Search in sources :

Example 11 with TokenCredentials

use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit by apache.

the class DefaultLoginModuleTest method testTokenCredentialsLoginLogout.

public void testTokenCredentialsLoginLogout() throws Exception {
    simpleCredentials.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE, "");
    try {
        // login with simple credentials forcing token creation.
        AuthContext ac = getAuthContext(simpleCredentials, DEFAULT_CONFIG);
        ac.login();
        Subject subject = ac.getSubject();
        assertFalse(subject.getPrincipals().isEmpty());
        assertFalse(subject.getPublicCredentials().isEmpty());
        assertFalse(subject.getPublicCredentials(SimpleCredentials.class).isEmpty());
        assertFalse(subject.getPublicCredentials(TokenCredentials.class).isEmpty());
        assertEquals(2, subject.getPublicCredentials(Credentials.class).size());
        TokenCredentials tokenCredentials = subject.getPublicCredentials(TokenCredentials.class).iterator().next();
        ac.logout();
        // second login with token credentials
        ac = getAuthContext(tokenCredentials, DEFAULT_CONFIG);
        ac.login();
        subject = ac.getSubject();
        assertFalse(subject.getPrincipals().isEmpty());
        assertFalse(subject.getPublicCredentials().isEmpty());
        assertFalse(subject.getPublicCredentials(SimpleCredentials.class).isEmpty());
        assertFalse(subject.getPublicCredentials(TokenCredentials.class).isEmpty());
        assertEquals(2, subject.getPublicCredentials(Credentials.class).size());
        ac.logout();
        assertTrue(subject.getPrincipals().isEmpty());
        assertTrue(subject.getPublicCredentials().isEmpty());
        assertTrue(subject.getPublicCredentials(SimpleCredentials.class).isEmpty());
        assertTrue(subject.getPublicCredentials(TokenCredentials.class).isEmpty());
    } finally {
        simpleCredentials.removeAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE);
    }
}
Also used : Subject(javax.security.auth.Subject) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)

Example 12 with TokenCredentials

use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit by apache.

the class DefaultLoginModuleTest method testDisabledTokenCredentials2.

public void testDisabledTokenCredentials2() throws Exception {
    simpleCredentials.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE, "");
    try {
        AuthContext ac = getAuthContext(simpleCredentials, DEFAULT_CONFIG);
        ac.login();
        Subject subj = ac.getSubject();
        assertFalse(subj.getPublicCredentials(SimpleCredentials.class).isEmpty());
        assertFalse(subj.getPublicCredentials(TokenCredentials.class).isEmpty());
        TokenCredentials tokenCredentials = subj.getPublicCredentials(TokenCredentials.class).iterator().next();
        ac.logout();
        // test login with token credentials
        ac = getAuthContext(tokenCredentials, DEFAULT_CONFIG);
        ac.login();
        ac.logout();
        // test login with token credentials if token-auth is disabled.
        try {
            ac = getAuthContext(tokenCredentials, DISABLE_TOKEN_CONFIG);
            ac.login();
            ac.logout();
            fail();
        } catch (LoginException e) {
        // success
        }
    } finally {
        simpleCredentials.removeAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE);
    }
}
Also used : LoginException(javax.security.auth.login.LoginException) Subject(javax.security.auth.Subject) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)

Example 13 with TokenCredentials

use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit by apache.

the class TokenBasedLoginTest method testConcurrentLoginOfDifferentUsers.

/**
 * Tests concurrent login of 3 different users on the Repository including
 * token creation.
 * Test copied and slightly adjusted from org.apache.jackrabbit.core.ConcurrentLoginTest
 */
public void testConcurrentLoginOfDifferentUsers() throws RepositoryException, NotExecutableException {
    final Exception[] exception = new Exception[1];
    List<Thread> testRunner = new ArrayList<Thread>();
    for (int i = 0; i < 10; i++) {
        testRunner.add(new Thread(new Runnable() {

            public void run() {
                for (int i = 0; i < 100; i++) {
                    try {
                        SimpleCredentials c;
                        double rand = 3 * Math.random();
                        int index = (int) Math.floor(rand);
                        switch(index) {
                            case 0:
                                c = new SimpleCredentials(testuser.getID(), testuser.getID().toCharArray());
                                break;
                            case 1:
                                c = new SimpleCredentials(getHelper().getProperty(RepositoryStub.PROP_PREFIX + "." + RepositoryStub.PROP_SUPERUSER_NAME), getHelper().getProperty(RepositoryStub.PROP_PREFIX + "." + RepositoryStub.PROP_SUPERUSER_PWD).toCharArray());
                                break;
                            default:
                                c = new SimpleCredentials(getHelper().getProperty(RepositoryStub.PROP_PREFIX + "." + RepositoryStub.PROP_READONLY_NAME), getHelper().getProperty(RepositoryStub.PROP_PREFIX + "." + RepositoryStub.PROP_READONLY_PWD).toCharArray());
                                break;
                        }
                        c.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE, "");
                        Session s = getHelper().getRepository().login(c);
                        try {
                            Set<TokenCredentials> tcs = ((SessionImpl) s).getSubject().getPublicCredentials(TokenCredentials.class);
                            assertFalse(tcs.isEmpty());
                        } finally {
                            s.logout();
                        }
                    } catch (Exception e) {
                        exception[0] = e;
                        break;
                    }
                }
            }
        }));
    }
    // start threads
    for (Object aTestRunner : testRunner) {
        ((Thread) aTestRunner).start();
    }
    // join threads
    for (Object aTestRunner : testRunner) {
        try {
            ((Thread) aTestRunner).join();
        } catch (InterruptedException e) {
            fail(e.toString());
        }
    }
    if (exception[0] != null) {
        fail(exception[0].toString());
    }
}
Also used : ArrayList(java.util.ArrayList) LoginException(javax.jcr.LoginException) RepositoryException(javax.jcr.RepositoryException) NotExecutableException(org.apache.jackrabbit.test.NotExecutableException) SimpleCredentials(javax.jcr.SimpleCredentials) Session(javax.jcr.Session) JackrabbitSession(org.apache.jackrabbit.api.JackrabbitSession) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)

Example 14 with TokenCredentials

use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit by apache.

the class CompatTokenProvider method createToken.

