Example 16 with Authentication
use of org.apache.jackrabbit.oak.spi.security.authentication.Authentication in project jackrabbit-oak by apache.
the class PasswordExpiryHistoryTest method testAuthenticatePasswordExpiredAndValidationFailure.
@Test
public void testAuthenticatePasswordExpiredAndValidationFailure() throws Exception {
User user = getTestUser();
Authentication a = new UserAuthentication(getUserConfiguration(), root, userId);
// set password last modified to beginning of epoch
root.getTree(user.getPath()).getChild(UserConstants.REP_PWD).setProperty(UserConstants.REP_PASSWORD_LAST_MODIFIED, 0);
root.commit();
try {
a.authenticate(new SimpleCredentials(userId, userId.toCharArray()));
fail("Credentials should be expired");
} catch (CredentialExpiredException e) {
// success, credentials are expired
// try to change password to the same one, this should fail due pw history
SimpleCredentials pwChangeCreds = new SimpleCredentials(userId, userId.toCharArray());
try {
pwChangeCreds.setAttribute(UserConstants.CREDENTIALS_ATTRIBUTE_NEWPASSWORD, "2");
a.authenticate(pwChangeCreds);
fail("User password changed in spite of expected validation failure");
} catch (CredentialExpiredException c) {
// success, pw found in history
assertNull(pwChangeCreds.getAttribute(PasswordHistoryException.class.getSimpleName()));
}
}
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
User(org.apache.jackrabbit.api.security.user.User)
Authentication(org.apache.jackrabbit.oak.spi.security.authentication.Authentication)
CredentialExpiredException(javax.security.auth.login.CredentialExpiredException)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 17 with Authentication
use of org.apache.jackrabbit.oak.spi.security.authentication.Authentication in project jackrabbit-oak by apache.
the class PasswordExpiryHistoryTest method testAuthenticatePasswordExpiredAndSame.
@Test
public void testAuthenticatePasswordExpiredAndSame() throws Exception {
User user = getTestUser();
Authentication a = new UserAuthentication(getUserConfiguration(), root, userId);
// set password last modified to beginning of epoch
root.getTree(user.getPath()).getChild(UserConstants.REP_PWD).setProperty(UserConstants.REP_PASSWORD_LAST_MODIFIED, 0);
root.commit();
try {
a.authenticate(new SimpleCredentials(userId, userId.toCharArray()));
fail("Credentials should be expired");
} catch (CredentialExpiredException e) {
// success, credentials are expired
// try to change password to the same one, this should fail due pw history
SimpleCredentials pwChangeCreds = new SimpleCredentials(userId, userId.toCharArray());
try {
pwChangeCreds.setAttribute(UserConstants.CREDENTIALS_ATTRIBUTE_NEWPASSWORD, user.getID());
a.authenticate(pwChangeCreds);
fail("User password changed in spite of enabled pw history");
} catch (CredentialExpiredException c) {
// success, pw found in history
Object attr = pwChangeCreds.getAttribute(PasswordHistoryException.class.getSimpleName());
assertEquals("credentials should contain pw change failure reason", "New password is identical to the current password.", attr);
}
}
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
User(org.apache.jackrabbit.api.security.user.User)
Authentication(org.apache.jackrabbit.oak.spi.security.authentication.Authentication)
CredentialExpiredException(javax.security.auth.login.CredentialExpiredException)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 18 with Authentication
use of org.apache.jackrabbit.oak.spi.security.authentication.Authentication in project jackrabbit-oak by apache.
the class PasswordExpiryTest method testAuthenticateBeforePasswordExpired.
@Test
public void testAuthenticateBeforePasswordExpired() throws Exception {
Authentication a = new UserAuthentication(getUserConfiguration(), root, userId);
// set password last modified to beginning of epoch
root.getTree(getTestUser().getPath()).getChild(UserConstants.REP_PWD).setProperty(UserConstants.REP_PASSWORD_LAST_MODIFIED, 0);
root.commit();
try {
a.authenticate(new SimpleCredentials(userId, "wrong".toCharArray()));
} catch (CredentialExpiredException e) {
fail("Login should fail before expiry");
} catch (LoginException e) {
// success - userId/pw mismatch takes precedence over expiry
}
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
Authentication(org.apache.jackrabbit.oak.spi.security.authentication.Authentication)
LoginException(javax.security.auth.login.LoginException)
CredentialExpiredException(javax.security.auth.login.CredentialExpiredException)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 19 with Authentication
use of org.apache.jackrabbit.oak.spi.security.authentication.Authentication in project jackrabbit-oak by apache.
the class LoginModuleImpl method login.
// --------------------------------------------------------< LoginModule >---
@Override
public boolean login() throws LoginException {
credentials = getCredentials();
// check if we have a pre authenticated login from a previous login module
PreAuthenticatedLogin preAuthLogin = getSharedPreAuthLogin();
String loginName = getLoginId(preAuthLogin);
Authentication authentication = getUserAuthentication(loginName);
if (authentication != null) {
if (preAuthLogin != null) {
success = authentication.authenticate(PreAuthenticatedLogin.PRE_AUTHENTICATED);
} else {
success = authentication.authenticate(credentials);
}
if (success) {
log.debug("Adding Credentials to shared state.");
// noinspection unchecked
sharedState.put(SHARED_KEY_CREDENTIALS, credentials);
log.debug("Adding login name to shared state.");
// noinspection unchecked
sharedState.put(SHARED_KEY_LOGIN_NAME, loginName);
userId = authentication.getUserId();
if (userId == null) {
userId = loginName;
}
principal = authentication.getUserPrincipal();
}
} else {
// ensure that we don't commit (OAK-2998, OAK-3032)
credentials = null;
userId = null;
}
return success;
}
Also used :
Authentication(org.apache.jackrabbit.oak.spi.security.authentication.Authentication)
PreAuthenticatedLogin(org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin)
Aggregations
Authentication (org.apache.jackrabbit.oak.spi.security.authentication.Authentication)19
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)17
Test (org.junit.Test)17
SimpleCredentials (javax.jcr.SimpleCredentials)16
CredentialExpiredException (javax.security.auth.login.CredentialExpiredException)7
User (org.apache.jackrabbit.api.security.user.User)6
LoginException (javax.security.auth.login.LoginException)3
FailedLoginException (javax.security.auth.login.FailedLoginException)2
PropertyState (org.apache.jackrabbit.oak.api.PropertyState)2
Nonnull (javax.annotation.Nonnull)1
Nullable (javax.annotation.Nullable)1
Credentials (javax.jcr.Credentials)1
GuestCredentials (javax.jcr.GuestCredentials)1
Subject (javax.security.auth.Subject)1
CallbackHandler (javax.security.auth.callback.CallbackHandler)1
AccountLockedException (javax.security.auth.login.AccountLockedException)1
AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)1
TokenCredentials (org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)1
Group (org.apache.jackrabbit.api.security.user.Group)1
AuthInfo (org.apache.jackrabbit.oak.api.AuthInfo)1
