You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by st...@apache.org on 2018/10/19 09:52:29 UTC
svn commit: r1844323 - in /jackrabbit/oak/branches/1.8: ./
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/
oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/
oak-security-spi/src/main/java/or...
Author: stillalex
Date: Fri Oct 19 09:52:29 2018
New Revision: 1844323
URL: http://svn.apache.org/viewvc?rev=1844323&view=rev
Log:
OAK-7741 Token LoginModule flag to skip refreshing the token expiration
- backported rev 1840226 to 1.8
Modified:
jackrabbit/oak/branches/1.8/ (props changed)
jackrabbit/oak/branches/1.8/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
jackrabbit/oak/branches/1.8/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java
jackrabbit/oak/branches/1.8/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConstants.java
jackrabbit/oak/branches/1.8/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
Propchange: jackrabbit/oak/branches/1.8/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Oct 19 09:52:29 2018
@@ -1,3 +1,3 @@
/jackrabbit/oak/branches/1.0:1665962
-/jackrabbit/oak/trunk:1820660-1820661,1820729,1820734,1820859,1820861,1820878,1820888,1820947,1821027,1821130,1821140-1821141,1821178,1821237,1821240,1821249,1821258,1821325,1821358,1821361-1821362,1821370,1821375,1821393,1821477,1821487,1821516,1821617,1821663,1821665,1821668,1821681,1821847,1821975-1821983,1822121,1822201,1822207,1822527,1822723,1822808,1822850,1822934,1823135,1823163,1823169,1823172,1823655,1823669,1824196,1824198,1824253,1824255,1824896,1824962,1825065,1825362,1825381,1825442,1825448,1825466,1825470-1825471,1825475,1825523,1825525,1825561,1825619-1825621,1825651,1825654,1825992,1826079,1826090,1826096,1826216,1826237,1826338,1826516,1826532,1826551,1826560,1826638,1826640,1826730,1826932,1826957,1827423,1827472,1827486,1827816,1827977,1828349,1828439,1828502,1828529,1828948,1829527,1829534,1829546,1829569,1829587,1829665,1829854,1829864,1829978,1829985,1829987,1829998,1830019,1830048,1830160,1830171,1830197,1830209,1830239,1830347,1830748,1830911,1830923,1831157
-1831158,1831163,1831190,1831374,1831560,1831689,1832258,1832376,1832379,1832535,1833308,1833347,1833833,1834112,1834117,1834287,1834291,1834302,1834326,1834328,1834336,1834428,1834468,1834483,1834610,1834648-1834649,1834681,1834823,1834857-1834858,1835060,1835518,1835521,1835635,1835642,1835780,1835819,1836082,1836121,1836487,1836493,1837057,1837274,1837296,1837326,1837475,1837503,1837547,1837569,1837600,1837657,1837718,1837998,1838076,1838637,1839549,1839570,1839637,1839746,1840019,1840024,1840031,1840455,1840574,1841314,1841352,1842677,1843222,1843231,1843398,1843618,1843652,1843911
+/jackrabbit/oak/trunk:1820660-1820661,1820729,1820734,1820859,1820861,1820878,1820888,1820947,1821027,1821130,1821140-1821141,1821178,1821237,1821240,1821249,1821258,1821325,1821358,1821361-1821362,1821370,1821375,1821393,1821477,1821487,1821516,1821617,1821663,1821665,1821668,1821681,1821847,1821975-1821983,1822121,1822201,1822207,1822527,1822723,1822808,1822850,1822934,1823135,1823163,1823169,1823172,1823655,1823669,1824196,1824198,1824253,1824255,1824896,1824962,1825065,1825362,1825381,1825442,1825448,1825466,1825470-1825471,1825475,1825523,1825525,1825561,1825619-1825621,1825651,1825654,1825992,1826079,1826090,1826096,1826216,1826237,1826338,1826516,1826532,1826551,1826560,1826638,1826640,1826730,1826932,1826957,1827423,1827472,1827486,1827816,1827977,1828349,1828439,1828502,1828529,1828948,1829527,1829534,1829546,1829569,1829587,1829665,1829854,1829864,1829978,1829985,1829987,1829998,1830019,1830048,1830160,1830171,1830197,1830209,1830239,1830347,1830748,1830911,1830923,1831157
-1831158,1831163,1831190,1831374,1831560,1831689,1832258,1832376,1832379,1832535,1833308,1833347,1833833,1834112,1834117,1834287,1834291,1834302,1834326,1834328,1834336,1834428,1834468,1834483,1834610,1834648-1834649,1834681,1834823,1834857-1834858,1835060,1835518,1835521,1835635,1835642,1835780,1835819,1836082,1836121,1836487,1836493,1837057,1837274,1837296,1837326,1837475,1837503,1837547,1837569,1837600,1837657,1837718,1837998,1838076,1838637,1839549,1839570,1839637,1839746,1840019,1840024,1840031,1840226,1840455,1840574,1841314,1841352,1842677,1843222,1843231,1843398,1843618,1843652,1843911
/jackrabbit/trunk:1345480
Modified: jackrabbit/oak/branches/1.8/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.8/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java?rev=1844323&r1=1844322&r2=1844323&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.8/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java (original)
+++ jackrabbit/oak/branches/1.8/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java Fri Oct 19 09:52:29 2018
@@ -26,6 +26,7 @@ import javax.security.auth.login.LoginEx
