Search in sources :

Example 6 with CredentialExpiredException

use of javax.security.auth.login.CredentialExpiredException in project jackrabbit-oak by apache.

the class ResetExpiredPasswordTest method testChangeWithNonStringAttribute.

@Test
public void testChangeWithNonStringAttribute() throws Exception {
    try {
        authenticate(userId, new Long(1));
        fail("Authentication with non-string attribute should fail.");
    } catch (CredentialExpiredException e) {
    // success
    } finally {
        Tree userTree = root.getTree(getTestUser().getPath());
        assertTrue(PasswordUtil.isSame(userTree.getProperty(UserConstants.REP_PASSWORD).getValue(Type.STRING), userId));
        assertEquals(0, userTree.getChild(UserConstants.REP_PWD).getProperty(UserConstants.REP_PASSWORD_LAST_MODIFIED).getValue(Type.LONG).longValue());
    }
}
Also used : Tree(org.apache.jackrabbit.oak.api.Tree) CredentialExpiredException(javax.security.auth.login.CredentialExpiredException) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 7 with CredentialExpiredException

use of javax.security.auth.login.CredentialExpiredException in project jackrabbit-oak by apache.

the class PasswordExpiryAndForceInitialChangeTest method testAuthenticateMustChangePassword.

@Test
public void testAuthenticateMustChangePassword() throws Exception {
    Authentication a = new UserAuthentication(getUserConfiguration(), root, userId);
    try {
        // the user should need to change the password on first login
        a.authenticate(new SimpleCredentials(userId, userId.toCharArray()));
        fail("Credentials should be expired");
    } catch (CredentialExpiredException e) {
    // success
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) Authentication(org.apache.jackrabbit.oak.spi.security.authentication.Authentication) CredentialExpiredException(javax.security.auth.login.CredentialExpiredException) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 8 with CredentialExpiredException

use of javax.security.auth.login.CredentialExpiredException in project jackrabbit-oak by apache.

the class PasswordExpiryHistoryTest method testAuthenticatePasswordExpiredAndValidationFailure.

@Test
public void testAuthenticatePasswordExpiredAndValidationFailure() throws Exception {
    User user = getTestUser();
    Authentication a = new UserAuthentication(getUserConfiguration(), root, userId);
    // set password last modified to beginning of epoch
    root.getTree(user.getPath()).getChild(UserConstants.REP_PWD).setProperty(UserConstants.REP_PASSWORD_LAST_MODIFIED, 0);
    root.commit();
    try {
        a.authenticate(new SimpleCredentials(userId, userId.toCharArray()));
        fail("Credentials should be expired");
    } catch (CredentialExpiredException e) {
        // success, credentials are expired
        // try to change password to the same one, this should fail due pw history
        SimpleCredentials pwChangeCreds = new SimpleCredentials(userId, userId.toCharArray());
        try {
            pwChangeCreds.setAttribute(UserConstants.CREDENTIALS_ATTRIBUTE_NEWPASSWORD, "2");
            a.authenticate(pwChangeCreds);
            fail("User password changed in spite of expected validation failure");
        } catch (CredentialExpiredException c) {
            // success, pw found in history
            assertNull(pwChangeCreds.getAttribute(PasswordHistoryException.class.getSimpleName()));
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) User(org.apache.jackrabbit.api.security.user.User) Authentication(org.apache.jackrabbit.oak.spi.security.authentication.Authentication) CredentialExpiredException(javax.security.auth.login.CredentialExpiredException) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 9 with CredentialExpiredException

use of javax.security.auth.login.CredentialExpiredException in project jackrabbit-oak by apache.

the class PasswordExpiryHistoryTest method testAuthenticatePasswordExpiredAndSame.

@Test
public void testAuthenticatePasswordExpiredAndSame() throws Exception {
    User user = getTestUser();
    Authentication a = new UserAuthentication(getUserConfiguration(), root, userId);
    // set password last modified to beginning of epoch
    root.getTree(user.getPath()).getChild(UserConstants.REP_PWD).setProperty(UserConstants.REP_PASSWORD_LAST_MODIFIED, 0);
    root.commit();
    try {
        a.authenticate(new SimpleCredentials(userId, userId.toCharArray()));
        fail("Credentials should be expired");
    } catch (CredentialExpiredException e) {
        // success, credentials are expired
        // try to change password to the same one, this should fail due pw history
        SimpleCredentials pwChangeCreds = new SimpleCredentials(userId, userId.toCharArray());
        try {
            pwChangeCreds.setAttribute(UserConstants.CREDENTIALS_ATTRIBUTE_NEWPASSWORD, user.getID());
            a.authenticate(pwChangeCreds);
            fail("User password changed in spite of enabled pw history");
        } catch (CredentialExpiredException c) {
            // success, pw found in history
            Object attr = pwChangeCreds.getAttribute(PasswordHistoryException.class.getSimpleName());
            assertEquals("credentials should contain pw change failure reason", "New password is identical to the current password.", attr);
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) User(org.apache.jackrabbit.api.security.user.User) Authentication(org.apache.jackrabbit.oak.spi.security.authentication.Authentication) CredentialExpiredException(javax.security.auth.login.CredentialExpiredException) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 10 with CredentialExpiredException

use of javax.security.auth.login.CredentialExpiredException in project jackrabbit-oak by apache.

the class PasswordExpiryTest method testAuthenticateBeforePasswordExpired.

@Test
public void testAuthenticateBeforePasswordExpired() throws Exception {
    Authentication a = new UserAuthentication(getUserConfiguration(), root, userId);
    // set password last modified to beginning of epoch
    root.getTree(getTestUser().getPath()).getChild(UserConstants.REP_PWD).setProperty(UserConstants.REP_PASSWORD_LAST_MODIFIED, 0);
    root.commit();
    try {
        a.authenticate(new SimpleCredentials(userId, "wrong".toCharArray()));
    } catch (CredentialExpiredException e) {
        fail("Login should fail before expiry");
    } catch (LoginException e) {
    // success - userId/pw mismatch takes precedence over expiry
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) Authentication(org.apache.jackrabbit.oak.spi.security.authentication.Authentication) LoginException(javax.security.auth.login.LoginException) CredentialExpiredException(javax.security.auth.login.CredentialExpiredException) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

CredentialExpiredException (javax.security.auth.login.CredentialExpiredException)12 SimpleCredentials (javax.jcr.SimpleCredentials)9 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)8 Test (org.junit.Test)8 Authentication (org.apache.jackrabbit.oak.spi.security.authentication.Authentication)7 User (org.apache.jackrabbit.api.security.user.User)4 AccountLockedException (javax.security.auth.login.AccountLockedException)3 AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)3 FailedLoginException (javax.security.auth.login.FailedLoginException)3 LoginException (javax.security.auth.login.LoginException)3 IOException (java.io.IOException)1 Principal (java.security.Principal)1 Credentials (javax.jcr.Credentials)1 GuestCredentials (javax.jcr.GuestCredentials)1 RepositoryException (javax.jcr.RepositoryException)1 Subject (javax.security.auth.Subject)1 AccountExpiredException (javax.security.auth.login.AccountExpiredException)1 Configuration (javax.security.auth.login.Configuration)1 LoginContext (javax.security.auth.login.LoginContext)1 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)1