This is an automated email from the ASF dual-hosted git repository.
angela pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git
The following commit(s) were added to refs/heads/trunk by this push:
new 67189cff32 OAK-10364 : Consolidate inheritance related automembership
tests (subtask of OAK-10318 Improve AutoMembershipPrincipals#isInheritedMember)
67189cff32 is described below
commit 67189cff3285556d0fb314804d8539407321bb64
Author: angela <anch...@adobe.com>
AuthorDate: Fri Jul 21 10:27:54 2023 +0200
OAK-10364 : Consolidate inheritance related automembership tests (subtask
of OAK-10318 Improve AutoMembershipPrincipals#isInheritedMember)
---
...membershipTest.java => AutoMembershipTest.java} | 247 +++++++--------------
.../external/impl/DynamicAutomembershipTest.java | 123 ----------
.../impl/principal/AbstractAutoMembershipTest.java | 6 +
.../principal/AutoMembershipPrincipalsTest.java | 14 ++
.../impl/principal/AutoMembershipProviderTest.java | 19 +-
5 files changed, 115 insertions(+), 294 deletions(-)
diff --git
a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicAutomembershipTest.java
b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/AutoMembershipTest.java
similarity index 50%
copy from
oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicAutomembershipTest.java
copy to
oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/AutoMembershipTest.java
index 2b7deebeac..d44a65e57e 100644
---
a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicAutomembershipTest.java
+++
b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/AutoMembershipTest.java
@@ -16,85 +16,93 @@
*/
package org.apache.jackrabbit.oak.spi.security.authentication.external.impl;
-import org.apache.jackrabbit.api.security.user.User;
-import org.apache.jackrabbit.guava.common.collect.Lists;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
-import org.apache.jackrabbit.oak.api.Tree;
-import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
-import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.guava.common.collect.Lists;
+import org.apache.jackrabbit.oak.api.Root;
+import
org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest;
+import
org.apache.jackrabbit.oak.spi.security.authentication.external.SyncContext;
+import
org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult;
+import
org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
+import
org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext;
import org.jetbrains.annotations.NotNull;
+import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
-import javax.jcr.RepositoryException;
import javax.jcr.ValueFactory;
import java.util.Collection;
-import java.util.Iterator;
-import java.util.stream.StreamSupport;
-import static
org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalIdentityConstants.REP_EXTERNAL_ID;
-import static
org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
-@RunWith(Parameterized.class)
-public class DynamicAutomembershipTest extends DynamicSyncContextTest {
+public @RunWith(Parameterized.class)
+class AutoMembershipTest extends AbstractExternalAuthTest {
@Parameterized.Parameters(name = "name={1}")
public static Collection<Object[]> parameters() {
return Lists.newArrayList(
- new Object[] { false, "DynamicGroups=false" },
- new Object[] { true, "DynamicGroups=true" });
+ new Object[]{true, "DynamicSync=true"},
+ new Object[]{false, "DynamicSync=false"});
}
-
- private final boolean hasDynamicGroups;
-
+
+ private final boolean dynamicSync;
+ private Root r;
+ private UserManager userManager;
private Group groupAutomembership;
private Group userAutomembership;
- private Group userAutomembership2;
- private Group groupInherited;
-
- // users/groups for additional tests that are only executed if dynamic
groups are enabled.
- private Group externalGroup;
private User externalUser;
+ private Group externalGroup;
private Group testGroup;
- public DynamicAutomembershipTest(boolean hasDynamicGroups, @NotNull String
name) {
- this.hasDynamicGroups = hasDynamicGroups;
+ public AutoMembershipTest(boolean dynamicSync, @NotNull String name) {
+ this.dynamicSync = dynamicSync;
}
- @Override
+ @Before
public void before() throws Exception {
super.before();
+
+ // inject user-configuration as well as sync-handler and
sync-hander-mapping to have get dynamic-membership
+ // providers registered.
