You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2015/10/13 09:53:28 UTC
[2/2] syncope git commit: [SYNCOPE-706] Fix provided
[SYNCOPE-706] Fix provided
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a3e23c1f
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a3e23c1f
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a3e23c1f
Branch: refs/heads/master
Commit: a3e23c1f175dbdda338c4cf01d8acf6fc3c4f365
Parents: 7b2a28d
Author: Francesco Chicchiriccò <il...@apache.org>
Authored: Tue Oct 13 09:53:12 2015 +0200
Committer: Francesco Chicchiriccò <il...@apache.org>
Committed: Tue Oct 13 09:53:12 2015 +0200
----------------------------------------------------------------------
.../client/lib/SyncopeClientFactoryBean.java | 15 +++++++++++-
.../core/misc/security/AuthDataAccessor.java | 10 +++++++-
.../security/SyncopeAuthenticationProvider.java | 6 ++---
.../core/reference/AuthenticationITCase.java | 24 +++++++++++++++++---
.../syncope/fit/core/reference/GroupITCase.java | 2 +-
.../fit/core/reference/PlainSchemaITCase.java | 2 +-
.../fit/core/reference/ResourceITCase.java | 2 +-
.../fit/core/reference/UserSelfITCase.java | 10 ++++----
8 files changed, 55 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/a3e23c1f/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
----------------------------------------------------------------------
diff --git a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
index 01a36ec..46dc302 100644
--- a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
+++ b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
@@ -225,10 +225,23 @@ public class SyncopeClientFactoryBean {
return this;
}
- public SyncopeClient createAnonymous() {
+ /**
+ * Builds client instance with no authentication, for user self-registration and related queries (schema,
+ * resources, ...).
+ *
+ * @return client instance with no authentication
+ */
+ public SyncopeClient create() {
return create(null, null);
}
+ /**
+ * Builds client instance with the given credentials.
+ *
+ * @param username username
+ * @param password password
+ * @return client instance with the given credentials
+ */
public SyncopeClient create(final String username, final String password) {
return new SyncopeClient(
getContentType().getMediaType(),
http://git-wip-us.apache.org/repos/asf/syncope/blob/a3e23c1f/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java
index 10eb235..7dc576a 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java
@@ -116,14 +116,22 @@ public class AuthDataAccessor {
return domain;
}
+ /**
+ * Attempts to authenticate the given credentials against internal storage and pass-through resources (if
+ * configured): the first succeeding causes global success.
+ *
+ * @param authentication given credentials
+ * @return {@code null} if no matching user was found, authentication result otherwise
+ */
@Transactional(noRollbackFor = DisabledException.class)
public Pair<Long, Boolean> authenticate(final Authentication authentication) {
Long key = null;
- Boolean authenticated = false;
+ Boolean authenticated = null;
User user = userDAO.find(authentication.getName());
if (user != null) {
key = user.getKey();
+ authenticated = false;
if (user.isSuspended() != null && user.isSuspended()) {
throw new DisabledException("User " + user.getUsername() + " is suspended");
http://git-wip-us.apache.org/repos/asf/syncope/blob/a3e23c1f/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeAuthenticationProvider.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeAuthenticationProvider.java
index ff7e453..313b0f1 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeAuthenticationProvider.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeAuthenticationProvider.java
@@ -98,7 +98,7 @@ public class SyncopeAuthenticationProvider implements AuthenticationProvider {
}
SyncopeAuthenticationDetails.class.cast(authentication.getDetails()).setDomain(domainKey);
- boolean authenticated;
+ Boolean authenticated;
if (anonymousUser.equals(authentication.getName())) {
authenticated = authentication.getCredentials().toString().equals(anonymousKey);
} else if (adminUser.equals(authentication.getName())) {
@@ -133,7 +133,7 @@ public class SyncopeAuthenticationProvider implements AuthenticationProvider {
}
});
authenticated = authResult.getValue();
- if (!authenticated) {
+ if (authenticated != null && !authenticated) {
AuthContextUtils.execWithAuthContext(domainKey, new Executable<Void>() {
@Override
@@ -145,7 +145,7 @@ public class SyncopeAuthenticationProvider implements AuthenticationProvider {
}
}
- final boolean isAuthenticated = authenticated;
+ final boolean isAuthenticated = authenticated != null && authenticated;
UsernamePasswordAuthenticationToken token;
if (isAuthenticated) {
token = AuthContextUtils.execWithAuthContext(
http://git-wip-us.apache.org/repos/asf/syncope/blob/a3e23c1f/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java
index 3f82edf..262d34e 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java
@@ -87,15 +87,15 @@ public class AuthenticationITCase extends AbstractITCase {
@Test
public void testReadEntitlements() {
- // 1. as anonymous (not allowed)
+ // 1. as not authenticated (not allowed)
try {
- clientFactory.createAnonymous().self();
+ clientFactory.create().self();
fail();
} catch (AccessControlException e) {
assertNotNull(e);
}
- // 2. as authenticated anonymous (used by admin console)
+ // 2. as anonymous
Pair<Map<String, Set<String>>, UserTO> self = clientFactory.create(ANONYMOUS_UNAME, ANONYMOUS_KEY).self();
assertEquals(1, self.getKey().size());
assertTrue(self.getKey().keySet().contains(Entitlement.ANONYMOUS));
@@ -467,4 +467,22 @@ public class AuthenticationITCase extends AbstractITCase {
self = clientFactory.create(user.getUsername(), "password234").self();
assertNotNull(self);
}
+
+ @Test
+ public void issueSYNCOPE706() {
+ String username = getUUIDString();
+ try {
+ userService.getUserKey(username);
+ fail();
+ } catch (SyncopeClientException e) {
+ assertEquals(ClientExceptionType.NotFound, e.getType());
+ }
+
+ try {
+ clientFactory.create(username, "anypassword").self();
+ fail();
+ } catch (AccessControlException e) {
+ assertNotNull(e.getMessage());
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/a3e23c1f/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java
index f1cc587..1abb943 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java
@@ -584,7 +584,7 @@ public class GroupITCase extends AbstractITCase {
@Test
public void anonymous() {
- GroupService unauthenticated = clientFactory.createAnonymous().getService(GroupService.class);
+ GroupService unauthenticated = clientFactory.create().getService(GroupService.class);
try {
unauthenticated.
