jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1404313 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authentication/token/ main/java/org/apache/jackrabbit/oak/security/authentication/user/ test/java/org/apache/jackrabbit/oak/security/authenticati...
Date Wed, 31 Oct 2012 19:28:21 GMT
Author: angela
Date: Wed Oct 31 19:28:20 2012
New Revision: 1404313

URL: http://svn.apache.org/viewvc?rev=1404313&view=rev
Log:
 OAK-91 - Implement Authentication Support (WIP)

Added:
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfoTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1404313&r1=1404312&r2=1404313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
Wed Oct 31 19:28:20 2012
@@ -172,6 +172,7 @@ public class TokenProviderImpl implement
                 String tokenName = Text.replace(ISO8601.format(creation), ":", ".");
 
                 NodeUtil tokenNode = tokenParent.addChild(tokenName, TOKENS_NT_NAME);
+                // TODO: review if token node should be made referenceable
 
                 String key = generateKey(options.getConfigValue(PARAM_TOKEN_LENGTH, DEFAULT_KEY_SIZE));
                 String nodeId = identifierManager.getIdentifier(tokenNode.getTree());

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java?rev=1404313&r1=1404312&r2=1404313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java
Wed Oct 31 19:28:20 2012
@@ -74,7 +74,7 @@ class UserAuthentication implements Auth
             return false;
         }
 
-        boolean success;
+        boolean success = false;
         try {
             Authorizable authorizable = userManager.getAuthorizable(userId);
             if (authorizable == null || authorizable.isGroup()) {
@@ -89,15 +89,14 @@ class UserAuthentication implements Auth
             if (credentials instanceof SimpleCredentials) {
                 SimpleCredentials creds = (SimpleCredentials) credentials;
                 Credentials userCreds = user.getCredentials();
-                if (userCreds instanceof CredentialsImpl) {
+                if (userId.equals(creds.getUserID()) && userCreds instanceof CredentialsImpl)
{
                     success = PasswordUtility.isSame(((CredentialsImpl) userCreds).getPasswordHash(),
creds.getPassword());
-                } else {
-                    success = false;
                 }
                 checkSuccess(success, "UserId/Password mismatch.");
             } else if (credentials instanceof ImpersonationCredentials) {
-                AuthInfo info = ((ImpersonationCredentials) credentials).getImpersonatorInfo();
-                success = impersonate(info, user);
+                ImpersonationCredentials ipCreds = (ImpersonationCredentials) credentials;
+                AuthInfo info = ipCreds.getImpersonatorInfo();
+                success = equalUserId(ipCreds) && impersonate(info, user);
                 checkSuccess(success, "Impersonation not allowed.");
             } else {
                 // guest login is allowed if an anonymous user exists in the content (see
get user above)
@@ -116,6 +115,11 @@ class UserAuthentication implements Auth
         }
     }
 
+    private boolean equalUserId(ImpersonationCredentials creds) {
+        Credentials base = creds.getBaseCredentials();
+        return (base instanceof SimpleCredentials) && userId.equals(((SimpleCredentials)
base).getUserID());
+    }
+
     private boolean impersonate(AuthInfo info, User user) {
         try {
             if (info.getUserID().equals(user.getID())) {

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java?rev=1404313&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java
Wed Oct 31 19:28:20 2012
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication.token;
+
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.junit.After;
+import org.junit.Before;
+
+/**
+ * AbstractTokenTest...
+ */
+public abstract class AbstractTokenTest extends AbstractSecurityTest {
+
+    Root root;
+    TokenProviderImpl tokenProvider;
+
+    String userId;
+    UserManager userManager;
+
+    @Before
+    public void before() throws Exception {
+        super.before();
+
+        root = admin.getLatestRoot();
+        tokenProvider = new TokenProviderImpl(root,
+                ConfigurationParameters.EMPTY,
+                getSecurityProvider().getUserConfiguration());
+
+        userId = "testUser";
+        userManager = getSecurityProvider().getUserConfiguration().getUserManager(root, NamePathMapper.DEFAULT);
+
+        userManager.createUser(userId, "pw");
+        root.commit();
+    }
+
+    @After
+    public void after() throws Exception {
+        try {
+            Authorizable a = userManager.getAuthorizable(userId);
+            if (a != null) {
+                a.remove();
+                root.commit();
+            }
+        } finally {
+            super.after();
+        }
+    }
+}
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java?rev=1404313&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java
Wed Oct 31 19:28:20 2012
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication.token;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.UUID;
+import javax.jcr.Credentials;
+import javax.jcr.GuestCredentials;
+import javax.jcr.SimpleCredentials;
+import javax.security.auth.login.LoginException;
+
+import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
+import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+/**
+ * TokenAuthenticationTest...
+ */
+public class TokenAuthenticationTest extends AbstractTokenTest {
+
+    TokenAuthentication authentication;
+
+    @Before
+    public void before() throws Exception {
+        super.before();
+        authentication = new TokenAuthentication(tokenProvider);
+    }
+    @Test
+    public void testAuthenticateWithoutTokenProvider() throws Exception {
+        Authentication authentication = new TokenAuthentication(null);
+
+        assertFalse(authentication.authenticate(new TokenCredentials("token")));
+    }
+
+    @Test
+    public void testAuthenticateWithInvalidCredentials() throws Exception {
+        List<Credentials> invalid = new ArrayList<Credentials>();
+        invalid.add(new GuestCredentials());
+        invalid.add(new SimpleCredentials(userId, new char[0]));
+
+        for (Credentials creds : invalid) {
+            assertFalse(authentication.authenticate(creds));
+        }
+    }
+
+    @Test
+    public void testAuthenticateWithInvalidTokenCredentials() throws Exception {
+        try {
+            authentication.authenticate(new TokenCredentials(UUID.randomUUID().toString()));
+            fail("LoginException expected");
+        } catch (LoginException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testAuthenticate() throws Exception {
+        TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap());
+        assertTrue(authentication.authenticate(new TokenCredentials(info.getToken())));
+    }
+
+    @Test
+    public void testGetTokenInfoBeforeAuthenticate() {
+        try {
+            authentication.getTokenInfo();
+            fail("IllegalStateException expected");
+        } catch (IllegalStateException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testGetTokenInfoAfterAuthenticate() throws Exception {
+        TokenInfo info = tokenProvider.createToken(userId, Collections.<String, Object>emptyMap());
+        authentication.authenticate(new TokenCredentials(info.getToken()));
+
+        TokenInfo info2 = authentication.getTokenInfo();
+        assertNotNull(info2);
+        assertEquals(info.getUserId(), info2.getUserId());
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfoTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfoTest.java?rev=1404313&r1=1404312&r2=1404313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfoTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfoTest.java
Wed Oct 31 19:28:20 2012
@@ -22,15 +22,7 @@ import java.util.HashMap;
 import java.util.Map;
 
