Return-Path: X-Original-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Delivered-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A7643D99A for ; Tue, 2 Oct 2012 09:22:08 +0000 (UTC) Received: (qmail 26733 invoked by uid 500); 2 Oct 2012 09:22:08 -0000 Delivered-To: apmail-jackrabbit-oak-commits-archive@jackrabbit.apache.org Received: (qmail 26651 invoked by uid 500); 2 Oct 2012 09:22:05 -0000 Mailing-List: contact oak-commits-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: oak-dev@jackrabbit.apache.org Delivered-To: mailing list oak-commits@jackrabbit.apache.org Received: (qmail 26610 invoked by uid 99); 2 Oct 2012 09:22:04 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Oct 2012 09:22:04 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Oct 2012 09:22:03 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id F319123888E3; Tue, 2 Oct 2012 09:21:19 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1392803 - /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java Date: Tue, 02 Oct 2012 09:21:19 -0000 To: oak-commits@jackrabbit.apache.org From: angela@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20121002092119.F319123888E3@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: angela Date: Tue Oct 2 09:21:19 2012 New Revision: 1392803 URL: http://svn.apache.org/viewvc?rev=1392803&view=rev Log: OAK-91 - Implement Authentication Support (WIP) Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1392803&r1=1392802&r2=1392803&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java Tue Oct 2 09:21:19 2012 @@ -29,6 +29,7 @@ import java.util.HashMap; import java.util.Map; import javax.annotation.CheckForNull; +import javax.annotation.Nonnull; import javax.jcr.Credentials; import javax.jcr.SimpleCredentials; @@ -40,6 +41,7 @@ import org.apache.jackrabbit.oak.api.Cor import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; +import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials; import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility; import org.apache.jackrabbit.oak.spi.security.user.Type; import org.apache.jackrabbit.oak.spi.security.user.UserContext; @@ -51,7 +53,20 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** - * TokenProvider... TODO + * Default implementation of the {@code TokenProvider} interface with the + * following characteristics. + * + *

doCreateToken

+ * The {@link #doCreateToken(javax.jcr.Credentials)} returns {@code true} if + * {@code SimpleCredentials} can be extracted from the specified credentials + * object and that simple credentials object has a {@link #TOKEN_ATTRIBUTE} + * attribute with an empty value. + * + *

createToken

+ * This implementation of {@link #createToken(javax.jcr.Credentials)} will + * create a separate token node underneath the user home node. That token + * node contains the hashed token, the expiration time and additional + * mandatory attributes that will be verified during login. */ public class TokenProviderImpl implements TokenProvider { @@ -93,21 +108,20 @@ public class TokenProviderImpl implement //------------------------------------------------------< TokenProvider >--- @Override public boolean doCreateToken(Credentials credentials) { - if (credentials instanceof SimpleCredentials) { - SimpleCredentials sc = (SimpleCredentials) credentials; + SimpleCredentials sc = extractSimpleCredentials(credentials); + if (sc == null) { + return false; + } else { Object attr = sc.getAttribute(TOKEN_ATTRIBUTE); return (attr != null && "".equals(attr.toString())); - } else { - return false; } } @Override public TokenInfo createToken(Credentials credentials) { - if (credentials instanceof SimpleCredentials) { - final SimpleCredentials sc = (SimpleCredentials) credentials; + SimpleCredentials sc = extractSimpleCredentials(credentials); + if (sc != null) { String userId = sc.getUserID(); - CoreValueFactory valueFactory = contentSession.getCoreValueFactory(); try { Tree userTree = userProvider.getAuthorizable(userId, Type.USER); @@ -213,6 +227,24 @@ public class TokenProviderImpl implement //-------------------------------------------------------------------------- + @CheckForNull + private static SimpleCredentials extractSimpleCredentials(Credentials credentials) { + if (credentials instanceof SimpleCredentials) { + return (SimpleCredentials) credentials; + } + + if (credentials instanceof ImpersonationCredentials) { + Credentials base = ((ImpersonationCredentials) credentials).getBaseCredentials(); + if (base instanceof SimpleCredentials) { + return (SimpleCredentials) base; + } + } + + // cannot extract SimpleCredentials + return null; + } + + @Nonnull private static String generateKey(int size) { SecureRandom random = new SecureRandom(); byte key[] = new byte[size];