureCredentialsSystemContainer(systemContainer);
}
// Find the container
return findRemoteSystemContainer(systemContainer, remoteSystem, lazyCreate);
}
/**
* Ensure the appropriate aspect is applied to the node which
* will hold the Remote Credentials System
*/
private void ensureCredentialsSystemContainer(final NodeRef nodeRef)
{
AuthenticationUtil.runAsSystem(new RunAsWork<Void>() {
@Override
public Void doWork() throws Exception
{
if (!nodeService.hasAspect(nodeRef, RemoteCredentialsModel.ASPECT_REMOTE_CREDENTIALS_SYSTEM_CONTAINER))
{
// Add the aspect
nodeService.addAspect(nodeRef, RemoteCredentialsModel.ASPECT_REMOTE_CREDENTIALS_SYSTEM_CONTAINER, null);
if (logger.isDebugEnabled())
logger.debug("Added the Credentials Container aspect to " + nodeRef);
}
return null;
}
});
}
private NodeRef findRemoteSystemContainer(NodeRef nodeRef, String remoteSystem, boolean lazyCreate)
{
QName remoteSystemQName = QName.createQName(remoteSystem);
List<ChildAssociationRef> systems = nodeService.getChildAssocs(
nodeRef, RemoteCredentialsModel.ASSOC_CREDENTIALS_SYSTEM, remoteSystemQName);
NodeRef system = null;
if (systems.size() > 0)
{
system = systems.get(0).getChildRef();
if (logger.isDebugEnabled())
logger.debug("Resolved Remote Credentials Container for " + remoteSystem + " of " + system + " in parent " + nodeRef);
}
else
{
if (lazyCreate)
{
// Create, as the current user
system = nodeService.createNode(
nodeRef, RemoteCredentialsModel.ASSOC_CREDENTIALS_SYSTEM,
QName.createQName(remoteSystem), RemoteCredentialsModel.TYPE_REMOTE_CREDENTIALS_SYSTEM
).getChildRef();
if (logger.isDebugEnabled())
logger.debug("Lazy created Remote Credentials Container for " + remoteSystem +
" in parent " + nodeRef + ", new container is " + system);
}
else
{
if (logger.isDebugEnabled())
logger.debug("No Remote Credentials Container for " + remoteSystem + " found in " +
nodeRef + ", will be lazy created on write");
}
}
return system;
}
// --------------------------------------------------------
@Override
public void deleteCredentials(BaseCredentialsInfo credentialsInfo)
{
if (credentialsInfo.getNodeRef() == null)
{
throw new IllegalArgumentException("Cannot delete Credentials which haven't been persisted yet!");
}
nodeService.deleteNode(credentialsInfo.getNodeRef());
if (logger.isDebugEnabled())
logger.debug("Deleted credentials " + credentialsInfo + " from " + credentialsInfo.getNodeRef() +
" from Remote System " + credentialsInfo.getRemoteSystemName());
// Leave the Remote System Container, in case special permissions
// were previously applied to it that should be retained
}
@Override
public BaseCredentialsInfo createPersonCredentials(String remoteSystem, BaseCredentialsInfo credentials)
{
NodeRef personContainer = getPersonContainer(remoteSystem, true);
return createCredentials(remoteSystem, personContainer, credentials);
}
@Override
public BaseCredentialsInfo createSharedCredentials(String remoteSystem, BaseCredentialsInfo credentials)
{
NodeRef shared = getSharedContainer(remoteSystem, true);
return createCredentials(remoteSystem, shared, credentials);
}
private BaseCredentialsInfo createCredentials(String remoteSystem, NodeRef remoteSystemNodeRef, BaseCredentialsInfo credentials)
{
if (credentials.getNodeRef() != null)
{
throw new IllegalArgumentException("Cannot create Credentials which have already been persisted!");
}
// Check we know about the type
RemoteCredentialsInfoFactory factory = credentialsFactories.get(credentials.getCredentialsType());
if (factory == null)
{
throw new TypeConversionException("No Factory registered for type " + credentials.getCredentialsType());
}
// Build the properties
Map<QName,Serializable> properties = RemoteCredentialsInfoFactory.FactoryHelper.getCoreCredentials(credentials);
properties.putAll( factory.serializeCredentials(credentials) );
// Generate a name for it, which will be unique and doesn't need updating
QName name = QName.createQName(GUID.generate());
// Add the node
NodeRef nodeRef = nodeService.createNode(
remoteSystemNodeRef, RemoteCredentialsModel.ASSOC_CREDENTIALS,
name, credentials.getCredentialsType(), properties
).getChildRef();
if (logger.isDebugEnabled())
logger.debug("Created new credentials at " + nodeRef + " for " + remoteSystem + " in " +
remoteSystemNodeRef + " of " + credentials);
// Return the new object
return factory.createCredentials(
credentials.getCredentialsType(), nodeRef,
remoteSystem, remoteSystemNodeRef,
nodeService.getProperties(nodeRef)
);
}
@Override
public BaseCredentialsInfo getPersonCredentials(String remoteSystem)
{
NodeRef personContainer = getPersonContainer(remoteSystem, false);
if (personContainer == null) return null;
// Grab the children
List<ChildAssociationRef> credentials =
nodeService.getChildAssocs(personContainer, RemoteCredentialsModel.ASSOC_CREDENTIALS, RegexQNamePattern.MATCH_ALL);
if (credentials.size() > 0)
{
NodeRef nodeRef = credentials.get(0).getChildRef();
return loadCredentials(remoteSystem, personContainer, nodeRef);
}
return null;
}
private BaseCredentialsInfo loadCredentials(String remoteSystem, NodeRef remoteSystemNodeRef, NodeRef credentialsNodeRef)
{
QName type = nodeService.getType(credentialsNodeRef);
RemoteCredentialsInfoFactory factory = credentialsFactories.get(type);
if (factory == null)
{
throw new TypeConversionException("No Factory registered for type " + type);
}
// Wrap as an object
return factory.createCredentials(
type, credentialsNodeRef,
remoteSystem, remoteSystemNodeRef,
nodeService.getProperties(credentialsNodeRef)
);
}
@Override
public BaseCredentialsInfo updateCredentials(BaseCredentialsInfo credentials)
{
if (credentials.getNodeRef() == null)
{
throw new IllegalArgumentException("Cannot update Credentials which haven't been persisted yet!");
}
RemoteCredentialsInfoFactory factory = credentialsFactories.get(credentials.getCredentialsType());
if (factory == null)
{
throw new TypeConversionException("No Factory registered for type " + credentials.getCredentialsType());
}
// Grab the current set of properties
