You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2011/02/22 12:40:53 UTC
svn commit: r1073299 - in /jackrabbit/trunk/jackrabbit-core/src:
main/java/org/apache/jackrabbit/core/
main/java/org/apache/jackrabbit/core/security/authentication/token/
test/java/org/apache/jackrabbit/core/security/authentication/token/
Author: angela
Date: Tue Feb 22 11:40:52 2011
New Revision: 1073299
URL: http://svn.apache.org/viewvc?rev=1073299&view=rev
Log:
JCR-2851 - Authentication Mechanism Based on Login Token
Modified:
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthentication.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthenticationTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedLoginTest.java
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java?rev=1073299&r1=1073298&r2=1073299&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java Tue Feb 22 11:40:52 2011
@@ -1497,15 +1497,18 @@ public class RepositoryImpl extends Abst
if (credentials instanceof SimpleCredentials) {
SimpleCredentials sc = (SimpleCredentials) credentials;
for (String name : sc.getAttributeNames()) {
- session.setAttribute(name, sc.getAttribute(name));
+ if (!TokenBasedAuthentication.isMandatoryAttribute(name)) {
+ session.setAttribute(name, sc.getAttribute(name));
+ }
}
}
Set<TokenCredentials> tokenCreds = session.getSubject().getPublicCredentials(TokenCredentials.class);
if (!tokenCreds.isEmpty()) {
TokenCredentials tc = tokenCreds.iterator().next();
- session.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE, tc.getToken());
for (String name : tc.getAttributeNames()) {
- session.setAttribute(name, tc.getAttribute(name));
+ if (!TokenBasedAuthentication.isMandatoryAttribute(name)) {
+ session.setAttribute(name, tc.getAttribute(name));
+ }
}
}
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthentication.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthentication.java?rev=1073299&r1=1073298&r2=1073299&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthentication.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthentication.java Tue Feb 22 11:40:52 2011
@@ -86,7 +86,7 @@ public class TokenBasedAuthentication im
while (it.hasNext()) {
Property p = it.nextProperty();
String name = p.getName();
- if (!name.startsWith(TOKEN_ATTRIBUTE)) {
+ if (!isMandatoryAttribute(name)) {
continue;
}
if (TOKEN_ATTRIBUTE_EXPIRY.equals(name)) {
@@ -202,18 +202,36 @@ public class TokenBasedAuthentication im
//--------------------------------------------------------------------------
/**
+ * Returns <code>true</code> if the given <code>credentials</code> object
+ * is an instance of <code>TokenCredentials</code>.
*
* @param credentials
- * @return
+ * @return <code>true</code> if the given <code>credentials</code> object
+ * is an instance of <code>TokenCredentials</code>; <code>false</code> otherwise.
*/
public static boolean isTokenBasedLogin(Credentials credentials) {
return credentials instanceof TokenCredentials;
}
/**
+ * Returns <code>true</code> if the specified <code>attributeName</code>
+ * starts with or equals {@link #TOKEN_ATTRIBUTE}.
+ *
+ * @param attributeName
+ * @return <code>true</code> if the specified <code>attributeName</code>
+ * starts with or equals {@link #TOKEN_ATTRIBUTE}.
+ */
+ public static boolean isMandatoryAttribute(String attributeName) {
+ return attributeName != null && attributeName.startsWith(TOKEN_ATTRIBUTE);
+ }
+
+ /**
+ * Returns <code>true</code> if the specified <code>credentials</code>
+ * should be used to create a new login token.
*
* @param credentials
- * @return
+ * @return <code>true</code> if upon successful authentication a new
+ * login token should be created; <code>false</code> otherwise.
