From commits-return-10087-apmail-jackrabbit-commits-archive=jackrabbit.apache.org@jackrabbit.apache.org Wed Jul 07 19:48:25 2010 Return-Path: Delivered-To: apmail-jackrabbit-commits-archive@www.apache.org Received: (qmail 23971 invoked from network); 7 Jul 2010 19:48:25 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 7 Jul 2010 19:48:25 -0000 Received: (qmail 42275 invoked by uid 500); 7 Jul 2010 19:48:25 -0000 Delivered-To: apmail-jackrabbit-commits-archive@jackrabbit.apache.org Received: (qmail 42211 invoked by uid 500); 7 Jul 2010 19:48:24 -0000 Mailing-List: contact commits-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@jackrabbit.apache.org Delivered-To: mailing list commits@jackrabbit.apache.org Received: (qmail 42201 invoked by uid 99); 7 Jul 2010 19:48:24 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Jul 2010 19:48:24 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Jul 2010 19:48:20 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 8B96D23888CE; Wed, 7 Jul 2010 19:47:27 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r961487 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/security/authentication/ test/java/org/apache/jackrabbit/core/security/authentication/ Date: Wed, 07 Jul 2010 19:47:27 -0000 To: commits@jackrabbit.apache.org From: mreutegg@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20100707194727.8B96D23888CE@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: mreutegg Date: Wed Jul 7 19:47:27 2010 New Revision: 961487 URL: http://svn.apache.org/viewvc?rev=961487&view=rev Log: JCR-2671: AbstractLoginModule must not call abort() in commit() Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/LoginModuleTest.java (with props) Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/TestAll.java Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java?rev=961487&r1=961486&r2=961487&view=diff ============================================================================== --- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java (original) +++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java Wed Jul 7 19:47:27 2010 @@ -356,8 +356,7 @@ public abstract class AbstractLoginModul * LoginModule's own authentication attempted failed, then this method * removes/destroys any state that was originally saved. *

- * The login is considers as succeeded if the credentials field is set. If - * there is no principal set the login is considered as ignored. + * The login is considered as succeeded if there is a principal set. *

* The implementation stores the principal associated to the UserID and all * the Groups it is member of with the Subject and in addition adds an @@ -369,10 +368,6 @@ public abstract class AbstractLoginModul * @see javax.security.auth.spi.LoginModule#commit() */ public boolean commit() throws LoginException { - //check login-state - if (credentials == null) { - abort(); - } if (!isInitialized() || principal == null) { return false; } Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/LoginModuleTest.java URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/LoginModuleTest.java?rev=961487&view=auto ============================================================================== --- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/LoginModuleTest.java (added) +++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/LoginModuleTest.java Wed Jul 7 19:47:27 2010 @@ -0,0 +1,141 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.core.security.authentication; + +import java.security.Principal; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +import javax.jcr.Credentials; +import javax.jcr.RepositoryException; +import javax.jcr.Session; +import javax.jcr.SimpleCredentials; +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.AppConfigurationEntry; +import javax.security.auth.login.Configuration; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; + +import org.apache.jackrabbit.core.security.TestPrincipal; +import org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider; +import org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl; +import org.apache.jackrabbit.test.AbstractJCRTest; + +/** + * LoginModuleTest checks if multiple login modules are properly + * handled. More specifically, this test case sets up a configuration with + * two login modules: + *

    + *
  • module 1: required. This module will always authenticate successfully
    • + *
  • module 2: sufficient. This module will always indicate that it should be ignored.
    • + *
+ * See also JCR-2671. + */ +public class LoginModuleTest extends AbstractJCRTest { + + private static final String APP_NAME = LoginModuleTest.class.getName(); + + public void testMultipleModules() throws Exception { + + CallbackHandler ch = new CallbackHandlerImpl(new SimpleCredentials("user", "pass".toCharArray()), + superuser, new ProviderRegistryImpl(new FallbackPrincipalProvider()), + "admin", "anonymous"); + LoginContext context = new LoginContext( + APP_NAME, new Subject(), ch, new TestConfiguration()); + context.login(); + assertFalse("no principal set", context.getSubject().getPrincipals().isEmpty()); + } + + static class TestConfiguration extends Configuration { + + @Override + public AppConfigurationEntry[] getAppConfigurationEntry(String name) { + return new AppConfigurationEntry[] { + new TestAppConfigurationEntry(AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, false), + new TestAppConfigurationEntry(AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, true) + }; + } + } + + static class TestAppConfigurationEntry extends AppConfigurationEntry { + + private static final Map IGNORE = new HashMap(); + + private static final Map EMPTY = Collections.emptyMap(); + + static { + IGNORE.put("ignore", "true"); + } + + public TestAppConfigurationEntry(LoginModuleControlFlag controlFlag, + boolean ignore) { + super(TestLoginModule.class.getName(), controlFlag, ignore ? IGNORE : EMPTY); + } + } + + public static class TestLoginModule extends AbstractLoginModule { + + private boolean ignore = false; + + @Override + protected void doInit(CallbackHandler callbackHandler, + Session session, + Map options) throws LoginException { + if (options.containsKey("ignore")) { + ignore = true; + } + } + + @Override + protected boolean impersonate(Principal principal, + Credentials credentials) + throws RepositoryException, LoginException { + return false; + } + + @Override + protected Authentication getAuthentication(Principal principal, + Credentials creds) + throws RepositoryException { + if (ignore) { + return null; + } else { + return new Authentication() { + public boolean canHandle(Credentials credentials) { + return true; + } + + public boolean authenticate(Credentials credentials) + throws RepositoryException { + return true; + } + }; + } + } + + @Override + protected Principal getPrincipal(Credentials credentials) { + if (ignore) { + return null; + } else { + return new TestPrincipal(((SimpleCredentials) credentials).getUserID()); + } + } + } +} Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/LoginModuleTest.java ------------------------------------------------------------------------------ svn:eol-style = native Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/TestAll.java URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/TestAll.java?rev=961487&r1=961486&r2=961487&view=diff ============================================================================== --- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/TestAll.java (original) +++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/TestAll.java Wed Jul 7 19:47:27 2010 @@ -30,6 +30,7 @@ public class TestAll extends TestCase { suite.addTestSuite(NullLoginTest.class); suite.addTestSuite(SimpleCredentialsAuthenticationTest.class); suite.addTestSuite(CryptedSimpleCredentialsTest.class); + suite.addTestSuite(LoginModuleTest.class); return suite; }