jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1404151 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java
Date Wed, 31 Oct 2012 14:13:55 GMT
Author: angela
Date: Wed Oct 31 14:13:55 2012
New Revision: 1404151

URL: http://svn.apache.org/viewvc?rev=1404151&view=rev
Log:
 OAK-91 - Implement Authentication Support (WIP)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java?rev=1404151&r1=1404150&r2=1404151&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
Wed Oct 31 14:13:55 2012
@@ -22,6 +22,8 @@ import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nonnull;
 import javax.jcr.Credentials;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.UnsupportedCallbackException;
@@ -41,7 +43,68 @@ import org.slf4j.LoggerFactory;
 
 /**
  * {@code LoginModule} implementation that is able to handle login request
- * based on {@link TokenCredentials}.
+ * based on {@link TokenCredentials}. In combination with another login module
+ * that handles other {@code Credentials} implementation this module will also
+ * take care of creating new login tokens and the corresponding credentials
+ * upon {@link #commit()}that it will be able to deal with in subsequent
+ * login calls.
+ *
+ * <h2>Login and Commit</h2>
+ * <h3>Login</h3>
+ * This {@code LoginModule} implementation performs the following tasks upon
+ * {@link #login()}.
+ *
+ * <ol>
+ *     <li>Try to retrieve {@link TokenCredentials} credentials (see also
+ *     {@link AbstractLoginModule#getCredentials()})</li>
+ *     <li>Validates the credentials based on the functionality provided by
+ *     {@link TokenAuthentication#authenticate(javax.jcr.Credentials)}</li>
+ *     <li>Upon success it retrieves {@code userId} from the {@link TokenInfo}
+ *     and calculates the principals associated with that user,</li>
+ *     <li>and finally puts the credentials on the shared state.</li>
+ * </ol>
+ *
+ * If no {@code TokenProvider} has been configured {@link #login()} or if
+ * no {@code TokenCredentials} can be obtained this module will return {@code false}.
+ *
+ * <h3>Commit</h3>
+ * If login was successfully handled by this module the {@link #commit()} will
+ * just populate the subject.<p/>
+ *
+ * If the login was successfully handled by another module in the chain, the
+ * {@code TokenLoginModule} will test if the login was associated with a
+ * request for login token generation. This mandates that there are credentials
+ * present on the shared state that fulfill the requirements defined by
+ * {@link TokenProvider#doCreateToken(javax.jcr.Credentials)}.
+ *
+ * <h3>Example Configurations</h3>
+ * The authentication configuration using this {@code LoginModule} could for
+ * example look as follows:
+ *
+ * <h4>TokenLoginModule in combination with another LoginModule</h4>
+ * <pre>
+ *    jackrabbit.oak {
+ *            org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule sufficient;
+ *            org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl required;
+ *    };
+ * </pre>
+ * In this case the TokenLoginModule would handle any login issued with
+ * {@link TokenCredentials} while the second module would take care any other
+ * credentials implementations as long they are supported by the module. In
+ * addition the {@link TokenLoginModule} will issue a new token if the login
+ * succeeded and the credentials provided by the shared state can be used
+ * to issue a new login token (see {@link TokenProvider#doCreateToken(javax.jcr.Credentials)}.
+ *
+ * <h4>TokenLoginModule as single way to login</h4>
+ * <pre>
+ *    jackrabbit.oak {
+ *            org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule required;
+ *    };
+ * </pre>
+ * If the {@code TokenLoginModule} as single entry in the login configuration
+ * the login token must be generated by the application by calling
+ * {@link TokenProvider#createToken(Credentials)} or
+ * {@link TokenProvider#createToken(String, java.util.Map)}.
  */
 public final class TokenLoginModule extends AbstractLoginModule {
 
@@ -136,7 +199,13 @@ public final class TokenLoginModule exte
         principals = null;
     }
 
-    //--------------------------------------------------------------------------
+    //------------------------------------------------------------< private >---
+
+    /**
+     * Retrieve the token provider
+     * @return the token provider or {@code null}.
+     */
+    @CheckForNull
     private TokenProvider getTokenProvider() {
         TokenProvider provider = null;
         SecurityProvider securityProvider = getSecurityProvider();
@@ -158,6 +227,14 @@ public final class TokenLoginModule exte
         return provider;
     }
 
+    /**
+     * Create the {@code AuthInfo} for the specified {@code tokenInfo} as well as
+     * userId and principals, that have been set upon {@link #login}.
+     *
+     * @param tokenInfo The tokenInfo to retrieve attributes from.
+     * @return The {@code AuthInfo} resulting from the successful login.
+     */
+    @Nonnull
     private AuthInfo getAuthInfo(TokenInfo tokenInfo) {
         Map<String, Object> attributes = new HashMap<String, Object>();
         if (tokenProvider != null && tokenInfo != null) {

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java?rev=1404151&r1=1404150&r2=1404151&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenLoginModuleTest.java
Wed Oct 31 14:13:55 2012
@@ -36,7 +36,7 @@ import static org.junit.Assert.assertEqu
 import static org.junit.Assert.fail;
 
 /**
- * LoginTest...
+ * TokenLoginModuleTest...
  */
 public class TokenLoginModuleTest extends AbstractSecurityTest {
 
@@ -148,6 +148,5 @@ public class TokenLoginModuleTest extend
         } finally {
             cs.close();
         }
-
     }
 }
\ No newline at end of file



Mime
View raw message