use of javax.jcr.SimpleCredentials in project jackrabbit by apache.
the class UserImplTest method testCredentials.
public void testCredentials() throws RepositoryException, NoSuchAlgorithmException, UnsupportedEncodingException {
User u = (User) userMgr.getAuthorizable(uID);
Credentials uc = u.getCredentials();
assertTrue(uc instanceof CryptedSimpleCredentials);
assertTrue(((CryptedSimpleCredentials) uc).matches((SimpleCredentials) creds));
}
use of javax.jcr.SimpleCredentials in project jackrabbit by apache.
the class UserImplTest method setUp.
@Override
protected void setUp() throws Exception {
super.setUp();
Principal p = getTestPrincipal();
String pw = buildPassword(p);
creds = new SimpleCredentials(p.getName(), pw.toCharArray());
User u = userMgr.createUser(p.getName(), pw);
save(superuser);
uID = u.getID();
uSession = getHelper().getRepository().login(creds);
uMgr = getUserManager(uSession);
}
use of javax.jcr.SimpleCredentials in project jackrabbit by apache.
the class UserImplTest method testChangePassword.
public void testChangePassword() throws RepositoryException, NotExecutableException, NoSuchAlgorithmException, UnsupportedEncodingException {
User u = (User) userMgr.getAuthorizable(uID);
String sha1Hash = "{" + SecurityConstants.DEFAULT_DIGEST + "}" + Text.digest(SecurityConstants.DEFAULT_DIGEST, "abc".getBytes());
String md5Hash = "{md5}" + Text.digest("md5", "abc".getBytes());
// valid passwords and the corresponding match
Map<String, String> pwds = new HashMap<String, String>();
// plain text passwords
pwds.put("abc", "abc");
pwds.put("{a}password", "{a}password");
// passwords with hash-like char-sequence -> must still be hashed.
pwds.put(sha1Hash, sha1Hash);
pwds.put(md5Hash, md5Hash);
pwds.put("{" + SecurityConstants.DEFAULT_DIGEST + "}any", "{" + SecurityConstants.DEFAULT_DIGEST + "}any");
pwds.put("{" + SecurityConstants.DEFAULT_DIGEST + "}", "{" + SecurityConstants.DEFAULT_DIGEST + "}");
for (String pw : pwds.keySet()) {
u.changePassword(pw);
String plain = pwds.get(pw);
SimpleCredentials sc = new SimpleCredentials(u.getID(), plain.toCharArray());
CryptedSimpleCredentials cc = (CryptedSimpleCredentials) u.getCredentials();
assertTrue(cc.matches(sc));
}
// valid passwords, non-matching plain text
Map<String, String> noMatch = new HashMap<String, String>();
noMatch.put("{" + SecurityConstants.DEFAULT_DIGEST + "}", "");
noMatch.put("{" + SecurityConstants.DEFAULT_DIGEST + "}any", "any");
noMatch.put(sha1Hash, "abc");
noMatch.put(md5Hash, "abc");
for (String pw : noMatch.keySet()) {
u.changePassword(pw);
String plain = noMatch.get(pw);
SimpleCredentials sc = new SimpleCredentials(u.getID(), plain.toCharArray());
CryptedSimpleCredentials cc = (CryptedSimpleCredentials) u.getCredentials();
assertFalse(pw, cc.matches(sc));
}
}
use of javax.jcr.SimpleCredentials in project jackrabbit-oak by apache.
the class ExternalLoginModuleAutoMembershipTest method testLoginAfterSyncSetup5.
@Test
public void testLoginAfterSyncSetup5() throws Exception {
setup5.sync(USER_ID, false);
ContentSession cs = null;
try {
cs = login(new SimpleCredentials(USER_ID, new char[0]));
// the login must not set any auto-membership principals to the subject
// as auto-membership is not configured on this setup.
Set<Principal> principals = cs.getAuthInfo().getPrincipals();
Set<Principal> expected = ImmutableSet.of(EveryonePrincipal.getInstance(), userManager.getAuthorizable(USER_ID).getPrincipal());
assertEquals(expected, principals);
assertFalse(principals.contains(new PrincipalImpl(NON_EXISTING_NAME)));
assertFalse(principals.contains(setup1.gr.getPrincipal()));
assertFalse(principals.contains(setup2.gr.getPrincipal()));
assertFalse(principals.contains(setup3.gr.getPrincipal()));
assertFalse(principals.contains(setup4.gr.getPrincipal()));
} finally {
options.clear();
if (cs != null) {
cs.close();
}
}
}
use of javax.jcr.SimpleCredentials in project jackrabbit-oak by apache.
the class ExternalLoginModuleAutoMembershipTest method testLoginAfterSyncSetup1.
@Test
public void testLoginAfterSyncSetup1() throws Exception {
setup1.sync(USER_ID, false);
ContentSession cs = null;
try {
cs = login(new SimpleCredentials(USER_ID, new char[0]));
// the login must set the configured + existing auto-membership principals
// to the subject; non-existing auto-membership entries must be ignored.
Set<Principal> principals = cs.getAuthInfo().getPrincipals();
assertTrue(principals.contains(setup1.gr.getPrincipal()));
assertFalse(principals.contains(new PrincipalImpl(NON_EXISTING_NAME)));
assertFalse(principals.contains(setup2.gr.getPrincipal()));
assertFalse(principals.contains(setup3.gr.getPrincipal()));
// however, the existing auto-membership group must _not_ have changed
// and the test user must not be a stored member of this group.
root.refresh();
UserManager uMgr = getUserManager(root);
User user = uMgr.getAuthorizable(USER_ID, User.class);
Group gr = uMgr.getAuthorizable(setup1.gr.getID(), Group.class);
assertFalse(gr.isDeclaredMember(user));
assertFalse(gr.isMember(user));
} finally {
options.clear();
if (cs != null) {
cs.close();
}
}
}
Aggregations