Search in sources :

Example 91 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class Jackrabbit2ConfigurationTest method testInvalidSimpleCredentialsWithAttribute.

@Test
public void testInvalidSimpleCredentialsWithAttribute() throws Exception {
    ContentSession cs = null;
    try {
        SimpleCredentials sc = new SimpleCredentials("test", new char[0]);
        sc.setAttribute(".token", "");
        cs = login(sc);
        fail("Invalid simple credentials login should fail");
    } catch (LoginException e) {
    // success
    } finally {
        if (cs != null) {
            cs.close();
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) LoginException(javax.security.auth.login.LoginException) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 92 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class Jackrabbit2ConfigurationTest method testTokenCreationAndLogin.

@Test
public void testTokenCreationAndLogin() throws Exception {
    ContentSession cs = null;
    try {
        SimpleCredentials sc = (SimpleCredentials) getAdminCredentials();
        sc.setAttribute(".token", "");
        cs = login(sc);
        Object token = sc.getAttribute(".token").toString();
        assertNotNull(token);
        TokenCredentials tc = new TokenCredentials(token.toString());
        cs.close();
        cs = login(tc);
    } finally {
        if (cs != null) {
            cs.close();
        }
    }
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 93 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class PreAuthTest method testSubjectAndCredentials.

@Test
public void testSubjectAndCredentials() throws Exception {
    final Subject subject = new Subject(true, principals, Collections.<Object>emptySet(), Collections.<Object>emptySet());
    ContentSession cs = Subject.doAsPrivileged(subject, new PrivilegedAction<ContentSession>() {

        @Override
        public ContentSession run() {
            ContentSession cs;
            try {
                cs = login(new GuestCredentials());
                return cs;
            } catch (Exception e) {
                return null;
            }
        }
    }, null);
    assertNull("Login should have failed.", cs);
}
Also used : ContentSession(org.apache.jackrabbit.oak.api.ContentSession) Subject(javax.security.auth.Subject) SystemSubject(org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject) GuestCredentials(javax.jcr.GuestCredentials) LoginException(javax.security.auth.login.LoginException) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 94 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class PreAuthTest method testValidSubjectWithAuthInfo.

@Test
public void testValidSubjectWithAuthInfo() throws Exception {
    AuthInfo info = new AuthInfoImpl("testUserId", Collections.<String, Object>emptyMap(), Collections.<Principal>emptySet());
    Set<AuthInfo> publicCreds = Collections.singleton(info);
    final Subject subject = new Subject(false, Collections.singleton(new TestPrincipal()), publicCreds, Collections.<Object>emptySet());
    ContentSession cs = Subject.doAsPrivileged(subject, new PrivilegedAction<ContentSession>() {

        @Override
        public ContentSession run() {
            try {
                return login(null);
            } catch (Exception e) {
                return null;
            }
        }
    }, null);
    try {
        assertSame(info, cs.getAuthInfo());
    } finally {
        if (cs != null) {
            cs.close();
        }
    }
}
Also used : AuthInfo(org.apache.jackrabbit.oak.api.AuthInfo) AuthInfoImpl(org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) Subject(javax.security.auth.Subject) SystemSubject(org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject) LoginException(javax.security.auth.login.LoginException) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 95 with ContentSession

use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.

the class GuestDefaultLoginModuleTest method testNullLogin.

@Test
public void testNullLogin() throws Exception {
    ContentSession cs = login(null);
    try {
        AuthInfo authInfo = cs.getAuthInfo();
        String anonymousID = UserUtil.getAnonymousId(getUserConfiguration().getParameters());
        assertEquals(anonymousID, authInfo.getUserID());
    } finally {
        cs.close();
    }
}
Also used : AuthInfo(org.apache.jackrabbit.oak.api.AuthInfo) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

ContentSession (org.apache.jackrabbit.oak.api.ContentSession)146 Test (org.junit.Test)132 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)66 SimpleCredentials (javax.jcr.SimpleCredentials)60 Root (org.apache.jackrabbit.oak.api.Root)43 LoginException (javax.security.auth.login.LoginException)35 AuthInfo (org.apache.jackrabbit.oak.api.AuthInfo)26 Tree (org.apache.jackrabbit.oak.api.Tree)25 UserManager (org.apache.jackrabbit.api.security.user.UserManager)19 User (org.apache.jackrabbit.api.security.user.User)17 PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)15 GuestCredentials (javax.jcr.GuestCredentials)13 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)12 Principal (java.security.Principal)10 TokenCredentials (org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)10 CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)9 Group (org.apache.jackrabbit.api.security.user.Group)8 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)8 ImpersonationCredentials (org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)7 PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)6