Map<QName,Serializable> oldProps = nodeService.getProperties(credentials.getNodeRef());
// Overwrite them with the credentials ones
Map<QName,Serializable> props = new HashMap<QName,Serializable>(oldProps);
props.putAll( RemoteCredentialsInfoFactory.FactoryHelper.getCoreCredentials(credentials) );
props.putAll( factory.serializeCredentials(credentials) );
// Store
nodeService.setProperties(credentials.getNodeRef(), props);
// For now, return as-is
return credentials;
}
@Override
public BaseCredentialsInfo updateCredentialsAuthenticationSucceeded(boolean succeeded, BaseCredentialsInfo credentials)
{
// We can't help with credentials that have never been stored
if (credentials.getNodeRef() == null)
{
throw new IllegalArgumentException("Cannot update Credentials which haven't been persisted yet!");
}
// Return quickly if the credentials are already in the correct state
if (succeeded == credentials.getLastAuthenticationSucceeded())
{
return credentials;
}
// Do the update
nodeService.setProperty(credentials.getNodeRef(), RemoteCredentialsModel.PROP_LAST_AUTHENTICATION_SUCCEEDED, succeeded);
// Update the object if we can
if (credentials instanceof AbstractCredentialsImpl)
{
((AbstractCredentialsImpl)credentials).setLastAuthenticationSucceeded(succeeded);
return credentials;
}
else
{
// Need to re-load
return loadCredentials(credentials.getRemoteSystemName(),
credentials.getRemoteSystemContainerNodeRef(), credentials.getNodeRef());
}
}
@Override
public PagingResults<String> listAllRemoteSystems(PagingRequest paging)
{
return listRemoteSystems(true, true, paging);
}
@Override
public PagingResults<String> listPersonRemoteSystems(PagingRequest paging)
{
return listRemoteSystems(true, false, paging);
}
@Override
public PagingResults<String> listSharedRemoteSystems(PagingRequest paging)
{
return listRemoteSystems(false, true, paging);
}
private PagingResults<String> listRemoteSystems(boolean people, boolean shared, PagingRequest paging)
{
List<NodeRef> search = new ArrayList<NodeRef>();
if (people)
{
// Only search if it has the marker aspect
NodeRef person = repositoryHelper.getPerson();
if (nodeService.hasAspect(person, RemoteCredentialsModel.ASPECT_REMOTE_CREDENTIALS_SYSTEM_CONTAINER))
{
search.add(person);
}
}
if (shared)
{
NodeRef system = getSharedContainerNodeRef(false);
if (system != null)
{
search.add(system);
}
}
// If no suitable nodes were given, bail out
if (search.isEmpty())
{
return new EmptyPagingResults<String>();
}
// Look for nodes
// Because all the information we need is held on the association, we don't
// really need to use a Canned Query for this
Set<String> systems = new HashSet<String>();
for (NodeRef nodeRef : search)
{
List<ChildAssociationRef> refs =
nodeService.getChildAssocs(nodeRef, RemoteCredentialsModel.ASSOC_CREDENTIALS_SYSTEM, RegexQNamePattern.MATCH_ALL);
for (ChildAssociationRef ref : refs)
{
// System Name is the association name, no namespace
systems.add( ref.getQName().getLocalName() );
}
}
// Sort, then wrap as paged results
List<String> sortedSystems = new ArrayList<String>(systems);
Collections.sort(sortedSystems);
return new ListBackedPagingResults<String>(sortedSystems, paging);
}
@Override
public PagingResults<? extends BaseCredentialsInfo> listSharedCredentials(String remoteSystem,
QName credentialsType, PagingRequest paging)
{
// Get the container for that system
NodeRef container = getSharedContainer(remoteSystem, false);
if (container == null)
{
return new EmptyPagingResults<BaseCredentialsInfo>();
}
return listCredentials(new NodeRef[] {container}, remoteSystem, credentialsType, paging);
}
@Override
public PagingResults<? extends BaseCredentialsInfo> listPersonCredentials(String remoteSystem,
QName credentialsType, PagingRequest paging)
{
// Get the container for that system
NodeRef container = getPersonContainer(remoteSystem, false);
if (container == null)
{
return new EmptyPagingResults<BaseCredentialsInfo>();
}
return listCredentials(new NodeRef[] {container}, remoteSystem, credentialsType, paging);
}
@Override
public PagingResults<? extends BaseCredentialsInfo> listAllCredentials(String remoteSystem, QName credentialsType,
PagingRequest paging)
{
NodeRef personContainer = getPersonContainer(remoteSystem, false);
NodeRef systemContainer = getSharedContainer(remoteSystem, false);
if (personContainer == null && systemContainer == null)
{
return new EmptyPagingResults<BaseCredentialsInfo>();
}
return listCredentials(new NodeRef[] {personContainer, systemContainer}, remoteSystem, credentialsType, paging);
}
/**
* TODO This would probably be better done as a dedicated Canned Query
* We want to filter by Assoc Type and Child Node Type, and the node service
* currently only allows you to do one or the other
*/
private PagingResults<? extends BaseCredentialsInfo> listCredentials(NodeRef[] containers, String remoteSystem,
QName credentialsType, PagingRequest paging)
{
// NodeService wants an exhaustive list of the types
// Expand our single Credentials Type to cover all subtypes of it too
Set<QName> types = null;
if (credentialsType != null)
{
types = new HashSet<QName>( dictionaryService.getSubTypes(credentialsType, true) );
if (logger.isDebugEnabled())
logger.debug("Searching for credentials of " + credentialsType + " as types " + types);
}
// Find all the credentials
List<ChildAssociationRef> credentials = new ArrayList<ChildAssociationRef>();
for (NodeRef nodeRef : containers)
{
if (nodeRef != null)
{
// Find the credentials in the node
List<ChildAssociationRef> allCreds = nodeService.getChildAssocs(
nodeRef, RemoteCredentialsModel.ASSOC_CREDENTIALS, RegexQNamePattern.MATCH_ALL);
// Filter them by type, if needed
if (types == null || types.isEmpty())
{
// No type filtering needed
credentials.addAll(allCreds);
}
else
{
// Check the type of each one, and add if it matches
for (ChildAssociationRef ref : allCreds)
{
NodeRef credNodeRef = ref.getChildRef();
QName credType = nodeService.getType(credNodeRef);
if (types.contains(credType))
{
// Matching type, accept
credentials.add(ref);
}
}
}
}
}
// Did we find any?
