jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1337192 - in /jackrabbit/oak/trunk/oak-core: ./ src/main/java/org/apache/jackrabbit/oak/security/authentication/ src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/
Date Fri, 11 May 2012 14:52:12 GMT
Author: angela
Date: Fri May 11 14:52:11 2012
New Revision: 1337192

URL: http://svn.apache.org/viewvc?rev=1337192&view=rev
Log:
 OAK-91 - Implement Authentication Support (WIP)

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java
      - copied, changed from r1337063, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CredentialsCallback.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/PrincipalProviderCallback.java
      - copied, changed from r1337063, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/PrincipalProviderCallback.java
Removed:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CredentialsCallback.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/PrincipalProviderCallback.java
Modified:
    jackrabbit/oak/trunk/oak-core/pom.xml
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ConfigurationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/GuestLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ImpersonationCredentials.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java

Modified: jackrabbit/oak/trunk/oak-core/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/pom.xml?rev=1337192&r1=1337191&r2=1337192&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-core/pom.xml Fri May 11 14:52:11 2012
@@ -119,8 +119,7 @@
       <optional>true</optional>
     </dependency>
 
-    <!-- TODO: review
-         currently using credentials and some exceptions from JCR API -->
+    <!-- JCR and Jackrabbit dependencies -->
     <dependency>
       <groupId>javax.jcr</groupId>
       <artifactId>jcr</artifactId>
@@ -128,6 +127,11 @@
     </dependency>
     <dependency>
       <groupId>org.apache.jackrabbit</groupId>
+      <artifactId>jackrabbit-api</artifactId>
+      <version>${jackrabbit.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.jackrabbit</groupId>
       <artifactId>jackrabbit-jcr-commons</artifactId>
       <version>${jackrabbit.version}</version>
     </dependency>

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java?rev=1337192&r1=1337191&r2=1337192&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java
Fri May 11 14:52:11 2012
@@ -16,6 +16,8 @@
  */
 package org.apache.jackrabbit.oak.security.authentication;
 
+import org.apache.jackrabbit.oak.spi.security.authentication.CredentialsCallback;
+import org.apache.jackrabbit.oak.spi.security.authentication.PrincipalProviderCallback;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -31,7 +33,16 @@ import javax.security.auth.callback.Unsu
 import java.io.IOException;
 
 /**
- * CallbackHandlerImpl...
+ * Default implementation of the {@link CallbackHandler} interface. It currently
+ * supports the following {@code Callback} implementations:
+ *
+ * <ul>
+ *     <li>{@link CredentialsCallback}</li>
+ *     <li>{@link NameCallback}</li>
+ *     <li>{@link PasswordCallback}</li>
+ *     <li>{@link ImpersonationCallback}</li>
+ *     <li>{@link PrincipalProviderCallback}</li>
+ * </ul>
  */
 public class CallbackHandlerImpl implements CallbackHandler {
 
@@ -68,7 +79,7 @@ public class CallbackHandlerImpl impleme
         }
     }
 
-    //--------------------------------------------------------------------------
+    //------------------------------------------------------------< private >---
 
     private String getName(){
         if (credentials instanceof SimpleCredentials) {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ConfigurationImpl.java?rev=1337192&r1=1337191&r2=1337192&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ConfigurationImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ConfigurationImpl.java
Fri May 11 14:52:11 2012
@@ -24,7 +24,7 @@ import javax.security.auth.login.Configu
 import java.util.Collections;
 
 /**
- * ConfigurationImpl...
+ * ConfigurationImpl... TODO
  */
 public class ConfigurationImpl extends Configuration {
 
@@ -34,7 +34,7 @@ public class ConfigurationImpl extends C
     private static final Logger log = LoggerFactory.getLogger(ConfigurationImpl.class);
 
     @Override
-    public AppConfigurationEntry[] getAppConfigurationEntry(String s) {
+    public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
         // TODO
         AppConfigurationEntry entry = new AppConfigurationEntry(LoginModuleImpl.class.getName(),
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, Collections.<String, Object>emptyMap());
         return new AppConfigurationEntry[] {entry};

