jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1397084 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak: security/authentication/ security/authentication/token/ spi/security/authentication/callback/
Date Thu, 11 Oct 2012 14:36:10 GMT
Author: angela
Date: Thu Oct 11 14:36:09 2012
New Revision: 1397084

URL: http://svn.apache.org/viewvc?rev=1397084&view=rev
Log:
 OAK-91 - Implement Authentication Support (WIP)

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserProviderCallback.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/CredentialsCallback.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java?rev=1397084&r1=1397083&r2=1397084&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
Thu Oct 11 14:36:09 2012
@@ -101,7 +101,7 @@ public final class LoginModuleImpl exten
 
     private Credentials credentials;
     private Set<? extends Principal> principals;
-    private String userID;
+    private String userId;
 
     //--------------------------------------------------------< LoginModule >---
     @Override
@@ -112,30 +112,31 @@ public final class LoginModuleImpl exten
     @Override
     public boolean login() throws LoginException {
         credentials = getCredentials();
-        userID = getUserID();
+        userId = getUserId();
 
-        if (credentials == null || userID == null) {
+        if (credentials == null || userId == null) {
             log.debug("Could not extract userId/credentials");
             return false;
         }
 
-        Authentication authentication = new AuthenticationImpl(userID, getUserProvider(),
getPrincipalProvider());
+        Authentication authentication = new AuthenticationImpl(userId, getUserProvider(),
getPrincipalProvider());
         boolean success = authentication.authenticate(credentials);
         if (success) {
-            principals = getPrincipals(userID);
+            principals = getPrincipals(userId);
 
             log.debug("Adding Credentials to shared state.");
             sharedState.put(SHARED_KEY_CREDENTIALS, credentials);
 
             log.debug("Adding login name to shared state.");
-            sharedState.put(SHARED_KEY_LOGIN_NAME, userID);
+            sharedState.put(SHARED_KEY_LOGIN_NAME, userId);
         }
         return success;
     }
 
     @Override
-    public boolean commit() throws LoginException {
-        if (credentials == null || principals.isEmpty()) {
+    public boolean commit() {
+        if (credentials == null || principals == null) {
+            // login attempt in this login module was not successful
             clearState();
             return false;
         } else {
@@ -162,28 +163,28 @@ public final class LoginModuleImpl exten
 
         credentials = null;
         principals = null;
-        userID = null;
+        userId = null;
     }
 
     //--------------------------------------------------------------------------
     @CheckForNull
-    private String getUserID() {
-        String userID = null;
+    private String getUserId() {
+        String uid = null;
         if (credentials != null) {
             if (credentials instanceof SimpleCredentials) {
-                userID = ((SimpleCredentials) credentials).getUserID();
+                uid = ((SimpleCredentials) credentials).getUserID();
             } else if (credentials instanceof GuestCredentials) {
-                userID = getAnonymousID();
+                uid = getAnonymousId();
             } else if (credentials instanceof ImpersonationCredentials) {
                 Credentials bc = ((ImpersonationCredentials) credentials).getBaseCredentials();
                 if (bc instanceof SimpleCredentials) {
-                    userID = ((SimpleCredentials) bc).getUserID();
+                    uid = ((SimpleCredentials) bc).getUserID();
                 }
             } else {
                 try {
                     NameCallback callback = new NameCallback("User-ID: ");
                     callbackHandler.handle(new Callback[]{callback});
-                    userID = callback.getName();
+                    uid = callback.getName();
                 } catch (UnsupportedCallbackException e) {
                     log.warn("Credentials- or NameCallback must be supported");
                 } catch (IOException e) {
@@ -192,13 +193,13 @@ public final class LoginModuleImpl exten
             }
         }
 
-        if (userID == null) {
-            userID = getSharedLoginName();
+        if (uid == null) {
+            uid = getSharedLoginName();
         }
-        return userID;
+        return uid;
     }
 
-    private String getAnonymousID() {
+    private String getAnonymousId() {
         SecurityProvider sp = getSecurityProvider();
         if (sp == null) {
             return null;
@@ -215,6 +216,6 @@ public final class LoginModuleImpl exten
                 attributes.put(attrName, sc.getAttribute(attrName));
             }
         }
-        return new AuthInfoImpl(userID, attributes, principals);
+        return new AuthInfoImpl(userId, attributes, principals);
     }
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java?rev=1397084&r1=1397083&r2=1397084&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
Thu Oct 11 14:36:09 2012
@@ -54,7 +54,7 @@ public final class TokenLoginModule exte
 
     private TokenCredentials tokenCredentials;
     private TokenInfo tokenInfo;
-    private String userID;
+    private String userId;
     private Set<? extends Principal> principals;
 