+ context.registerInjectActivateService(getUserConfiguration());
+ registerSyncHandler(syncConfigAsMap(), idp.getName());
- groupAutomembership =
userManager.getAuthorizable("groupAutomembership", Group.class);
- userAutomembership =
userManager.getAuthorizable("userAutomembership1", Group.class);
- userAutomembership2 =
userManager.getAuthorizable("userAutomembership2", Group.class);
+ r = getSystemRoot();
+ userManager = getUserManager(r);
- groupInherited = userManager.createGroup("groupInherited");
+ // create automembership groups
+ groupAutomembership = userManager.createGroup("groupAutomembership");
+ userAutomembership = userManager.createGroup("userAutomembership1");
+
+ Group groupInherited = userManager.createGroup("groupInherited");
groupInherited.addMembers("groupAutomembership", "userAutomembership");
- // setup for additional tests
- if (hasDynamicGroups) {
- assertNotNull(userAutomembership);
- assertNotNull(groupAutomembership);
- }
+ TestIdentityProvider tidp = (TestIdentityProvider) idp;
+ tidp.addUser(new TestIdentityProvider.TestUser("externalUser",
idp.getName()));
+ tidp.addGroup(new TestIdentityProvider.TestGroup("externalGroup",
idp.getName()));
- ValueFactory vf = getValueFactory(r);
- externalUser = userManager.createUser("externalUser", null);
- externalUser.setProperty(REP_EXTERNAL_ID, vf.createValue(new
ExternalIdentityRef("externalUser", idp.getName()).getString()));
+ ValueFactory valueFactory = getValueFactory(r);
+ SyncContext syncCtx = (dynamicSync) ?
+ new DynamicSyncContext(syncConfig, idp, userManager,
valueFactory) :
+ new DefaultSyncContext(syncConfig, idp, userManager,
valueFactory);
- externalGroup = userManager.createGroup("externalGroup");
- externalGroup.setProperty(REP_EXTERNAL_ID, vf.createValue(new
ExternalIdentityRef("externalGroup", idp.getName()).getString()));
+ assertEquals(SyncResult.Status.ADD,
syncCtx.sync(idp.getUser("externalUser")).getStatus());
+ assertEquals(SyncResult.Status.ADD,
syncCtx.sync(idp.getGroup("externalGroup")).getStatus());
r.commit();
+
+ externalUser = userManager.getAuthorizable("externalUser", User.class);
+ externalGroup = userManager.getAuthorizable("externalGroup",
Group.class);
+ assertNotNull(externalUser);
+ assertNotNull(externalGroup);
}
-
+
@Override
public void after() throws Exception {
try {
@@ -107,7 +115,7 @@ public class DynamicAutomembershipTest extends
DynamicSyncContextTest {
if (testGroup != null) {
testGroup.remove();
}
- root.commit();
+ r.commit();
} finally {
super.after();
}
@@ -116,9 +124,10 @@ public class DynamicAutomembershipTest extends
DynamicSyncContextTest {
@Override
protected @NotNull DefaultSyncConfig createSyncConfig() {
DefaultSyncConfig config = super.createSyncConfig();
- config.group().setDynamicGroups(hasDynamicGroups);
- config.group().setAutoMembership("groupAutomembership",
"groupAutomembership");
- config.user().setAutoMembership("userAutomembership1",
"userAutomembership2");
+ config.user().setDynamicMembership(dynamicSync);
+ config.group().setDynamicGroups(dynamicSync);
+ config.group().setAutoMembership("groupAutomembership");
+
config.user().setAutoMembership("userAutomembership1","userAutomembership2");
return config;
}
@@ -132,105 +141,9 @@ public class DynamicAutomembershipTest extends
DynamicSyncContextTest {
r.commit();
return testGroup;
}
-
- private static boolean containsGroup(@NotNull Iterator<Group> membership,
@NotNull Group groupToTest) throws RepositoryException {
- String groupIdToTest = groupToTest.getID();
- Iterable<Group> iterable = () -> membership;
- return StreamSupport.stream(iterable.spliterator(),
false).anyMatch(group -> {
- try {
- return groupIdToTest.equals(group.getID());
- } catch (RepositoryException repositoryException) {
- return false;
- }
- });
- }
-
- @Override
- @Test
- public void testSyncExternalGroup() throws Exception {
- ExternalGroup extGroup = idp.getGroup(GROUP_ID);
- assertNotNull(extGroup);
-
- syncContext.sync(extGroup);
-
- if (hasDynamicGroups) {
- Group gr = userManager.getAuthorizable(extGroup.getId(),
Group.class);
- assertNotNull(gr);
- assertTrue(r.hasPendingChanges());
-
- // verify groupAutomembership-externalGroup relationship
- assertTrue(containsGroup(gr.declaredMemberOf(),
groupAutomembership));
- assertTrue(containsGroup(gr.memberOf(), groupAutomembership));
- assertTrue(groupAutomembership.isDeclaredMember(gr));
- assertTrue(groupAutomembership.isMember(gr));
-
assertFalse(hasStoredMembershipInformation(r.getTree(groupAutomembership.getPath()),
r.getTree(gr.getPath())));
-
- // user-specific automembership must not be reflected.
