Search in sources :

Example 71 with SimpleCredentials

use of javax.jcr.SimpleCredentials in project jackrabbit-oak by apache.

the class UserAuthentication method authenticate.

//-----------------------------------------------------< Authentication >---
@Override
public boolean authenticate(@Nullable Credentials credentials) throws LoginException {
    if (credentials == null || loginId == null) {
        return false;
    }
    boolean success = false;
    try {
        UserManager userManager = config.getUserManager(root, NamePathMapper.DEFAULT);
        Authorizable authorizable = userManager.getAuthorizable(loginId);
        if (authorizable == null) {
            return false;
        }
        if (authorizable.isGroup()) {
            throw new AccountNotFoundException("Not a user " + loginId);
        }
        User user = (User) authorizable;
        if (user.isDisabled()) {
            throw new AccountLockedException("User with ID " + loginId + " has been disabled: " + user.getDisabledReason());
        }
        if (credentials instanceof SimpleCredentials) {
            SimpleCredentials creds = (SimpleCredentials) credentials;
            Credentials userCreds = user.getCredentials();
            if (loginId.equals(creds.getUserID()) && userCreds instanceof CredentialsImpl) {
                success = PasswordUtil.isSame(((CredentialsImpl) userCreds).getPasswordHash(), creds.getPassword());
            }
            checkSuccess(success, "UserId/Password mismatch.");
            if (isPasswordExpired(user)) {
                // UserConstants.CREDENTIALS_ATTRIBUTE_NEWPASSWORD attribute set
                if (!changePassword(user, creds)) {
                    throw new CredentialExpiredException("User password has expired");
                }
            }
        } else if (credentials instanceof ImpersonationCredentials) {
            ImpersonationCredentials ipCreds = (ImpersonationCredentials) credentials;
            AuthInfo info = ipCreds.getImpersonatorInfo();
            success = equalUserId(ipCreds, loginId) && impersonate(info, user);
            checkSuccess(success, "Impersonation not allowed.");
        } else {
            // guest login is allowed if an anonymous user exists in the content (see get user above)
            success = (credentials instanceof GuestCredentials) || credentials == PreAuthenticatedLogin.PRE_AUTHENTICATED;
        }
        userId = user.getID();
        principal = user.getPrincipal();
    } catch (RepositoryException e) {
        throw new LoginException(e.getMessage());
    }
    return success;
}
Also used : AccountLockedException(javax.security.auth.login.AccountLockedException) AuthInfo(org.apache.jackrabbit.oak.api.AuthInfo) User(org.apache.jackrabbit.api.security.user.User) RepositoryException(javax.jcr.RepositoryException) SimpleCredentials(javax.jcr.SimpleCredentials) ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials) UserManager(org.apache.jackrabbit.api.security.user.UserManager) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) LoginException(javax.security.auth.login.LoginException) FailedLoginException(javax.security.auth.login.FailedLoginException) AccountNotFoundException(javax.security.auth.login.AccountNotFoundException) CredentialExpiredException(javax.security.auth.login.CredentialExpiredException) GuestCredentials(javax.jcr.GuestCredentials) ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials) SimpleCredentials(javax.jcr.SimpleCredentials) Credentials(javax.jcr.Credentials) GuestCredentials(javax.jcr.GuestCredentials)

Example 72 with SimpleCredentials

use of javax.jcr.SimpleCredentials in project jackrabbit-oak by apache.

the class Jackrabbit2ConfigurationTest method testTokenCreationWithAttributes.

@Test
public void testTokenCreationWithAttributes() throws Exception {
    ContentSession cs = null;
    try {
        SimpleCredentials sc = (SimpleCredentials) getAdminCredentials();
        sc.setAttribute(".token", "");
        sc.setAttribute(".token.mandatory", "something");
        sc.setAttribute("attr", "val");
        cs = login(sc);
        AuthInfo ai = cs.getAuthInfo();
        Set<String> attrNames = ImmutableSet.copyOf(ai.getAttributeNames());
        assertTrue(attrNames.contains("attr"));
        assertFalse(attrNames.contains(".token"));
        assertFalse(attrNames.contains(".token.mandatory"));
    } finally {
        if (cs != null) {
            cs.close();
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) AuthInfo(org.apache.jackrabbit.oak.api.AuthInfo) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 73 with SimpleCredentials

use of javax.jcr.SimpleCredentials in project jackrabbit-oak by apache.

the class LoginContextProviderImplTest method testGetLoginContextWithInvalidProviderConfig.

