Example 26 with SimpleCredentials
use of javax.jcr.SimpleCredentials in project jackrabbit by apache.
the class UserTest method testDisable.
public void testDisable() throws Exception {
boolean remove = false;
Session s = getHelper().getReadOnlySession();
User user = null;
String userID = null;
String pw = "";
try {
User readonlyUser = getTestUser(s);
if (readonlyUser.isAdmin()) {
// configured readonly user is admin
// -> need to create another test user
pw = "test";
userID = getUserManager(superuser).createUser(getTestPrincipal().getName(), pw).getID();
remove = true;
} else {
userID = readonlyUser.getID();
}
user = (User) getUserManager(superuser).getAuthorizable(userID);
// by default a user isn't disabled
assertFalse(user.isDisabled());
assertNull(user.getDisabledReason());
// disable user
String reason = "readonly user is disabled!";
user.disable(reason);
save(superuser);
assertTrue(user.isDisabled());
assertEquals(reason, user.getDisabledReason());
// user must still be retrievable from user manager
assertNotNull(getUserManager(superuser).getAuthorizable(userID));
// ... and from principal manager as well
assertTrue(((JackrabbitSession) superuser).getPrincipalManager().hasPrincipal(user.getPrincipal().getName()));
// -> login must fail
try {
Session ss = getHelper().getRepository().login(new SimpleCredentials(userID, pw.toCharArray()));
ss.logout();
fail("A disabled user must not be allowed to login any more");
} catch (LoginException e) {
// success
}
// -> impersonating this user must fail
try {
Session ss = superuser.impersonate(new SimpleCredentials(userID, new char[0]));
ss.logout();
fail("A disabled user cannot be impersonated any more.");
} catch (LoginException e) {
// success
}
// enable user again
user.disable(null);
save(superuser);
assertFalse(user.isDisabled());
// -> login must succeed again
getHelper().getRepository().login(new SimpleCredentials(userID, pw.toCharArray())).logout();
} finally {
s.logout();
if (user != null) {
if (user.isDisabled()) {
user.disable(null);
}
if (remove) {
user.remove();
save(superuser);
}
}
}
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
LoginException(javax.jcr.LoginException)
JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)
Session(javax.jcr.Session)
JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)
Example 27 with SimpleCredentials
use of javax.jcr.SimpleCredentials in project jackrabbit by apache.
the class UserManagerImplTest method testUnknownUserLogin.
public void testUnknownUserLogin() throws RepositoryException {
String uid = getTestPrincipal().getName();
assertNull(userMgr.getAuthorizable(uid));
try {
Session s = superuser.getRepository().login(new SimpleCredentials(uid, uid.toCharArray()));
s.logout();
fail("An unknown user should not be allowed to execute the login.");
} catch (Exception e) {
// ok.
}
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
RepositoryException(javax.jcr.RepositoryException)
AuthorizableExistsException(org.apache.jackrabbit.api.security.user.AuthorizableExistsException)
NotExecutableException(org.apache.jackrabbit.test.NotExecutableException)
Session(javax.jcr.Session)
Example 28 with SimpleCredentials
use of javax.jcr.SimpleCredentials in project jackrabbit by apache.
the class UserManagerImplTest method testCreateUserIdDifferentFromPrincipalName.
public void testCreateUserIdDifferentFromPrincipalName() throws RepositoryException, NotExecutableException {
Principal p = getTestPrincipal();
String uid = getTestUserId(p);
String pw = buildPassword(uid);
User u = null;
Session uSession = null;
try {
u = userMgr.createUser(uid, pw, p, null);
save(superuser);
String msg = "Creating a User with principal-name distinct from Principal-name must succeed as long as both are unique.";
assertEquals(msg, u.getID(), uid);
assertEquals(msg, p.getName(), u.getPrincipal().getName());
assertFalse(msg, u.getID().equals(u.getPrincipal().getName()));
// make sure the userID exposed by a Session corresponding to that
// user is equal to the users ID.
uSession = superuser.getRepository().login(new SimpleCredentials(uid, pw.toCharArray()));
assertEquals(uid, uSession.getUserID());
} finally {
if (uSession != null) {
uSession.logout();
}
if (u != null) {
u.remove();
save(superuser);
}
}
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
User(org.apache.jackrabbit.api.security.user.User)
EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal)
TestPrincipal(org.apache.jackrabbit.core.security.TestPrincipal)
Principal(java.security.Principal)
Session(javax.jcr.Session)
Example 29 with SimpleCredentials
use of javax.jcr.SimpleCredentials in project jackrabbit-oak by apache.
the class LdapIdentityProvider method authenticate.
