You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by st...@apache.org on 2018/09/06 14:45:42 UTC
svn commit: r1840226 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/
oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/
oak-security-spi/src/main/java/org/apache/j...
Author: stillalex
Date: Thu Sep 6 14:45:42 2018
New Revision: 1840226
URL: http://svn.apache.org/viewvc?rev=1840226&view=rev
Log:
OAK-7741 Token LoginModule flag to skip refreshing the token expiration
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConstants.java
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java?rev=1840226&r1=1840225&r2=1840226&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java Thu Sep 6 14:45:42 2018
@@ -23,6 +23,7 @@ import javax.security.auth.login.LoginEx
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConstants;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.jetbrains.annotations.NotNull;
@@ -116,7 +117,12 @@ class TokenAuthentication implements Aut
}
if (tokenInfo.matches(tokenCredentials)) {
- tokenInfo.resetExpiration(loginTime);
+ if (tokenCredentials.getAttribute(TokenConstants.TOKEN_SKIP_REFRESH) == null) {
+ boolean reset = tokenInfo.resetExpiration(loginTime);
+ log.debug("Token reset={}", reset);
+ } else {
+ log.debug("Token reset skipped.");
+ }
return true;
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java?rev=1840226&r1=1840225&r2=1840226&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java Thu Sep 6 14:45:42 2018
@@ -36,6 +36,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.jetbrains.annotations.NotNull;
import org.junit.Before;
import org.junit.Test;
+import org.mockito.Mockito;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
@@ -177,4 +178,65 @@ public class TokenAuthenticationTest ext
assertTrue(authentication.authenticate(new TokenCredentials(info.getToken())));
assertEquals(getTestUser().getPrincipal(), authentication.getUserPrincipal());
}
+
+ @Test
+ public void testAuthenticateRefreshToken() throws Exception {
+ TokenCredentials tc = new TokenCredentials("token");
+ TokenProvider tp = Mockito.mock(TokenProvider.class);
+ TokenInfo ti = Mockito.mock(TokenInfo.class);
+
+ Mockito.when(tp.getTokenInfo(Mockito.anyString())).thenReturn(ti);
+ Mockito.when(ti.isExpired(Mockito.anyLong())).thenReturn(false);
+ Mockito.when(ti.matches(tc)).thenReturn(true);
+
+ TokenAuthentication auth = new TokenAuthentication(tp);
+ try {
+ assertTrue(auth.authenticate(tc));
+ Mockito.verify(ti).resetExpiration(Mockito.anyLong());
+ } catch (LoginException e) {
+ fail(e.getMessage());
+ }
+ }
+
+ @Test
+ public void testAuthenticateSkipRefreshToken() throws Exception {
+ TokenCredentials tc = new TokenCredentials("token");
+ tc.setAttribute(TokenConstants.TOKEN_SKIP_REFRESH, "");
+
+ TokenProvider tp = Mockito.mock(TokenProvider.class);
+ TokenInfo ti = Mockito.mock(TokenInfo.class);
+
+ Mockito.when(tp.getTokenInfo(Mockito.anyString())).thenReturn(ti);
+ Mockito.when(ti.isExpired(Mockito.anyLong())).thenReturn(false);
+ Mockito.when(ti.matches(tc)).thenReturn(true);
+
+ TokenAuthentication auth = new TokenAuthentication(tp);
+ try {
+ assertTrue(auth.authenticate(tc));
+ Mockito.verify(ti, Mockito.never()).resetExpiration(Mockito.anyLong());
+ } catch (LoginException e) {
+ fail(e.getMessage());
+ }
+ }
+
+ @Test
+ public void testAuthenticateExpiredTokenMock() throws Exception {
+ TokenCredentials tc = new TokenCredentials("token");
+ TokenProvider tp = Mockito.mock(TokenProvider.class);
+ TokenInfo ti = Mockito.mock(TokenInfo.class);
+
+ Mockito.when(tp.getTokenInfo(Mockito.anyString())).thenReturn(ti);
+ Mockito.when(ti.isExpired(Mockito.anyLong())).thenReturn(true);
+
+ TokenAuthentication auth = new TokenAuthentication(tp);
+ try {
+ auth.authenticate(tc);
+ fail("LoginException expected");
+ } catch (LoginException e) {
+ // success
+ }
+
+ Mockito.verify(ti, Mockito.never()).matches(Mockito.any());
+ Mockito.verify(ti, Mockito.never()).resetExpiration(Mockito.anyLong());
+ }
}
Modified: jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConstants.java?rev=1840226&r1=1840225&r2=1840226&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConstants.java (original)
+++ jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConstants.java Thu Sep 6 14:45:42 2018
@@ -42,4 +42,9 @@ public interface TokenConstants {
TOKEN_ATTRIBUTE_KEY);
Set<String> TOKEN_PROPERTY_NAMES = ImmutableSet.of(TOKEN_ATTRIBUTE_EXPIRY, TOKEN_ATTRIBUTE_KEY);
+
+ /**
+ * Flag set on the TokenCredentials to skip refreshing the token expiration time
+ */
+ String TOKEN_SKIP_REFRESH = "tokenSkipRefresh";
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java?rev=1840226&r1=1840225&r2=1840226&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java (original)
+++ jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java Thu Sep 6 14:45:42 2018
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("1.5.1")
+@Version("1.6.0")
package org.apache.jackrabbit.oak.spi.security.authentication.token;
import org.osgi.annotation.versioning.Version;