use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit by apache.
the class DefaultLoginModuleTest method testTokenCredentialsLoginLogout.
public void testTokenCredentialsLoginLogout() throws Exception {
simpleCredentials.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE, "");
try {
// login with simple credentials forcing token creation.
AuthContext ac = getAuthContext(simpleCredentials, DEFAULT_CONFIG);
ac.login();
Subject subject = ac.getSubject();
assertFalse(subject.getPrincipals().isEmpty());
assertFalse(subject.getPublicCredentials().isEmpty());
assertFalse(subject.getPublicCredentials(SimpleCredentials.class).isEmpty());
assertFalse(subject.getPublicCredentials(TokenCredentials.class).isEmpty());
assertEquals(2, subject.getPublicCredentials(Credentials.class).size());
TokenCredentials tokenCredentials = subject.getPublicCredentials(TokenCredentials.class).iterator().next();
ac.logout();
// second login with token credentials
ac = getAuthContext(tokenCredentials, DEFAULT_CONFIG);
ac.login();
subject = ac.getSubject();
assertFalse(subject.getPrincipals().isEmpty());
assertFalse(subject.getPublicCredentials().isEmpty());
assertFalse(subject.getPublicCredentials(SimpleCredentials.class).isEmpty());
assertFalse(subject.getPublicCredentials(TokenCredentials.class).isEmpty());
assertEquals(2, subject.getPublicCredentials(Credentials.class).size());
ac.logout();
assertTrue(subject.getPrincipals().isEmpty());
assertTrue(subject.getPublicCredentials().isEmpty());
assertTrue(subject.getPublicCredentials(SimpleCredentials.class).isEmpty());
assertTrue(subject.getPublicCredentials(TokenCredentials.class).isEmpty());
} finally {
simpleCredentials.removeAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE);
}
}
use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit by apache.
the class DefaultLoginModuleTest method testDisabledTokenCredentials2.
public void testDisabledTokenCredentials2() throws Exception {
simpleCredentials.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE, "");
try {
AuthContext ac = getAuthContext(simpleCredentials, DEFAULT_CONFIG);
ac.login();
Subject subj = ac.getSubject();
assertFalse(subj.getPublicCredentials(SimpleCredentials.class).isEmpty());
assertFalse(subj.getPublicCredentials(TokenCredentials.class).isEmpty());
TokenCredentials tokenCredentials = subj.getPublicCredentials(TokenCredentials.class).iterator().next();
ac.logout();
// test login with token credentials
ac = getAuthContext(tokenCredentials, DEFAULT_CONFIG);
ac.login();
ac.logout();
// test login with token credentials if token-auth is disabled.
try {
ac = getAuthContext(tokenCredentials, DISABLE_TOKEN_CONFIG);
ac.login();
ac.logout();
fail();
} catch (LoginException e) {
// success
}
} finally {
simpleCredentials.removeAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE);
}
}
use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit by apache.
the class TokenBasedLoginTest method testConcurrentLoginOfDifferentUsers.
/**
* Tests concurrent login of 3 different users on the Repository including
* token creation.
* Test copied and slightly adjusted from org.apache.jackrabbit.core.ConcurrentLoginTest
*/
public void testConcurrentLoginOfDifferentUsers() throws RepositoryException, NotExecutableException {
final Exception[] exception = new Exception[1];
List<Thread> testRunner = new ArrayList<Thread>();
for (int i = 0; i < 10; i++) {
testRunner.add(new Thread(new Runnable() {
public void run() {
for (int i = 0; i < 100; i++) {
try {
SimpleCredentials c;
double rand = 3 * Math.random();
int index = (int) Math.floor(rand);
switch(index) {
case 0:
c = new SimpleCredentials(testuser.getID(), testuser.getID().toCharArray());
break;
case 1:
c = new SimpleCredentials(getHelper().getProperty(RepositoryStub.PROP_PREFIX + "." + RepositoryStub.PROP_SUPERUSER_NAME), getHelper().getProperty(RepositoryStub.PROP_PREFIX + "." + RepositoryStub.PROP_SUPERUSER_PWD).toCharArray());
break;
default:
c = new SimpleCredentials(getHelper().getProperty(RepositoryStub.PROP_PREFIX + "." + RepositoryStub.PROP_READONLY_NAME), getHelper().getProperty(RepositoryStub.PROP_PREFIX + "." + RepositoryStub.PROP_READONLY_PWD).toCharArray());
break;
}
c.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE, "");
Session s = getHelper().getRepository().login(c);
try {
Set<TokenCredentials> tcs = ((SessionImpl) s).getSubject().getPublicCredentials(TokenCredentials.class);
assertFalse(tcs.isEmpty());
} finally {
s.logout();
}
} catch (Exception e) {
exception[0] = e;
break;
}
}
}
}));
}
// start threads
for (Object aTestRunner : testRunner) {
((Thread) aTestRunner).start();
}
// join threads
for (Object aTestRunner : testRunner) {
try {
((Thread) aTestRunner).join();
} catch (InterruptedException e) {
fail(e.toString());
}
}
if (exception[0] != null) {
fail(exception[0].toString());
}
}
use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit by apache.
