jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r933922 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java
Date Wed, 14 Apr 2010 12:12:10 GMT
Author: angela
Date: Wed Apr 14 12:12:10 2010
New Revision: 933922

URL: http://svn.apache.org/viewvc?rev=933922&view=rev
Log:
JCR-2603: DefaultLoginModule performs anonymous login in case of unsupported Credentials implementation

Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java?rev=933922&r1=933921&r2=933922&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java
Wed Apr 14 12:12:10 2010
@@ -293,11 +293,19 @@ public abstract class AbstractLoginModul
             return false;
         }
 
-        // check the availability of Credentials
+        // check the availability and validity of Credentials
         Credentials creds = getCredentials();
         if (creds == null) {
             log.debug("No credentials available -> try default (anonymous) authentication.");
+        } else {
+            if (supportsCredentials(creds)) {
+                sharedState.put(KEY_CREDENTIALS, credentials);
+            } else {
+                log.debug("Unsupported credentials implementation : " + creds.getClass().getName());
+                return false;
+            }
         }
+        
         try {
             Principal userPrincipal = getPrincipal(creds);
             if (userPrincipal == null) {
@@ -520,7 +528,7 @@ public abstract class AbstractLoginModul
      * authentication-extension of an already authenticated {@link Subject} into
      * accout.
      * <p/>
-     * Therefore the credentials are searchred as follows:
+     * Therefore the credentials are retrieved as follows:
      * <ol>
      * <li>Test if the shared state contains credentials.</li>
      * <li>Ask CallbackHandler for Credentials with using a {@link
@@ -542,15 +550,7 @@ public abstract class AbstractLoginModul
             try {
                 CredentialsCallback callback = new CredentialsCallback();
                 callbackHandler.handle(new Callback[]{callback});
-                Credentials creds = callback.getCredentials();
-                if (null != creds) {
-                    if (supportsCredentials(creds)) {
-                       credentials = creds;
-                    }
-                    if (credentials != null) {
-                        sharedState.put(KEY_CREDENTIALS, credentials);
-                    }
-                }
+                credentials = callback.getCredentials();
             } catch (UnsupportedCallbackException e) {
                 log.warn("Credentials-Callback not supported try Name-Callback");
             } catch (IOException e) {

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java?rev=933922&r1=933921&r2=933922&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java
Wed Apr 14 12:12:10 2010
@@ -27,6 +27,7 @@ import org.apache.jackrabbit.util.Text;
 import org.apache.jackrabbit.value.StringValue;
 
 import javax.jcr.Credentials;
+import javax.jcr.LoginException;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.SimpleCredentials;
@@ -182,4 +183,19 @@ public class UserImplTest extends Abstra
             // success
         }
     }
+
+    public void testLoginWithCryptedCredentials() throws RepositoryException {
+        User u = (User) uMgr.getAuthorizable(uID);
+
+        Credentials creds = u.getCredentials();
+        assertTrue(creds instanceof CryptedSimpleCredentials);
+
+        try {
+            Session s = getHelper().getRepository().login(u.getCredentials());
+            s.logout();
+            fail("Login using CryptedSimpleCredentials must fail.");
+        } catch (LoginException e) {
+            // success
+        }
+    }
 }



Mime
View raw message