You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2017/03/07 11:34:29 UTC
svn commit: r1785830 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/security/authentication/
test/java/org/apache/jackrabbit/oak/security/authentication/
test/java/org/apache/jackrabbit/oak/security/authentication/token/
Author: angela
Date: Tue Mar 7 11:34:25 2017
New Revision: 1785830
URL: http://svn.apache.org/viewvc?rev=1785830&view=rev
Log:
OAK-5882 : Improve coverage for oak.security code in oak-core (wip)
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImplTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenValidatorTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java?rev=1785830&r1=1785829&r2=1785830&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java Tue Mar 7 11:34:25 2017
@@ -68,6 +68,7 @@ public class AuthenticationConfiguration
/**
* Constructor for OSGi
*/
+ @SuppressWarnings("UnusedDeclaration")
public AuthenticationConfigurationImpl() {
super();
}
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImplTest.java?rev=1785830&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImplTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImplTest.java Tue Mar 7 11:34:25 2017
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication;
+
+import org.apache.jackrabbit.oak.api.ContentRepository;
+import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration;
+import org.apache.jackrabbit.oak.spi.whiteboard.DefaultWhiteboard;
+import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardAware;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.mockito.Mockito.when;
+
+public class AuthenticationConfigurationImplTest {
+
+ private final AuthenticationConfigurationImpl authConfiguration = new AuthenticationConfigurationImpl();
+ private final ContentRepository repo = Mockito.mock(ContentRepository.class);
+
+ @Test
+ public void testGetName() {
+ assertEquals(AuthenticationConfiguration.NAME, authConfiguration.getName());
+ }
+
+ @Test(expected = IllegalStateException.class)
+ public void testGetLoginCtxProviderNotInitialized() {
+ authConfiguration.getLoginContextProvider(repo);
+ }
+
+ @Test
+ public void testGetLoginCtxProvider() {
+ authConfiguration.setSecurityProvider(new SecurityProviderImpl());
+
+ assertNotNull(authConfiguration.getLoginContextProvider(repo));
+ }
+
+ @Test
+ public void testGetLoginCtxProviderWhiteboard() {
+ SecurityProvider sp = Mockito.mock(SecurityProvider.class, Mockito.withSettings().extraInterfaces(WhiteboardAware.class));
+ when(((WhiteboardAware) sp).getWhiteboard()).thenReturn(new DefaultWhiteboard());
+
+ authConfiguration.setSecurityProvider(sp);
+
+ assertNotNull(authConfiguration.getLoginContextProvider(repo));
+ }
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java?rev=1785830&r1=1785829&r2=1785830&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java Tue Mar 7 11:34:25 2017
@@ -18,14 +18,19 @@ package org.apache.jackrabbit.oak.securi
import java.security.Principal;
import java.security.PrivilegedAction;
+import java.util.HashMap;
+import javax.jcr.GuestCredentials;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginException;
import com.google.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule;
import org.apache.jackrabbit.oak.spi.security.authentication.JaasLoginContext;
import org.apache.jackrabbit.oak.spi.security.authentication.LoginContext;
import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
@@ -94,4 +99,41 @@ public class LoginContextProviderImplTes
LoginContext ctx = provider.getLoginContext(new SimpleCredentials(getTestUser().getID(), getTestUser().getID().toCharArray()), null);
ctx.login();
}
+
+ @Test
+ public void testGetLoginContextWithConfigurationPreset() throws Exception {
+ Configuration.setConfiguration(new Configuration() {
+ @Override
+ public AppConfigurationEntry[] getAppConfigurationEntry(String applicationName) {
+ return new AppConfigurationEntry[]{
+ new AppConfigurationEntry(GuestLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, new HashMap())
+ };
+ }
+ });
+
+ LoginContextProvider provider = new LoginContextProviderImpl(AuthenticationConfiguration.DEFAULT_APP_NAME, ConfigurationParameters.EMPTY, getContentRepository(), getSecurityProvider(), new DefaultWhiteboard());
+ LoginContext ctx = provider.getLoginContext(null, null);
+ ctx.login();
+
+ assertFalse(ctx.getSubject().getPublicCredentials(GuestCredentials.class).isEmpty());
+ }
+
+ @Test
+ public void testGetLoginContextTwice() throws Exception {
+ Configuration.setConfiguration(new Configuration() {
+ @Override
+ public AppConfigurationEntry[] getAppConfigurationEntry(String applicationName) {
+ return new AppConfigurationEntry[]{
+ new AppConfigurationEntry(GuestLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, new HashMap())
+ };
+ }
+ });
+
+ LoginContextProvider provider = new LoginContextProviderImpl(AuthenticationConfiguration.DEFAULT_APP_NAME, ConfigurationParameters.EMPTY, getContentRepository(), getSecurityProvider(), new DefaultWhiteboard());
+ provider.getLoginContext(null, null);
+ LoginContext ctx = provider.getLoginContext(null, null);
+
+ ctx.login();
+ assertFalse(ctx.getSubject().getPublicCredentials(GuestCredentials.class).isEmpty());
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java?rev=1785830&r1=1785829&r2=1785830&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java Tue Mar 7 11:34:25 2017
@@ -33,6 +33,7 @@ import javax.jcr.SimpleCredentials;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
+import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
@@ -53,9 +54,6 @@ import static org.junit.Assert.assertNul
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-/**
- * TokenProviderImplTest...