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/GuestLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/GuestLoginModule.java?rev=1337192&r1=1337191&r2=1337192&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/GuestLoginModule.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/GuestLoginModule.java
Fri May 11 14:52:11 2012
@@ -16,6 +16,7 @@
  */
 package org.apache.jackrabbit.oak.security.authentication;
 
+import org.apache.jackrabbit.oak.spi.security.authentication.CredentialsCallback;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ImpersonationCredentials.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ImpersonationCredentials.java?rev=1337192&r1=1337191&r2=1337192&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ImpersonationCredentials.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ImpersonationCredentials.java
Fri May 11 14:52:11 2012
@@ -22,7 +22,7 @@ import org.slf4j.LoggerFactory;
 import javax.security.auth.Subject;
 
 /**
- * ImpersonationCredentials...
+ * ImpersonationCredentials...  TODO
  */
 public class ImpersonationCredentials {
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java?rev=1337192&r1=1337191&r2=1337192&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
Fri May 11 14:52:11 2012
@@ -20,17 +20,23 @@ import org.apache.jackrabbit.oak.api.Con
 import org.apache.jackrabbit.oak.security.principal.KernelPrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import javax.jcr.Credentials;
+import javax.security.auth.Subject;
 import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
+import java.security.AccessController;
 
 /**
- * LoginContextProviderImpl...
+ * LoginContextProviderImpl...  TODO
  */
 public class LoginContextProviderImpl implements LoginContextProvider {
 
+    private static final Logger log = LoggerFactory.getLogger(LoginContextProviderImpl.class);
+
     private static final String APP_NAME = "jackrabbit.oak";
 
     private final Configuration authConfig;
@@ -47,6 +53,21 @@ public class LoginContextProviderImpl im
         // TODO: add proper implementation
         // TODO  - authentication against configurable spi-authentication
         // TODO  - validation of workspace name (including access rights for the given 'user')
-        return new LoginContext(APP_NAME, null, new CallbackHandlerImpl(credentials, principalProvider),
authConfig);
+        Subject subject = getSubject();
+        return new LoginContext(APP_NAME, subject, new CallbackHandlerImpl(credentials, principalProvider),
authConfig);
+    }
+
+    //-------------------------------------------------===--------< private >---
+    private Subject getSubject() {
+        Subject subject = null;
+        try {
+            subject = Subject.getSubject(AccessController.getContext());
+        } catch (SecurityException e) {
+            log.debug("Can't check for pre-authentication. Reason:", e.getMessage());
+        }
+        if (subject == null) {
+            subject = new Subject();
+        }
+        return subject;
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java?rev=1337192&r1=1337191&r2=1337192&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
Fri May 11 14:52:11 2012
@@ -16,6 +16,9 @@
  */
 package org.apache.jackrabbit.oak.security.authentication;
 
+import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
+import org.apache.jackrabbit.oak.spi.security.authentication.CredentialsCallback;
+import org.apache.jackrabbit.oak.spi.security.authentication.PrincipalProviderCallback;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -64,7 +67,7 @@ import java.util.Set;
  * <ul>
  *     <li>{@link SimpleCredentials}</li>
  *     <li>{@link GuestCredentials}</li>
- *     <li>// TODO {@link TokenCredentials}</li>
+ *     <li>{@link TokenCredentials}</li>
  * </ul>
  *
  * The {@link Credentials} obtained during the {@link #login()} are added to
@@ -73,8 +76,10 @@ import java.util.Set;
  * <h3>Principals</h3>
  *
  * TODO
+ * - principal lookup -> principal provider
+ * - principal resolution based on credentials
  *
- * <h3>Login vs. Impersonation</h3>
+ * <h3>Impersonation</h3>
  *
  * TODO
  *
@@ -84,9 +89,6 @@ import java.util.Set;
  */
 public class LoginModuleImpl implements LoginModule {
 
