Examples with AuthInfo - org.apache.jackrabbit.oak.api.AuthInfo

Example 6 with AuthInfo

use of org.apache.jackrabbit.oak.api.AuthInfo in project jackrabbit-oak by apache.

the class UserAuthentication method authenticate.

//-----------------------------------------------------< Authentication >---
@Override
public boolean authenticate(@Nullable Credentials credentials) throws LoginException {
    if (credentials == null || loginId == null) {
        return false;
    }
    boolean success = false;
    try {
        UserManager userManager = config.getUserManager(root, NamePathMapper.DEFAULT);
        Authorizable authorizable = userManager.getAuthorizable(loginId);
        if (authorizable == null) {
            return false;
        }
        if (authorizable.isGroup()) {
            throw new AccountNotFoundException("Not a user " + loginId);
        }
        User user = (User) authorizable;
        if (user.isDisabled()) {
            throw new AccountLockedException("User with ID " + loginId + " has been disabled: " + user.getDisabledReason());
        }
        if (credentials instanceof SimpleCredentials) {
            SimpleCredentials creds = (SimpleCredentials) credentials;
            Credentials userCreds = user.getCredentials();
            if (loginId.equals(creds.getUserID()) && userCreds instanceof CredentialsImpl) {
                success = PasswordUtil.isSame(((CredentialsImpl) userCreds).getPasswordHash(), creds.getPassword());
            }
            checkSuccess(success, "UserId/Password mismatch.");
            if (isPasswordExpired(user)) {
                // UserConstants.CREDENTIALS_ATTRIBUTE_NEWPASSWORD attribute set
                if (!changePassword(user, creds)) {
                    throw new CredentialExpiredException("User password has expired");
                }
            }
        } else if (credentials instanceof ImpersonationCredentials) {
            ImpersonationCredentials ipCreds = (ImpersonationCredentials) credentials;
            AuthInfo info = ipCreds.getImpersonatorInfo();
            success = equalUserId(ipCreds, loginId) && impersonate(info, user);
            checkSuccess(success, "Impersonation not allowed.");
        } else {
            // guest login is allowed if an anonymous user exists in the content (see get user above)
            success = (credentials instanceof GuestCredentials) || credentials == PreAuthenticatedLogin.PRE_AUTHENTICATED;
        }
        userId = user.getID();
        principal = user.getPrincipal();
    } catch (RepositoryException e) {
        throw new LoginException(e.getMessage());
    }
    return success;
}

Also used : AccountLockedException(javax.security.auth.login.AccountLockedException) AuthInfo(org.apache.jackrabbit.oak.api.AuthInfo) User(org.apache.jackrabbit.api.security.user.User) RepositoryException(javax.jcr.RepositoryException) SimpleCredentials(javax.jcr.SimpleCredentials) ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials) UserManager(org.apache.jackrabbit.api.security.user.UserManager) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) LoginException(javax.security.auth.login.LoginException) FailedLoginException(javax.security.auth.login.FailedLoginException) AccountNotFoundException(javax.security.auth.login.AccountNotFoundException) CredentialExpiredException(javax.security.auth.login.CredentialExpiredException) GuestCredentials(javax.jcr.GuestCredentials) ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials) SimpleCredentials(javax.jcr.SimpleCredentials) Credentials(javax.jcr.Credentials) GuestCredentials(javax.jcr.GuestCredentials)

Example 7 with AuthInfo

use of org.apache.jackrabbit.oak.api.AuthInfo in project jackrabbit-oak by apache.

the class PreAuthTest method testSystemSubject.

@Test
public void testSystemSubject() throws Exception {
    ContentSession cs = Subject.doAsPrivileged(SystemSubject.INSTANCE, new PrivilegedAction<ContentSession>() {

        @Override
        public ContentSession run() {
            try {
                return login(null);
            } catch (Exception e) {
                return null;
            }
        }
    }, null);
    try {
        AuthInfo authInfo = cs.getAuthInfo();
        assertNotSame(AuthInfo.EMPTY, authInfo);
        assertEquals(SystemSubject.INSTANCE.getPrincipals(), authInfo.getPrincipals());
        assertEquals(null, authInfo.getUserID());
    } finally {
        if (cs != null) {
            cs.close();
        }
    }
}

Also used : AuthInfo(org.apache.jackrabbit.oak.api.AuthInfo) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) LoginException(javax.security.auth.login.LoginException) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 8 with AuthInfo

use of org.apache.jackrabbit.oak.api.AuthInfo in project jackrabbit-oak by apache.

the class Jackrabbit2ConfigurationTest method testTokenCreationWithAttributes.

