Search in sources :

Example 31 with TokenCredentials

use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit-oak by apache.

the class AbstractLoginTest method buildCredentials.

private Credentials buildCredentials(Repository repository, Credentials credentials) throws RepositoryException {
    Credentials creds;
    if ("admin".equals(runAsUser)) {
        creds = credentials;
    } else if ("anonymous".equals(runAsUser)) {
        creds = new GuestCredentials();
    } else {
        creds = new SimpleCredentials(USER, USER.toCharArray());
    }
    if (runWithToken) {
        Configuration.setConfiguration(ConfigurationUtil.getJackrabbit2Configuration(ConfigurationParameters.EMPTY));
        if (creds instanceof SimpleCredentials) {
            SimpleCredentials sc = (SimpleCredentials) creds;
            sc.setAttribute(".token", "");
            repository.login(sc).logout();
            creds = new TokenCredentials(sc.getAttribute(".token").toString());
        } else {
            throw new UnsupportedOperationException();
        }
    }
    return creds;
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) GuestCredentials(javax.jcr.GuestCredentials) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials) SimpleCredentials(javax.jcr.SimpleCredentials) Credentials(javax.jcr.Credentials) GuestCredentials(javax.jcr.GuestCredentials) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)

Example 32 with TokenCredentials

use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit-oak by apache.

the class TokenProviderImplTest method testTokenValidationIsCaseInsensitive.

/**
 * @see <a href="https://issues.apache.org/jira/browse/OAK-1985">OAK-1985</a>
 */
@Test
public void testTokenValidationIsCaseInsensitive() throws Exception {
    Root root = adminSession.getLatestRoot();
    TokenConfiguration tokenConfig = getSecurityProvider().getConfiguration(TokenConfiguration.class);
    TokenProvider tp = tokenConfig.getTokenProvider(root);
    String userId = ((SimpleCredentials) getAdminCredentials()).getUserID();
    TokenInfo info = tp.createToken(userId.toUpperCase(), Collections.<String, Object>emptyMap());
    assertTrue(info.matches(new TokenCredentials(info.getToken())));
    assertEquals(userId, info.getUserId());
    info = tp.getTokenInfo(info.getToken());
    assertTrue(info.matches(new TokenCredentials(info.getToken())));
    assertEquals(userId, info.getUserId());
}
Also used : TokenConfiguration(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration) TokenProvider(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider) SimpleCredentials(javax.jcr.SimpleCredentials) Root(org.apache.jackrabbit.oak.api.Root) TokenInfo(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials) Test(org.junit.Test)

Example 33 with TokenCredentials

use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit by apache.

the class RepositoryImpl method login.

// -----------------------------------------------------------< Repository >
/**
 * {@inheritDoc}
 */
public Session login(Credentials credentials, String workspaceName) throws LoginException, NoSuchWorkspaceException, RepositoryException {
    try {
        shutdownLock.readLock().acquire();
    } catch (InterruptedException e) {
        throw new RepositoryException("Login lock could not be acquired", e);
    }
    try {
        // check sanity of this instance
        sanityCheck();
        if (workspaceName == null) {
            workspaceName = repConfig.getDefaultWorkspaceName();
        }
        // check if workspace exists (will throw NoSuchWorkspaceException if not)
        getWorkspaceInfo(workspaceName);
        if (credentials == null) {
            // try to obtain the identity of the already authenticated
            // subject from access control context
            Session session = extendAuthentication(workspaceName);
            if (session != null) {
                // successful extended authentication
                return session;
            } else {
                log.debug("Attempt to login without Credentials and Subject -> try login with null credentials.");
            }
        }
        // not preauthenticated -> try login with credentials
        AuthContext authCtx = context.getSecurityManager().getAuthContext(credentials, new Subject(), workspaceName);
        authCtx.login();
        // create session, and add SimpleCredentials attributes (JCR-1932)
        SessionImpl session = createSession(authCtx, workspaceName);
        if (credentials instanceof SimpleCredentials) {
            SimpleCredentials sc = (SimpleCredentials) credentials;
            for (String name : sc.getAttributeNames()) {
                if (!TokenBasedAuthentication.isMandatoryAttribute(name)) {
                    session.setAttribute(name, sc.getAttribute(name));
                }
            }
        }
        Set<TokenCredentials> tokenCreds = session.getSubject().getPublicCredentials(TokenCredentials.class);
        if (!tokenCreds.isEmpty()) {
            TokenCredentials tc = tokenCreds.iterator().next();
            for (String name : tc.getAttributeNames()) {
                if (!TokenBasedAuthentication.isMandatoryAttribute(name)) {
                    session.setAttribute(name, tc.getAttribute(name));
                }
            }
        }
        log.debug("User {} logged in to workspace {}", session.getUserID(), workspaceName);
        return session;
    } catch (SecurityException se) {
        throw new LoginException("Unable to access authentication information", se);
    } catch (javax.security.auth.login.LoginException le) {
        throw new LoginException(le.getMessage(), le);
    } catch (AccessDeniedException ade) {
        // authenticated subject is not authorized for the specified workspace
        throw new LoginException("Workspace access denied", ade);
    } finally {
        shutdownLock.readLock().release();
    }
}
Also used : AccessDeniedException(javax.jcr.AccessDeniedException) AuthContext(org.apache.jackrabbit.core.security.authentication.AuthContext) RepositoryException(javax.jcr.RepositoryException) Subject(javax.security.auth.Subject) SimpleCredentials(javax.jcr.SimpleCredentials) LoginException(javax.jcr.LoginException) Session(javax.jcr.Session) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)

