You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/10/11 16:36:10 UTC
svn commit: r1397084 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak:
security/authentication/ security/authentication/token/
spi/security/authentication/callback/
Author: angela
Date: Thu Oct 11 14:36:09 2012
New Revision: 1397084
URL: http://svn.apache.org/viewvc?rev=1397084&view=rev
Log:
OAK-91 - Implement Authentication Support (WIP)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserProviderCallback.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/CredentialsCallback.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java?rev=1397084&r1=1397083&r2=1397084&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java Thu Oct 11 14:36:09 2012
@@ -101,7 +101,7 @@ public final class LoginModuleImpl exten
private Credentials credentials;
private Set<? extends Principal> principals;
- private String userID;
+ private String userId;
//--------------------------------------------------------< LoginModule >---
@Override
@@ -112,30 +112,31 @@ public final class LoginModuleImpl exten
@Override
public boolean login() throws LoginException {
credentials = getCredentials();
- userID = getUserID();
+ userId = getUserId();
- if (credentials == null || userID == null) {
+ if (credentials == null || userId == null) {
log.debug("Could not extract userId/credentials");
return false;
}
- Authentication authentication = new AuthenticationImpl(userID, getUserProvider(), getPrincipalProvider());
+ Authentication authentication = new AuthenticationImpl(userId, getUserProvider(), getPrincipalProvider());
boolean success = authentication.authenticate(credentials);
if (success) {
- principals = getPrincipals(userID);
+ principals = getPrincipals(userId);
log.debug("Adding Credentials to shared state.");
sharedState.put(SHARED_KEY_CREDENTIALS, credentials);
log.debug("Adding login name to shared state.");
- sharedState.put(SHARED_KEY_LOGIN_NAME, userID);
+ sharedState.put(SHARED_KEY_LOGIN_NAME, userId);
}
return success;
}
@Override
- public boolean commit() throws LoginException {
- if (credentials == null || principals.isEmpty()) {
+ public boolean commit() {
+ if (credentials == null || principals == null) {
+ // login attempt in this login module was not successful
clearState();
return false;
} else {
@@ -162,28 +163,28 @@ public final class LoginModuleImpl exten
credentials = null;
principals = null;
- userID = null;
+ userId = null;
}
//--------------------------------------------------------------------------
@CheckForNull
- private String getUserID() {
- String userID = null;
+ private String getUserId() {
+ String uid = null;
if (credentials != null) {
if (credentials instanceof SimpleCredentials) {
- userID = ((SimpleCredentials) credentials).getUserID();
+ uid = ((SimpleCredentials) credentials).getUserID();
} else if (credentials instanceof GuestCredentials) {
- userID = getAnonymousID();
+ uid = getAnonymousId();
} else if (credentials instanceof ImpersonationCredentials) {
Credentials bc = ((ImpersonationCredentials) credentials).getBaseCredentials();
if (bc instanceof SimpleCredentials) {
- userID = ((SimpleCredentials) bc).getUserID();
+ uid = ((SimpleCredentials) bc).getUserID();
}
} else {
try {
NameCallback callback = new NameCallback("User-ID: ");
callbackHandler.handle(new Callback[]{callback});
- userID = callback.getName();
+ uid = callback.getName();
} catch (UnsupportedCallbackException e) {
log.warn("Credentials- or NameCallback must be supported");
} catch (IOException e) {
@@ -192,13 +193,13 @@ public final class LoginModuleImpl exten
}
}
- if (userID == null) {
- userID = getSharedLoginName();
+ if (uid == null) {
+ uid = getSharedLoginName();
}
- return userID;
+ return uid;
}
- private String getAnonymousID() {
+ private String getAnonymousId() {
SecurityProvider sp = getSecurityProvider();
if (sp == null) {
return null;
@@ -215,6 +216,6 @@ public final class LoginModuleImpl exten
attributes.put(attrName, sc.getAttribute(attrName));
}
}
- return new AuthInfoImpl(userID, attributes, principals);
+ return new AuthInfoImpl(userId, attributes, principals);
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java?rev=1397084&r1=1397083&r2=1397084&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java Thu Oct 11 14:36:09 2012
@@ -54,7 +54,7 @@ public final class TokenLoginModule exte
private TokenCredentials tokenCredentials;
private TokenInfo tokenInfo;
- private String userID;
+ private String userId;
private Set<? extends Principal> principals;
//--------------------------------------------------------< LoginModule >---
@@ -72,11 +72,11 @@ public final class TokenLoginModule exte
if (authentication.authenticate(tc)) {
tokenCredentials = tc;
tokenInfo = authentication.getTokenInfo();
- userID = tokenInfo.getUserId();
- principals = getPrincipals(userID);
+ userId = tokenInfo.getUserId();
+ principals = getPrincipals(userId);
log.debug("Login: adding login name to shared state.");
- sharedState.put(SHARED_KEY_LOGIN_NAME, userID);
+ sharedState.put(SHARED_KEY_LOGIN_NAME, userId);
return true;
}
}
@@ -85,7 +85,7 @@ public final class TokenLoginModule exte
}
@Override
- public boolean commit() throws LoginException {
+ public boolean commit() {
if (tokenCredentials != null) {
if (!subject.isReadOnly()) {
subject.getPublicCredentials().add(tokenCredentials);
@@ -95,6 +95,9 @@ public final class TokenLoginModule exte
return true;
}
+ // the login attempt on this module did not succeed: clear state
+ // and check if another successful login asks for a new token to be created.
