Search in sources :

Example 16 with TokenCredentials

use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit by apache.

the class TokenBasedAuthenticationTest method testUpdateAttributes.

public void testUpdateAttributes() throws RepositoryException {
    // token credentials must be updated to contain the additional attribute
    // present on the token node.
    TokenBasedAuthentication auth = createAuthentication();
    TokenCredentials tc = new TokenCredentials(token);
    tc.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE + ".any", "correct");
    assertTrue(auth.authenticate(tc));
    assertEquals("value", tc.getAttribute("informative"));
    // additional informative property present on credentials upon subsequent
    // authentication -> the node must not be updated
    auth = createAuthentication();
    tc.setAttribute("informative2", "value2");
    assertTrue(auth.authenticate(tc));
    assertFalse(tokenNode.hasProperty("informative2"));
    // modified informative property present on credentials upon subsequent
    // authentication -> the node must not be updated
    auth = createAuthentication();
    tc.setAttribute("informative", "otherValue");
    assertTrue(auth.authenticate(tc));
    assertTrue(tokenNode.hasProperty("informative"));
    assertEquals("value", tokenNode.getProperty("informative").getString());
    // additional mandatory property on the credentials upon subsequent
    // authentication -> must be ignored
    auth = createAuthentication();
    tc.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE + ".toIgnore", "ignore");
    assertTrue(auth.authenticate(tokenCreds));
    assertFalse(tokenNode.hasProperty(TokenBasedAuthentication.TOKEN_ATTRIBUTE + ".toIgnore"));
}
Also used : TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)

Example 17 with TokenCredentials

use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit-oak by apache.

the class TokenLoginModule method commit.

@Override
public boolean commit() throws LoginException {
    if (tokenCredentials != null && userId != null) {
        Set<? extends Principal> principals = (principal != null) ? getPrincipals(principal) : getPrincipals(userId);
        updateSubject(tokenCredentials, getAuthInfo(tokenInfo, principals), principals);
        return true;
    }
    try {
        if (tokenProvider != null && sharedState.containsKey(SHARED_KEY_CREDENTIALS)) {
            Credentials shared = getSharedCredentials();
            if (shared != null && tokenProvider.doCreateToken(shared)) {
                Root r = getRoot();
                if (r != null) {
                    // refresh root, in case the external login module created users
                    r.refresh();
                }
                TokenInfo ti = tokenProvider.createToken(shared);
                if (ti != null) {
                    TokenCredentials tc = new TokenCredentials(ti.getToken());
                    Map<String, String> attributes = ti.getPrivateAttributes();
                    for (String name : attributes.keySet()) {
                        tc.setAttribute(name, attributes.get(name));
                    }
                    attributes = ti.getPublicAttributes();
                    for (String name : attributes.keySet()) {
                        tc.setAttribute(name, attributes.get(name));
                    }
                    sharedState.put(SHARED_KEY_ATTRIBUTES, attributes);
                    updateSubject(tc, null, null);
                } else {
                    // failed to create token -> fail commit()
                    Object logId = (userId != null) ? userId : sharedState.get(SHARED_KEY_LOGIN_NAME);
                    log.debug("TokenProvider failed to create a login token for user " + logId);
                    throw new LoginException("Failed to create login token for user " + logId);
                }
            }
        }
    } finally {
        // the login attempt on this module did not succeed: clear state
        clearState();
    }
    return false;
}
Also used : Root(org.apache.jackrabbit.oak.api.Root) LoginException(javax.security.auth.login.LoginException) TokenInfo(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials) Credentials(javax.jcr.Credentials) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)

Example 18 with TokenCredentials

use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit-oak by apache.

the class TokenExternalLoginModuleTest method testTokenLogin.

@Test
public void testTokenLogin() throws Exception {
    Credentials creds = createTestCredentials();
    assertTrue(credentialsSupport.setAttributes(creds, ImmutableMap.<String, Object>of(".token", "")));
    String expectedUserId = credentialsSupport.getUserId(creds);
    ContentSession cs = login(creds);
    try {
        String token = credentialsSupport.getAttributes(creds).get(".token").toString();
        cs.close();
        cs = login(new TokenCredentials(token));
        assertEquals(expectedUserId, cs.getAuthInfo().getUserID());
    } finally {
        cs.close();
    }
}
Also used : ContentSession(org.apache.jackrabbit.oak.api.ContentSession) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials) Credentials(javax.jcr.Credentials) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials) Test(org.junit.Test)

Example 19 with TokenCredentials

use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit-oak by apache.

the class Jackrabbit2ConfigurationTest method testTokenCreationAndImpersonation.

@Test
public void testTokenCreationAndImpersonation() throws Exception {
    ContentSession cs = null;
    try {
        SimpleCredentials sc = (SimpleCredentials) getAdminCredentials();
        sc.setAttribute(".token", "");
        ImpersonationCredentials ic = new ImpersonationCredentials(sc, new AuthInfoImpl(((SimpleCredentials) getAdminCredentials()).getUserID(), Collections.<String, Object>emptyMap(), Collections.<Principal>emptySet()));
        cs = login(ic);
        Object token = sc.getAttribute(".token").toString();
        assertNotNull(token);
        TokenCredentials tc = new TokenCredentials(token.toString());
        cs.close();
        cs = login(tc);
    } finally {
        if (cs != null) {
            cs.close();
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) AuthInfoImpl(org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl) ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) Principal(java.security.Principal) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 20 with TokenCredentials

use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit-oak by apache.

the class Jackrabbit2ConfigurationTest method testTokenCreationAndLogin.

@Test
public void testTokenCreationAndLogin() throws Exception {
    ContentSession cs = null;
    try {
        SimpleCredentials sc = (SimpleCredentials) getAdminCredentials();
        sc.setAttribute(".token", "");
        cs = login(sc);
        Object token = sc.getAttribute(".token").toString();
        assertNotNull(token);
        TokenCredentials tc = new TokenCredentials(token.toString());
        cs.close();
        cs = login(tc);
    } finally {
        if (cs != null) {
            cs.close();
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

TokenCredentials (org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)38 Test (org.junit.Test)23 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)17 SimpleCredentials (javax.jcr.SimpleCredentials)16 TokenInfo (org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo)12 LoginException (javax.security.auth.login.LoginException)9 ContentSession (org.apache.jackrabbit.oak.api.ContentSession)9 Credentials (javax.jcr.Credentials)7 RepositoryException (javax.jcr.RepositoryException)6 Session (javax.jcr.Session)6 ArrayList (java.util.ArrayList)5 LoginException (javax.jcr.LoginException)5 GuestCredentials (javax.jcr.GuestCredentials)4 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)4 Root (org.apache.jackrabbit.oak.api.Root)4 TokenProvider (org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider)4 Subject (javax.security.auth.Subject)3 ImpersonationCredentials (org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)3 TokenConfiguration (org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration)3 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)3