if (credentials.isEmpty())
{
return new EmptyPagingResults<BaseCredentialsInfo>();
}
// Excerpt
int start = paging.getSkipCount();
int end = Math.min(credentials.size(), start + paging.getMaxItems());
if (paging.getMaxItems() == 0)
{
end = credentials.size();
}
boolean hasMore = (end < credentials.size());
List<ChildAssociationRef> wanted = credentials.subList(start, end);
// Wrap and return
return new CredentialsPagingResults(wanted, credentials.size(), hasMore, remoteSystem);
}
// --------------------------------------------------------
private class CredentialsPagingResults implements PagingResults<BaseCredentialsInfo>
{
private List<BaseCredentialsInfo> results;
private boolean hasMore;
private int size;
private CredentialsPagingResults(List<ChildAssociationRef> refs, int size, boolean hasMore, String remoteSystem)
{
this.size = size;
this.hasMore = hasMore;
this.results = new ArrayList<BaseCredentialsInfo>(refs.size());
for (ChildAssociationRef ref : refs)
{
this.results.add( loadCredentials(remoteSystem, ref.getParentRef(), ref.getChildRef()) );
}
}
@Override
public List<BaseCredentialsInfo> getPage()
{
return results;
}
@Override
public Pair<Integer, Integer> getTotalResultCount()
{
return new Pair<Integer,Integer>(size,size);
}
@Override
public boolean hasMoreItems()
{
return hasMore;
}
@Override
public String getQueryExecutionId()
{
return null;
}
}
// --------------------------------------------------------
/** Unit testing use only! */
protected static String getSharedCredentialsSystemContainerName()
{
return SHARED_CREDENTIALS_CONTAINER_NAME;
}
protected static QName getSharedCredentialsSystemContainerQName()
{
return SHARED_CREDENTIALS_CONTAINER_QNAME;
}
/** Unit testing use only! Used to avoid tests affecting the real system container */
protected static void setSharedCredentialsSystemContainerName(String container)
{
SHARED_CREDENTIALS_CONTAINER_NAME = container;
SHARED_CREDENTIALS_CONTAINER_QNAME =
QName.createQName(RemoteCredentialsModel.REMOTE_CREDENTIALS_MODEL_URL, SHARED_CREDENTIALS_CONTAINER_NAME);
}
}

909
source/java/org/alfresco/repo/remotecredentials/RemoteCredentialsServicesTest.java Normal file
View File

@@ -0,0 +1,909 @@
/*
* Copyright (C) 2005-2011 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.remotecredentials;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.query.PagingRequest;
import org.alfresco.query.PagingResults;
import org.alfresco.repo.policy.BehaviourFilter;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.remotecredentials.BaseCredentialsInfo;
import org.alfresco.service.cmr.remotecredentials.PasswordCredentialsInfo;
import org.alfresco.service.cmr.remotecredentials.RemoteCredentialsService;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.PropertyMap;
import org.alfresco.util.test.junitrules.ApplicationContextInit;
import org.alfresco.util.test.junitrules.TemporaryNodes;
import org.alfresco.util.test.junitrules.WellKnownNodes;
import org.junit.After;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.springframework.context.ApplicationContext;
/**
* Test cases for {@link RemoteCredentialsServiceImpl} and friends.
*
* Note - this test will zap any existing shared credentials!
*
* @author Nick Burch
* @since Odin
*/
public class RemoteCredentialsServicesTest
{
private static final String TEST_REMOTE_SYSTEM_ONE = "TestRemoteSystemOne";
private static final String TEST_REMOTE_SYSTEM_TWO = "TestRemoteSystemTwo";
private static final String TEST_REMOTE_SYSTEM_THREE = "aAaAaTestRemoteSystemThree";
private static final String TEST_REMOTE_USERNAME_ONE = "test@example.com";
private static final String TEST_REMOTE_USERNAME_TWO = "test2@example.com";
private static final String TEST_REMOTE_USERNAME_THREE = "test3@example.com";
private static final String SHARED_SYSTEM_CONTAINER_NAME = "test-remote-credentials";
// Rule to initialise the default Alfresco spring configuration
@ClassRule public static ApplicationContextInit APP_CONTEXT_INIT = new ApplicationContextInit();
// A rule to help find well known nodes in the system
@ClassRule public static WellKnownNodes knownNodes = new WellKnownNodes(APP_CONTEXT_INIT);
// A rule to manage test nodes use in each test method
@ClassRule public static TemporaryNodes classTestNodes = new TemporaryNodes(APP_CONTEXT_INIT);
@Rule public TemporaryNodes testNodes = new TemporaryNodes(APP_CONTEXT_INIT);
// injected services
private static MutableAuthenticationService AUTHENTICATION_SERVICE;
private static BehaviourFilter BEHAVIOUR_FILTER;
private static RemoteCredentialsService REMOTE_CREDENTIALS_SERVICE;
private static RemoteCredentialsService PRIVATE_REMOTE_CREDENTIALS_SERVICE;
private static DictionaryService DICTIONARY_SERVICE;
private static NodeService NODE_SERVICE;
private static NodeService PUBLIC_NODE_SERVICE;
private static PersonService PERSON_SERVICE;
private static RetryingTransactionHelper TRANSACTION_HELPER;
private static TransactionService TRANSACTION_SERVICE;
private static PermissionService PERMISSION_SERVICE;
private static final String TEST_USER_ONE = RemoteCredentialsServicesTest.class.getSimpleName() + "_testuser1";
private static final String TEST_USER_TWO = RemoteCredentialsServicesTest.class.getSimpleName() + "_testuser2";
private static final String TEST_USER_THREE = RemoteCredentialsServicesTest.class.getSimpleName() + "_testuser3";
private static final String ADMIN_USER = AuthenticationUtil.getAdminUserName();
@BeforeClass public static void initTestsContext() throws Exception
{
ApplicationContext testContext = APP_CONTEXT_INIT.getApplicationContext();
PRIVATE_REMOTE_CREDENTIALS_SERVICE = (RemoteCredentialsService)testContext.getBean("remoteCredentialsService");
REMOTE_CREDENTIALS_SERVICE = (RemoteCredentialsService)testContext.getBean("RemoteCredentialsService");
AUTHENTICATION_SERVICE = (MutableAuthenticationService)testContext.getBean("authenticationService");
BEHAVIOUR_FILTER = (BehaviourFilter)testContext.getBean("policyBehaviourFilter");
DICTIONARY_SERVICE = (DictionaryService)testContext.getBean("dictionaryService");
NODE_SERVICE = (NodeService)testContext.getBean("nodeService");
PUBLIC_NODE_SERVICE = (NodeService)testContext.getBean("NodeService");
PERSON_SERVICE = (PersonService)testContext.getBean("personService");
TRANSACTION_HELPER = (RetryingTransactionHelper)testContext.getBean("retryingTransactionHelper");
TRANSACTION_SERVICE = (TransactionService)testContext.getBean("TransactionService");
PERMISSION_SERVICE = (PermissionService)testContext.getBean("permissionService");
// Switch to a test shared system container
RemoteCredentialsServiceImpl.setSharedCredentialsSystemContainerName(SHARED_SYSTEM_CONTAINER_NAME);
// Have the test shared system container created
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
NodeRef system = knownNodes.getSystemRoot();
NodeRef container = PUBLIC_NODE_SERVICE.createNode(system, ContentModel.ASSOC_CHILDREN,
RemoteCredentialsServiceImpl.getSharedCredentialsSystemContainerQName(),
ContentModel.TYPE_CONTAINER
).getChildRef();
PERMISSION_SERVICE.setPermission(container, PermissionService.ALL_AUTHORITIES, PermissionService.FULL_CONTROL, true);
classTestNodes.addNodeRef(container);
}
@Before public void setupUsers() throws Exception
{
// Do the setup as admin
AuthenticationUtil.setFullyAuthenticatedUser(ADMIN_USER);
createUser(TEST_USER_ONE);
createUser(TEST_USER_TWO);
createUser(TEST_USER_THREE);
// We need to create the test site as the test user so that they can contribute content to it in tests below.
