Example 1 with ImpersonationCredentials
use of org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials in project jackrabbit-oak by apache.
the class LoginModuleImplTest method testSelfImpersonation.
@Test
public void testSelfImpersonation() throws Exception {
ContentSession cs = null;
try {
createTestUser();
SimpleCredentials sc = new SimpleCredentials(USER_ID, USER_PW.toCharArray());
cs = login(sc);
AuthInfo authInfo = cs.getAuthInfo();
assertEquals(USER_ID, authInfo.getUserID());
cs.close();
sc = new SimpleCredentials(USER_ID, new char[0]);
ImpersonationCredentials ic = new ImpersonationCredentials(sc, authInfo);
cs = login(ic);
authInfo = cs.getAuthInfo();
assertEquals(USER_ID, authInfo.getUserID());
} finally {
if (cs != null) {
cs.close();
}
}
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
AuthInfo(org.apache.jackrabbit.oak.api.AuthInfo)
ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 2 with ImpersonationCredentials
use of org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials in project jackrabbit-oak by apache.
the class LoginModuleImpl method createAuthInfo.
private AuthInfo createAuthInfo(@Nonnull Set<? extends Principal> principals) {
Credentials creds;
if (credentials instanceof ImpersonationCredentials) {
creds = ((ImpersonationCredentials) credentials).getBaseCredentials();
} else {
creds = credentials;
}
Map<String, Object> attributes = new HashMap<String, Object>();
Object shared = sharedState.get(SHARED_KEY_ATTRIBUTES);
if (shared instanceof Map) {
for (Object key : ((Map) shared).keySet()) {
attributes.put(key.toString(), ((Map) shared).get(key));
}
} else if (creds instanceof SimpleCredentials) {
SimpleCredentials sc = (SimpleCredentials) creds;
for (String attrName : sc.getAttributeNames()) {
attributes.put(attrName, sc.getAttribute(attrName));
}
}
return new AuthInfoImpl(userId, attributes, principals);
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
AuthInfoImpl(org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl)
ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)
HashMap(java.util.HashMap)
HashMap(java.util.HashMap)
Map(java.util.Map)
GuestCredentials(javax.jcr.GuestCredentials)
ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)
SimpleCredentials(javax.jcr.SimpleCredentials)
Credentials(javax.jcr.Credentials)
Example 3 with ImpersonationCredentials
use of org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials in project jackrabbit-oak by apache.
the class ExternalLoginModule method createAuthInfo.
@Nonnull
private AuthInfo createAuthInfo(@Nonnull String userId, @Nonnull Set<? extends Principal> principals) {
Credentials creds;
if (credentials instanceof ImpersonationCredentials) {
creds = ((ImpersonationCredentials) credentials).getBaseCredentials();
} else {
creds = credentials;
}
Map<String, Object> attributes = new HashMap<String, Object>();
Object shared = sharedState.get(SHARED_KEY_ATTRIBUTES);
if (shared instanceof Map) {
for (Map.Entry entry : ((Map<?, ?>) shared).entrySet()) {
attributes.put(entry.getKey().toString(), entry.getValue());
}
} else if (creds != null) {
attributes.putAll(credentialsSupport.getAttributes(creds));
}
return new AuthInfoImpl(userId, attributes, principals);
}
Also used :
AuthInfoImpl(org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl)
ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)
HashMap(java.util.HashMap)
HashMap(java.util.HashMap)
Map(java.util.Map)
ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)
Credentials(javax.jcr.Credentials)
Nonnull(javax.annotation.Nonnull)
Example 4 with ImpersonationCredentials
use of org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials in project jackrabbit-oak by apache.
the class TokenProviderImplTest method testCreateTokenFromInvalidCredentials.
@Test
public void testCreateTokenFromInvalidCredentials() throws Exception {
List<Credentials> invalid = new ArrayList<Credentials>();
invalid.add(new GuestCredentials());
invalid.add(new TokenCredentials("sometoken"));
invalid.add(new ImpersonationCredentials(new GuestCredentials(), null));
invalid.add(new SimpleCredentials("unknownUserId", new char[0]));
for (Credentials creds : invalid) {
assertNull(tokenProvider.createToken(creds));
}
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)
ArrayList(java.util.ArrayList)
GuestCredentials(javax.jcr.GuestCredentials)
TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)
ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)
SimpleCredentials(javax.jcr.SimpleCredentials)
Credentials(javax.jcr.Credentials)
GuestCredentials(javax.jcr.GuestCredentials)
TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)
Test(org.junit.Test)
Example 5 with ImpersonationCredentials
use of org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials in project jackrabbit-oak by apache.
the class UserAuthentication method authenticate.