- */
public class TokenProviderImplTest extends AbstractTokenTest {
private String userId;
@@ -122,6 +120,12 @@ public class TokenProviderImplTest exten
}
@Test
+ public void testCreateTokenFromGroupId() throws Exception {
+ Group gr = getUserManager(root).createGroup("groupId");
+ assertNull(tokenProvider.createToken("groupId", Collections.<String, Object>emptyMap()));
+ }
+
+ @Test
public void testCreateTokenFromUserId() throws Exception {
TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap());
assertTokenInfo(info, userId);
@@ -193,6 +197,41 @@ public class TokenProviderImplTest exten
}
@Test
+ public void testGetTokenInfoFromDisabledUser() throws Exception {
+ TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap());
+ getTestUser().disable("disabled");
+
+ assertNull(tokenProvider.getTokenInfo(info.getToken()));
+ }
+
+ @Test
+ public void testGetTokenInfoFromGroup() throws Exception {
+ Group gr = getUserManager(root).createGroup("gr");
+ NodeUtil groupNode = new NodeUtil(root.getTree(gr.getPath()));
+ NodeUtil parent = groupNode.addChild(TokenConstants.TOKENS_NODE_NAME, TokenConstants.TOKENS_NT_NAME);
+ NodeUtil tokenNode = parent.addChild("tokenName", TokenConstants.TOKEN_NT_NAME);
+ String tokenUUID = UUID.randomUUID().toString();
+ tokenNode.setString(JcrConstants.JCR_UUID, tokenUUID);
+ String token = tokenUUID + "_generatedKey";
+ tokenNode.setString(TokenConstants.TOKEN_ATTRIBUTE_KEY, token);
+
+ assertNull(tokenProvider.getTokenInfo(token));
+ }
+
+ @Test
+ public void testGetTokenInfoFromRegularNode() throws Exception {
+ NodeUtil node = new NodeUtil(root.getTree("/")).addChild("testNode", JcrConstants.NT_UNSTRUCTURED);
+ NodeUtil parent = node.addChild(TokenConstants.TOKENS_NODE_NAME, TokenConstants.TOKENS_NT_NAME);
+ NodeUtil tokenNode = parent.addChild("tokenName", TokenConstants.TOKEN_NT_NAME);
+ String tokenUUID = UUID.randomUUID().toString();
+ tokenNode.setString(JcrConstants.JCR_UUID, tokenUUID);
+ String token = tokenUUID + "_generatedKey";
+ tokenNode.setString(TokenConstants.TOKEN_ATTRIBUTE_KEY, token);
+
+ assertNull(tokenProvider.getTokenInfo(token));
+ }
+
+ @Test
public void testGetTokenInfoFromInvalidLocation() throws Exception {
TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap());
Tree tokenTree = getTokenTree(info);
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenValidatorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenValidatorTest.java?rev=1785830&r1=1785829&r2=1785830&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenValidatorTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenValidatorTest.java Tue Mar 7 11:34:25 2017
@@ -18,6 +18,7 @@ package org.apache.jackrabbit.oak.securi
import java.util.Collections;
import java.util.Date;
+import java.util.UUID;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.oak.api.CommitFailedException;
@@ -367,4 +368,29 @@ public class TokenValidatorTest extends
n.setName(JcrConstants.JCR_PRIMARYTYPE, JcrConstants.NT_UNSTRUCTURED);
root.commit();
}
+
+ @Test
+ public void testChangeToReservedTokenNodeType() throws Exception {
+ String parentPath = getTestUser().getPath() + "/"+TokenConstants.TOKENS_NODE_NAME;
+ String path = parentPath+"/node";
+ try {
+ Tree t = root.getTree(getTestUser().getPath()).addChild(TokenConstants.TOKENS_NODE_NAME);
+ t.setProperty(JcrConstants.JCR_PRIMARYTYPE, JcrConstants.NT_UNSTRUCTURED, Type.NAME);
+ t.addChild("node").setProperty(JcrConstants.JCR_PRIMARYTYPE, JcrConstants.NT_UNSTRUCTURED, Type.NAME);
+ root.commit();
+
+ NodeUtil node = new NodeUtil(root.getTree(path));
+ node.setName(JcrConstants.JCR_PRIMARYTYPE, TokenConstants.TOKEN_NT_NAME);
+ node.setString(JcrConstants.JCR_UUID, UUID.randomUUID().toString());
+ node.setString(TokenConstants.TOKEN_ATTRIBUTE_KEY, PasswordUtil.buildPasswordHash("key"));
+ node.setDate(TokenConstants.TOKEN_ATTRIBUTE_EXPIRY, new Date().getTime());
+ root.commit(CommitMarker.asCommitAttributes());
+ } catch (CommitFailedException e) {
+ assertEquals(62, e.getCode());
+ } finally {
+ root.refresh();
+ root.getTree(parentPath).remove();
+ root.commit();
+ }
+ }
}
\ No newline at end of file