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_ONE);
}
/**
* Tests that read only methods don't create the shared credentials
* container, but that write ones will do.
*/
@Test public void testSharedCredentialsContainer() throws Exception
{
// Run as a test user
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_ONE);
// To start with, the container is there, but empty
NodeRef container = ((RemoteCredentialsServiceImpl)PRIVATE_REMOTE_CREDENTIALS_SERVICE).getSharedContainerNodeRef(false);
assertNotNull(container);
assertEquals(0, PUBLIC_NODE_SERVICE.getChildAssocs(container).size());
// Ask for the list of shared remote systems
REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
// Won't have been affected by a read
container = ((RemoteCredentialsServiceImpl)PRIVATE_REMOTE_CREDENTIALS_SERVICE).getSharedContainerNodeRef(false);
assertNotNull(container);
assertEquals(0, PUBLIC_NODE_SERVICE.getChildAssocs(container).size());
// Try to store some credentials
PasswordCredentialsInfo credentials = new PasswordCredentialsInfoImpl();
REMOTE_CREDENTIALS_SERVICE.createSharedCredentials(TEST_REMOTE_SYSTEM_ONE, credentials);
// It will now exist
container = ((RemoteCredentialsServiceImpl)PRIVATE_REMOTE_CREDENTIALS_SERVICE).getSharedContainerNodeRef(false);
assertNotNull(container);
// Should have a marker aspect
Set<QName> cAspects = PUBLIC_NODE_SERVICE.getAspects(container);
assertEquals("Aspect missing, found " + cAspects, true,
cAspects.contains(RemoteCredentialsModel.ASPECT_REMOTE_CREDENTIALS_SYSTEM_CONTAINER));
// Should have single node in it
assertEquals(1, PUBLIC_NODE_SERVICE.getChildAssocs(container).size());
}
/**
* Creating shared and personal credentials, then checking how this
* affects the listing of Remote Systems
*/
@Test public void testCreateCredentialsAndSystemListing() throws Exception
{
PagingResults<String> systems = null;
// Run as a test user
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_ONE);
// Initially both should be empty
systems = REMOTE_CREDENTIALS_SERVICE.listPersonRemoteSystems(new PagingRequest(10));
assertEquals("No systems should be found, got " + systems.getPage(),
0, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals("No systems should be found, got " + systems.getPage(),
0, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listAllRemoteSystems(new PagingRequest(10));
assertEquals("No systems should be found, got " + systems.getPage(),
0, systems.getPage().size());
// Create one for the person
PasswordCredentialsInfoImpl credentials = new PasswordCredentialsInfoImpl();
credentials.setRemoteUsername(TEST_REMOTE_USERNAME_ONE);
REMOTE_CREDENTIALS_SERVICE.createPersonCredentials(TEST_REMOTE_SYSTEM_ONE, credentials);
// Check it shows up
systems = REMOTE_CREDENTIALS_SERVICE.listPersonRemoteSystems(new PagingRequest(10));
assertEquals("Unexpected systems " + systems.getPage(),
1, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals("Unexpected systems " + systems.getPage(),
0, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listAllRemoteSystems(new PagingRequest(10));
assertEquals("Unexpected systems " + systems.getPage(),
1, systems.getPage().size());
// Switch to another user, check it doesn't
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_TWO);
systems = REMOTE_CREDENTIALS_SERVICE.listPersonRemoteSystems(new PagingRequest(10));
assertEquals(0, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals(0, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listAllRemoteSystems(new PagingRequest(10));
assertEquals(0, systems.getPage().size());
// Create both personal and shared ones as the current user
credentials = new PasswordCredentialsInfoImpl();
credentials.setRemoteUsername(TEST_REMOTE_USERNAME_TWO);
REMOTE_CREDENTIALS_SERVICE.createPersonCredentials(TEST_REMOTE_SYSTEM_TWO, credentials);
credentials = new PasswordCredentialsInfoImpl();
credentials.setRemoteUsername(TEST_REMOTE_USERNAME_THREE);
REMOTE_CREDENTIALS_SERVICE.createPersonCredentials(TEST_REMOTE_SYSTEM_THREE, credentials);
credentials = new PasswordCredentialsInfoImpl();
credentials.setRemoteUsername(TEST_REMOTE_USERNAME_THREE);
BaseCredentialsInfo cc = REMOTE_CREDENTIALS_SERVICE.createSharedCredentials(TEST_REMOTE_SYSTEM_THREE, credentials);
// Check as the user who created these
systems = REMOTE_CREDENTIALS_SERVICE.listPersonRemoteSystems(new PagingRequest(10));
assertEquals(2, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals(1, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listAllRemoteSystems(new PagingRequest(10));
assertEquals(2, systems.getPage().size());
// Check as the first user, they should see the shared one
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_ONE);
systems = REMOTE_CREDENTIALS_SERVICE.listPersonRemoteSystems(new PagingRequest(10));
assertEquals(1, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals(1, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listAllRemoteSystems(new PagingRequest(10));
assertEquals(2, systems.getPage().size());
// Change the shared permissions, see it goes away
AuthenticationUtil.setFullyAuthenticatedUser(ADMIN_USER);
PERMISSION_SERVICE.setInheritParentPermissions(cc.getRemoteSystemContainerNodeRef(), false);
// Check as the owning user, will still see all of them
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_TWO);
systems = REMOTE_CREDENTIALS_SERVICE.listPersonRemoteSystems(new PagingRequest(10));
assertEquals(2, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals(1, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listAllRemoteSystems(new PagingRequest(10));
assertEquals(2, systems.getPage().size());
// Check as the other user, shared will have gone as we lost read permissions
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_ONE);
systems = REMOTE_CREDENTIALS_SERVICE.listPersonRemoteSystems(new PagingRequest(10));