- for (Group g : new Group[] {userAutomembership,
userAutomembership2}) {
- assertFalse(g.isDeclaredMember(gr));
- assertFalse(g.isMember(gr));
- }
-
- // verify inheritedGroup-externalGroup relationship
- assertFalse(containsGroup(gr.declaredMemberOf(), groupInherited));
- assertTrue(containsGroup(gr.memberOf(), groupInherited));
- assertFalse(groupInherited.isDeclaredMember(gr));
- assertTrue(groupInherited.isMember(gr));
- } else {
- assertNull(userManager.getAuthorizable(extGroup.getId()));
- assertFalse(r.hasPendingChanges());
- }
- }
-
- @Override
- @Test
- public void testSyncExternalUserExistingGroups() throws Exception {
- // verify group membership of the previously synced user
- Authorizable user =
userManager.getAuthorizable(previouslySyncedUser.getId());
- assertSyncedMembership(userManager, user, previouslySyncedUser,
Long.MAX_VALUE);
-
- // resync the previously synced user with dynamic-membership enabled.
- syncContext.setForceUserSync(true);
- syncConfig.user().setMembershipExpirationTime(-1);
- syncContext.sync(previouslySyncedUser);
-
- Tree t = r.getTree(user.getPath());
-
- assertEquals(hasDynamicGroups,
t.hasProperty(REP_EXTERNAL_PRINCIPAL_NAMES));
- assertSyncedMembership(userManager, user, previouslySyncedUser);
-
- // verify automembership of the external user
- for (Group gr : new Group[] {groupAutomembership, userAutomembership,
userAutomembership2}) {
- assertTrue(gr.isDeclaredMember(user));
- assertTrue(gr.isMember(user));
- containsGroup(user.declaredMemberOf(), gr);
- containsGroup(user.memberOf(), gr);
-
- // if 'dynamic groups' are enabled the previously synced
membership information of the local group
- // must be migrated to dynamic membership.
- boolean hasStoredMembership =
hasStoredMembershipInformation(r.getTree(gr.getPath()),
r.getTree(user.getPath()));
- if (hasDynamicGroups) {
- assertFalse(hasStoredMembership);
- } else {
- boolean expected =
syncConfig.user().getAutoMembership().contains(gr.getID());
- assertEquals(expected, hasStoredMembership);
- }
- }
-
- // nested membership from auto-membership groups
- assertFalse(groupInherited.isDeclaredMember(user));
- assertTrue(groupInherited.isMember(user));
-
- Group previousGroup =
userManager.getAuthorizable(previouslySyncedUser.getDeclaredGroups().iterator().next().getId(),
Group.class);
- assertNotNull(previousGroup);
- }
-
- // the following additional tests are only run if dynamic groups are
enabled.
+
@Test
public void testIsDeclaredMemberConfiguredUserAutoMembership() throws
Exception {
- if (!hasDynamicGroups) {
- return;
- }
assertFalse(userAutomembership.isDeclaredMember(getTestUser()));
assertFalse(userAutomembership.isDeclaredMember(getTestGroup()));
assertFalse(userAutomembership.isDeclaredMember(externalGroup));
@@ -240,24 +153,16 @@ public class DynamicAutomembershipTest extends
DynamicSyncContextTest {
@Test
public void testIsDeclaredMemberConfiguredGroupAutoMembership() throws
Exception {
- if (!hasDynamicGroups) {
- return;
- }
-
assertFalse(groupAutomembership.isDeclaredMember(getTestUser()));
assertFalse(groupAutomembership.isDeclaredMember(getTestGroup()));
assertTrue(groupAutomembership.isDeclaredMember(externalGroup));
// dynamic automembership for users also includes the configured
group-automembership (to account for cases where dynamic-group option is false)
- assertTrue(groupAutomembership.isDeclaredMember(externalUser));
+ assertEquals(dynamicSync,
groupAutomembership.isDeclaredMember(externalUser));
}
@Test
public void testIsMemberConfiguredUserAutoMembership() throws Exception {
- if (!hasDynamicGroups) {
- return;
- }
-
assertFalse(userAutomembership.isMember(getTestUser()));
assertFalse(userAutomembership.isMember(getTestGroup()));