 import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
-import org.apache.jackrabbit.api.security.user.Authorizable;
-import org.apache.jackrabbit.api.security.user.UserManager;
-import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
-import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
-import org.junit.After;
-import org.junit.Before;
 import org.junit.Test;
 
 import static org.junit.Assert.assertEquals;
@@ -41,42 +33,7 @@ import static org.junit.Assert.assertTru
 /**
  * TokenInfoTest...
  */
-public class TokenInfoTest extends AbstractSecurityTest {
-
-    private Root root;
-    private TokenProviderImpl tokenProvider;
-
-    private String userId;
-    private UserManager userManager;
-
-    @Before
-    public void before() throws Exception {
-        super.before();
-
-        root = admin.getLatestRoot();
-        tokenProvider = new TokenProviderImpl(root,
-                ConfigurationParameters.EMPTY,
-                getSecurityProvider().getUserConfiguration());
-
-        userId = "testUser";
-        userManager = getSecurityProvider().getUserConfiguration().getUserManager(root, NamePathMapper.DEFAULT);
-
-        userManager.createUser(userId, "pw");
-        root.commit();
-    }
-
-    @After
-    public void after() throws Exception {
-        try {
-            Authorizable a = userManager.getAuthorizable(userId);
-            if (a != null) {
-                a.remove();
-                root.commit();
-            }
-        } finally {
-            super.after();
-        }
-    }
+public class TokenInfoTest extends AbstractTokenTest {
 
     @Test
     public void testGetUserId() {

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java?rev=1404313&r1=1404312&r2=1404313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
Wed Oct 31 19:28:20 2012
@@ -29,19 +29,11 @@ import javax.jcr.GuestCredentials;
 import javax.jcr.SimpleCredentials;
 
 import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
-import org.apache.jackrabbit.api.security.user.Authorizable;
-import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.api.PropertyState;
-import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.api.Type;
-import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
-import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
-import org.junit.After;
-import org.junit.Before;
 import org.junit.Test;
 
 import static org.junit.Assert.assertEquals;
@@ -53,42 +45,7 @@ import static org.junit.Assert.assertTru
 /**
  * TokenProviderImplTest...
  */
-public class TokenProviderImplTest extends AbstractSecurityTest {
-
-    private Root root;
-    private TokenProviderImpl tokenProvider;
-
-    private String userId;
-    private UserManager userManager;
-
-    @Before
-    public void before() throws Exception {
-        super.before();
-
-        root = admin.getLatestRoot();
-        tokenProvider = new TokenProviderImpl(root,
-                ConfigurationParameters.EMPTY,
-                getSecurityProvider().getUserConfiguration());
-
-        userId = "testUser";
-        userManager = getSecurityProvider().getUserConfiguration().getUserManager(root, NamePathMapper.DEFAULT);
-
-        userManager.createUser(userId, "pw");
-        root.commit();
-    }
-
-    @After
-    public void after() throws Exception {
-        try {
-            Authorizable a = userManager.getAuthorizable(userId);
-            if (a != null) {
-                a.remove();
-                root.commit();
-            }
-        } finally {
-            super.after();
-        }
-    }
+public class TokenProviderImplTest extends AbstractTokenTest {
 