@Test
public void testGetLoginContextWithInvalidProviderConfig() throws Exception {
    ConfigurationParameters params = ConfigurationParameters.of(AuthenticationConfiguration.PARAM_CONFIG_SPI_NAME, "invalid");
    LoginContextProvider provider = new LoginContextProviderImpl(AuthenticationConfiguration.DEFAULT_APP_NAME, params, getContentRepository(), getSecurityProvider(), new DefaultWhiteboard());
    // invalid configuration falls back to default configuration
    LoginContext ctx = provider.getLoginContext(new SimpleCredentials(getTestUser().getID(), getTestUser().getID().toCharArray()), null);
    ctx.login();
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) JaasLoginContext(org.apache.jackrabbit.oak.spi.security.authentication.JaasLoginContext) LoginContext(org.apache.jackrabbit.oak.spi.security.authentication.LoginContext) LoginContextProvider(org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider) DefaultWhiteboard(org.apache.jackrabbit.oak.spi.whiteboard.DefaultWhiteboard) ConfigurationParameters(org.apache.jackrabbit.oak.spi.security.ConfigurationParameters) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 74 with SimpleCredentials

use of javax.jcr.SimpleCredentials in project jackrabbit-oak by apache.

the class PreAuthTest method testValidSubjectWithCredentials.

@Test
public void testValidSubjectWithCredentials() throws Exception {
    Set<SimpleCredentials> publicCreds = Collections.singleton(new SimpleCredentials("testUserId", new char[0]));
    final Subject subject = new Subject(false, principals, publicCreds, Collections.<Object>emptySet());
    ContentSession cs = Subject.doAsPrivileged(subject, new PrivilegedAction<ContentSession>() {

        @Override
        public ContentSession run() {
            try {
                return login(null);
            } catch (Exception e) {
                return null;
            }
        }
    }, null);
    try {
        AuthInfo authInfo = cs.getAuthInfo();
        assertNotSame(AuthInfo.EMPTY, authInfo);
        assertEquals(principals, authInfo.getPrincipals());
        assertEquals("testUserId", authInfo.getUserID());
    } finally {
        if (cs != null) {
            cs.close();
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) AuthInfo(org.apache.jackrabbit.oak.api.AuthInfo) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) Subject(javax.security.auth.Subject) SystemSubject(org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject) LoginException(javax.security.auth.login.LoginException) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 75 with SimpleCredentials

use of javax.jcr.SimpleCredentials in project jackrabbit-oak by apache.

the class PreAuthTest method testValidReadSubjectWithCredentials.

@Test
public void testValidReadSubjectWithCredentials() throws Exception {
    Set<SimpleCredentials> publicCreds = Collections.singleton(new SimpleCredentials("testUserId", new char[0]));
    final Subject subject = new Subject(true, principals, publicCreds, Collections.<Object>emptySet());
    ContentSession cs = Subject.doAsPrivileged(subject, new PrivilegedAction<ContentSession>() {

        @Override
        public ContentSession run() {
            try {
                return login(null);
            } catch (Exception e) {
                return null;
            }
        }
    }, null);
    try {
        AuthInfo authInfo = cs.getAuthInfo();
        assertNotSame(AuthInfo.EMPTY, authInfo);
        assertEquals(principals, authInfo.getPrincipals());
        assertEquals("testUserId", authInfo.getUserID());
    } finally {
        if (cs != null) {
            cs.close();
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) AuthInfo(org.apache.jackrabbit.oak.api.AuthInfo) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) Subject(javax.security.auth.Subject) SystemSubject(org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject) LoginException(javax.security.auth.login.LoginException) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

SimpleCredentials (javax.jcr.SimpleCredentials)289 Test (org.junit.Test)142 Session (javax.jcr.Session)83 ContentSession (org.apache.jackrabbit.oak.api.ContentSession)60 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)53 User (org.apache.jackrabbit.api.security.user.User)41 Credentials (javax.jcr.Credentials)39 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)35 UserManager (org.apache.jackrabbit.api.security.user.UserManager)34 LoginException (javax.security.auth.login.LoginException)30 Node (javax.jcr.Node)28 RepositoryException (javax.jcr.RepositoryException)25 Principal (java.security.Principal)22 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)21 GuestCredentials (javax.jcr.GuestCredentials)20 LoginException (javax.jcr.LoginException)19 TokenCredentials (org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)19 AuthInfo (org.apache.jackrabbit.oak.api.AuthInfo)18 Before (org.junit.Before)18 ImpersonationCredentials (org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)17