@Override
public ExternalUser authenticate(@Nonnull Credentials credentials) throws ExternalIdentityException, LoginException {
if (!(credentials instanceof SimpleCredentials)) {
log.debug("LDAP IDP can only authenticate SimpleCredentials.");
return null;
}
final SimpleCredentials creds = (SimpleCredentials) credentials;
final ExternalUser user = getUser(creds.getUserID());
if (user != null) {
// see http://tools.ietf.org/html/rfc4513#section-5.1.1 for details.
if (creds.getPassword().length == 0) {
throw new LoginException("Refusing to authenticate against LDAP server: Empty passwords not allowed.");
}
// authenticate
LdapConnection connection = null;
try {
DebugTimer timer = new DebugTimer();
if (userPool == null) {
connection = userConnectionFactory.makeObject();
} else {
connection = userPool.getConnection();
}
timer.mark("connect");
connection.bind(user.getExternalId().getId(), new String(creds.getPassword()));
timer.mark("bind");
if (log.isDebugEnabled()) {
log.debug("authenticate({}) {}", user.getId(), timer.getString());
}
} catch (LdapAuthenticationException e) {
throw new LoginException("Unable to authenticate against LDAP server: " + e.getMessage());
} catch (Exception e) {
throw new ExternalIdentityException("Error while binding user credentials", e);
} finally {
if (connection != null) {
try {
if (userPool == null) {
userConnectionFactory.destroyObject(connection);
} else {
userPool.releaseConnection(connection);
}
} catch (Exception e) {
// ignore
}
}
}
}
return user;
}
Also used :
DebugTimer(org.apache.jackrabbit.oak.commons.DebugTimer)
SimpleCredentials(javax.jcr.SimpleCredentials)
LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException)
ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)
LoginException(javax.security.auth.login.LoginException)
ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException)
LoginException(javax.security.auth.login.LoginException)
LdapInvalidAttributeValueException(org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException)
LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CursorException(org.apache.directory.api.ldap.model.cursor.CursorException)
NoSuchElementException(java.util.NoSuchElementException)
IOException(java.io.IOException)
ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 30 with SimpleCredentials
use of javax.jcr.SimpleCredentials in project jackrabbit-oak by apache.
the class LdapProviderTest method testAuthenticateValidateFalseTrue.
@Test
public void testAuthenticateValidateFalseTrue() throws Exception {
providerConfig.getAdminPoolConfig().setMaxActive(2).setLookupOnValidate(false);
providerConfig.getUserPoolConfig().setMaxActive(2).setLookupOnValidate(true);
idp.close();
idp = new LdapIdentityProvider(providerConfig);
SimpleCredentials creds = new SimpleCredentials(TEST_USER1_UID, "pass".toCharArray());
for (int i = 0; i < 8; i++) {
ExternalUser user = idp.authenticate(creds);
assertNotNull("User 1 must authenticate", user);
assertEquals("User Ref", TEST_USER1_DN, user.getExternalId().getId());
}
}
Also used :
LdapIdentityProvider(org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider)
SimpleCredentials(javax.jcr.SimpleCredentials)
ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)
Test(org.junit.Test)
Aggregations
SimpleCredentials (javax.jcr.SimpleCredentials)289
Test (org.junit.Test)142
Session (javax.jcr.Session)83
ContentSession (org.apache.jackrabbit.oak.api.ContentSession)60
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)53
User (org.apache.jackrabbit.api.security.user.User)41
Credentials (javax.jcr.Credentials)39
JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)35
UserManager (org.apache.jackrabbit.api.security.user.UserManager)34
LoginException (javax.security.auth.login.LoginException)30
Node (javax.jcr.Node)28
RepositoryException (javax.jcr.RepositoryException)25
Principal (java.security.Principal)22
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)21
GuestCredentials (javax.jcr.GuestCredentials)20
LoginException (javax.jcr.LoginException)19
TokenCredentials (org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)19
AuthInfo (org.apache.jackrabbit.oak.api.AuthInfo)18
Before (org.junit.Before)18
ImpersonationCredentials (org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)17
