use of javax.jcr.SimpleCredentials in project jackrabbit-oak by apache.
the class UserAuthentication method authenticate.
//-----------------------------------------------------< Authentication >---
@Override
public boolean authenticate(@Nullable Credentials credentials) throws LoginException {
if (credentials == null || loginId == null) {
return false;
}
boolean success = false;
try {
UserManager userManager = config.getUserManager(root, NamePathMapper.DEFAULT);
Authorizable authorizable = userManager.getAuthorizable(loginId);
if (authorizable == null) {
return false;
}
if (authorizable.isGroup()) {
throw new AccountNotFoundException("Not a user " + loginId);
}
User user = (User) authorizable;
if (user.isDisabled()) {
throw new AccountLockedException("User with ID " + loginId + " has been disabled: " + user.getDisabledReason());
}
if (credentials instanceof SimpleCredentials) {
SimpleCredentials creds = (SimpleCredentials) credentials;
Credentials userCreds = user.getCredentials();
if (loginId.equals(creds.getUserID()) && userCreds instanceof CredentialsImpl) {
success = PasswordUtil.isSame(((CredentialsImpl) userCreds).getPasswordHash(), creds.getPassword());
}
checkSuccess(success, "UserId/Password mismatch.");
if (isPasswordExpired(user)) {
// UserConstants.CREDENTIALS_ATTRIBUTE_NEWPASSWORD attribute set
if (!changePassword(user, creds)) {
throw new CredentialExpiredException("User password has expired");
}
}
} else if (credentials instanceof ImpersonationCredentials) {
ImpersonationCredentials ipCreds = (ImpersonationCredentials) credentials;
AuthInfo info = ipCreds.getImpersonatorInfo();
success = equalUserId(ipCreds, loginId) && impersonate(info, user);
checkSuccess(success, "Impersonation not allowed.");
} else {
// guest login is allowed if an anonymous user exists in the content (see get user above)
success = (credentials instanceof GuestCredentials) || credentials == PreAuthenticatedLogin.PRE_AUTHENTICATED;
}
userId = user.getID();
principal = user.getPrincipal();
} catch (RepositoryException e) {
throw new LoginException(e.getMessage());
}
return success;
}
use of javax.jcr.SimpleCredentials in project jackrabbit-oak by apache.
the class Jackrabbit2ConfigurationTest method testTokenCreationWithAttributes.
@Test
public void testTokenCreationWithAttributes() throws Exception {
ContentSession cs = null;
try {
SimpleCredentials sc = (SimpleCredentials) getAdminCredentials();
sc.setAttribute(".token", "");
sc.setAttribute(".token.mandatory", "something");
sc.setAttribute("attr", "val");
cs = login(sc);
AuthInfo ai = cs.getAuthInfo();
Set<String> attrNames = ImmutableSet.copyOf(ai.getAttributeNames());
assertTrue(attrNames.contains("attr"));
assertFalse(attrNames.contains(".token"));
assertFalse(attrNames.contains(".token.mandatory"));
} finally {
if (cs != null) {
cs.close();
}
}
}
use of javax.jcr.SimpleCredentials in project jackrabbit-oak by apache.
the class LoginContextProviderImplTest method testGetLoginContextWithInvalidProviderConfig.
@Test
public void testGetLoginContextWithInvalidProviderConfig() throws Exception {
ConfigurationParameters params = ConfigurationParameters.of(AuthenticationConfiguration.PARAM_CONFIG_SPI_NAME, "invalid");
LoginContextProvider provider = new LoginContextProviderImpl(AuthenticationConfiguration.DEFAULT_APP_NAME, params, getContentRepository(), getSecurityProvider(), new DefaultWhiteboard());
// invalid configuration falls back to default configuration
LoginContext ctx = provider.getLoginContext(new SimpleCredentials(getTestUser().getID(), getTestUser().getID().toCharArray()), null);
ctx.login();
}
use of javax.jcr.SimpleCredentials in project jackrabbit-oak by apache.
the class PreAuthTest method testValidSubjectWithCredentials.
@Test
public void testValidSubjectWithCredentials() throws Exception {
Set<SimpleCredentials> publicCreds = Collections.singleton(new SimpleCredentials("testUserId", new char[0]));
final Subject subject = new Subject(false, principals, publicCreds, Collections.<Object>emptySet());
ContentSession cs = Subject.doAsPrivileged(subject, new PrivilegedAction<ContentSession>() {
@Override
public ContentSession run() {
try {
return login(null);
} catch (Exception e) {
return null;
}
}
}, null);
try {
AuthInfo authInfo = cs.getAuthInfo();
assertNotSame(AuthInfo.EMPTY, authInfo);
assertEquals(principals, authInfo.getPrincipals());
assertEquals("testUserId", authInfo.getUserID());
} finally {
if (cs != null) {
cs.close();
}
}
}
use of javax.jcr.SimpleCredentials in project jackrabbit-oak by apache.
the class PreAuthTest method testValidReadSubjectWithCredentials.
@Test
public void testValidReadSubjectWithCredentials() throws Exception {
Set<SimpleCredentials> publicCreds = Collections.singleton(new SimpleCredentials("testUserId", new char[0]));
final Subject subject = new Subject(true, principals, publicCreds, Collections.<Object>emptySet());
ContentSession cs = Subject.doAsPrivileged(subject, new PrivilegedAction<ContentSession>() {
@Override
public ContentSession run() {
try {
return login(null);
} catch (Exception e) {
return null;
}
}
}, null);
try {
AuthInfo authInfo = cs.getAuthInfo();
assertNotSame(AuthInfo.EMPTY, authInfo);
assertEquals(principals, authInfo.getPrincipals());
assertEquals("testUserId", authInfo.getUserID());
} finally {
if (cs != null) {
cs.close();
}
}
}
Aggregations