You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2014/07/04 11:25:46 UTC
svn commit: r1607805 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/security/user/UserAuthentication.java
test/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationTest.java
Author: angela
Date: Fri Jul 4 09:25:45 2014
New Revision: 1607805
URL: http://svn.apache.org/r1607805
Log:
OAK-1942 : UserAuthentication: enhance login states with relevant exceptions (patch provided by Dominique Jaeggi, thanks a lot!)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthentication.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthentication.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthentication.java?rev=1607805&r1=1607804&r2=1607805&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthentication.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthentication.java Fri Jul 4 09:25:45 2014
@@ -26,6 +26,9 @@ import javax.jcr.GuestCredentials;
import javax.jcr.RepositoryException;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
+import javax.security.auth.login.AccountLockedException;
+import javax.security.auth.login.AccountNotFoundException;
+import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.LoginException;
@@ -99,12 +102,12 @@ class UserAuthentication implements Auth
}
if (authorizable.isGroup()) {
- throw new LoginException("Not a user " + userId);
+ throw new AccountNotFoundException("Not a user " + userId);
}
User user = (User) authorizable;
if (user.isDisabled()) {
- throw new LoginException("User with ID " + userId + " has been disabled: "+ user.getDisabledReason());
+ throw new AccountLockedException("User with ID " + userId + " has been disabled: "+ user.getDisabledReason());
}
if (credentials instanceof SimpleCredentials) {
@@ -136,7 +139,7 @@ class UserAuthentication implements Auth
//--------------------------------------------------------------------------
private static void checkSuccess(boolean success, String msg) throws LoginException {
if (!success) {
- throw new LoginException(msg);
+ throw new FailedLoginException(msg);
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationTest.java?rev=1607805&r1=1607804&r2=1607805&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationTest.java Fri Jul 4 09:25:45 2014
@@ -24,10 +24,14 @@ import javax.annotation.Nonnull;
import javax.jcr.Credentials;
import javax.jcr.GuestCredentials;
import javax.jcr.SimpleCredentials;
+import javax.security.auth.login.AccountLockedException;
+import javax.security.auth.login.AccountNotFoundException;
+import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
@@ -90,6 +94,7 @@ public class UserAuthenticationTest exte
fail("Authenticating Group should fail");
} catch (LoginException e) {
// success
+ assertTrue(e instanceof AccountNotFoundException);
} finally {
if (g != null) {
g.remove();
@@ -99,6 +104,27 @@ public class UserAuthenticationTest exte
}
@Test
+ public void testAuthenticateResolvesToDisabledUser() throws Exception {
+ User testUser = getTestUser();
+ SimpleCredentials sc = new SimpleCredentials(testUser.getID(), testUser.getID().toCharArray());
+ Authentication a = new UserAuthentication(getUserConfiguration(), root, sc.getUserID());
+
+ try {
+ getTestUser().disable("disabled");
+ root.commit();
+
+ a.authenticate(sc);
+ fail("Authenticating disabled user should fail");
+ } catch (LoginException e) {
+ // success
+ assertTrue(e instanceof AccountLockedException);
+ } finally {
+ getTestUser().disable(null);
+ root.commit();
+ }
+ }
+
+ @Test
public void testAuthenticateInvalidSimpleCredentials() throws Exception {
List<Credentials> invalid = new ArrayList<Credentials>();
invalid.add(new SimpleCredentials(userId, "wrongPw".toCharArray()));
@@ -111,6 +137,7 @@ public class UserAuthenticationTest exte
fail("LoginException expected");
} catch (LoginException e) {
// success
+ assertTrue(e instanceof FailedLoginException);
}
}
}
@@ -122,6 +149,7 @@ public class UserAuthenticationTest exte
fail("LoginException expected");
} catch (LoginException e) {
// success
+ assertTrue(e instanceof FailedLoginException);
}
}
@@ -144,6 +172,7 @@ public class UserAuthenticationTest exte
fail("LoginException expected");
} catch (LoginException e) {
// success
+ assertTrue(e instanceof FailedLoginException);
}
}
}