-    /**
-     * logger instance
-     */
     private static final Logger log = LoggerFactory.getLogger(LoginModuleImpl.class);
 
     /**
@@ -109,6 +111,7 @@ public class LoginModuleImpl implements 
     static {
         SUPPORTED_CREDENTIALS.add(SimpleCredentials.class);
         SUPPORTED_CREDENTIALS.add(GuestCredentials.class);
+        SUPPORTED_CREDENTIALS.add(TokenCredentials.class);
     }
 
     private Subject subject;
@@ -255,6 +258,8 @@ public class LoginModuleImpl implements 
                 principal = principalProvider.getPrincipal(userID); // FIXME
             } else if (credentials instanceof GuestCredentials) {
                 principal = principalProvider.getPrincipal("anonymous"); // FIXME
+            } else if (credentials instanceof TokenCredentials) {
+                // TODO
             }
         }
 

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java
(from r1337063, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CredentialsCallback.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CredentialsCallback.java&r1=1337063&r2=1337192&rev=1337192&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CredentialsCallback.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java
Fri May 11 14:52:11 2012
@@ -14,32 +14,35 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.security.authentication;
+package org.apache.jackrabbit.oak.spi.security.authentication;
 
 import javax.jcr.Credentials;
 import javax.security.auth.callback.Callback;
 import java.io.Serializable;
 
 /**
- * Callback implementation to retrieve {@code Credentials}
+ * Callback implementation to retrieve {@code Credentials}.
  */
 public class CredentialsCallback implements Callback, Serializable {
 
     private Credentials credentials;
 
     /**
-     * Get the retrieved credentials.
+     * Returns the {@link Credentials} that have been set before using
+     * {@link #setCredentials(javax.jcr.Credentials)}.
      *
-     * @return the retrieved credentials (which may be null)
+     * @return The {@link Credentials} to be used for authentication or {@code null}.
      */
     public Credentials getCredentials() {
         return credentials;
     }
 
     /**
-     * Set the retrieved credentials.
+     * Set the credentials.
      *
-     * @param credentials the retrieved credentials (which may be null)
+     * @param credentials The credentials to be used in the authentication
+     * process. They may be null if no credentials have been specified in
+     * {@link org.apache.jackrabbit.oak.api.ContentRepository#login(javax.jcr.Credentials,
String)}
      */
     public void setCredentials(Credentials credentials) {
         this.credentials = credentials;

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/PrincipalProviderCallback.java
(from r1337063, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/PrincipalProviderCallback.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/PrincipalProviderCallback.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/PrincipalProviderCallback.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/PrincipalProviderCallback.java&r1=1337063&r2=1337192&rev=1337192&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/PrincipalProviderCallback.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/PrincipalProviderCallback.java
Fri May 11 14:52:11 2012
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.security.authentication;
+package org.apache.jackrabbit.oak.spi.security.authentication;
 
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.slf4j.Logger;
@@ -23,7 +23,8 @@ import org.slf4j.LoggerFactory;
 import javax.security.auth.callback.Callback;
 
 /**
- * PrincipalProviderCallback...
+ * Callback implementation used to pass a {@link PrincipalProvider} to the
+ * login module.
  */
 public class PrincipalProviderCallback implements Callback {
 
@@ -34,10 +35,25 @@ public class PrincipalProviderCallback i
 
     private PrincipalProvider principalProvider;
 
+    /**
+     * Returns the principal provider as set using
+     * {@link #setPrincipalProvider(org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider)}
+     * or {@code null}.
+     *
+     * @return an instance of {@code PrincipalProvider} or {@code null} if no
+     * provider has been set before.
+     */
     public PrincipalProvider getPrincipalProvider() {
         return principalProvider;
     }
 
+    /**
+     * Sets the {@code PrincipalProvider} that is being used during the
+     * authentication process.
+     *
+     * @param principalProvider The principal provider to use during the
+     * authentication process.
+     */
     public void setPrincipalProvider(PrincipalProvider principalProvider) {
         this.principalProvider = principalProvider;
     }



Mime
View raw message