Search in sources :

Example 76 with Credentials

use of javax.jcr.Credentials in project jackrabbit-oak by apache.

the class L11_PasswordTest method testGetCredentials.

public void testGetCredentials() throws RepositoryException {
    testUser = userManager.createUser(testId, TEST_PW);
    Credentials creds = testUser.getCredentials();
    // EXERCISE fix the expectation
    Credentials expected = null;
    assertEquals(expected, creds);
    // EXERCISE : complete and explain the expected behavior
    getHelper().getRepository().login(creds).logout();
}
Also used : Credentials(javax.jcr.Credentials)

Example 77 with Credentials

use of javax.jcr.Credentials in project jackrabbit-oak by apache.

the class L11_PasswordTest method testCreateUserAndLogin.

public void testCreateUserAndLogin() throws RepositoryException {
    testUser = userManager.createUser(testId, TEST_PW);
    superuser.save();
    // EXERCISE build the credentials
    Credentials creds = null;
    getHelper().getRepository().login(creds).logout();
}
Also used : Credentials(javax.jcr.Credentials)

Example 78 with Credentials

use of javax.jcr.Credentials in project jackrabbit-oak by apache.

the class UserTest method testLoginWithGetCredentials.

@Test
public void testLoginWithGetCredentials() throws RepositoryException, NotExecutableException {
    try {
        Credentials creds = user.getCredentials();
        Session s = getHelper().getRepository().login(creds);
        s.logout();
        fail("Login using credentials exposed on user must fail.");
    } catch (UnsupportedRepositoryOperationException e) {
        throw new NotExecutableException(e.getMessage());
    } catch (LoginException e) {
    // success
    }
}
Also used : UnsupportedRepositoryOperationException(javax.jcr.UnsupportedRepositoryOperationException) NotExecutableException(org.apache.jackrabbit.test.NotExecutableException) LoginException(javax.jcr.LoginException) SimpleCredentials(javax.jcr.SimpleCredentials) Credentials(javax.jcr.Credentials) Session(javax.jcr.Session) JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession) Test(org.junit.Test)

Example 79 with Credentials

use of javax.jcr.Credentials in project sling by apache.

the class FormLoginModule method login.

@SuppressWarnings("unchecked")
public boolean login() throws LoginException {
    Credentials credentials = getCredentials();
    if (credentials instanceof FormCredentials) {
        FormCredentials cred = (FormCredentials) credentials;
        userId = cred.getUserId();
        if (!authHandler.isValid(cred)) {
            log.debug("Invalid credentials");
            return false;
        }
        if (userId == null) {
            log.debug("Could not extract userId/credentials");
        } else {
            // we just set the login name and rely on the following login modules to populate the subject
            sharedState.put(SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin(userId));
            sharedState.put(SHARED_KEY_CREDENTIALS, new SimpleCredentials(userId, EMPTY_PWD));
            sharedState.put(SHARED_KEY_LOGIN_NAME, userId);
            log.debug("login succeeded with trusted user: {}", userId);
        }
    }
    return false;
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) SimpleCredentials(javax.jcr.SimpleCredentials) Credentials(javax.jcr.Credentials) PreAuthenticatedLogin(org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin)

Example 80 with Credentials

use of javax.jcr.Credentials in project sling by apache.

the class SlingWebConsoleSecurityProvider method authenticate.

// ---------- SCR integration
/**
     * Authenticates and authorizes the user identified by the user name and
     * password. The check applied to authorize access consists of the following
     * steps:
     * <ol>
     * <li>User name and password are able to create a JCR session with the
     * default repository workspace. If such a session cannot be created, the
     * user is denied access.</li>
     * <li>If the user is listed in the configured set of granted users, access
     * is granted to all of the Web Console.</li>
     * <li>If the user is a member of one of the groups configured to grant
     * access to their members, access is granted to all of the Web Console.</li>
     * </ol>
     * <p>
     * If the user name and password cannot be used to login to the default
     * workspace of the repository or if the user neither one of the configured
     * set of granted users or is not a member of the configured set of groups
     * access is denied to the Web Console.
     *
     * @param userName The name of the user to grant access for
     * @param password The password to authenticate the user. This may be
     *            <code>null</code> to assume an empty password.
     * @return The <code>userName</code> is currently returned to indicate
     *         successfull authentication.
     * @throws NullPointerException if <code>userName</code> is
     *             <code>null</code>.
     */
@Override
public Object authenticate(String userName, String password) {
    final Credentials creds = new SimpleCredentials(userName, (password == null) ? new char[0] : password.toCharArray());
    Session session = null;
    try {
        session = repository.login(creds);
        if (session instanceof JackrabbitSession) {
            UserManager umgr = ((JackrabbitSession) session).getUserManager();
            String userId = session.getUserID();
            Authorizable a = umgr.getAuthorizable(userId);
            if (a instanceof User) {
                // check users
                if (users.contains(userId)) {
                    return true;
                }
                // check groups
                Iterator<Group> gi = a.memberOf();
                while (gi.hasNext()) {
                    if (groups.contains(gi.next().getID())) {
                        return userName;
                    }
                }
                logger.debug("authenticate: User {} is denied Web Console access", userName);
            } else {
                logger.error("authenticate: Expected user ID {} to refer to a user", userId);
            }
        } else {
            logger.info("authenticate: Jackrabbit Session required to grant access to the Web Console for {}; got {}", userName, session.getClass());
        }
    } catch (final LoginException re) {
        logger.info("authenticate: User " + userName + " failed to authenticate with the repository for Web Console access", re);
    } catch (final Exception re) {
        logger.info("authenticate: Generic problem trying grant User " + userName + " access to the Web Console", re);
    } finally {
        if (session != null) {
            session.logout();
        }
    }
    // no success (see log)
    return null;
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) Group(org.apache.jackrabbit.api.security.user.Group) User(org.apache.jackrabbit.api.security.user.User) UserManager(org.apache.jackrabbit.api.security.user.UserManager) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) LoginException(javax.jcr.LoginException) JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession) SimpleCredentials(javax.jcr.SimpleCredentials) Credentials(javax.jcr.Credentials) LoginException(javax.jcr.LoginException) Session(javax.jcr.Session) JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession)

Aggregations

Credentials (javax.jcr.Credentials)86 SimpleCredentials (javax.jcr.SimpleCredentials)53 Test (org.junit.Test)33 GuestCredentials (javax.jcr.GuestCredentials)26 Session (javax.jcr.Session)17 TokenCredentials (org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)14 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)13 RepositoryException (javax.jcr.RepositoryException)12 User (org.apache.jackrabbit.api.security.user.User)12 ImpersonationCredentials (org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)12 LoginException (javax.security.auth.login.LoginException)8 ArrayList (java.util.ArrayList)7 LoginException (javax.jcr.LoginException)6 Subject (javax.security.auth.Subject)6 IOException (java.io.IOException)5 HashMap (java.util.HashMap)5 Repository (javax.jcr.Repository)5 ContentSession (org.apache.jackrabbit.oak.api.ContentSession)5 Principal (java.security.Principal)4 Map (java.util.Map)4