the class CompatTokenProvider method createToken.
/**
* Create a separate token node underneath a dedicated token store within
* the user home node. That token node contains the hashed token, the
* expiration time and additional mandatory attributes that will be verified
* during login.
*
* @param user
* @param sc The current simple credentials.
* @return A new {@code TokenInfo} or {@code null} if the token could not
* be created.
*/
public TokenInfo createToken(User user, SimpleCredentials sc) throws RepositoryException {
String userPath = null;
Principal pr = user.getPrincipal();
if (pr instanceof ItemBasedPrincipal) {
userPath = ((ItemBasedPrincipal) pr).getPath();
}
TokenCredentials tokenCredentials;
if (userPath != null && session.nodeExists(userPath)) {
Node userNode = session.getNode(userPath);
Node tokenParent;
if (!userNode.hasNode(TOKENS_NODE_NAME)) {
userNode.addNode(TOKENS_NODE_NAME, TOKENS_NT_NAME);
try {
session.save();
} catch (RepositoryException e) {
// may happen when .tokens node is created concurrently
session.refresh(false);
}
}
tokenParent = userNode.getNode(TOKENS_NODE_NAME);
long creationTime = new Date().getTime();
long expirationTime = creationTime + tokenExpiration;
Calendar cal = GregorianCalendar.getInstance();
cal.setTimeInMillis(creationTime);
// generate key part of the login token
String key = generateKey(8);
// create the token node
String tokenName = Text.replace(ISO8601.format(cal), ":", ".");
Node tokenNode;
// avoid usage of sequential nodeIDs
if (System.getProperty(NodeIdFactory.SEQUENTIAL_NODE_ID) == null) {
tokenNode = tokenParent.addNode(tokenName);
} else {
tokenNode = ((NodeImpl) tokenParent).addNodeWithUuid(tokenName, NodeId.randomId().toString());
}
StringBuilder sb = new StringBuilder(tokenNode.getIdentifier());
sb.append(DELIM).append(key);
String token = sb.toString();
tokenCredentials = new TokenCredentials(token);
sc.setAttribute(TOKEN_ATTRIBUTE, token);
// add key property
tokenNode.setProperty(TOKEN_ATTRIBUTE_KEY, getDigestedKey(key));
// add expiration time property
cal.setTimeInMillis(expirationTime);
tokenNode.setProperty(TOKEN_ATTRIBUTE_EXPIRY, session.getValueFactory().createValue(cal));
// add additional attributes passed in by the credentials.
for (String name : sc.getAttributeNames()) {
if (!TOKEN_ATTRIBUTE.equals(name)) {
String value = sc.getAttribute(name).toString();
tokenNode.setProperty(name, value);
tokenCredentials.setAttribute(name, value);
}
}
session.save();
return new CompatModeInfo(token, tokenNode);
} else {
throw new RepositoryException("Cannot create login token: No corresponding node for User " + user.getID() + " in workspace '" + session.getWorkspace().getName() + "'.");
}
}
use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit by apache.
the class TokenBasedAuthenticationTest method testAttributes.
public void testAttributes() throws RepositoryException {
TokenBasedAuthentication auth = createAuthentication();
assertFalse(auth.authenticate(new TokenCredentials(token)));
TokenCredentials tc = new TokenCredentials(token);
tc.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE + ".any", "wrong");
assertFalse(auth.authenticate(tc));
tc = new TokenCredentials(token);
tc.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE + ".any", "correct");
assertTrue(auth.authenticate(tokenCreds));
}
Aggregations