jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1073299 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/ main/java/org/apache/jackrabbit/core/security/authentication/token/ test/java/org/apache/jackrabbit/core/security/authentication/token/
Date Tue, 22 Feb 2011 11:40:53 GMT
Author: angela
Date: Tue Feb 22 11:40:52 2011
New Revision: 1073299

URL: http://svn.apache.org/viewvc?rev=1073299&view=rev
Log:
JCR-2851 - Authentication Mechanism Based on Login Token

Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthentication.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthenticationTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedLoginTest.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java?rev=1073299&r1=1073298&r2=1073299&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/RepositoryImpl.java
Tue Feb 22 11:40:52 2011
@@ -1497,15 +1497,18 @@ public class RepositoryImpl extends Abst
             if (credentials instanceof SimpleCredentials) {
                 SimpleCredentials sc = (SimpleCredentials) credentials;
                 for (String name : sc.getAttributeNames()) {
-                    session.setAttribute(name, sc.getAttribute(name));
+                    if (!TokenBasedAuthentication.isMandatoryAttribute(name)) {
+                        session.setAttribute(name, sc.getAttribute(name));
+                    }
                 }
             }
             Set<TokenCredentials> tokenCreds = session.getSubject().getPublicCredentials(TokenCredentials.class);
             if (!tokenCreds.isEmpty()) {
                 TokenCredentials tc = tokenCreds.iterator().next();
-                session.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE, tc.getToken());
                 for (String name : tc.getAttributeNames()) {
-                    session.setAttribute(name, tc.getAttribute(name));
+                    if (!TokenBasedAuthentication.isMandatoryAttribute(name)) {
+                        session.setAttribute(name, tc.getAttribute(name));
+                    }
                 }
             }
 

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthentication.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthentication.java?rev=1073299&r1=1073298&r2=1073299&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthentication.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthentication.java
Tue Feb 22 11:40:52 2011
@@ -86,7 +86,7 @@ public class TokenBasedAuthentication im
             while (it.hasNext()) {
                 Property p = it.nextProperty();
                 String name = p.getName();
-                if (!name.startsWith(TOKEN_ATTRIBUTE)) {
+                if (!isMandatoryAttribute(name)) {
                     continue;
                 }
                 if (TOKEN_ATTRIBUTE_EXPIRY.equals(name)) {
@@ -202,18 +202,36 @@ public class TokenBasedAuthentication im
 
     //--------------------------------------------------------------------------
     /**
+     * Returns <code>true</code> if the given <code>credentials</code>
object
+     * is an instance of <code>TokenCredentials</code>.
      *
      * @param credentials
-     * @return
+     * @return <code>true</code> if the given <code>credentials</code>
object
+     * is an instance of <code>TokenCredentials</code>; <code>false</code>
otherwise.
      */
     public static boolean isTokenBasedLogin(Credentials credentials) {
         return credentials instanceof TokenCredentials;
     }
 
     /**
+     * Returns <code>true</code> if the specified <code>attributeName</code>
+     * starts with or equals {@link #TOKEN_ATTRIBUTE}.
+     *  
+     * @param attributeName
+     * @return <code>true</code> if the specified <code>attributeName</code>
+     * starts with or equals {@link #TOKEN_ATTRIBUTE}.
+     */
+    public static boolean isMandatoryAttribute(String attributeName) {
+        return attributeName != null && attributeName.startsWith(TOKEN_ATTRIBUTE);
+    }
+
+    /**
+     * Returns <code>true</code> if the specified <code>credentials</code>
+     * should be used to create a new login token.
      *
      * @param credentials
-     * @return
+     * @return <code>true</code> if upon successful authentication a new
+     * login token should be created; <code>false</code> otherwise.
      */
     public static boolean doCreateToken(Credentials credentials) {
         if (credentials instanceof SimpleCredentials) {
@@ -267,7 +285,9 @@ public class TokenBasedAuthentication im
             String tokenName = Text.replace(ISO8601.format(cal), ":", ".");
             Node tokenNode = tokenParent.addNode(tokenName);
 
-            tokenCredentials = new TokenCredentials(tokenNode.getIdentifier());
+            String token = tokenNode.getIdentifier();
+            tokenCredentials = new TokenCredentials(token);
+            credentials.setAttribute(TOKEN_ATTRIBUTE, token);
 