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConstants;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.slf4j.Logger;
@@ -117,7 +118,12 @@ class TokenAuthentication implements Aut
}
if (tokenInfo.matches(tokenCredentials)) {
- tokenInfo.resetExpiration(loginTime);
+ if (tokenCredentials.getAttribute(TokenConstants.TOKEN_SKIP_REFRESH) == null) {
+ boolean reset = tokenInfo.resetExpiration(loginTime);
+ log.debug("Token reset={}", reset);
+ } else {
+ log.debug("Token reset skipped.");
+ }
return true;
}
Modified: jackrabbit/oak/branches/1.8/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.8/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java?rev=1844323&r1=1844322&r2=1844323&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.8/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java (original)
+++ jackrabbit/oak/branches/1.8/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java Fri Oct 19 09:52:29 2018
@@ -36,6 +36,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.junit.Before;
import org.junit.Test;
+import org.mockito.Mockito;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
@@ -177,4 +178,65 @@ public class TokenAuthenticationTest ext
assertTrue(authentication.authenticate(new TokenCredentials(info.getToken())));
assertEquals(getTestUser().getPrincipal(), authentication.getUserPrincipal());
}
-}
\ No newline at end of file
+
+ @Test
+ public void testAuthenticateRefreshToken() throws Exception {
+ TokenCredentials tc = new TokenCredentials("token");
+ TokenProvider tp = Mockito.mock(TokenProvider.class);
+ TokenInfo ti = Mockito.mock(TokenInfo.class);
+
+ Mockito.when(tp.getTokenInfo(Mockito.anyString())).thenReturn(ti);
+ Mockito.when(ti.isExpired(Mockito.anyLong())).thenReturn(false);
+ Mockito.when(ti.matches(tc)).thenReturn(true);
+
+ TokenAuthentication auth = new TokenAuthentication(tp);
+ try {
+ assertTrue(auth.authenticate(tc));
+ Mockito.verify(ti).resetExpiration(Mockito.anyLong());
+ } catch (LoginException e) {
+ fail(e.getMessage());
+ }
+ }
+
+ @Test
+ public void testAuthenticateSkipRefreshToken() throws Exception {
+ TokenCredentials tc = new TokenCredentials("token");
+ tc.setAttribute(TokenConstants.TOKEN_SKIP_REFRESH, "");
+
+ TokenProvider tp = Mockito.mock(TokenProvider.class);
+ TokenInfo ti = Mockito.mock(TokenInfo.class);
+
+ Mockito.when(tp.getTokenInfo(Mockito.anyString())).thenReturn(ti);
+ Mockito.when(ti.isExpired(Mockito.anyLong())).thenReturn(false);
+ Mockito.when(ti.matches(tc)).thenReturn(true);
+
+ TokenAuthentication auth = new TokenAuthentication(tp);
+ try {
+ assertTrue(auth.authenticate(tc));
+ Mockito.verify(ti, Mockito.never()).resetExpiration(Mockito.anyLong());
+ } catch (LoginException e) {
+ fail(e.getMessage());
+ }
+ }
+
+ @Test
+ public void testAuthenticateExpiredTokenMock() throws Exception {
+ TokenCredentials tc = new TokenCredentials("token");
+ TokenProvider tp = Mockito.mock(TokenProvider.class);
+ TokenInfo ti = Mockito.mock(TokenInfo.class);
+
+ Mockito.when(tp.getTokenInfo(Mockito.anyString())).thenReturn(ti);
+ Mockito.when(ti.isExpired(Mockito.anyLong())).thenReturn(true);
+
+ TokenAuthentication auth = new TokenAuthentication(tp);
+ try {
+ auth.authenticate(tc);
+ fail("LoginException expected");
+ } catch (LoginException e) {
+ // success
+ }
+
+ Mockito.verify(ti, Mockito.never()).matches(Mockito.any());
+ Mockito.verify(ti, Mockito.never()).resetExpiration(Mockito.anyLong());
+ }
+}
Modified: jackrabbit/oak/branches/1.8/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.8/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConstants.java?rev=1844323&r1=1844322&r2=1844323&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.8/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConstants.java (original)
+++ jackrabbit/oak/branches/1.8/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConstants.java Fri Oct 19 09:52:29 2018
@@ -42,4 +42,9 @@ public interface TokenConstants {
TOKEN_ATTRIBUTE_KEY);
Set<String> TOKEN_PROPERTY_NAMES = ImmutableSet.of(TOKEN_ATTRIBUTE_EXPIRY, TOKEN_ATTRIBUTE_KEY);
+
+ /**
+ * Flag set on the TokenCredentials to skip refreshing the token expiration time
+ */
+ String TOKEN_SKIP_REFRESH = "tokenSkipRefresh";
}
\ No newline at end of file
Modified: jackrabbit/oak/branches/1.8/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.8/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java?rev=1844323&r1=1844322&r2=1844323&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.8/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java (original)
+++ jackrabbit/oak/branches/1.8/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java Fri Oct 19 09:52:29 2018
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("1.5.0")
+@Version("1.6.0")
package org.apache.jackrabbit.oak.spi.security.authentication.token;
import org.osgi.annotation.versioning.Version;