Example 16 with ExternalUser
use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser in project jackrabbit-oak by apache.
the class LdapIdentityProvider method authenticate.
@Override
public ExternalUser authenticate(@Nonnull Credentials credentials) throws ExternalIdentityException, LoginException {
if (!(credentials instanceof SimpleCredentials)) {
log.debug("LDAP IDP can only authenticate SimpleCredentials.");
return null;
}
final SimpleCredentials creds = (SimpleCredentials) credentials;
final ExternalUser user = getUser(creds.getUserID());
if (user != null) {
// see http://tools.ietf.org/html/rfc4513#section-5.1.1 for details.
if (creds.getPassword().length == 0) {
throw new LoginException("Refusing to authenticate against LDAP server: Empty passwords not allowed.");
}
// authenticate
LdapConnection connection = null;
try {
DebugTimer timer = new DebugTimer();
if (userPool == null) {
connection = userConnectionFactory.makeObject();
} else {
connection = userPool.getConnection();
}
timer.mark("connect");
connection.bind(user.getExternalId().getId(), new String(creds.getPassword()));
timer.mark("bind");
if (log.isDebugEnabled()) {
log.debug("authenticate({}) {}", user.getId(), timer.getString());
}
} catch (LdapAuthenticationException e) {
throw new LoginException("Unable to authenticate against LDAP server: " + e.getMessage());
} catch (Exception e) {
throw new ExternalIdentityException("Error while binding user credentials", e);
} finally {
if (connection != null) {
try {
if (userPool == null) {
userConnectionFactory.destroyObject(connection);
} else {
userPool.releaseConnection(connection);
}
} catch (Exception e) {
// ignore
}
}
}
}
return user;
}
Also used :
DebugTimer(org.apache.jackrabbit.oak.commons.DebugTimer)
SimpleCredentials(javax.jcr.SimpleCredentials)
LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException)
ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)
LoginException(javax.security.auth.login.LoginException)
ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException)
LoginException(javax.security.auth.login.LoginException)
LdapInvalidAttributeValueException(org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException)
LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CursorException(org.apache.directory.api.ldap.model.cursor.CursorException)
NoSuchElementException(java.util.NoSuchElementException)
IOException(java.io.IOException)
ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 17 with ExternalUser
use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser in project jackrabbit-oak by apache.
the class LdapProviderTest method testAuthenticateValidateFalseTrue.
@Test
public void testAuthenticateValidateFalseTrue() throws Exception {
providerConfig.getAdminPoolConfig().setMaxActive(2).setLookupOnValidate(false);
providerConfig.getUserPoolConfig().setMaxActive(2).setLookupOnValidate(true);
idp.close();
idp = new LdapIdentityProvider(providerConfig);
SimpleCredentials creds = new SimpleCredentials(TEST_USER1_UID, "pass".toCharArray());
for (int i = 0; i < 8; i++) {
ExternalUser user = idp.authenticate(creds);
assertNotNull("User 1 must authenticate", user);
assertEquals("User Ref", TEST_USER1_DN, user.getExternalId().getId());
}
}
Also used :
LdapIdentityProvider(org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider)
SimpleCredentials(javax.jcr.SimpleCredentials)
ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)
Test(org.junit.Test)
Example 18 with ExternalUser
use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser in project jackrabbit-oak by apache.
the class LdapProviderTest method testResolvePrincipalNameUser.
@Test
public void testResolvePrincipalNameUser() throws ExternalIdentityException {
ExternalUser user = idp.getUser(TEST_USER5_UID);
assertNotNull(user);
assertEquals(user.getPrincipalName(), idp.fromExternalIdentityRef(user.getExternalId()));
}
Also used :
ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)
Test(org.junit.Test)
Example 19 with ExternalUser
use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser in project jackrabbit-oak by apache.
the class LdapProviderTest method testGetUserByUserId.
@Test
public void testGetUserByUserId() throws Exception {
ExternalUser user = idp.getUser(TEST_USER1_UID);
assertNotNull("User 1 must exist", user);
assertEquals("User Ref", TEST_USER1_DN, user.getExternalId().getId());
}
Also used :
ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)
Test(org.junit.Test)
Example 20 with ExternalUser
use of org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser in project jackrabbit-oak by apache.
the class LdapProviderTest method testAuthenticateValidateTrueFalse.
@Test
public void testAuthenticateValidateTrueFalse() throws Exception {
providerConfig.getAdminPoolConfig().setMaxActive(2).setLookupOnValidate(true);
providerConfig.getUserPoolConfig().setMaxActive(2).setLookupOnValidate(false);
idp.close();
idp = new LdapIdentityProvider(providerConfig);
SimpleCredentials creds = new SimpleCredentials(TEST_USER1_UID, "pass".toCharArray());
for (int i = 0; i < 8; i++) {
ExternalUser user = idp.authenticate(creds);
assertNotNull("User 1 must authenticate (i=" + i + ")", user);
assertEquals("User Ref", TEST_USER1_DN, user.getExternalId().getId());
}
}
Also used :
LdapIdentityProvider(org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider)
SimpleCredentials(javax.jcr.SimpleCredentials)
ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)
Test(org.junit.Test)
Aggregations
ExternalUser (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)63
Test (org.junit.Test)56
AbstractExternalAuthTest (org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest)28
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)23
ExternalIdentityRef (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef)19
User (org.apache.jackrabbit.api.security.user.User)12
SimpleCredentials (javax.jcr.SimpleCredentials)10
Group (org.apache.jackrabbit.api.security.user.Group)8
ExternalGroup (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup)8
HashMap (java.util.HashMap)7
ExternalIdentity (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity)6
SyncResult (org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult)6
PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)6
Tree (org.apache.jackrabbit.oak.api.Tree)5
Principal (java.security.Principal)4
Nonnull (javax.annotation.Nonnull)4
Value (javax.jcr.Value)4
UserManager (org.apache.jackrabbit.api.security.user.UserManager)4
LdapIdentityProvider (org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider)4
Collection (java.util.Collection)3