+ clearState();
if (tokenProvider != null && sharedState.containsKey(SHARED_KEY_CREDENTIALS)) {
Credentials shared = getSharedCredentials();
if (shared != null && tokenProvider.doCreateToken(shared)) {
@@ -113,23 +116,25 @@ public final class TokenLoginModule exte
}
}
}
-
return false;
}
- @Override
- public boolean abort() throws LoginException {
- tokenCredentials = null;
- principals = null;
- return true;
- }
-
//------------------------------------------------< AbstractLoginModule >---
@Override
protected Set<Class> getSupportedCredentials() {
return Collections.<Class>singleton(TokenCredentials.class);
}
+ @Override
+ protected void clearState() {
+ super.clearState();
+
+ tokenCredentials = null;
+ tokenInfo = null;
+ userId = null;
+ principals = null;
+ }
+
//--------------------------------------------------------------------------
private TokenProvider getTokenProvider() {
TokenProvider provider = null;
@@ -160,6 +165,6 @@ public final class TokenLoginModule exte
attributes.put(attrName, publicAttributes.get(attrName));
}
}
- return new AuthInfoImpl(userID, attributes, principals);
+ return new AuthInfoImpl(userId, attributes, principals);
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/CredentialsCallback.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/CredentialsCallback.java?rev=1397084&r1=1397083&r2=1397084&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/CredentialsCallback.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/CredentialsCallback.java Thu Oct 11 14:36:09 2012
@@ -16,7 +16,6 @@
*/
package org.apache.jackrabbit.oak.spi.security.authentication.callback;
-import java.io.Serializable;
import javax.annotation.CheckForNull;
import javax.jcr.Credentials;
import javax.security.auth.callback.Callback;
@@ -24,7 +23,7 @@ import javax.security.auth.callback.Call
/**
* Callback implementation to retrieve {@code Credentials}.
*/
-public class CredentialsCallback implements Callback, Serializable {
+public class CredentialsCallback implements Callback {
private Credentials credentials;
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserProviderCallback.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserProviderCallback.java?rev=1397084&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserProviderCallback.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserProviderCallback.java Thu Oct 11 14:36:09 2012
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authentication.callback;
+
+import javax.security.auth.callback.Callback;
+
+import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
+
+/**
+ * Callback implementation used to pass a {@link UserProvider} to the
+ * login module.
+ */
+public class UserProviderCallback implements Callback {
+
+ private UserProvider userProvider;
+
+ /**
+ * Returns the user provider as set using
+ * {@link #setUserProvider(org.apache.jackrabbit.oak.spi.security.user.UserProvider)}
+ * or {@code null}.
+ *
+ * @return an instance of {@code UserProvider} or {@code null} if no
+ * provider has been set before.
+ */
+ public UserProvider getUserProvider() {
+ return userProvider;
+ }
+
+ /**
+ * Sets the {@code UserProvider} that is being used during the
+ * authentication process.
+ *
+ * @param userProvider The user provider to use during the
+ * authentication process.
+ */
+ public void setUserProvider(UserProvider userProvider) {
+ this.userProvider = userProvider;
+ }
+}
\ No newline at end of file