     //--------------------------------------------------------< LoginModule >---
@@ -72,11 +72,11 @@ public final class TokenLoginModule exte
             if (authentication.authenticate(tc)) {
                 tokenCredentials = tc;
                 tokenInfo = authentication.getTokenInfo();
-                userID = tokenInfo.getUserId();
-                principals = getPrincipals(userID);
+                userId = tokenInfo.getUserId();
+                principals = getPrincipals(userId);
 
                 log.debug("Login: adding login name to shared state.");
-                sharedState.put(SHARED_KEY_LOGIN_NAME, userID);
+                sharedState.put(SHARED_KEY_LOGIN_NAME, userId);
                 return true;
             }
         }
@@ -85,7 +85,7 @@ public final class TokenLoginModule exte
     }
 
     @Override
-    public boolean commit() throws LoginException {
+    public boolean commit() {
         if (tokenCredentials != null) {
             if (!subject.isReadOnly()) {
                 subject.getPublicCredentials().add(tokenCredentials);
@@ -95,6 +95,9 @@ public final class TokenLoginModule exte
             return true;
         }
 
+        // the login attempt on this module did not succeed: clear state
+        // and check if another successful login asks for a new token to be created.
+        clearState();
         if (tokenProvider != null && sharedState.containsKey(SHARED_KEY_CREDENTIALS))
{
             Credentials shared = getSharedCredentials();
             if (shared != null && tokenProvider.doCreateToken(shared)) {
@@ -113,23 +116,25 @@ public final class TokenLoginModule exte
                 }
             }
         }
-
         return false;
     }
 
-    @Override
-    public boolean abort() throws LoginException {
-        tokenCredentials = null;
-        principals = null;
-        return true;
-    }
-
     //------------------------------------------------< AbstractLoginModule >---
     @Override
     protected Set<Class> getSupportedCredentials() {
         return Collections.<Class>singleton(TokenCredentials.class);
     }
 
+    @Override
+    protected void clearState() {
+        super.clearState();
+
+        tokenCredentials = null;
+        tokenInfo = null;
+        userId = null;
+        principals = null;
+    }
+
     //--------------------------------------------------------------------------
     private TokenProvider getTokenProvider() {
         TokenProvider provider = null;
@@ -160,6 +165,6 @@ public final class TokenLoginModule exte
                 attributes.put(attrName, publicAttributes.get(attrName));
             }
         }
-        return new AuthInfoImpl(userID, attributes, principals);
+        return new AuthInfoImpl(userId, attributes, principals);
     }
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/CredentialsCallback.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/CredentialsCallback.java?rev=1397084&r1=1397083&r2=1397084&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/CredentialsCallback.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/CredentialsCallback.java
Thu Oct 11 14:36:09 2012
@@ -16,7 +16,6 @@
  */
 package org.apache.jackrabbit.oak.spi.security.authentication.callback;
 
-import java.io.Serializable;
 import javax.annotation.CheckForNull;
 import javax.jcr.Credentials;
 import javax.security.auth.callback.Callback;
@@ -24,7 +23,7 @@ import javax.security.auth.callback.Call
 /**
  * Callback implementation to retrieve {@code Credentials}.
  */
-public class CredentialsCallback implements Callback, Serializable {
+public class CredentialsCallback implements Callback {
 
     private Credentials credentials;
 

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserProviderCallback.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserProviderCallback.java?rev=1397084&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserProviderCallback.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserProviderCallback.java
Thu Oct 11 14:36:09 2012
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authentication.callback;
+
+import javax.security.auth.callback.Callback;
+
+import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
+
+/**
+ * Callback implementation used to pass a {@link UserProvider} to the
+ * login module.
+ */
+public class UserProviderCallback implements Callback {
+
+    private UserProvider userProvider;
+
+    /**
+     * Returns the user provider as set using
+     * {@link #setUserProvider(org.apache.jackrabbit.oak.spi.security.user.UserProvider)}
+     * or {@code null}.
+     *
+     * @return an instance of {@code UserProvider} or {@code null} if no
+     * provider has been set before.
+     */
+    public UserProvider getUserProvider() {
+        return userProvider;
+    }
+
+    /**
+     * Sets the {@code UserProvider} that is being used during the
+     * authentication process.
+     *
+     * @param userProvider The user provider to use during the
+     * authentication process.
+     */
+    public void setUserProvider(UserProvider userProvider) {
+        this.userProvider = userProvider;
+    }
+}
\ No newline at end of file



Mime
View raw message