/**
 * Create a separate token node underneath a dedicated token store within
 * the user home node. That token node contains the hashed token, the
 * expiration time and additional mandatory attributes that will be verified
 * during login.
 *
 * @param user
 * @param sc The current simple credentials.
 * @return A new {@code TokenInfo} or {@code null} if the token could not
 *         be created.
 */
public TokenInfo createToken(User user, SimpleCredentials sc) throws RepositoryException {
    String userPath = null;
    Principal pr = user.getPrincipal();
    if (pr instanceof ItemBasedPrincipal) {
        userPath = ((ItemBasedPrincipal) pr).getPath();
    }
    TokenCredentials tokenCredentials;
    if (userPath != null && session.nodeExists(userPath)) {
        Node userNode = session.getNode(userPath);
        Node tokenParent;
        if (!userNode.hasNode(TOKENS_NODE_NAME)) {
            userNode.addNode(TOKENS_NODE_NAME, TOKENS_NT_NAME);
            try {
                session.save();
            } catch (RepositoryException e) {
                // may happen when .tokens node is created concurrently
                session.refresh(false);
            }
        }
        tokenParent = userNode.getNode(TOKENS_NODE_NAME);
        long creationTime = new Date().getTime();
        long expirationTime = creationTime + tokenExpiration;
        Calendar cal = GregorianCalendar.getInstance();
        cal.setTimeInMillis(creationTime);
        // generate key part of the login token
        String key = generateKey(8);
        // create the token node
        String tokenName = Text.replace(ISO8601.format(cal), ":", ".");
        Node tokenNode;
        // avoid usage of sequential nodeIDs
        if (System.getProperty(NodeIdFactory.SEQUENTIAL_NODE_ID) == null) {
            tokenNode = tokenParent.addNode(tokenName);
        } else {
            tokenNode = ((NodeImpl) tokenParent).addNodeWithUuid(tokenName, NodeId.randomId().toString());
        }
        StringBuilder sb = new StringBuilder(tokenNode.getIdentifier());
        sb.append(DELIM).append(key);
        String token = sb.toString();
        tokenCredentials = new TokenCredentials(token);
        sc.setAttribute(TOKEN_ATTRIBUTE, token);
        // add key property
        tokenNode.setProperty(TOKEN_ATTRIBUTE_KEY, getDigestedKey(key));
        // add expiration time property
        cal.setTimeInMillis(expirationTime);
        tokenNode.setProperty(TOKEN_ATTRIBUTE_EXPIRY, session.getValueFactory().createValue(cal));
        // add additional attributes passed in by the credentials.
        for (String name : sc.getAttributeNames()) {
            if (!TOKEN_ATTRIBUTE.equals(name)) {
                String value = sc.getAttribute(name).toString();
                tokenNode.setProperty(name, value);
                tokenCredentials.setAttribute(name, value);
            }
        }
        session.save();
        return new CompatModeInfo(token, tokenNode);
    } else {
        throw new RepositoryException("Cannot create login token: No corresponding node for User " + user.getID() + " in workspace '" + session.getWorkspace().getName() + "'.");
    }
}
Also used : Node(javax.jcr.Node) Calendar(java.util.Calendar) GregorianCalendar(java.util.GregorianCalendar) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) RepositoryException(javax.jcr.RepositoryException) ItemBasedPrincipal(org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal) Principal(java.security.Principal) Date(java.util.Date) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)

Example 15 with TokenCredentials

use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit by apache.

the class TokenBasedAuthenticationTest method testAttributes.

public void testAttributes() throws RepositoryException {
    TokenBasedAuthentication auth = createAuthentication();
    assertFalse(auth.authenticate(new TokenCredentials(token)));
    TokenCredentials tc = new TokenCredentials(token);
    tc.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE + ".any", "wrong");
    assertFalse(auth.authenticate(tc));
    tc = new TokenCredentials(token);
    tc.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE + ".any", "correct");
    assertTrue(auth.authenticate(tokenCreds));
}
Also used : TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)

Aggregations

TokenCredentials (org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)38 Test (org.junit.Test)23 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)17 SimpleCredentials (javax.jcr.SimpleCredentials)16 TokenInfo (org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo)12 LoginException (javax.security.auth.login.LoginException)9 ContentSession (org.apache.jackrabbit.oak.api.ContentSession)9 Credentials (javax.jcr.Credentials)7 RepositoryException (javax.jcr.RepositoryException)6 Session (javax.jcr.Session)6 ArrayList (java.util.ArrayList)5 LoginException (javax.jcr.LoginException)5 GuestCredentials (javax.jcr.GuestCredentials)4 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)4 Root (org.apache.jackrabbit.oak.api.Root)4 TokenProvider (org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider)4 Subject (javax.security.auth.Subject)3 ImpersonationCredentials (org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)3 TokenConfiguration (org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration)3 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)3