*/
public static boolean doCreateToken(Credentials credentials) {
if (credentials instanceof SimpleCredentials) {
@@ -267,7 +285,9 @@ public class TokenBasedAuthentication im
String tokenName = Text.replace(ISO8601.format(cal), ":", ".");
Node tokenNode = tokenParent.addNode(tokenName);
- tokenCredentials = new TokenCredentials(tokenNode.getIdentifier());
+ String token = tokenNode.getIdentifier();
+ tokenCredentials = new TokenCredentials(token);
+ credentials.setAttribute(TOKEN_ATTRIBUTE, token);
// add expiration time property
cal.setTimeInMillis(expirationTime);
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthenticationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthenticationTest.java?rev=1073299&r1=1073298&r2=1073299&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthenticationTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthenticationTest.java Tue Feb 22 11:40:52 2011
@@ -49,7 +49,7 @@ public class TokenBasedAuthenticationTes
super.setUp();
tokenNode = testRootNode.addNode(nodeName1, "nt:unstructured");
- tokenNode.setProperty(".token.exp", new Date().getTime()+TokenBasedAuthentication.TOKEN_EXPIRATION);
+ tokenNode.setProperty(TokenBasedAuthentication.TOKEN_ATTRIBUTE +".exp", new Date().getTime()+TokenBasedAuthentication.TOKEN_EXPIRATION);
superuser.save();
String token = tokenNode.getIdentifier();
@@ -120,16 +120,16 @@ public class TokenBasedAuthenticationTes
}
public void testAttributes() throws RepositoryException {
- tokenNode.setProperty(".token.any", "correct");
+ tokenNode.setProperty(TokenBasedAuthentication.TOKEN_ATTRIBUTE +".any", "correct");
superuser.save();
TokenBasedAuthentication auth = new TokenBasedAuthentication(tokenNode.getIdentifier(), TokenBasedAuthentication.TOKEN_EXPIRATION, superuser);
assertFalse(auth.authenticate(tokenCreds));
- tokenCreds.setAttribute(".token.any", "wrong");
+ tokenCreds.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE +".any", "wrong");
assertFalse(auth.authenticate(tokenCreds));
- tokenCreds.setAttribute(".token.any", "correct");
+ tokenCreds.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE +".any", "correct");
assertTrue(auth.authenticate(tokenCreds));
// add informative property
@@ -139,4 +139,37 @@ public class TokenBasedAuthenticationTes
assertTrue(auth.authenticate(tokenCreds));
}
+
+ public void testIsTokenBasedLogin() {
+ assertFalse(TokenBasedAuthentication.isTokenBasedLogin(simpleCreds));
+ assertFalse(TokenBasedAuthentication.isTokenBasedLogin(creds));
+
+ assertTrue(TokenBasedAuthentication.isTokenBasedLogin(tokenCreds));
+ }
+
+ public void testIsMandatoryAttribute() {
+ assertFalse(TokenBasedAuthentication.isMandatoryAttribute("noMatchRequired"));
+
+ assertTrue(TokenBasedAuthentication.isMandatoryAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE + ".exp"));
+ assertTrue(TokenBasedAuthentication.isMandatoryAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE + ".custom"));
+ assertTrue(TokenBasedAuthentication.isMandatoryAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE + "_custom"));
+ assertTrue(TokenBasedAuthentication.isMandatoryAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE + "custom"));
+ }
+
+ public void testDoCreateToken() {
+ assertFalse(TokenBasedAuthentication.doCreateToken(creds));
+ assertFalse(TokenBasedAuthentication.doCreateToken(simpleCreds));
+ assertFalse(TokenBasedAuthentication.doCreateToken(tokenCreds));
+
+ SimpleCredentials sc = new SimpleCredentials("uid", "pw".toCharArray());
+ sc.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE, null);
+
+ assertFalse(TokenBasedAuthentication.doCreateToken(sc));
+
+ sc.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE, "somevalue");
+ assertFalse(TokenBasedAuthentication.doCreateToken(sc));
+
+ sc.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE, "");
+ assertTrue(TokenBasedAuthentication.doCreateToken(sc));
+ }
}
\ No newline at end of file
