Example 26 with TokenInfo
use of org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo in project jackrabbit-oak by apache.
the class TokenAuthenticationTest method testGetUserPrincipal.
@Test
public void testGetUserPrincipal() throws Exception {
TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap());
assertTrue(authentication.authenticate(new TokenCredentials(info.getToken())));
assertEquals(getTestUser().getPrincipal(), authentication.getUserPrincipal());
}
Also used :
TokenInfo(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo)
TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 27 with TokenInfo
use of org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo in project jackrabbit-oak by apache.
the class TokenAuthenticationTest method testAuthenticateExpiredToken.
@Test
public void testAuthenticateExpiredToken() throws Exception {
TokenProvider tp = new TokenProviderImpl(root, ConfigurationParameters.of(TokenProvider.PARAM_TOKEN_EXPIRATION, 1), getUserConfiguration());
TokenInfo info = tp.createToken(userId, Collections.<String, Object>emptyMap());
waitUntilExpired(info);
try {
new TokenAuthentication(tp).authenticate(new TokenCredentials(info.getToken()));
fail("LoginException expected");
} catch (LoginException e) {
// success
}
// expired token must have been removed
assertNull(tp.getTokenInfo(info.getToken()));
}
Also used :
TokenProvider(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider)
LoginException(javax.security.auth.login.LoginException)
TokenInfo(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo)
TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 28 with TokenInfo
use of org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo in project jackrabbit-oak by apache.
the class Jackrabbit2ConfigurationTest method testValidTokenCredentials.
@Test
public void testValidTokenCredentials() throws Exception {
Root root = adminSession.getLatestRoot();
TokenConfiguration tc = getSecurityProvider().getConfiguration(TokenConfiguration.class);
TokenProvider tp = tc.getTokenProvider(root);
SimpleCredentials sc = (SimpleCredentials) getAdminCredentials();
TokenInfo info = tp.createToken(sc.getUserID(), Collections.<String, Object>emptyMap());
ContentSession cs = login(new TokenCredentials(info.getToken()));
try {
assertEquals(sc.getUserID(), cs.getAuthInfo().getUserID());
} finally {
cs.close();
}
}
Also used :
TokenConfiguration(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration)
TokenProvider(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider)
SimpleCredentials(javax.jcr.SimpleCredentials)
Root(org.apache.jackrabbit.oak.api.Root)
ContentSession(org.apache.jackrabbit.oak.api.ContentSession)
TokenInfo(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo)
TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 29 with TokenInfo
use of org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo in project jackrabbit-oak by apache.
the class TokenLoginModule method commit.
@Override
public boolean commit() throws LoginException {
if (tokenCredentials != null && userId != null) {
Set<? extends Principal> principals = (principal != null) ? getPrincipals(principal) : getPrincipals(userId);
updateSubject(tokenCredentials, getAuthInfo(tokenInfo, principals), principals);
return true;
}
try {
if (tokenProvider != null && sharedState.containsKey(SHARED_KEY_CREDENTIALS)) {
Credentials shared = getSharedCredentials();
if (shared != null && tokenProvider.doCreateToken(shared)) {
Root r = getRoot();
if (r != null) {
// refresh root, in case the external login module created users
r.refresh();
}
TokenInfo ti = tokenProvider.createToken(shared);
if (ti != null) {
TokenCredentials tc = new TokenCredentials(ti.getToken());
Map<String, String> attributes = ti.getPrivateAttributes();
for (String name : attributes.keySet()) {
tc.setAttribute(name, attributes.get(name));
}
attributes = ti.getPublicAttributes();
for (String name : attributes.keySet()) {
tc.setAttribute(name, attributes.get(name));
}
sharedState.put(SHARED_KEY_ATTRIBUTES, attributes);
updateSubject(tc, null, null);
} else {
// failed to create token -> fail commit()
Object logId = (userId != null) ? userId : sharedState.get(SHARED_KEY_LOGIN_NAME);
log.debug("TokenProvider failed to create a login token for user " + logId);
throw new LoginException("Failed to create login token for user " + logId);
}
}
}
} finally {
// the login attempt on this module did not succeed: clear state
clearState();
}
return false;
}
Also used :
Root(org.apache.jackrabbit.oak.api.Root)
LoginException(javax.security.auth.login.LoginException)
TokenInfo(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo)
TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)
Credentials(javax.jcr.Credentials)
TokenCredentials(org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)
Example 30 with TokenInfo
use of org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo in project jackrabbit-oak by apache.
the class TokenProviderImpl method createToken.
/**
* Create a separate token node underneath a dedicated token store within
* the user home node. That token node contains the hashed token, the
* expiration time and additional mandatory attributes that will be verified
* during login.
*
* @param userId The identifier of the user for which a new token should
* be created.
* @param attributes The attributes associated with the new token.
* @return A new {@code TokenInfo} or {@code null} if the token could not
* be created.
*/
@Override
public TokenInfo createToken(@Nonnull String userId, @Nonnull Map<String, ?> attributes) {
String error = "Failed to create login token. {}";
User user = getUser(userId);
Tree tokenParent = (user == null) ? null : getTokenParent(user);
if (tokenParent != null) {
try {
String id = user.getID();
long creationTime = new Date().getTime();
long exp;
if (attributes.containsKey(PARAM_TOKEN_EXPIRATION)) {
exp = Long.parseLong(attributes.get(PARAM_TOKEN_EXPIRATION).toString());
} else {
exp = tokenExpiration;
}
long expTime = createExpirationTime(creationTime, exp);
String uuid = UUID.randomUUID().toString();
TokenInfo tokenInfo;
try {
String tokenName = generateTokenName(creationTime);
tokenInfo = createTokenNode(tokenParent, tokenName, expTime, uuid, id, attributes);
root.commit(CommitMarker.asCommitAttributes());
} catch (CommitFailedException e) {
// conflict while creating token node -> retry
log.debug("Failed to create token node. Using random name as fallback.");
root.refresh();
tokenInfo = createTokenNode(tokenParent, UUID.randomUUID().toString(), expTime, uuid, id, attributes);
root.commit(CommitMarker.asCommitAttributes());
}
return tokenInfo;
} catch (NoSuchAlgorithmException | UnsupportedEncodingException e) {
// error while generating login token
log.error(error, e.getMessage());
} catch (CommitFailedException | RepositoryException e) {
// conflict while committing changes
log.warn(error, e.getMessage());
}
} else {
log.warn("Unable to get/create token store for user " + userId);
}
return null;
}
Also used :
User(org.apache.jackrabbit.api.security.user.User)
Tree(org.apache.jackrabbit.oak.api.Tree)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
RepositoryException(javax.jcr.RepositoryException)
TokenInfo(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException)
Date(java.util.Date)
Aggregations
TokenInfo (org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo)51
Test (org.junit.Test)47
Tree (org.apache.jackrabbit.oak.api.Tree)15
TokenCredentials (org.apache.jackrabbit.api.security.authentication.token.TokenCredentials)14
NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)13
CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)10
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)8
Date (java.util.Date)7
SimpleCredentials (javax.jcr.SimpleCredentials)5
Root (org.apache.jackrabbit.oak.api.Root)4
TokenProvider (org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider)4
HashMap (java.util.HashMap)3
Credentials (javax.jcr.Credentials)3
LoginException (javax.security.auth.login.LoginException)3
TokenConfiguration (org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration)3
ArrayList (java.util.ArrayList)2
ContentSession (org.apache.jackrabbit.oak.api.ContentSession)2
ImpersonationCredentials (org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)2
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
