You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by mr...@apache.org on 2010/07/07 21:47:27 UTC
svn commit: r961487 - in /jackrabbit/trunk/jackrabbit-core/src:
main/java/org/apache/jackrabbit/core/security/authentication/
test/java/org/apache/jackrabbit/core/security/authentication/
Author: mreutegg
Date: Wed Jul 7 19:47:27 2010
New Revision: 961487
URL: http://svn.apache.org/viewvc?rev=961487&view=rev
Log:
JCR-2671: AbstractLoginModule must not call abort() in commit()
Added:
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/LoginModuleTest.java (with props)
Modified:
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/TestAll.java
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java?rev=961487&r1=961486&r2=961487&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java Wed Jul 7 19:47:27 2010
@@ -356,8 +356,7 @@ public abstract class AbstractLoginModul
* LoginModule's own authentication attempted failed, then this method
* removes/destroys any state that was originally saved.
* <p/>
- * The login is considers as succeeded if the credentials field is set. If
- * there is no principal set the login is considered as ignored.
+ * The login is considered as succeeded if there is a principal set.
* <p/>
* The implementation stores the principal associated to the UserID and all
* the Groups it is member of with the Subject and in addition adds an
@@ -369,10 +368,6 @@ public abstract class AbstractLoginModul
* @see javax.security.auth.spi.LoginModule#commit()
*/
public boolean commit() throws LoginException {
- //check login-state
- if (credentials == null) {
- abort();
- }
if (!isInitialized() || principal == null) {
return false;
}
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/LoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/LoginModuleTest.java?rev=961487&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/LoginModuleTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/LoginModuleTest.java Wed Jul 7 19:47:27 2010
@@ -0,0 +1,141 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authentication;
+
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.jcr.Credentials;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import org.apache.jackrabbit.core.security.TestPrincipal;
+import org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider;
+import org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl;
+import org.apache.jackrabbit.test.AbstractJCRTest;
+
+/**
+ * <code>LoginModuleTest</code> checks if multiple login modules are properly
+ * handled. More specifically, this test case sets up a configuration with
+ * two login modules:
+ * <ul>
+ * <li>module 1: required. This module will always authenticate successfully</li>
+ * <li>module 2: sufficient. This module will always indicate that it should be ignored.</li>
+ * </ul>
+ * See also JCR-2671.
+ */
+public class LoginModuleTest extends AbstractJCRTest {
+
+ private static final String APP_NAME = LoginModuleTest.class.getName();
+
+ public void testMultipleModules() throws Exception {
+
+ CallbackHandler ch = new CallbackHandlerImpl(new SimpleCredentials("user", "pass".toCharArray()),
+ superuser, new ProviderRegistryImpl(new FallbackPrincipalProvider()),
+ "admin", "anonymous");
+ LoginContext context = new LoginContext(
+ APP_NAME, new Subject(), ch, new TestConfiguration());
+ context.login();
+ assertFalse("no principal set", context.getSubject().getPrincipals().isEmpty());
+ }
+
+ static class TestConfiguration extends Configuration {
+
+ @Override
+ public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
+ return new AppConfigurationEntry[] {
+ new TestAppConfigurationEntry(AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, false),
+ new TestAppConfigurationEntry(AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, true)
+ };
+ }
+ }
+
+ static class TestAppConfigurationEntry extends AppConfigurationEntry {
+
+ private static final Map<String, Object> IGNORE = new HashMap<String, Object>();
+
+ private static final Map<String, Object> EMPTY = Collections.emptyMap();
+
+ static {
+ IGNORE.put("ignore", "true");
+ }
+
+ public TestAppConfigurationEntry(LoginModuleControlFlag controlFlag,
+ boolean ignore) {
+ super(TestLoginModule.class.getName(), controlFlag, ignore ? IGNORE : EMPTY);
+ }
+ }
+
+ public static class TestLoginModule extends AbstractLoginModule {
+
+ private boolean ignore = false;
+
+ @Override
+ protected void doInit(CallbackHandler callbackHandler,
+ Session session,
+ Map options) throws LoginException {
+ if (options.containsKey("ignore")) {
+ ignore = true;
+ }
+ }
+
+ @Override
+ protected boolean impersonate(Principal principal,
+ Credentials credentials)
+ throws RepositoryException, LoginException {
+ return false;
+ }
+
+ @Override
+ protected Authentication getAuthentication(Principal principal,
+ Credentials creds)
+ throws RepositoryException {
+ if (ignore) {
+ return null;
+ } else {
+ return new Authentication() {
+ public boolean canHandle(Credentials credentials) {
+ return true;
+ }
+
+ public boolean authenticate(Credentials credentials)
+ throws RepositoryException {
+ return true;
+ }
+ };
+ }
+ }
+
+ @Override
+ protected Principal getPrincipal(Credentials credentials) {
+ if (ignore) {
+ return null;
+ } else {
+ return new TestPrincipal(((SimpleCredentials) credentials).getUserID());
+ }
+ }
+ }
+}
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/LoginModuleTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/TestAll.java?rev=961487&r1=961486&r2=961487&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/TestAll.java Wed Jul 7 19:47:27 2010
@@ -30,6 +30,7 @@ public class TestAll extends TestCase {
suite.addTestSuite(NullLoginTest.class);
suite.addTestSuite(SimpleCredentialsAuthenticationTest.class);
suite.addTestSuite(CryptedSimpleCredentialsTest.class);
+ suite.addTestSuite(LoginModuleTest.class);
return suite;
}