assertFalse(userAutomembership.isMember(externalGroup));
@@ -267,28 +172,20 @@ public class DynamicAutomembershipTest extends
DynamicSyncContextTest {
@Test
public void testIsMemberConfiguredGroupAutoMembership() throws Exception {
- if (!hasDynamicGroups) {
- return;
- }
-
assertFalse(groupAutomembership.isMember(getTestUser()));
assertFalse(groupAutomembership.isMember(getTestGroup()));
assertTrue(groupAutomembership.isMember(externalGroup));
// dynamic automembership for users also includes the configured
group-automembership (to account for cases where dynamic-group option is false)
- assertTrue(groupAutomembership.isMember(externalUser));
+ assertEquals(dynamicSync, groupAutomembership.isMember(externalUser));
}
@Test
public void testIsMemberNestedGroup() throws Exception {
- if (!hasDynamicGroups) {
- return;
- }
-
// automembership groups are members of other groups
User testuser = getTestUser();
Group nested = getTestGroup(userAutomembership, groupAutomembership,
testuser);
- root.commit();
+ r.commit();
// test nested group
assertTrue(nested.isMember(testuser));
@@ -310,20 +207,16 @@ public class DynamicAutomembershipTest extends
DynamicSyncContextTest {
assertFalse(groupAutomembership.isMember(userAutomembership));
assertTrue(groupAutomembership.isMember(externalGroup));
// dynamic automembership for users also includes the configured
group-automembership (to account for cases where dynamic-group option is false)
- assertTrue(groupAutomembership.isMember(externalUser));
+ assertEquals(dynamicSync, groupAutomembership.isMember(externalUser));
}
@Test
public void testIsMemberNestedGroupInverse() throws Exception {
- if (!hasDynamicGroups) {
- return;
- }
-
User testuser = getTestUser();
Group nested = getTestGroup(testuser);
userAutomembership.addMember(nested);
groupAutomembership.addMember(nested);
- root.commit();
+ r.commit();
// test nested group
assertTrue(nested.isMember(testuser));
@@ -345,6 +238,24 @@ public class DynamicAutomembershipTest extends
DynamicSyncContextTest {
assertFalse(groupAutomembership.isMember(userAutomembership));
assertTrue(groupAutomembership.isMember(externalGroup));
// dynamic automembership for users also includes the configured
group-automembership (to account for cases where dynamic-group option is false)
- assertTrue(groupAutomembership.isMember(externalUser));
+ assertEquals(dynamicSync, groupAutomembership.isMember(externalUser));
+ }
+
+ @Test
+ public void testIsMemberExternalUserInheritedNested() throws Exception {
+ Group testGroup = getTestGroup();
+ Group base = userManager.createGroup("baseGroup");
+ base.addMember(testGroup);
+ r.commit();
+
+ assertFalse(base.isDeclaredMember(externalUser));
+ assertFalse(base.isMember(externalUser));
+
+ // add 'automembership-group' as nested members
+ testGroup.addMember(userAutomembership);
+ r.commit();
+
+ assertFalse(base.isDeclaredMember(externalUser));
+ assertTrue(base.isMember(externalUser));
}
}
\ No newline at end of file
diff --git
a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicAutomembershipTest.java
b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicAutomembershipTest.java
index 2b7deebeac..a653f97d31 100644
---
a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicAutomembershipTest.java
+++
b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicAutomembershipTest.java
@@ -224,127 +224,4 @@ public class DynamicAutomembershipTest extends
DynamicSyncContextTest {
Group previousGroup =
userManager.getAuthorizable(previouslySyncedUser.getDeclaredGroups().iterator().next().getId(),
Group.class);
assertNotNull(previousGroup);
}
-
- // the following additional tests are only run if dynamic groups are
enabled.
