Examples of org.osgi.service.useradmin.Group

org.osgi.service.useradmin.Group
A named grouping of roles ( {@code Role} objects).
Whether or not a given {@code Authorization} context implies a {@code Group}object depends on the members of that {@code Group} object.
A {@code Group} object can have two kinds of members: basic andrequired . A {@code Group} object is implied by an{@code Authorization} context if all of its required members are implied andat least one of its basic members is implied.
A {@code Group} object must contain at least one basic member in order to beimplied. In other words, a {@code Group} object without any basic memberroles is never implied by any {@code Authorization} context.
A {@code User} object always implies itself.
No loop detection is performed when adding members to {@code Group} objects,which means that it is possible to create circular implications. Loop detection is instead done when roles are checked. The semantics is that if a role depends on itself (i.e., there is an implication loop), the role is not implied.
The rule that a {@code Group} object must have at least one basic member tobe implied is motivated by the following example:
```
 group foo required members: marketing basic members: alice, bob 
```
Privileged operations that require membership in "foo" can be performed only by "alice" and "bob", who are in marketing.
If "alice" and "bob" ever transfer to a different department, anybody in marketing will be able to assume the "foo" role, which certainly must be prevented. Requiring that "foo" (or any {@code Group} object for that matter)must have at least one basic member accomplishes that.
However, this would make it impossible for a {@code Group} object to beimplied by just its required members. An example where this implication might be useful is the following declaration: "Any citizen who is an adult is allowed to vote." An intuitive configuration of "voter" would be:
```
 group voter required members: citizen, adult basic members: 
```
However, according to the above rule, the "voter" role could never be assumed by anybody, since it lacks any basic members. In order to address this issue a predefined role named "user.anyone" can be specified, which is always implied. The desired implication of the "voter" group can then be achieved by specifying "user.anyone" as its basic member, as follows:
```
 group voter required members: citizen, adult basic members: user.anyone 
```
@noimplement @author $Id: 0ffc7e843ca60afab2965c46dc352af62f540cee $

     * 
     * @throws IOException
     */
    @Test
    public void testGetMembers() throws IOException {
        Group group1 = Mockito.mock(Group.class);
        Mockito.when(group1.getType()).thenReturn(Role.GROUP);
        Mockito.when(group1.getName()).thenReturn("group1");
        User user1 = Mockito.mock(Group.class);
        Mockito.when(user1.getName()).thenReturn("user1");
        Mockito.when(group1.getMembers()).thenReturn(new Role[] { user1 });
        Mockito.when(userAdmin.getRole("group1")).thenReturn(group1);
        String[] members = mbean.getMembers("group1");
        Assert.assertArrayEquals(new String[] { "user1" }, members);
    }

View Full Code Here

     * 
     * @throws IOException
     */
    @Test
    public void testGetRequiredMembers() throws IOException {
        Group group1 = Mockito.mock(Group.class);
        Mockito.when(group1.getType()).thenReturn(Role.GROUP);
        Mockito.when(group1.getName()).thenReturn("group1");
        User user1 = Mockito.mock(Group.class);
        Mockito.when(user1.getName()).thenReturn("user1");
        Mockito.when(group1.getRequiredMembers()).thenReturn(new Role[] { user1 });
        Mockito.when(userAdmin.getRole("group1")).thenReturn(group1);
        String[] members = mbean.getRequiredMembers("group1");
        Assert.assertArrayEquals(new String[] { "user1" }, members);
    }

View Full Code Here

     * 
     * @throws Exception
     */
    @Test
    public void testListGroups() throws Exception {
        Group group1 = Mockito.mock(Group.class);
        Mockito.when(group1.getType()).thenReturn(Role.GROUP);
        Mockito.when(group1.getName()).thenReturn("group1");
        Group group2 = Mockito.mock(Group.class);
        Mockito.when(group2.getType()).thenReturn(Role.GROUP);
        Mockito.when(group2.getName()).thenReturn("group2");
        Mockito.when(userAdmin.getRoles(null)).thenReturn(new Role[] { group1, group2 });
        String[] groups = mbean.listGroups();
        Assert.assertArrayEquals(new String[] { "group1", "group2" }, groups);
    }