assertEquals(1, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals(0, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listAllRemoteSystems(new PagingRequest(10));
assertEquals(1, systems.getPage().size());
// Finally, check the listings have the correct things in them
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_TWO);
systems = REMOTE_CREDENTIALS_SERVICE.listPersonRemoteSystems(new PagingRequest(10));
assertEquals(2, systems.getPage().size());
assertEquals(true, systems.getPage().contains(TEST_REMOTE_SYSTEM_TWO));
assertEquals(true, systems.getPage().contains(TEST_REMOTE_SYSTEM_THREE));
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals(1, systems.getPage().size());
assertEquals(true, systems.getPage().contains(TEST_REMOTE_SYSTEM_THREE));
systems = REMOTE_CREDENTIALS_SERVICE.listAllRemoteSystems(new PagingRequest(10));
assertEquals(2, systems.getPage().size());
assertEquals(true, systems.getPage().contains(TEST_REMOTE_SYSTEM_TWO));
assertEquals(true, systems.getPage().contains(TEST_REMOTE_SYSTEM_THREE));
}
/** Test CRUD on person credentials, with listing */
@Test public void testPersonCredentialsCRUD() throws Exception
{
PagingResults<String> systems = null;
PagingResults<? extends BaseCredentialsInfo> creds = null;
// Run as a test user
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_ONE);
// Initially both should be empty empty
systems = REMOTE_CREDENTIALS_SERVICE.listPersonRemoteSystems(new PagingRequest(10));
assertEquals("No systems should be found, got " + systems.getPage(),
0, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals("No systems should be found, got " + systems.getPage(),
0, systems.getPage().size());
// Create for a person
PasswordCredentialsInfoImpl pwCred = new PasswordCredentialsInfoImpl();
pwCred.setRemoteUsername(TEST_REMOTE_USERNAME_ONE);
BaseCredentialsInfo credentials = REMOTE_CREDENTIALS_SERVICE.createPersonCredentials(TEST_REMOTE_SYSTEM_ONE, pwCred);
// Check the new object was populated properly
assertNotNull(credentials);
assertNotNull(credentials.getNodeRef());
assertNotNull(credentials.getRemoteSystemContainerNodeRef());
assertEquals(TEST_REMOTE_SYSTEM_ONE, credentials.getRemoteSystemName());
assertEquals(TEST_REMOTE_USERNAME_ONE, credentials.getRemoteUsername());
assertEquals(RemoteCredentialsModel.TYPE_PASSWORD_CREDENTIALS, credentials.getCredentialsType());
// Fetch and re-check
credentials = REMOTE_CREDENTIALS_SERVICE.getPersonCredentials(TEST_REMOTE_SYSTEM_ONE);
assertNotNull(credentials);
assertNotNull(credentials.getNodeRef());
assertNotNull(credentials.getRemoteSystemContainerNodeRef());
assertEquals(TEST_REMOTE_SYSTEM_ONE, credentials.getRemoteSystemName());
assertEquals(TEST_REMOTE_USERNAME_ONE, credentials.getRemoteUsername());
assertEquals(RemoteCredentialsModel.TYPE_PASSWORD_CREDENTIALS, credentials.getCredentialsType());
// Won't be there for non-existent systems
credentials = REMOTE_CREDENTIALS_SERVICE.getPersonCredentials(TEST_REMOTE_SYSTEM_TWO);
assertEquals(null, credentials);
credentials = REMOTE_CREDENTIALS_SERVICE.getPersonCredentials(TEST_REMOTE_SYSTEM_THREE);
assertEquals(null, credentials);
// Update
credentials = REMOTE_CREDENTIALS_SERVICE.getPersonCredentials(TEST_REMOTE_SYSTEM_ONE);
assertEquals(PasswordCredentialsInfoImpl.class, credentials.getClass());
pwCred = (PasswordCredentialsInfoImpl)credentials;
pwCred.setRemoteUsername(TEST_REMOTE_USERNAME_TWO);
pwCred.setRemotePassword("testing");
credentials = REMOTE_CREDENTIALS_SERVICE.updateCredentials(pwCred);
assertNotNull(credentials);
assertEquals(TEST_REMOTE_USERNAME_TWO, credentials.getRemoteUsername());
// Fetch and re-check
pwCred = (PasswordCredentialsInfoImpl)REMOTE_CREDENTIALS_SERVICE.getPersonCredentials(TEST_REMOTE_SYSTEM_ONE);
assertNotNull(pwCred);
assertEquals(TEST_REMOTE_USERNAME_TWO, pwCred.getRemoteUsername());
assertEquals("testing", pwCred.getRemotePassword());
// Update the auth worked flag
credentials = REMOTE_CREDENTIALS_SERVICE.getPersonCredentials(TEST_REMOTE_SYSTEM_ONE);
assertEquals(true, credentials.getLastAuthenticationSucceeded());
// To the same thing
credentials = REMOTE_CREDENTIALS_SERVICE.updateCredentialsAuthenticationSucceeded(true, credentials);
assertEquals(true, credentials.getLastAuthenticationSucceeded());
credentials = REMOTE_CREDENTIALS_SERVICE.getPersonCredentials(TEST_REMOTE_SYSTEM_ONE);
assertEquals(true, credentials.getLastAuthenticationSucceeded());
// To a different things
credentials = REMOTE_CREDENTIALS_SERVICE.updateCredentialsAuthenticationSucceeded(false, credentials);
assertEquals(false, credentials.getLastAuthenticationSucceeded());
credentials = REMOTE_CREDENTIALS_SERVICE.getPersonCredentials(TEST_REMOTE_SYSTEM_ONE);
assertEquals(false, credentials.getLastAuthenticationSucceeded());
// And back
credentials = REMOTE_CREDENTIALS_SERVICE.updateCredentialsAuthenticationSucceeded(true, credentials);
assertEquals(true, credentials.getLastAuthenticationSucceeded());
credentials = REMOTE_CREDENTIALS_SERVICE.getPersonCredentials(TEST_REMOTE_SYSTEM_ONE);
assertEquals(true, credentials.getLastAuthenticationSucceeded());
// List remote systems
systems = REMOTE_CREDENTIALS_SERVICE.listPersonRemoteSystems(new PagingRequest(10));
assertEquals(1, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals(0, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listAllRemoteSystems(new PagingRequest(10));
assertEquals(1, systems.getPage().size());
// List the credentials
creds = REMOTE_CREDENTIALS_SERVICE.listPersonCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(1, creds.getPage().size());
assertEquals(TEST_REMOTE_USERNAME_TWO, creds.getPage().get(0).getRemoteUsername());
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(0, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listAllCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(1, creds.getPage().size());
assertEquals(TEST_REMOTE_USERNAME_TWO, creds.getPage().get(0).getRemoteUsername());
// Delete
REMOTE_CREDENTIALS_SERVICE.deleteCredentials(credentials);