list(SyncopeClient.getAnySearchQueryBuilder().realm(SyncopeConstants.ROOT_REALM).build());
http://git-wip-us.apache.org/repos/asf/syncope/blob/a3e23c1f/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/PlainSchemaITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/PlainSchemaITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/PlainSchemaITCase.java
index 679288c..ad35195 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/PlainSchemaITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/PlainSchemaITCase.java
@@ -318,7 +318,7 @@ public class PlainSchemaITCase extends AbstractITCase {
@Test
public void anonymous() {
- SchemaService unauthenticated = clientFactory.createAnonymous().getService(SchemaService.class);
+ SchemaService unauthenticated = clientFactory.create().getService(SchemaService.class);
try {
unauthenticated.list(SchemaType.VIRTUAL);
fail();
http://git-wip-us.apache.org/repos/asf/syncope/blob/a3e23c1f/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ResourceITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ResourceITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ResourceITCase.java
index 99aa93b..07433b7 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ResourceITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ResourceITCase.java
@@ -511,7 +511,7 @@ public class ResourceITCase extends AbstractITCase {
@Test
public void anonymous() {
- ResourceService unauthenticated = clientFactory.createAnonymous().getService(ResourceService.class);
+ ResourceService unauthenticated = clientFactory.create().getService(ResourceService.class);
try {
unauthenticated.list();
fail();
http://git-wip-us.apache.org/repos/asf/syncope/blob/a3e23c1f/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/UserSelfITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/UserSelfITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/UserSelfITCase.java
index 97df025..083d439 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/UserSelfITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/UserSelfITCase.java
@@ -82,7 +82,7 @@ public class UserSelfITCase extends AbstractITCase {
}
// 2. self-registration as anonymous: works
- SyncopeClient anonClient = clientFactory.createAnonymous();
+ SyncopeClient anonClient = clientFactory.create();
UserTO self = anonClient.getService(UserSelfService.class).
create(UserITCase.getUniqueSampleTO("anonymous@syncope.apache.org"), true).
readEntity(UserTO.class);
@@ -99,7 +99,7 @@ public class UserSelfITCase extends AbstractITCase {
userTO.getMemberships().add(new MembershipTO.Builder().group(3L).build());
userTO.getResources().add(RESOURCE_NAME_TESTDB);
- SyncopeClient anonClient = clientFactory.createAnonymous();
+ SyncopeClient anonClient = clientFactory.create();
userTO = anonClient.getService(UserSelfService.class).
create(userTO, true).
readEntity(UserTO.class);
@@ -243,7 +243,7 @@ public class UserSelfITCase extends AbstractITCase {
public void noContent() throws IOException {
Assume.assumeTrue(ActivitiDetector.isActivitiEnabledForUsers(syncopeService));
- SyncopeClient anonClient = clientFactory.createAnonymous();
+ SyncopeClient anonClient = clientFactory.create();
UserSelfService noContentService = anonClient.prefer(UserSelfService.class, Preference.RETURN_NO_CONTENT);
UserTO user = UserITCase.getUniqueSampleTO("nocontent-anonymous@syncope.apache.org");
@@ -278,7 +278,7 @@ public class UserSelfITCase extends AbstractITCase {
assertNotNull(read);
// 3. request password reset (as anonymous) providing the expected security answer
- SyncopeClient anonClient = clientFactory.createAnonymous();
+ SyncopeClient anonClient = clientFactory.create();
try {
anonClient.getService(UserSelfService.class).requestPasswordReset(user.getUsername(), "WRONG");
fail();
@@ -329,7 +329,7 @@ public class UserSelfITCase extends AbstractITCase {
assertNotNull(read);
// 3. request password reset (as anonymous) with no security answer
- SyncopeClient anonClient = clientFactory.createAnonymous();
+ SyncopeClient anonClient = clientFactory.create();
anonClient.getService(UserSelfService.class).requestPasswordReset(user.getUsername(), null);
// 4. get token (normally sent via e-mail, now reading as admin)