View Full Code Here

     * 
     * @throws IOException
     */
    @Test
    public void testRemoveMember() throws IOException {
        Group group1 = Mockito.mock(Group.class);
        User user1 = Mockito.mock(User.class);
        Mockito.when(userAdmin.getRole("group1")).thenReturn(group1);
        Mockito.when(userAdmin.getRole("user1")).thenReturn(user1);
        Mockito.when(group1.getType()).thenReturn(Role.GROUP);
        Mockito.when(group1.removeMember(user1)).thenReturn(true);
        boolean isAdded = mbean.removeMember("group1", "user1");
        Assert.assertTrue(isAdded);
        Mockito.verify(group1).removeMember(user1);
    }

View Full Code Here

  private void removeRoleFromAllGroups(Role removedRole) {
        try {
            Role[] roles = m_store.getRoles(null);
            for (int i = 0; i < roles.length; i++) {
                if (roles[i].getType() == Role.GROUP) {
                  Group group = (Group) roles[i];
                  // Don't check whether the given role is actually a member 
                  // of the group, but let the group itself figure this out...
                  group.removeMember(removedRole);
                }
            }
        }
        catch (Exception e) {
            throw new BackendException("Failed to get all roles!", e);

View Full Code Here

        }
        for (Group g : memberOf(r)) {
            g.removeMember(r);
        }
        for (String groupName : role.getMemberOf()) {
            Group g = (Group) m_userAdmin.getRole(groupName);
            if (g == null) {
                m_log.log(LogService.LOG_WARNING, "Cannot add user " + role.getName() + " to group " + groupName + ", because the group does not exist.");
                continue;
            }
            g.addMember(r);
        }
    }

View Full Code Here


        if (username == null || "".equals(username) || password == null || "".equals(password) || groupname == null || "".equals(groupname)) {
            throw new IllegalArgumentException("Username, password and groupname cannot be null or \"\"");
        }


        Group group = (Group) m_useradmin.getRole(groupname);
        if (group == null) {
            throw new GroupNotFoundException(groupname);
        }


        Role newRole = m_useradmin.createRole(username, Role.USER);
        if (newRole == null) {
            throw new UserAlreadyExistsException(username);
        }


        User newUser = (User) newRole;
        newUser.getProperties().put("username", username);
        newUser.getCredentials().put("password", password);
        group.addMember(newUser);
    }

View Full Code Here

        User user = getUser(username);
        if (user == null) {
            throw new UserNotFoundException(username);
        }


        Group oldGroup = (Group) m_useradmin.getRole(userDTO.getPreviousGroupname());
        if (oldGroup == null) {
            throw new GroupNotFoundException(group);
        }


        Group newGroup = (Group) m_useradmin.getRole(group);
        if (newGroup == null) {
            throw new GroupNotFoundException(group);
        }


        oldGroup.removeMember(user);
        newGroup.addMember(user);
    }

View Full Code Here

        }
        User user = getUser(oldUsername);
        if (user == null) {
            throw new UserNotFoundException(oldUsername);
        }
        Group group = getGroup(user);
        if (group == null) {
            throw new GroupNotFoundException(null);
        }


        group.removeMember(user);
        m_useradmin.removeRole(user.getName());


        User newUser = (User) m_useradmin.createRole(newUsername, Role.USER);
        newUser.getProperties().put("username", newUsername);
        newUser.getCredentials().put("password", userDTO.getPassword());


        group.addMember(newUser);
    }

View Full Code Here

        String[] roles = auth.getRoles();
        if (roles != null) {
            for (String role : roles) {
                Role result = m_useradmin.getRole(role);
                if (result.getType() == Role.GROUP) {
                    Group group = (Group) result;
                    Role[] members = group.getMembers();
                    if (members != null) {
                        for (Role r : members) {
                            if (r.getType() == Role.USER && r.getName().equals(user.getName())) {
                                return group;
                            }

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.osgi.service.useradmin.Group

org.apache.ace.client.repositoryuseradmin.impl.RepositoryUserAdminSerializationTest

org.apache.ace.client.repositoryuseradmin.impl.RepositoryUserAdminTest

org.apache.ace.resourceprocessor.useradmin.impl.UserAdminStore

org.apache.ace.useradmin.ui.editor.impl.UserEditorImpl

org.apache.ace.useradmin.ui.test.UserEditorTest

org.apache.ace.useradmin.ui.vaadin.UserAdminWindow

org.apache.aries.jmx.useradmin.UserAdminTest

org.apache.felix.jmood.compendium.UserManager

org.apache.felix.useradmin.filestore.RoleRepositoryFileStorePerformanceTest

org.apache.felix.useradmin.filestore.RoleRepositorySerializer

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.