@Test
public void testTokenCreationWithAttributes() throws Exception {
    ContentSession cs = null;
    try {
        SimpleCredentials sc = (SimpleCredentials) getAdminCredentials();
        sc.setAttribute(".token", "");
        sc.setAttribute(".token.mandatory", "something");
        sc.setAttribute("attr", "val");
        cs = login(sc);
        AuthInfo ai = cs.getAuthInfo();
        Set<String> attrNames = ImmutableSet.copyOf(ai.getAttributeNames());
        assertTrue(attrNames.contains("attr"));
        assertFalse(attrNames.contains(".token"));
        assertFalse(attrNames.contains(".token.mandatory"));
    } finally {
        if (cs != null) {
            cs.close();
        }
    }
}

Example 9 with AuthInfo

use of org.apache.jackrabbit.oak.api.AuthInfo in project jackrabbit-oak by apache.

the class PreAuthTest method testValidSubject.

@Test
public void testValidSubject() throws Exception {
    final Subject subject = new Subject(true, principals, Collections.<Object>emptySet(), Collections.<Object>emptySet());
    ContentSession cs = Subject.doAsPrivileged(subject, new PrivilegedAction<ContentSession>() {

        @Override
        public ContentSession run() {
            try {
                return login(null);
            } catch (Exception e) {
                return null;
            }
        }
    }, null);
    try {
        AuthInfo authInfo = cs.getAuthInfo();
        assertNotSame(AuthInfo.EMPTY, authInfo);
        assertEquals(principals, authInfo.getPrincipals());
        assertNull(authInfo.getUserID());
    } finally {
        if (cs != null) {
            cs.close();
        }
    }
}

Also used : AuthInfo(org.apache.jackrabbit.oak.api.AuthInfo) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) Subject(javax.security.auth.Subject) SystemSubject(org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject) LoginException(javax.security.auth.login.LoginException) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 10 with AuthInfo

use of org.apache.jackrabbit.oak.api.AuthInfo in project jackrabbit-oak by apache.

the class PreAuthTest method testValidSubjectWithCredentials.

@Test
public void testValidSubjectWithCredentials() throws Exception {
    Set<SimpleCredentials> publicCreds = Collections.singleton(new SimpleCredentials("testUserId", new char[0]));
    final Subject subject = new Subject(false, principals, publicCreds, Collections.<Object>emptySet());
    ContentSession cs = Subject.doAsPrivileged(subject, new PrivilegedAction<ContentSession>() {

        @Override
        public ContentSession run() {
            try {
                return login(null);
            } catch (Exception e) {
                return null;
            }
        }
    }, null);
    try {
        AuthInfo authInfo = cs.getAuthInfo();
        assertNotSame(AuthInfo.EMPTY, authInfo);
        assertEquals(principals, authInfo.getPrincipals());
        assertEquals("testUserId", authInfo.getUserID());
    } finally {
        if (cs != null) {
            cs.close();
        }
    }
}

Also used : SimpleCredentials(javax.jcr.SimpleCredentials) AuthInfo(org.apache.jackrabbit.oak.api.AuthInfo) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) Subject(javax.security.auth.Subject) SystemSubject(org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject) LoginException(javax.security.auth.login.LoginException) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

AuthInfo (org.apache.jackrabbit.oak.api.AuthInfo)42 Test (org.junit.Test)38 ContentSession (org.apache.jackrabbit.oak.api.ContentSession)26 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)24 SimpleCredentials (javax.jcr.SimpleCredentials)19 Subject (javax.security.auth.Subject)15 LoginException (javax.security.auth.login.LoginException)7 Principal (java.security.Principal)6 ImpersonationCredentials (org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)6 GuestCredentials (javax.jcr.GuestCredentials)5 AuthInfoImpl (org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl)5 Credentials (javax.jcr.Credentials)4 Root (org.apache.jackrabbit.oak.api.Root)4 SystemSubject (org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject)4 RepositoryException (javax.jcr.RepositoryException)3 PrivilegedActionException (java.security.PrivilegedActionException)2 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)2 Session (javax.jcr.Session)2 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)2 UserManager (org.apache.jackrabbit.api.security.user.UserManager)2