     @Test
     public void testDoCreateToken() throws Exception {

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java?rev=1404313&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java
Wed Oct 31 19:28:20 2012
@@ -0,0 +1,182 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication.user;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+import javax.annotation.Nonnull;
+import javax.jcr.Credentials;
+import javax.jcr.GuestCredentials;
+import javax.jcr.SimpleCredentials;
+import javax.security.auth.login.LoginException;
+
+import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.api.AuthInfo;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.security.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+/**
+ * UserAuthenticationTest...
+ */
+public class UserAuthenticationTest extends AbstractSecurityTest {
+
+    private Root root;
+
+    private String userId;
+    private UserManager userManager;
+
+    private UserAuthentication authentication;
+
+    @Before
+    public void before() throws Exception {
+        super.before();
+
+        root = admin.getLatestRoot();
+
+        userId = "testUser";
+        userManager = getSecurityProvider().getUserConfiguration().getUserManager(root, NamePathMapper.DEFAULT);
+
+        userManager.createUser(userId, "pw");
+        root.commit();
+
+        authentication = new UserAuthentication(userId, userManager);
+    }
+
+    @After
+    public void after() throws Exception {
+        try {
+            Authorizable a = userManager.getAuthorizable(userId);
+            if (a != null) {
+                a.remove();
+                root.commit();
+            }
+        } finally {
+            super.after();
+        }
+    }
+
+    @Test
+    public void testAuthenticateWithoutUserManager() throws Exception {
+        UserAuthentication authentication = new UserAuthentication(userId, null);
+        assertFalse(authentication.authenticate(new SimpleCredentials(userId, "pw".toCharArray())));
+    }
+
+    @Test
+    public void testAuthenticateWithoutUserId() throws Exception {
+        UserAuthentication authentication = new UserAuthentication(null, userManager);
+        assertFalse(authentication.authenticate(new SimpleCredentials(userId, "pw".toCharArray())));
+    }
+
+    @Test
+    public void testAuthenticateInvalidCredentials() throws Exception {
+        List<Credentials> invalid = new ArrayList<Credentials>();
+        invalid.add(new TokenCredentials("token"));
+        invalid.add(new Credentials() {});
+
+        for (Credentials creds : invalid) {
+            assertFalse(authentication.authenticate(creds));
+        }
+    }
+
+    @Test
+    public void testAuthenticateInvalidSimpleCredentials() throws Exception {
+        List<Credentials> invalid = new ArrayList<Credentials>();
+        invalid.add(new SimpleCredentials(userId, "wrongPw".toCharArray()));
+        invalid.add(new SimpleCredentials(userId, "".toCharArray()));
+        invalid.add(new SimpleCredentials("unknownUser", "pw".toCharArray()));
+
+        for (Credentials creds : invalid) {
+            try {
+                authentication.authenticate(creds);
+                fail("LoginException expected");
+            } catch (LoginException e) {
+                // success
+            }
+        }
+    }
+
+    @Test
+    public void testAuthenticateSimpleCredentials() throws Exception {
+       assertTrue(authentication.authenticate(new SimpleCredentials(userId, "pw".toCharArray())));
+    }
+
+    @Test
+    public void testAuthenticateInvalidImpersonationCredentials() throws Exception {
+       List<Credentials> invalid = new ArrayList<Credentials>();
+        invalid.add(new ImpersonationCredentials(new GuestCredentials(), admin.getAuthInfo()));
+        invalid.add(new ImpersonationCredentials(new SimpleCredentials(admin.getAuthInfo().getUserID(),
new char[0]), new TestAuthInfo()));
+        invalid.add(new ImpersonationCredentials(new SimpleCredentials("unknown", new char[0]),
admin.getAuthInfo()));
+        invalid.add(new ImpersonationCredentials(new SimpleCredentials("unknown", new char[0]),
new TestAuthInfo()));
+
+        for (Credentials creds : invalid) {
+            try {
+                authentication.authenticate(creds);
+                fail("LoginException expected");
+            } catch (LoginException e) {
+                // success
+            }
+        }
+    }
+
+    @Test
+    public void testAuthenticateImpersonationCredentials() throws Exception {
+        SimpleCredentials sc = new SimpleCredentials(userId, new char[0]);
+        assertTrue(authentication.authenticate(new ImpersonationCredentials(sc, admin.getAuthInfo())));
+    }
+
+    @Test
+    public void testAuthenticateImpersonationCredentials2() throws Exception {
+        SimpleCredentials sc = new SimpleCredentials(userId, new char[0]);
+        assertTrue(authentication.authenticate(new ImpersonationCredentials(sc, new TestAuthInfo())));
+    }
+
+    //--------------------------------------------------------------------------
+
+    private final class TestAuthInfo implements AuthInfo {
+
+        @Override
+            public String getUserID() {
+                return userId;
+            }
+            @Nonnull
+            @Override
+            public String[] getAttributeNames() {
+                return new String[0];
+            }
+            @Override
+            public Object getAttribute(String attributeName) {
+                return null;
+            }
+            @Override
+            public Set<Principal> getPrincipals() {
+                return null;
+            }
+    }
+}
\ No newline at end of file



Mime
View raw message