- @Test
- public void testIsDeclaredMemberConfiguredUserAutoMembership() throws
Exception {
- if (!hasDynamicGroups) {
- return;
- }
- assertFalse(userAutomembership.isDeclaredMember(getTestUser()));
- assertFalse(userAutomembership.isDeclaredMember(getTestGroup()));
- assertFalse(userAutomembership.isDeclaredMember(externalGroup));
-
- assertTrue(userAutomembership.isDeclaredMember(externalUser));
- }
-
- @Test
- public void testIsDeclaredMemberConfiguredGroupAutoMembership() throws
Exception {
- if (!hasDynamicGroups) {
- return;
- }
-
- assertFalse(groupAutomembership.isDeclaredMember(getTestUser()));
- assertFalse(groupAutomembership.isDeclaredMember(getTestGroup()));
-
- assertTrue(groupAutomembership.isDeclaredMember(externalGroup));
- // dynamic automembership for users also includes the configured
group-automembership (to account for cases where dynamic-group option is false)
- assertTrue(groupAutomembership.isDeclaredMember(externalUser));
- }
-
- @Test
- public void testIsMemberConfiguredUserAutoMembership() throws Exception {
- if (!hasDynamicGroups) {
- return;
- }
-
- assertFalse(userAutomembership.isMember(getTestUser()));
- assertFalse(userAutomembership.isMember(getTestGroup()));
- assertFalse(userAutomembership.isMember(externalGroup));
-
- assertTrue(userAutomembership.isMember(externalUser));
- }
-
- @Test
- public void testIsMemberConfiguredGroupAutoMembership() throws Exception {
- if (!hasDynamicGroups) {
- return;
- }
-
- assertFalse(groupAutomembership.isMember(getTestUser()));
- assertFalse(groupAutomembership.isMember(getTestGroup()));
-
- assertTrue(groupAutomembership.isMember(externalGroup));
- // dynamic automembership for users also includes the configured
group-automembership (to account for cases where dynamic-group option is false)
- assertTrue(groupAutomembership.isMember(externalUser));
- }
-
- @Test
- public void testIsMemberNestedGroup() throws Exception {
- if (!hasDynamicGroups) {
- return;
- }
-
- // automembership groups are members of other groups
- User testuser = getTestUser();
- Group nested = getTestGroup(userAutomembership, groupAutomembership,
testuser);
- root.commit();
-
- // test nested group
- assertTrue(nested.isMember(testuser));
- assertTrue(nested.isMember(userAutomembership));
- assertTrue(nested.isMember(groupAutomembership));
- assertTrue(nested.isMember(externalUser));
- assertTrue(nested.isMember(externalGroup));
-
- // user-automembership-group
- assertFalse(userAutomembership.isMember(nested));
- assertFalse(userAutomembership.isMember(testuser));
- assertFalse(userAutomembership.isMember(groupAutomembership));
- assertFalse(userAutomembership.isMember(externalGroup));
- assertTrue(userAutomembership.isMember(externalUser));
-
- // group-automembership-group
- assertFalse(groupAutomembership.isMember(nested));
- assertFalse(groupAutomembership.isMember(testuser));
- assertFalse(groupAutomembership.isMember(userAutomembership));
- assertTrue(groupAutomembership.isMember(externalGroup));
- // dynamic automembership for users also includes the configured
group-automembership (to account for cases where dynamic-group option is false)
- assertTrue(groupAutomembership.isMember(externalUser));
- }
-
- @Test
- public void testIsMemberNestedGroupInverse() throws Exception {
- if (!hasDynamicGroups) {
- return;
- }
-
- User testuser = getTestUser();
- Group nested = getTestGroup(testuser);
- userAutomembership.addMember(nested);
- groupAutomembership.addMember(nested);
- root.commit();
-
- // test nested group
- assertTrue(nested.isMember(testuser));
- assertFalse(nested.isMember(userAutomembership));
- assertFalse(nested.isMember(groupAutomembership));
- assertFalse(nested.isMember(externalUser));
- assertFalse(nested.isMember(externalGroup));
-
- // user-automembership-group
- assertTrue(userAutomembership.isMember(nested));
- assertTrue(userAutomembership.isMember(testuser));
- assertFalse(userAutomembership.isMember(groupAutomembership));
- assertFalse(userAutomembership.isMember(externalGroup));
- assertTrue(userAutomembership.isMember(externalUser));
-
- // group-automembership-group
- assertTrue(groupAutomembership.isMember(nested));
- assertTrue(groupAutomembership.isMember(testuser));
- assertFalse(groupAutomembership.isMember(userAutomembership));
- assertTrue(groupAutomembership.isMember(externalGroup));
- // dynamic automembership for users also includes the configured
group-automembership (to account for cases where dynamic-group option is false)
- assertTrue(groupAutomembership.isMember(externalUser));
- }
}
\ No newline at end of file
diff --git
a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AbstractAutoMembershipTest.java
b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AbstractAutoMembershipTest.java
index 8aa3f2083f..6e5fddf213 100644
---
a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AbstractAutoMembershipTest.java
+++
b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AbstractAutoMembershipTest.java
@@ -59,6 +59,12 @@ public abstract class AbstractAutoMembershipTest extends
AbstractExternalAuthTe
@Before
public void before() throws Exception {
super.before();
+
+ // inject user-configuration as well as sync-handler and
sync-hander-mapping to have get dynamic-membership
+ // providers registered.
