Search in sources :

Example 76 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class PreAuthDefaultExternalLoginModuleTest method testNonExistingUser.

@Test
public void testNonExistingUser() throws Exception {
    PreAuthCredentials creds = new PreAuthCredentials("nonExisting");
    ContentSession cs = null;
    try {
        cs = login(creds);
        fail();
    } catch (LoginException e) {
    // success
    } finally {
        if (cs != null) {
            cs.close();
        }
        assertEquals(PreAuthCredentials.PRE_AUTH_DONE, creds.getMessage());
        root.refresh();
        assertNull(getUserManager(root).getAuthorizable(TestIdentityProvider.ID_TEST_USER));
    }
}
Also used : ContentSession(org.apache.jackrabbit.oak.api.ContentSession) LoginException(javax.security.auth.login.LoginException) Test(org.junit.Test)

Example 77 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class PreAuthDefaultExternalLoginModuleTest method testExistingExternalNoSync.

@Test
public void testExistingExternalNoSync() throws Exception {
    // prevent expiration of the user
    syncConfig.user().setExpirationTime(Long.MAX_VALUE);
    // sync user upfront
    SyncContext syncContext = new DefaultSyncContext(syncConfig, idp, getUserManager(root), getValueFactory(root));
    SyncResult result = syncContext.sync(idp.getUser(TestIdentityProvider.ID_TEST_USER));
    long lastSynced = result.getIdentity().lastSynced();
    root.commit();
    PreAuthCredentials creds = new PreAuthCredentials(TestIdentityProvider.ID_TEST_USER);
    ContentSession cs = null;
    try {
        cs = login(creds);
        assertEquals(PreAuthCredentials.PRE_AUTH_DONE, creds.getMessage());
        assertEquals(TestIdentityProvider.ID_TEST_USER, cs.getAuthInfo().getUserID());
        root.refresh();
        User u = getUserManager(root).getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class);
        assertNotNull(u);
        // user _should_ not have been re-synced
        assertEquals(lastSynced, DefaultSyncContext.createSyncedIdentity(u).lastSynced());
    } finally {
        if (cs != null) {
            cs.close();
        }
    }
}
Also used : DefaultSyncContext(org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext) User(org.apache.jackrabbit.api.security.user.User) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) DefaultSyncContext(org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext) Test(org.junit.Test)

Example 78 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class PreAuthDefaultExternalLoginModuleTest method testSimpleExternal.

@Test
public void testSimpleExternal() throws Exception {
    // verify that authentication against the IDP succeeds with the given creds.
    Credentials creds = new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0]);
    ExternalUser externalUser = idp.authenticate(creds);
    assertNotNull(externalUser);
    assertEquals(TestIdentityProvider.ID_TEST_USER, externalUser.getId());
    // => repo login must also succeed and the user must be synced.
    ContentSession cs = null;
    try {
        cs = login(creds);
        assertEquals(TestIdentityProvider.ID_TEST_USER, cs.getAuthInfo().getUserID());
        root.refresh();
        User u = getUserManager(root).getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class);
        assertNotNull(u);
    } finally {
        if (cs != null) {
            cs.close();
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) User(org.apache.jackrabbit.api.security.user.User) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) GuestCredentials(javax.jcr.GuestCredentials) SimpleCredentials(javax.jcr.SimpleCredentials) Credentials(javax.jcr.Credentials) Test(org.junit.Test)

Example 79 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class ExternalLoginModuleTest method testSyncCreateUserCaseInsensitive.

@Test
public void testSyncCreateUserCaseInsensitive() throws Exception {
    UserManager userManager = getUserManager(root);
    ContentSession cs = null;
    try {
        assertNull(userManager.getAuthorizable(USER_ID));
        cs = login(new SimpleCredentials(USER_ID.toUpperCase(), new char[0]));
        root.refresh();
        Authorizable a = userManager.getAuthorizable(USER_ID);
        assertNotNull(a);
        ExternalUser user = idp.getUser(USER_ID);
        for (String prop : user.getProperties().keySet()) {
            assertTrue(a.hasProperty(prop));
        }
        assertEquals(TEST_CONSTANT_PROPERTY_VALUE, a.getProperty(TEST_CONSTANT_PROPERTY_NAME)[0].getString());
    } finally {
        if (cs != null) {
            cs.close();
        }
        options.clear();
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) UserManager(org.apache.jackrabbit.api.security.user.UserManager) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) Authorizable(org.apache.jackrabbit.api.security.user.Authorizable) Test(org.junit.Test)

Example 80 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class ExternalLoginModuleTest method testLoginFailed.

@Test
public void testLoginFailed() throws Exception {
    UserManager userManager = getUserManager(root);
    try {
        ContentSession cs = login(new SimpleCredentials("unknown", new char[0]));
        cs.close();
        fail("login failure expected");
    } catch (LoginException e) {
    // success
    } finally {
        assertNull(userManager.getAuthorizable(USER_ID));
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) UserManager(org.apache.jackrabbit.api.security.user.UserManager) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) LoginException(javax.security.auth.login.LoginException) Test(org.junit.Test)

Aggregations

ContentSession (org.apache.jackrabbit.oak.api.ContentSession)146 Test (org.junit.Test)132 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)66 SimpleCredentials (javax.jcr.SimpleCredentials)60 Root (org.apache.jackrabbit.oak.api.Root)43 LoginException (javax.security.auth.login.LoginException)35 AuthInfo (org.apache.jackrabbit.oak.api.AuthInfo)26 Tree (org.apache.jackrabbit.oak.api.Tree)25 UserManager (org.apache.jackrabbit.api.security.user.UserManager)19 User (org.apache.jackrabbit.api.security.user.User)17 PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)15 GuestCredentials (javax.jcr.GuestCredentials)13 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)12 Principal (java.security.Principal)10 TokenCredentials (org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)10 CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)9 Group (org.apache.jackrabbit.api.security.user.Group)8 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)8 ImpersonationCredentials (org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)7 PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)6