             // add expiration time property
             cal.setTimeInMillis(expirationTime);

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthenticationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthenticationTest.java?rev=1073299&r1=1073298&r2=1073299&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthenticationTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthenticationTest.java
Tue Feb 22 11:40:52 2011
@@ -49,7 +49,7 @@ public class TokenBasedAuthenticationTes
         super.setUp();
 
         tokenNode = testRootNode.addNode(nodeName1, "nt:unstructured");
-        tokenNode.setProperty(".token.exp", new Date().getTime()+TokenBasedAuthentication.TOKEN_EXPIRATION);
+        tokenNode.setProperty(TokenBasedAuthentication.TOKEN_ATTRIBUTE +".exp", new Date().getTime()+TokenBasedAuthentication.TOKEN_EXPIRATION);
         superuser.save();
 
         String token = tokenNode.getIdentifier();
@@ -120,16 +120,16 @@ public class TokenBasedAuthenticationTes
     }
 
     public void testAttributes() throws RepositoryException {
-        tokenNode.setProperty(".token.any", "correct");
+        tokenNode.setProperty(TokenBasedAuthentication.TOKEN_ATTRIBUTE +".any", "correct");
         superuser.save();
         TokenBasedAuthentication auth = new TokenBasedAuthentication(tokenNode.getIdentifier(),
TokenBasedAuthentication.TOKEN_EXPIRATION, superuser);
 
         assertFalse(auth.authenticate(tokenCreds));
 
-        tokenCreds.setAttribute(".token.any", "wrong");
+        tokenCreds.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE +".any", "wrong");
         assertFalse(auth.authenticate(tokenCreds));
 
-        tokenCreds.setAttribute(".token.any", "correct");
+        tokenCreds.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE +".any", "correct");
         assertTrue(auth.authenticate(tokenCreds));
 
         // add informative property
@@ -139,4 +139,37 @@ public class TokenBasedAuthenticationTes
 
         assertTrue(auth.authenticate(tokenCreds));
     }
+
+    public void testIsTokenBasedLogin() {
+        assertFalse(TokenBasedAuthentication.isTokenBasedLogin(simpleCreds));
+        assertFalse(TokenBasedAuthentication.isTokenBasedLogin(creds));
+
+        assertTrue(TokenBasedAuthentication.isTokenBasedLogin(tokenCreds));
+    }
+
+    public void testIsMandatoryAttribute() {
+        assertFalse(TokenBasedAuthentication.isMandatoryAttribute("noMatchRequired"));
+
+        assertTrue(TokenBasedAuthentication.isMandatoryAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE
+ ".exp"));
+        assertTrue(TokenBasedAuthentication.isMandatoryAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE
+ ".custom"));
+        assertTrue(TokenBasedAuthentication.isMandatoryAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE
+ "_custom"));
+        assertTrue(TokenBasedAuthentication.isMandatoryAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE
+ "custom"));
+    }
+
+    public void testDoCreateToken() {
+        assertFalse(TokenBasedAuthentication.doCreateToken(creds));
+        assertFalse(TokenBasedAuthentication.doCreateToken(simpleCreds));
+        assertFalse(TokenBasedAuthentication.doCreateToken(tokenCreds));
+
+        SimpleCredentials sc = new SimpleCredentials("uid", "pw".toCharArray());
+        sc.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE, null);
+
+        assertFalse(TokenBasedAuthentication.doCreateToken(sc));
+
+        sc.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE, "somevalue");
+        assertFalse(TokenBasedAuthentication.doCreateToken(sc));
+
+        sc.setAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE, "");
+        assertTrue(TokenBasedAuthentication.doCreateToken(sc));
+    }
 }
\ No newline at end of file

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedLoginTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedLoginTest.java?rev=1073299&r1=1073298&r2=1073299&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedLoginTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authentication/token/TokenBasedLoginTest.java
Tue Feb 22 11:40:52 2011
@@ -111,6 +111,7 @@ public class TokenBasedLoginTest extends
 
         s = repo.login(creds);
         try {
+            // token credentials must be created
             Set<TokenCredentials> tokenCreds = ((SessionImpl) s).getSubject().getPublicCredentials(TokenCredentials.class);
             assertFalse(tokenCreds.isEmpty());
             assertEquals(1, tokenCreds.size());
@@ -118,9 +119,26 @@ public class TokenBasedLoginTest extends
             TokenCredentials tc = tokenCreds.iterator().next();          
             token = tc.getToken();
 
