You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2014/01/29 11:07:31 UTC
svn commit: r1562390 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/security/authentication/token/
main/java/org/apache/jackrabbit/oak/security/authentication/user/
main/java/org/apache/jackrabbit/oak/spi/security/authenti...
Author: angela
Date: Wed Jan 29 10:07:30 2014
New Revision: 1562390
URL: http://svn.apache.org/r1562390
Log:
OAK-1363
TokenLoginModule does not set userId on auth info
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java?rev=1562390&r1=1562389&r2=1562390&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java Wed Jan 29 10:07:30 2014
@@ -170,7 +170,8 @@ public final class TokenLoginModule exte
for (String name : attributes.keySet()) {
tc.setAttribute(name, attributes.get(name));
}
- updateSubject(tc, getAuthInfo(ti), null);
+ sharedState.put(SHARED_KEY_ATTRIBUTES, attributes);
+ updateSubject(tc, null, null);
} else {
// failed to create token -> fail commit()
log.debug("TokenProvider failed to create a login token for user " + userId);
@@ -236,19 +237,21 @@ public final class TokenLoginModule exte
* @param tokenInfo The tokenInfo to retrieve attributes from.
* @return The {@code AuthInfo} resulting from the successful login.
*/
- @Nonnull
- private AuthInfo getAuthInfo(TokenInfo tokenInfo) {
- Map<String, Object> attributes = new HashMap<String, Object>();
- if (tokenProvider != null && tokenInfo != null) {
+ @CheckForNull
+ private AuthInfo getAuthInfo(@Nullable TokenInfo tokenInfo) {
+ if (tokenInfo != null) {
+ Map<String, Object> attributes = new HashMap<String, Object>();
Map<String, String> publicAttributes = tokenInfo.getPublicAttributes();
for (String attrName : publicAttributes.keySet()) {
attributes.put(attrName, publicAttributes.get(attrName));
}
+ return new AuthInfoImpl(tokenInfo.getUserId(), attributes, principals);
+ } else {
+ return null;
}
- return new AuthInfoImpl(userId, attributes, principals);
}
- private void updateSubject(@Nonnull TokenCredentials tc, @Nonnull AuthInfo authInfo,
+ private void updateSubject(@Nonnull TokenCredentials tc, @Nullable AuthInfo authInfo,
@Nullable Set<? extends Principal> principals) {
if (!subject.isReadOnly()) {
subject.getPublicCredentials().add(tc);
@@ -257,12 +260,9 @@ public final class TokenLoginModule exte
subject.getPrincipals().addAll(principals);
}
- // replace all existing auth-info
- Set<AuthInfo> ais = subject.getPublicCredentials(AuthInfo.class);
- if (!ais.isEmpty()) {
- subject.getPublicCredentials().removeAll(ais);
+ if (authInfo != null) {
+ setAuthInfo(authInfo, subject);
}
- subject.getPublicCredentials().add(authInfo);
}
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java?rev=1562390&r1=1562389&r2=1562390&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java Wed Jan 29 10:07:30 2014
@@ -33,9 +33,9 @@ import javax.security.auth.login.LoginEx
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
-import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
+import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl;
import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
@@ -143,10 +143,7 @@ public final class LoginModuleImpl exten
if (!subject.isReadOnly()) {
subject.getPrincipals().addAll(principals);
subject.getPublicCredentials().add(credentials);
- Set<AuthInfo> ais = subject.getPublicCredentials(AuthInfo.class);
- if (ais.isEmpty()) {
- subject.getPublicCredentials().add(createAuthInfo());
- }
+ setAuthInfo(createAuthInfo(), subject);
} else {
log.debug("Could not add information to read only subject {}", subject);
}
@@ -213,14 +210,19 @@ public final class LoginModuleImpl exten
}
private AuthInfo createAuthInfo() {
- Map<String, Object> attributes = new HashMap<String, Object>();
Credentials creds;
if (credentials instanceof ImpersonationCredentials) {
creds = ((ImpersonationCredentials) credentials).getBaseCredentials();
} else {
creds = credentials;
}
- if (creds instanceof SimpleCredentials) {
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ Object shared = sharedState.get(SHARED_KEY_ATTRIBUTES);
+ if (shared instanceof Map) {
+ for (Object key : ((Map) shared).keySet()) {
+ attributes.put(key.toString(), ((Map) shared).get(key));
+ }
+ } else if (creds instanceof SimpleCredentials) {
SimpleCredentials sc = (SimpleCredentials) creds;
for (String attrName : sc.getAttributeNames()) {
attributes.put(attrName, sc.getAttribute(attrName));
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1562390&r1=1562389&r2=1562390&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java Wed Jan 29 10:07:30 2014
@@ -35,6 +35,7 @@ import javax.security.auth.login.LoginEx
import javax.security.auth.spi.LoginModule;
import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.api.ContentRepository;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
@@ -154,6 +155,12 @@ public abstract class AbstractLoginModul
*/
public static final String SHARED_KEY_LOGIN_NAME = "javax.security.auth.login.name";
+ /**
+ * Key of the sharedState entry referring to public attributes that are shared
+ * between multiple login modules.
+ */
+ public static final String SHARED_KEY_ATTRIBUTES = "javax.security.auth.login.attributes";
+
protected Subject subject;
protected CallbackHandler callbackHandler;
protected Map sharedState;
@@ -441,4 +448,12 @@ public abstract class AbstractLoginModul
return principalProvider.getPrincipals(userId);
}
}
+
+ static protected void setAuthInfo(@Nonnull AuthInfo authInfo, @Nonnull Subject subject) {
+ Set<AuthInfo> ais = subject.getPublicCredentials(AuthInfo.class);
+ if (!ais.isEmpty()) {
+ subject.getPublicCredentials().removeAll(ais);
+ }
+ subject.getPublicCredentials().add(authInfo);
+ }
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java?rev=1562390&r1=1562389&r2=1562390&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java Wed Jan 29 10:07:30 2014
@@ -38,7 +38,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
-import org.junit.Ignore;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
@@ -166,7 +165,6 @@ public class TokenDefaultLoginModuleTest
}
@Test
- @Ignore("OAK-1363")
public void testTokenAuthInfo() throws Exception {
ContentSession cs = null;
try {