use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit-oak by apache.
the class AbstractLoginTest method buildCredentials.
private Credentials buildCredentials(Repository repository, Credentials credentials) throws RepositoryException {
Credentials creds;
if ("admin".equals(runAsUser)) {
creds = credentials;
} else if ("anonymous".equals(runAsUser)) {
creds = new GuestCredentials();
} else {
creds = new SimpleCredentials(USER, USER.toCharArray());
}
if (runWithToken) {
Configuration.setConfiguration(ConfigurationUtil.getJackrabbit2Configuration(ConfigurationParameters.EMPTY));
if (creds instanceof SimpleCredentials) {
SimpleCredentials sc = (SimpleCredentials) creds;
sc.setAttribute(".token", "");
repository.login(sc).logout();
creds = new TokenCredentials(sc.getAttribute(".token").toString());
} else {
throw new UnsupportedOperationException();
}
}
return creds;
}
use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit-oak by apache.
the class TokenProviderImplTest method testTokenValidationIsCaseInsensitive.
/**
* @see <a href="https://issues.apache.org/jira/browse/OAK-1985">OAK-1985</a>
*/
@Test
public void testTokenValidationIsCaseInsensitive() throws Exception {
Root root = adminSession.getLatestRoot();
TokenConfiguration tokenConfig = getSecurityProvider().getConfiguration(TokenConfiguration.class);
TokenProvider tp = tokenConfig.getTokenProvider(root);
String userId = ((SimpleCredentials) getAdminCredentials()).getUserID();
TokenInfo info = tp.createToken(userId.toUpperCase(), Collections.<String, Object>emptyMap());
assertTrue(info.matches(new TokenCredentials(info.getToken())));
assertEquals(userId, info.getUserId());
info = tp.getTokenInfo(info.getToken());
assertTrue(info.matches(new TokenCredentials(info.getToken())));
assertEquals(userId, info.getUserId());
}
use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit by apache.
the class RepositoryImpl method login.
// -----------------------------------------------------------< Repository >
/**
* {@inheritDoc}
*/
public Session login(Credentials credentials, String workspaceName) throws LoginException, NoSuchWorkspaceException, RepositoryException {
try {
shutdownLock.readLock().acquire();
} catch (InterruptedException e) {
throw new RepositoryException("Login lock could not be acquired", e);
}
try {
// check sanity of this instance
sanityCheck();
if (workspaceName == null) {
workspaceName = repConfig.getDefaultWorkspaceName();
}
// check if workspace exists (will throw NoSuchWorkspaceException if not)
getWorkspaceInfo(workspaceName);
if (credentials == null) {
// try to obtain the identity of the already authenticated
// subject from access control context
Session session = extendAuthentication(workspaceName);
if (session != null) {
// successful extended authentication
return session;
} else {
log.debug("Attempt to login without Credentials and Subject -> try login with null credentials.");
}
}
// not preauthenticated -> try login with credentials
AuthContext authCtx = context.getSecurityManager().getAuthContext(credentials, new Subject(), workspaceName);
authCtx.login();
// create session, and add SimpleCredentials attributes (JCR-1932)
SessionImpl session = createSession(authCtx, workspaceName);
if (credentials instanceof SimpleCredentials) {
SimpleCredentials sc = (SimpleCredentials) credentials;
for (String name : sc.getAttributeNames()) {
if (!TokenBasedAuthentication.isMandatoryAttribute(name)) {
session.setAttribute(name, sc.getAttribute(name));
}
}
}
Set<TokenCredentials> tokenCreds = session.getSubject().getPublicCredentials(TokenCredentials.class);
if (!tokenCreds.isEmpty()) {
TokenCredentials tc = tokenCreds.iterator().next();
for (String name : tc.getAttributeNames()) {
if (!TokenBasedAuthentication.isMandatoryAttribute(name)) {
session.setAttribute(name, tc.getAttribute(name));
}
}
}
log.debug("User {} logged in to workspace {}", session.getUserID(), workspaceName);
return session;
} catch (SecurityException se) {
throw new LoginException("Unable to access authentication information", se);
} catch (javax.security.auth.login.LoginException le) {
throw new LoginException(le.getMessage(), le);
} catch (AccessDeniedException ade) {
// authenticated subject is not authorized for the specified workspace
throw new LoginException("Workspace access denied", ade);
} finally {
shutdownLock.readLock().release();
}
}
use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit by apache.
the class DefaultLoginModule method commit.
// --------------------------------------------------------< LoginModule >---
/**
* @see javax.security.auth.spi.LoginModule#commit()
*/
@Override
public boolean commit() throws LoginException {
boolean success = super.commit();
if (success && !disableTokenAuth) {
if (TokenBasedAuthentication.doCreateToken(credentials)) {
Session s = null;
try {
/*
use a different session instance to create the token
node in order to prevent concurrent modifications with
the shared system session.
*/
s = session.createSession(session.getWorkspace().getName());
Credentials tc = TokenBasedAuthentication.createToken(user, credentials, tokenExpiration, s);
if (tc != null) {
subject.getPublicCredentials().add(tc);
}
} catch (RepositoryException e) {
LoginException le = new LoginException("Failed to commit: " + e.getMessage());
le.initCause(e);
throw le;
} finally {
if (s != null) {
s.logout();
}
}
} else if (tokenCredentials != null) {
subject.getPublicCredentials().add(tokenCredentials);
}
}
return success;
}
use of org.apache.jackrabbit.api.security.authentication.token.TokenCredentials in project jackrabbit by apache.
the class TokenBasedAuthenticationCompatTest method setUp.
@Override
protected void setUp() throws Exception {
super.setUp();
System.setProperty(TokenBasedAuthentication.PARAM_COMPAT, Boolean.TRUE.toString());
adminSession = (SessionImpl) getHelper().getSuperuserSession("security");
testUser = adminSession.getUserManager().createUser(UUID.randomUUID().toString(), "pw");
adminSession.save();
SimpleCredentials sc = new SimpleCredentials(testUser.getID(), "pw".toCharArray());
sc.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE, "");
CompatTokenProvider tp = new CompatTokenProvider(adminSession, TokenBasedAuthentication.TOKEN_EXPIRATION);
TokenInfo ti = tp.createToken(testUser, sc);
tokenNode = CompatTokenProvider.getTokenNode(ti.getToken(), adminSession);
token = ti.getToken();
nullTokenAuth = new TokenBasedAuthentication(null, -1, adminSession);
validTokenAuth = new TokenBasedAuthentication(token, 7200, adminSession);
tokenCreds = new TokenCredentials(token);
}
Aggregations