credentials = REMOTE_CREDENTIALS_SERVICE.getPersonCredentials(TEST_REMOTE_SYSTEM_ONE);
assertEquals(null, credentials);
// List again - credentials should have gone, but system remains
creds = REMOTE_CREDENTIALS_SERVICE.listPersonCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(0, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(0, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listAllCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(0, creds.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listPersonRemoteSystems(new PagingRequest(10));
assertEquals(1, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals(0, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listAllRemoteSystems(new PagingRequest(10));
assertEquals(1, systems.getPage().size());
// Create credentials of Password, OAuth1 and OAuth2 types
pwCred = new PasswordCredentialsInfoImpl();
pwCred.setRemoteUsername(TEST_REMOTE_USERNAME_ONE);
REMOTE_CREDENTIALS_SERVICE.createPersonCredentials(TEST_REMOTE_SYSTEM_TWO, pwCred);
OAuth1CredentialsInfoImpl oa1Cred = new OAuth1CredentialsInfoImpl();
oa1Cred.setRemoteUsername(TEST_REMOTE_USERNAME_TWO);
oa1Cred.setOAuthToken("test");
REMOTE_CREDENTIALS_SERVICE.createPersonCredentials(TEST_REMOTE_SYSTEM_TWO, oa1Cred);
OAuth2CredentialsInfoImpl oa2Cred = new OAuth2CredentialsInfoImpl();
oa2Cred.setRemoteUsername(TEST_REMOTE_USERNAME_THREE);
oa2Cred.setOauthAccessToken("testA");
oa2Cred.setOauthRefreshToken("testR");
REMOTE_CREDENTIALS_SERVICE.createPersonCredentials(TEST_REMOTE_SYSTEM_TWO, oa2Cred);
// List, should see all three sets of credentials
creds = REMOTE_CREDENTIALS_SERVICE.listPersonCredentials(TEST_REMOTE_SYSTEM_TWO, null, new PagingRequest(10));
assertEquals(3, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_TWO, null, new PagingRequest(10));
assertEquals(0, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listAllCredentials(TEST_REMOTE_SYSTEM_TWO, null, new PagingRequest(10));
assertEquals(3, creds.getPage().size());
// List the systems, still only system one and two
systems = REMOTE_CREDENTIALS_SERVICE.listPersonRemoteSystems(new PagingRequest(10));
assertEquals(2, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals(0, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listAllRemoteSystems(new PagingRequest(10));
assertEquals(2, systems.getPage().size());
// Check we can filter credentials by type
creds = REMOTE_CREDENTIALS_SERVICE.listPersonCredentials(TEST_REMOTE_SYSTEM_TWO, null, new PagingRequest(10));
assertEquals(3, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listPersonCredentials(TEST_REMOTE_SYSTEM_TWO, RemoteCredentialsModel.TYPE_PASSWORD_CREDENTIALS, new PagingRequest(10));
assertEquals(1, creds.getPage().size());
assertEquals(TEST_REMOTE_USERNAME_ONE, creds.getPage().get(0).getRemoteUsername());
creds = REMOTE_CREDENTIALS_SERVICE.listPersonCredentials(TEST_REMOTE_SYSTEM_TWO, RemoteCredentialsModel.TYPE_OAUTH1_CREDENTIALS, new PagingRequest(10));
assertEquals(1, creds.getPage().size());
assertEquals(TEST_REMOTE_USERNAME_TWO, creds.getPage().get(0).getRemoteUsername());
creds = REMOTE_CREDENTIALS_SERVICE.listPersonCredentials(TEST_REMOTE_SYSTEM_TWO, RemoteCredentialsModel.TYPE_OAUTH2_CREDENTIALS, new PagingRequest(10));
assertEquals(1, creds.getPage().size());
assertEquals(TEST_REMOTE_USERNAME_THREE, creds.getPage().get(0).getRemoteUsername());
}
/** Test CRUD on shared credentials, with listing */
@Test public void testSharedCredentialsCRUD() throws Exception
{
PagingResults<String> systems = null;
PagingResults<? extends BaseCredentialsInfo> creds = null;
// Run as a test user
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_ONE);
// Initially both should be empty empty
systems = REMOTE_CREDENTIALS_SERVICE.listPersonRemoteSystems(new PagingRequest(10));
assertEquals("No systems should be found, got " + systems.getPage(),
0, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals("No systems should be found, got " + systems.getPage(),
0, systems.getPage().size());
// Create shared
PasswordCredentialsInfoImpl pwCred = new PasswordCredentialsInfoImpl();
pwCred.setRemoteUsername(TEST_REMOTE_USERNAME_ONE);
BaseCredentialsInfo credentials = REMOTE_CREDENTIALS_SERVICE.createSharedCredentials(TEST_REMOTE_SYSTEM_ONE, pwCred);
// Check the new object was populated properly
assertNotNull(credentials);
assertNotNull(credentials.getNodeRef());
assertNotNull(credentials.getRemoteSystemContainerNodeRef());
assertEquals(TEST_REMOTE_SYSTEM_ONE, credentials.getRemoteSystemName());
assertEquals(TEST_REMOTE_USERNAME_ONE, credentials.getRemoteUsername());
assertEquals(RemoteCredentialsModel.TYPE_PASSWORD_CREDENTIALS, credentials.getCredentialsType());
// Update
pwCred = (PasswordCredentialsInfoImpl)credentials;
pwCred.setRemoteUsername(TEST_REMOTE_USERNAME_TWO);
credentials = REMOTE_CREDENTIALS_SERVICE.updateCredentials(pwCred);
assertNotNull(credentials);
assertNotNull(credentials.getNodeRef());
assertNotNull(credentials.getRemoteSystemContainerNodeRef());
assertEquals(TEST_REMOTE_SYSTEM_ONE, credentials.getRemoteSystemName());
assertEquals(TEST_REMOTE_USERNAME_TWO, credentials.getRemoteUsername());
assertEquals(RemoteCredentialsModel.TYPE_PASSWORD_CREDENTIALS, credentials.getCredentialsType());
// List
systems = REMOTE_CREDENTIALS_SERVICE.listPersonRemoteSystems(new PagingRequest(10));
assertEquals(0, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals(1, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listAllRemoteSystems(new PagingRequest(10));
assertEquals(1, systems.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listPersonCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(0, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(1, creds.getPage().size());
assertEquals(TEST_REMOTE_USERNAME_TWO, creds.getPage().get(0).getRemoteUsername());
creds = REMOTE_CREDENTIALS_SERVICE.listAllCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(1, creds.getPage().size());