Example 34 with TokenCredentials

use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit by apache.

the class DefaultLoginModule method commit.

// --------------------------------------------------------< LoginModule >---
/**
 * @see javax.security.auth.spi.LoginModule#commit()
 */
@Override
public boolean commit() throws LoginException {
    boolean success = super.commit();
    if (success && !disableTokenAuth) {
        if (TokenBasedAuthentication.doCreateToken(credentials)) {
            Session s = null;
            try {
                /*
                    use a different session instance to create the token
                    node in order to prevent concurrent modifications with
                    the shared system session.
                    */
                s = session.createSession(session.getWorkspace().getName());
                Credentials tc = TokenBasedAuthentication.createToken(user, credentials, tokenExpiration, s);
                if (tc != null) {
                    subject.getPublicCredentials().add(tc);
                }
            } catch (RepositoryException e) {
                LoginException le = new LoginException("Failed to commit: " + e.getMessage());
                le.initCause(e);
                throw le;
            } finally {
                if (s != null) {
                    s.logout();
                }
            }
        } else if (tokenCredentials != null) {
            subject.getPublicCredentials().add(tokenCredentials);
        }
    }
    return success;
}
Also used : LoginException(javax.security.auth.login.LoginException) FailedLoginException(javax.security.auth.login.FailedLoginException) RepositoryException(javax.jcr.RepositoryException) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials) Credentials(javax.jcr.Credentials) Session(javax.jcr.Session)

Example 35 with TokenCredentials

use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit by apache.

the class TokenBasedAuthenticationCompatTest method setUp.

@Override
protected void setUp() throws Exception {
    super.setUp();
    System.setProperty(TokenBasedAuthentication.PARAM_COMPAT, Boolean.TRUE.toString());
    adminSession = (SessionImpl) getHelper().getSuperuserSession("security");
    testUser = adminSession.getUserManager().createUser(UUID.randomUUID().toString(), "pw");
    adminSession.save();
    SimpleCredentials sc = new SimpleCredentials(testUser.getID(), "pw".toCharArray());
    sc.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE, "");
    CompatTokenProvider tp = new CompatTokenProvider(adminSession, TokenBasedAuthentication.TOKEN_EXPIRATION);
    TokenInfo ti = tp.createToken(testUser, sc);
    tokenNode = CompatTokenProvider.getTokenNode(ti.getToken(), adminSession);
    token = ti.getToken();
    nullTokenAuth = new TokenBasedAuthentication(null, -1, adminSession);
    validTokenAuth = new TokenBasedAuthentication(token, 7200, adminSession);
    tokenCreds = new TokenCredentials(token);
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)

Aggregations

TokenCredentials (org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)38 Test (org.junit.Test)23 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)17 SimpleCredentials (javax.jcr.SimpleCredentials)16 TokenInfo (org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo)12 LoginException (javax.security.auth.login.LoginException)9 ContentSession (org.apache.jackrabbit.oak.api.ContentSession)9 Credentials (javax.jcr.Credentials)7 RepositoryException (javax.jcr.RepositoryException)6 Session (javax.jcr.Session)6 ArrayList (java.util.ArrayList)5 LoginException (javax.jcr.LoginException)5 GuestCredentials (javax.jcr.GuestCredentials)4 JackrabbitSession (org.apache.jackrabbit.api.JackrabbitSession)4 Root (org.apache.jackrabbit.oak.api.Root)4 TokenProvider (org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider)4 Subject (javax.security.auth.Subject)3 ImpersonationCredentials (org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)3 TokenConfiguration (org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration)3 NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)3