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedLoginTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedLoginTest.java?rev=1073299&r1=1073298&r2=1073299&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedLoginTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedLoginTest.java Tue Feb 22 11:40:52 2011
@@ -111,6 +111,7 @@ public class TokenBasedLoginTest extends
s = repo.login(creds);
try {
+ // token credentials must be created
Set<TokenCredentials> tokenCreds = ((SessionImpl) s).getSubject().getPublicCredentials(TokenCredentials.class);
assertFalse(tokenCreds.isEmpty());
assertEquals(1, tokenCreds.size());
@@ -118,9 +119,26 @@ public class TokenBasedLoginTest extends
TokenCredentials tc = tokenCreds.iterator().next();
token = tc.getToken();
- assertEquals(token, s.getAttribute(TOKEN_ATTRIBUTE));
+ // original simple credentials: token attribute should be updated
+ assertNotNull(creds.getAttribute(TOKEN_ATTRIBUTE));
+ assertFalse("".equals(creds.getAttribute(TOKEN_ATTRIBUTE)));
+
+ // simple credentials must also be present on the subject
+ Set<SimpleCredentials> scs = ((SessionImpl) s).getSubject().getPublicCredentials(SimpleCredentials.class);
+ assertFalse(scs.isEmpty());
+ assertEquals(1, scs.size());
+ SimpleCredentials sc = scs.iterator().next();
+ assertNotNull(sc.getAttribute(TOKEN_ATTRIBUTE));
+ assertFalse("".equals(sc.getAttribute(TOKEN_ATTRIBUTE)));
+
+ // test if session attributes only exposed non-mandatory attributes
+ assertNull(s.getAttribute(TOKEN_ATTRIBUTE));
for (String attrName : tc.getAttributeNames()) {
- assertEquals(tc.getAttribute(attrName), s.getAttribute(attrName));
+ if (TokenBasedAuthentication.isMandatoryAttribute(attrName)) {
+ assertNull(s.getAttribute(attrName));
+ } else {
+ assertEquals(tc.getAttribute(attrName), s.getAttribute(attrName));
+ }
}
// only test node characteristics if user-node resided within the same
@@ -161,11 +179,16 @@ public class TokenBasedLoginTest extends
assertEquals(1, tokenCreds.size());
TokenCredentials tc = tokenCreds.iterator().next();
- token = tc.getToken();
+ String tk = tc.getToken();
+ assertEquals(token, tk);
- assertEquals(token, s.getAttribute(TOKEN_ATTRIBUTE));
+ assertNull(s.getAttribute(TOKEN_ATTRIBUTE));
for (String attrName : tc.getAttributeNames()) {
- assertEquals(tc.getAttribute(attrName), s.getAttribute(attrName));
+ if (TokenBasedAuthentication.isMandatoryAttribute(attrName)) {
+ assertNull(s.getAttribute(attrName));
+ } else {
+ assertEquals(tc.getAttribute(attrName), s.getAttribute(attrName));
+ }
}
} finally {
@@ -223,9 +246,12 @@ public class TokenBasedLoginTest extends
for (int i = 0; i < 100; i++) {
try {
Session s = getHelper().getRepository().login(creds);
- s.logout();
-
- assertNotNull(s.getAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE).toString());
+ try {
+ Set<TokenCredentials> tcs = ((SessionImpl) s).getSubject().getPublicCredentials(TokenCredentials.class);
+ assertFalse(tcs.isEmpty());
+ } finally {
+ s.logout();
+ }
} catch (Exception e) {
exception[0] = e;
break;
@@ -292,9 +318,12 @@ public class TokenBasedLoginTest extends
int index = (int) Math.floor(rand);
Credentials c = credentials.get(index);
Session s = getHelper().getRepository().login(c);
- s.logout();
-
- assertNotNull(s.getAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE).toString());
+ try {
+ Set<TokenCredentials> tcs = ((SessionImpl) s).getSubject().getPublicCredentials(TokenCredentials.class);
+ assertFalse(tcs.isEmpty());
+ } finally {
+ s.logout();
+ }
} catch (Exception e) {
exception[0] = e;
break;
@@ -352,9 +381,13 @@ public class TokenBasedLoginTest extends
String wspName = wspNames.get(index);
Session s = getHelper().getRepository().login(creds, wspName);
- s.logout();
+ try {
+ Set<TokenCredentials> tcs = ((SessionImpl) s).getSubject().getPublicCredentials(TokenCredentials.class);
+ assertFalse(tcs.isEmpty());
+ } finally {
+ s.logout();
+ }
- assertNotNull(s.getAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE).toString());
} catch (Exception e) {
exception[0] = e;
break;