assertEquals(TEST_REMOTE_USERNAME_TWO, creds.getPage().get(0).getRemoteUsername());
// Delete
REMOTE_CREDENTIALS_SERVICE.deleteCredentials(credentials);
// List, system remains, credentials gone
systems = REMOTE_CREDENTIALS_SERVICE.listPersonRemoteSystems(new PagingRequest(10));
assertEquals(0, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals(1, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listAllRemoteSystems(new PagingRequest(10));
assertEquals(1, systems.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listPersonCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(0, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(0, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listAllCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(0, creds.getPage().size());
}
/** Dedicated permissions and paging tests */
@Test public void testListingPermissionsAndPaging() throws Exception
{
PagingResults<String> systems = null;
PagingResults<? extends BaseCredentialsInfo> creds = null;
// Run as a test user
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_ONE);
// Initially both should be empty empty
systems = REMOTE_CREDENTIALS_SERVICE.listPersonRemoteSystems(new PagingRequest(10));
assertEquals("No systems should be found, got " + systems.getPage(),
0, systems.getPage().size());
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals("No systems should be found, got " + systems.getPage(),
0, systems.getPage().size());
// Create some credentials as the first user, for systems One and Two
PasswordCredentialsInfoImpl pwCred = new PasswordCredentialsInfoImpl();
pwCred.setRemoteUsername(TEST_REMOTE_USERNAME_ONE);
REMOTE_CREDENTIALS_SERVICE.createSharedCredentials(TEST_REMOTE_SYSTEM_ONE, pwCred);
pwCred = new PasswordCredentialsInfoImpl();
pwCred.setRemoteUsername(TEST_REMOTE_USERNAME_TWO);
REMOTE_CREDENTIALS_SERVICE.createSharedCredentials(TEST_REMOTE_SYSTEM_ONE, pwCred);
pwCred = new PasswordCredentialsInfoImpl();
pwCred.setRemoteUsername(TEST_REMOTE_USERNAME_TWO);
REMOTE_CREDENTIALS_SERVICE.createSharedCredentials(TEST_REMOTE_SYSTEM_TWO, pwCred);
pwCred = new PasswordCredentialsInfoImpl();
pwCred.setRemoteUsername(TEST_REMOTE_USERNAME_TWO);
REMOTE_CREDENTIALS_SERVICE.createPersonCredentials(TEST_REMOTE_SYSTEM_TWO, pwCred);
// Switch to the second user, create some credentials on Two and Three
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_TWO);
pwCred = new PasswordCredentialsInfoImpl();
pwCred.setRemoteUsername(TEST_REMOTE_USERNAME_TWO);
REMOTE_CREDENTIALS_SERVICE.createSharedCredentials(TEST_REMOTE_SYSTEM_TWO, pwCred);
pwCred = new PasswordCredentialsInfoImpl();
pwCred.setRemoteUsername(TEST_REMOTE_USERNAME_THREE);
REMOTE_CREDENTIALS_SERVICE.createSharedCredentials(TEST_REMOTE_SYSTEM_THREE, pwCred);
pwCred = new PasswordCredentialsInfoImpl();
pwCred.setRemoteUsername(TEST_REMOTE_USERNAME_THREE);
REMOTE_CREDENTIALS_SERVICE.createPersonCredentials(TEST_REMOTE_SYSTEM_THREE, pwCred);
// Check the listings of remote systems for each user
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_ONE);
systems = REMOTE_CREDENTIALS_SERVICE.listPersonRemoteSystems(new PagingRequest(10));
assertEquals(1, systems.getPage().size());
assertEquals(TEST_REMOTE_SYSTEM_TWO, systems.getPage().get(0));
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_TWO);
systems = REMOTE_CREDENTIALS_SERVICE.listPersonRemoteSystems(new PagingRequest(10));
assertEquals(1, systems.getPage().size());
assertEquals(TEST_REMOTE_SYSTEM_THREE, systems.getPage().get(0));
// Check the listings of remote systems that are shared - shouldn't matter which user
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_ONE);
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals(3, systems.getPage().size());
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_TWO);
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals(3, systems.getPage().size());
// Check the listings of the credentials by user
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_ONE);
creds = REMOTE_CREDENTIALS_SERVICE.listPersonCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(0, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listPersonCredentials(TEST_REMOTE_SYSTEM_TWO, null, new PagingRequest(10));
assertEquals(1, creds.getPage().size());
assertEquals(TEST_REMOTE_SYSTEM_TWO, creds.getPage().get(0).getRemoteSystemName());
creds = REMOTE_CREDENTIALS_SERVICE.listPersonCredentials(TEST_REMOTE_SYSTEM_THREE, null, new PagingRequest(10));
assertEquals(0, creds.getPage().size());
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_TWO);
creds = REMOTE_CREDENTIALS_SERVICE.listPersonCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(0, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listPersonCredentials(TEST_REMOTE_SYSTEM_TWO, null, new PagingRequest(10));
assertEquals(0, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listPersonCredentials(TEST_REMOTE_SYSTEM_THREE, null, new PagingRequest(10));
assertEquals(1, creds.getPage().size());
assertEquals(TEST_REMOTE_SYSTEM_THREE, creds.getPage().get(0).getRemoteSystemName());
// Check the shared listing of credentials, same for both users
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_ONE);
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(2, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_TWO, null, new PagingRequest(10));
assertEquals(2, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_THREE, null, new PagingRequest(10));
assertEquals(1, creds.getPage().size());
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_TWO);
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(2, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_TWO, null, new PagingRequest(10));
assertEquals(2, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_THREE, null, new PagingRequest(10));
assertEquals(1, creds.getPage().size());
// Check the paging of remote systems