-            assertEquals(token, s.getAttribute(TOKEN_ATTRIBUTE));
+            // original simple credentials: token attribute should be updated
+            assertNotNull(creds.getAttribute(TOKEN_ATTRIBUTE));
+            assertFalse("".equals(creds.getAttribute(TOKEN_ATTRIBUTE)));
+
+            // simple credentials must also be present on the subject
+            Set<SimpleCredentials> scs = ((SessionImpl) s).getSubject().getPublicCredentials(SimpleCredentials.class);
+            assertFalse(scs.isEmpty());
+            assertEquals(1, scs.size());
+            SimpleCredentials sc = scs.iterator().next();
+            assertNotNull(sc.getAttribute(TOKEN_ATTRIBUTE));
+            assertFalse("".equals(sc.getAttribute(TOKEN_ATTRIBUTE)));
+
+            // test if session attributes only exposed non-mandatory attributes
+            assertNull(s.getAttribute(TOKEN_ATTRIBUTE));
             for (String attrName : tc.getAttributeNames()) {
-                assertEquals(tc.getAttribute(attrName), s.getAttribute(attrName));
+                if (TokenBasedAuthentication.isMandatoryAttribute(attrName)) {
+                    assertNull(s.getAttribute(attrName));
+                } else {
+                    assertEquals(tc.getAttribute(attrName), s.getAttribute(attrName));
+                }
             }
 
             // only test node characteristics if user-node resided within the same
@@ -161,11 +179,16 @@ public class TokenBasedLoginTest extends
             assertEquals(1, tokenCreds.size());
 
             TokenCredentials tc = tokenCreds.iterator().next();
-            token = tc.getToken();
+            String tk = tc.getToken();
+            assertEquals(token, tk);
 
-            assertEquals(token, s.getAttribute(TOKEN_ATTRIBUTE));
+            assertNull(s.getAttribute(TOKEN_ATTRIBUTE));
             for (String attrName : tc.getAttributeNames()) {
-                assertEquals(tc.getAttribute(attrName), s.getAttribute(attrName));
+                if (TokenBasedAuthentication.isMandatoryAttribute(attrName)) {
+                    assertNull(s.getAttribute(attrName));
+                } else {
+                    assertEquals(tc.getAttribute(attrName), s.getAttribute(attrName));
+                }
             }
 
         } finally {
@@ -223,9 +246,12 @@ public class TokenBasedLoginTest extends
                     for (int i = 0; i < 100; i++) {
                         try {
                             Session s = getHelper().getRepository().login(creds);
-                            s.logout();
-
-                            assertNotNull(s.getAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE).toString());
+                            try {
+                                Set<TokenCredentials> tcs = ((SessionImpl) s).getSubject().getPublicCredentials(TokenCredentials.class);
+                                assertFalse(tcs.isEmpty());
+                            } finally {
+                                s.logout();
+                            }
                         } catch (Exception e) {
                             exception[0] = e;
                             break;
@@ -292,9 +318,12 @@ public class TokenBasedLoginTest extends
                             int index = (int) Math.floor(rand);
                             Credentials c = credentials.get(index);
                             Session s = getHelper().getRepository().login(c);
-                            s.logout();
-
-                            assertNotNull(s.getAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE).toString());
+                            try {
+                                Set<TokenCredentials> tcs = ((SessionImpl) s).getSubject().getPublicCredentials(TokenCredentials.class);
+                                assertFalse(tcs.isEmpty());
+                            } finally {
+                                s.logout();
+                            }
                         } catch (Exception e) {
                             exception[0] = e;
                             break;
@@ -352,9 +381,13 @@ public class TokenBasedLoginTest extends
                             String wspName = wspNames.get(index);
 
                             Session s = getHelper().getRepository().login(creds, wspName);
-                            s.logout();
+                            try {
+                                Set<TokenCredentials> tcs = ((SessionImpl) s).getSubject().getPublicCredentials(TokenCredentials.class);
+                                assertFalse(tcs.isEmpty());
+                            } finally {
+                                s.logout();
+                            }
 
-                            assertNotNull(s.getAttribute(TokenBasedAuthentication.TOKEN_ATTRIBUTE).toString());
                         } catch (Exception e) {
                             exception[0] = e;
                             break;



Mime
View raw message