Examples with TokenInfo org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo used on opensource projects

Example 16 with TokenInfo

use of org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo in project jackrabbit-oak by apache.

the class TokenInfoTest method testMatches.

@Test
public void testMatches() {
    TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap());
    assertTrue(info.matches(new TokenCredentials(info.getToken())));
    Map<String, String> attributes = new HashMap<String, String>();
    attributes.put("something", "value");
    info = tokenProvider.createToken(userId, attributes);
    assertTrue(info.matches(new TokenCredentials(info.getToken())));
    attributes.put(".token-something", "mandatory");
    info = tokenProvider.createToken(userId, attributes);
    assertFalse(info.matches(new TokenCredentials(info.getToken())));
    TokenCredentials tc = new TokenCredentials(info.getToken());
    tc.setAttribute(".token-something", "mandatory");
    assertTrue(info.matches(tc));
    tc.setAttribute("another", "value");
    assertTrue(info.matches(tc));
    tc.setAttribute(".token_ignored", "value");
    assertTrue(info.matches(tc));
}

Example 17 with TokenInfo

use of org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo in project jackrabbit-oak by apache.

the class TokenInfoTest method testRemoveToken.

@Test
public void testRemoveToken() throws Exception {
    TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap());
    assertTrue(info.remove());
}

Example 18 with TokenInfo

use of org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo in project jackrabbit-oak by apache.

the class TokenInfoTest method testGetAttributes.

@Test
public void testGetAttributes() {
    Map<String, String> reserved = new HashMap<String, String>();
    reserved.put(TOKEN_ATTRIBUTE, "value");
    reserved.put(TOKEN_ATTRIBUTE_KEY, "value");
    reserved.put(TOKEN_ATTRIBUTE_EXPIRY, "value");
    Map<String, String> privateAttributes = new HashMap<String, String>();
    privateAttributes.put(".token_exp", "value");
    privateAttributes.put(".tokenTest", "value");
    privateAttributes.put(".token_something", "value");
    Map<String, String> publicAttributes = new HashMap<String, String>();
    publicAttributes.put("any", "value");
    publicAttributes.put("another", "value");
    Map<String, String> attributes = new HashMap<String, String>();
    attributes.putAll(reserved);
    attributes.putAll(publicAttributes);
    attributes.putAll(privateAttributes);
    TokenInfo info = tokenProvider.createToken(userId, attributes);
    Map<String, String> pubAttr = info.getPublicAttributes();
    assertEquals("public attributes", publicAttributes.size(), pubAttr.size());
    for (String key : publicAttributes.keySet()) {
        assertTrue("public attribute " + key + " not contained", pubAttr.containsKey(key));
        assertEquals("public attribute " + key, publicAttributes.get(key), pubAttr.get(key));
    }
    Map<String, String> privAttr = info.getPrivateAttributes();
    assertEquals("private attributes", privateAttributes.size(), privAttr.size());
    for (String key : privateAttributes.keySet()) {
        assertTrue("private attribute " + key + " not contained", privAttr.containsKey(key));
        assertEquals("private attribute" + key, privateAttributes.get(key), privAttr.get(key));
    }
    for (String key : reserved.keySet()) {
        assertFalse("reserved attribute " + key, privAttr.containsKey(key));
        assertFalse("reserved attribute " + key, pubAttr.containsKey(key));
    }
}

Example 19 with TokenInfo

use of org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo in project jackrabbit-oak by apache.

the class TokenValidatorTest method testCreateTokenAtInvalidLocationInsideUser2.

@Test
public void testCreateTokenAtInvalidLocationInsideUser2() throws Exception {
    TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap());
    Tree tokenTree = getTokenTree(info);
    assertNotNull(tokenProvider.getTokenInfo(info.getToken()));
    Tree userTree = root.getTree(getUserManager(root).getAuthorizable(userId).getPath());
    NodeUtil node = new NodeUtil(userTree).getOrAddChild(TOKENS_NODE_NAME, TOKENS_NT_NAME);
    try {
        node = node.addChild("invalid", JcrConstants.NT_UNSTRUCTURED);
        createTokenTree(info, node, TOKEN_NT_NAME);
        tokenTree.remove();
        root.commit(CommitMarker.asCommitAttributes());
        fail("Creating a new token '" + node.getTree().getPath() + "' must fail.");
    } catch (CommitFailedException e) {
        assertEquals(65, e.getCode());
    } finally {
        node.getTree().remove();
        root.commit(CommitMarker.asCommitAttributes());
    }
}

Example 20 with TokenInfo

use of org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo in project jackrabbit-oak by apache.

the class TokenValidatorTest method testChangingTokenKey.

@Test
public void testChangingTokenKey() throws Exception {
    TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap());
    NodeUtil tokenTree = new NodeUtil(getTokenTree(info));
    try {
        tokenTree.setString(TOKEN_ATTRIBUTE_KEY, PasswordUtil.buildPasswordHash("anotherValue"));
        root.commit(CommitMarker.asCommitAttributes());
        fail("The token key must never be modified.");
    } catch (CommitFailedException e) {
        assertEquals(61, e.getCode());
    }
}