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(10));
assertEquals(3, systems.getPage().size());
assertEquals(false, systems.hasMoreItems());
assertEquals(3, systems.getTotalResultCount().getFirst().intValue());
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(1));
assertEquals(1, systems.getPage().size());
assertEquals(true, systems.hasMoreItems());
assertEquals(3, systems.getTotalResultCount().getFirst().intValue());
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(1, 2));
assertEquals(2, systems.getPage().size());
assertEquals(false, systems.hasMoreItems());
assertEquals(3, systems.getTotalResultCount().getFirst().intValue());
systems = REMOTE_CREDENTIALS_SERVICE.listSharedRemoteSystems(new PagingRequest(2, 2));
assertEquals(1, systems.getPage().size());
assertEquals(false, systems.hasMoreItems());
assertEquals(3, systems.getTotalResultCount().getFirst().intValue());
// Check the paging of credentials
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(2, creds.getPage().size());
assertEquals(false, creds.hasMoreItems());
assertEquals(2, creds.getTotalResultCount().getFirst().intValue());
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(1));
assertEquals(1, creds.getPage().size());
assertEquals(true, creds.hasMoreItems());
assertEquals(2, creds.getTotalResultCount().getFirst().intValue());
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(1,1));
assertEquals(1, creds.getPage().size());
assertEquals(false, creds.hasMoreItems());
assertEquals(2, creds.getTotalResultCount().getFirst().intValue());
// Tweak shared permissions
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_TWO);
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(2, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_TWO, null, new PagingRequest(10));
assertEquals(2, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_THREE, null, new PagingRequest(10));
assertEquals(1, creds.getPage().size());
// Systems One and Two were created by users one
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(1));
NodeRef sharedS1 = creds.getPage().get(0).getRemoteSystemContainerNodeRef();
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_TWO, null, new PagingRequest(1));
NodeRef sharedS2 = creds.getPage().get(0).getRemoteSystemContainerNodeRef();
AuthenticationUtil.setFullyAuthenticatedUser(ADMIN_USER);
PERMISSION_SERVICE.setInheritParentPermissions(sharedS1, false);
PERMISSION_SERVICE.setInheritParentPermissions(sharedS2, false);
// Should then only be able to see Three, the one they created
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_TWO);
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(0, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_TWO, null, new PagingRequest(10));
assertEquals(0, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_THREE, null, new PagingRequest(10));
assertEquals(1, creds.getPage().size());
// User One won't be able to see User Two's shared credentials under S2 under the new permissions
// They can still see their own credentials for S1 and S2, plus all in S3 (permissions unchanged)
AuthenticationUtil.setFullyAuthenticatedUser(TEST_USER_ONE);
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_ONE, null, new PagingRequest(10));
assertEquals(2, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_TWO, null, new PagingRequest(10));
assertEquals(1, creds.getPage().size());
creds = REMOTE_CREDENTIALS_SERVICE.listSharedCredentials(TEST_REMOTE_SYSTEM_THREE, null, new PagingRequest(10));
assertEquals(1, creds.getPage().size());
}
// --------------------------------------------------------------------------------
/**
* By default, all tests are run as the admin user.
*/
@Before public void setAdminUser()
{
AuthenticationUtil.setFullyAuthenticatedUser(ADMIN_USER);
}
@After public void deleteTestNodes() throws Exception
{
AuthenticationUtil.setFullyAuthenticatedUser(ADMIN_USER);
// Find the shared system container, and zap contents
NodeRef container = ((RemoteCredentialsServiceImpl)PRIVATE_REMOTE_CREDENTIALS_SERVICE).getSharedContainerNodeRef(false);
if (container != null)
{
List<NodeRef> children = new ArrayList<NodeRef>();
for (ChildAssociationRef child : PUBLIC_NODE_SERVICE.getChildAssocs(container))
{
children.add(child.getChildRef());
}
performDeletionOfNodes(children);
}
// Zap the users, including any credentials stored for them
deleteUser(TEST_USER_ONE);
deleteUser(TEST_USER_TWO);
deleteUser(TEST_USER_THREE);
}
/**
* Deletes the specified NodeRefs, if they exist.
* @param nodesToDelete
*/
private static void performDeletionOfNodes(final List<NodeRef> nodesToDelete)
{
TRANSACTION_HELPER.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
{
@Override
public Void execute() throws Throwable
{
AuthenticationUtil.setFullyAuthenticatedUser(ADMIN_USER);
for (NodeRef node : nodesToDelete)
{
if (NODE_SERVICE.exists(node))
{
NODE_SERVICE.deleteNode(node);
}
}
return null;
}
});
}
private static void createUser(final String userName)
{
TRANSACTION_HELPER.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
{
@Override
public Void execute() throws Throwable
{
if (!AUTHENTICATION_SERVICE.authenticationExists(userName))
{
AUTHENTICATION_SERVICE.createAuthentication(userName, "PWD".toCharArray());
}
if (!PERSON_SERVICE.personExists(userName))
{
PropertyMap ppOne = new PropertyMap();
ppOne.put(ContentModel.PROP_USERNAME, userName);
ppOne.put(ContentModel.PROP_FIRSTNAME, "firstName");
ppOne.put(ContentModel.PROP_LASTNAME, "lastName");
ppOne.put(ContentModel.PROP_EMAIL, "email@email.com");
ppOne.put(ContentModel.PROP_JOBTITLE, "jobTitle");
PERSON_SERVICE.createPerson(ppOne);
}
return null;
}
});
}
private static void deleteUser(final String userName)
{
TRANSACTION_HELPER.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
{
@Override
public Void execute() throws Throwable
{
if (PERSON_SERVICE.personExists(userName))
{
PERSON_SERVICE.deletePerson(userName);
}
return null;
}
});
}
}