//-----------------------------------------------------< Authentication >---
@Override
public boolean authenticate(@Nullable Credentials credentials) throws LoginException {
if (credentials == null || loginId == null) {
return false;
}
boolean success = false;
try {
UserManager userManager = config.getUserManager(root, NamePathMapper.DEFAULT);
Authorizable authorizable = userManager.getAuthorizable(loginId);
if (authorizable == null) {
return false;
}
if (authorizable.isGroup()) {
throw new AccountNotFoundException("Not a user " + loginId);
}
User user = (User) authorizable;
if (user.isDisabled()) {
throw new AccountLockedException("User with ID " + loginId + " has been disabled: " + user.getDisabledReason());
}
if (credentials instanceof SimpleCredentials) {
SimpleCredentials creds = (SimpleCredentials) credentials;
Credentials userCreds = user.getCredentials();
if (loginId.equals(creds.getUserID()) && userCreds instanceof CredentialsImpl) {
success = PasswordUtil.isSame(((CredentialsImpl) userCreds).getPasswordHash(), creds.getPassword());
}
checkSuccess(success, "UserId/Password mismatch.");
if (isPasswordExpired(user)) {
// UserConstants.CREDENTIALS_ATTRIBUTE_NEWPASSWORD attribute set
if (!changePassword(user, creds)) {
throw new CredentialExpiredException("User password has expired");
}
}
} else if (credentials instanceof ImpersonationCredentials) {
ImpersonationCredentials ipCreds = (ImpersonationCredentials) credentials;
AuthInfo info = ipCreds.getImpersonatorInfo();
success = equalUserId(ipCreds, loginId) && impersonate(info, user);
checkSuccess(success, "Impersonation not allowed.");
} else {
// guest login is allowed if an anonymous user exists in the content (see get user above)
success = (credentials instanceof GuestCredentials) || credentials == PreAuthenticatedLogin.PRE_AUTHENTICATED;
}
userId = user.getID();
principal = user.getPrincipal();
} catch (RepositoryException e) {
throw new LoginException(e.getMessage());
}
return success;
}
Also used :
AccountLockedException(javax.security.auth.login.AccountLockedException)
AuthInfo(org.apache.jackrabbit.oak.api.AuthInfo)
User(org.apache.jackrabbit.api.security.user.User)
RepositoryException(javax.jcr.RepositoryException)
SimpleCredentials(javax.jcr.SimpleCredentials)
ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)
CredentialExpiredException(javax.security.auth.login.CredentialExpiredException)
GuestCredentials(javax.jcr.GuestCredentials)
ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)
SimpleCredentials(javax.jcr.SimpleCredentials)
Credentials(javax.jcr.Credentials)
GuestCredentials(javax.jcr.GuestCredentials)
Aggregations
ImpersonationCredentials (org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)17
SimpleCredentials (javax.jcr.SimpleCredentials)15
Test (org.junit.Test)12
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)10
Credentials (javax.jcr.Credentials)7
ContentSession (org.apache.jackrabbit.oak.api.ContentSession)7
GuestCredentials (javax.jcr.GuestCredentials)6
AuthInfo (org.apache.jackrabbit.oak.api.AuthInfo)5
LoginException (javax.security.auth.login.LoginException)4
TokenCredentials (org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)4
AuthInfoImpl (org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl)4
ArrayList (java.util.ArrayList)3
Principal (java.security.Principal)2
HashMap (java.util.HashMap)2
Map (java.util.Map)2
Nonnull (javax.annotation.Nonnull)2
FailedLoginException (javax.security.auth.login.FailedLoginException)2
User (org.apache.jackrabbit.api.security.user.User)2
IOException (java.io.IOException)1
CheckForNull (javax.annotation.CheckForNull)1