+ context.registerInjectActivateService(getUserConfiguration());
+ registerSyncHandler(syncConfigAsMap(), idp.getName());
+
userManager = getUserManager(root);
automembershipGroup1 =
userManager.createGroup(AUTOMEMBERSHIP_GROUP_ID_1);
automembershipGroup2 =
userManager.createGroup(AUTOMEMBERSHIP_GROUP_ID_2);
diff --git
a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipPrincipalsTest.java
b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipPrincipalsTest.java
index 2f1f584340..73dc1be6fd 100644
---
a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipPrincipalsTest.java
+++
b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipPrincipalsTest.java
@@ -16,6 +16,7 @@
*/
package
org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal;
+import org.apache.jackrabbit.guava.common.collect.ImmutableMap;
import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
import org.apache.jackrabbit.guava.common.collect.Iterators;
import org.apache.jackrabbit.guava.common.collect.Sets;
@@ -255,6 +256,19 @@ public class AutoMembershipPrincipalsTest extends
AbstractAutoMembershipTest {
verifyNoMoreInteractions(gr, inherited);
reset(gr, inherited, um);
}
+
+ @Test
+ public void testIsInheritedMemberGroupLookupFails() throws Exception {
+ AutoMembershipPrincipals amprincipals = new
AutoMembershipPrincipals(userManager, MAPPING, Collections.emptyMap());
+ assertFalse(amprincipals.isInheritedMember(IDP_INVALID_AM,
getTestGroup(), authorizable));
+ }
+
+ @Test
+ public void testIsInheritedMemberConfiguredUser() throws Exception {
+ Map<String, String[]> mapping = ImmutableMap.of(IDP_INVALID_AM, new
String[] {getTestUser().getID()});
+ AutoMembershipPrincipals amprincipals = new
AutoMembershipPrincipals(userManager, mapping, Collections.emptyMap());
+ assertFalse(amprincipals.isInheritedMember(IDP_INVALID_AM,
getTestGroup(), authorizable));
+ }
@Test
public void testEmptyMapping() {
diff --git
a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipProviderTest.java
b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipProviderTest.java
index e169889993..2590fbb4f8 100644
---
a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipProviderTest.java
+++
b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipProviderTest.java
@@ -27,6 +27,7 @@ import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.QueryEngine;
import org.apache.jackrabbit.oak.api.Root;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
+import
org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.jetbrains.annotations.NotNull;
import org.junit.Before;
@@ -80,7 +81,7 @@ public class AutoMembershipProviderTest extends
AbstractAutoMembershipTest {
super.before();
provider = createAutoMembershipProvider(root, userManager);
}
-
+
private void setExternalId(@NotNull String id, @NotNull String idpName)
throws Exception {
Root sr = getSystemRoot();
sr.refresh();
@@ -89,7 +90,17 @@ public class AutoMembershipProviderTest extends
AbstractAutoMembershipTest {
sr.commit();
root.refresh();
}
-
+
+ @Override
+ protected @NotNull DefaultSyncConfig createSyncConfig() {
+ DefaultSyncConfig dsc = super.createSyncConfig();
+
dsc.user().setDynamicMembership(true).setAutoMembership(MAPPING.get(IDP_VALID_AM));
+ if (dynamicGroupsEnabled) {
+
dsc.group().setDynamicGroups(true).setAutoMembership(MAPPING_GROUP.get(IDP_VALID_AM));
+ }
+ return dsc;
+ }
+
@NotNull
private AutoMembershipProvider createAutoMembershipProvider(@NotNull Root
root, @NotNull UserManager userManager) {
Map<String, String[]> groupMapping = (dynamicGroupsEnabled) ?
MAPPING_GROUP : null;
@@ -303,13 +314,15 @@ public class AutoMembershipProviderTest extends
AbstractAutoMembershipTest {
Group testGroup = getTestGroup();
Group base = userManager.createGroup("baseGroup");
base.addMember(testGroup);
+ root.commit();
assertFalse(provider.isMember(base, testUser, false));
assertFalse(provider.isMember(base, testUser, true));
// add 'automembership-group' as nested members
testGroup.addMember(automembershipGroup1);
-
+ root.commit();
+
assertFalse(provider.isMember(base, testUser, false));
assertTrue(provider.isMember(base, testUser, true));
}
