jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1508330 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authentication/token/ main/resources/org/apache/jackrabbit/oak/plugins/nodetype/write/ test/java/org/apache/jackrabbit/oak/security/authenticatio...
Date Tue, 30 Jul 2013 07:45:18 GMT
Author: angela
Date: Tue Jul 30 07:45:18 2013
New Revision: 1508330

URL: http://svn.apache.org/r1508330
Log:
OAK-91 : Implement Authentication Support 

- make all token related properties protected (-> drop nt:unstructured super type)
- allow for individual expiration time being passed by app overriding the configured default
expiration time

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/resources/org/apache/jackrabbit/oak/plugins/nodetype/write/builtin_nodetypes.cnd
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1508330&r1=1508329&r2=1508330&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
Tue Jul 30 07:45:18 2013
@@ -223,7 +223,14 @@ public class TokenProviderImpl implement
 
                 String keyHash = PasswordUtil.buildPasswordHash(key);
                 tokenNode.setString(TOKEN_ATTRIBUTE_KEY, keyHash);
-                final long expirationTime = creationTime + tokenExpiration;
+
+                long exp;
+                if (attributes.containsKey(PARAM_TOKEN_EXPIRATION)) {
+                    exp = Long.parseLong(attributes.get(PARAM_TOKEN_EXPIRATION).toString());
+                } else {
+                    exp = tokenExpiration;
+                }
+                long expirationTime = createExpirationTime(creationTime, exp);
                 tokenNode.setDate(TOKEN_ATTRIBUTE_EXPIRY, expirationTime);
 
                 for (String name : attributes.keySet()) {
@@ -302,8 +309,9 @@ public class TokenProviderImpl implement
                 return false;
             }
 
-            if (expTime - loginTime <= tokenExpiration / 2) {
-                long expirationTime = loginTime + tokenExpiration;
+            long expiration = tokenNode.getLong(PARAM_TOKEN_EXPIRATION, tokenExpiration);
+            if (expTime - loginTime <= expiration / 2) {
+                long expirationTime = createExpirationTime(loginTime, expiration);
                 try {
                     tokenNode.setDate(TOKEN_ATTRIBUTE_EXPIRY, expirationTime);
                     root.commit();
@@ -319,6 +327,9 @@ public class TokenProviderImpl implement
 
 
     //--------------------------------------------------------------------------
+    private static long createExpirationTime(long creationTime, long tokenExpiration) {
+        return creationTime + tokenExpiration;
+    }
 
     private static long getExpirationTime(NodeUtil tokenNode, long defaultValue) {
         return tokenNode.getLong(TOKEN_ATTRIBUTE_EXPIRY, defaultValue);

Modified: jackrabbit/oak/trunk/oak-core/src/main/resources/org/apache/jackrabbit/oak/plugins/nodetype/write/builtin_nodetypes.cnd
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/resources/org/apache/jackrabbit/oak/plugins/nodetype/write/builtin_nodetypes.cnd?rev=1508330&r1=1508329&r2=1508330&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/resources/org/apache/jackrabbit/oak/plugins/nodetype/write/builtin_nodetypes.cnd
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/resources/org/apache/jackrabbit/oak/plugins/nodetype/write/builtin_nodetypes.cnd
Tue Jul 30 07:45:18 2013
@@ -723,9 +723,11 @@
 /**
  * @since oak 1.0
  */
-[rep:Token] > nt:unstructured, mix:referenceable
+[rep:Token] > mix:referenceable
   - rep:token.key (STRING) protected mandatory
-  - rep:token.exp (STRING) protected mandatory
+  - rep:token.exp (DATE) protected mandatory
+  - * (UNDEFINED) protected
+  - * (UNDEFINED) multiple protected
 
 // -----------------------------------------------------------------------------
 // J A C K R A B B I T  R E T E N T I O N  M A N A G E M E N T

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java?rev=1508330&r1=1508329&r2=1508330&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
Tue Jul 30 07:45:18 2013
@@ -16,12 +16,6 @@
  */
 package org.apache.jackrabbit.oak.security.authentication.token;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Date;
@@ -29,7 +23,6 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.UUID;
-
 import javax.annotation.Nonnull;
 import javax.jcr.Credentials;
 import javax.jcr.GuestCredentials;
@@ -39,11 +32,20 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.core.IdentifierManager;
 import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
 import org.junit.Before;
 import org.junit.Test;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
 /**
  * TokenProviderImplTest...
  */
@@ -140,29 +142,28 @@ public class TokenProviderImplTest exten
         attributes.putAll(privateAttributes);
 
         TokenInfo info = tokenProvider.createToken(userId, attributes);
-
-        Tree userTree = root.getTree(getUserManager(root).getAuthorizable(userId).getPath());
-        Tree tokens = userTree.getChild(".tokens");
-        assertTrue(tokens.exists());
-        assertEquals(1, tokens.getChildrenCount());
-
-        Tree tokenNode = tokens.getChildren().iterator().next();
-        assertNotNull(tokenNode.getProperty("rep:token.key"));
-        assertNotNull(tokenNode.getProperty("rep:token.exp"));
+        Tree tokenTree = getTokenTree(info);
+        PropertyState prop = tokenTree.getProperty("rep:token.key");
+        assertNotNull(prop);
+        assertEquals(Type.STRING, prop.getType());
+
+        prop = tokenTree.getProperty("rep:token.exp");
+        assertNotNull(prop);
+        assertEquals(Type.DATE, prop.getType());
 
         for (String key : reserved.keySet()) {
-            PropertyState p = tokenNode.getProperty(key);
+            PropertyState p = tokenTree.getProperty(key);
             if (p != null) {
                 assertFalse(reserved.get(key).equals(p.getValue(Type.STRING)));
             }
         }
 
         for (String key : privateAttributes.keySet()) {
-            assertEquals(privateAttributes.get(key), tokenNode.getProperty(key).getValue(Type.STRING));
+            assertEquals(privateAttributes.get(key), tokenTree.getProperty(key).getValue(Type.STRING));
         }
 
         for (String key : publicAttributes.keySet()) {
-            assertEquals(publicAttributes.get(key), tokenNode.getProperty(key).getValue(Type.STRING));
+            assertEquals(publicAttributes.get(key), tokenTree.getProperty(key).getValue(Type.STRING));
         }
     }
 
@@ -245,6 +246,34 @@ public class TokenProviderImplTest exten
         assertTrue(tokenProvider.resetTokenExpiration(info, loginTime));
     }
 
+    @Test
+    public void testCreateTokenWithExpirationParam() throws Exception {
+        SimpleCredentials sc = new SimpleCredentials(userId, new char[0]);
+        sc.setAttribute(TokenProvider.PARAM_TOKEN_EXPIRATION, 100000);
+
+        TokenInfo info = tokenProvider.createToken(sc);
+        assertTokenInfo(info, userId);
+
+        Tree tokenTree = getTokenTree(info);
+        assertNotNull(tokenTree);
+        assertTrue(tokenTree.exists());
+        assertTrue(tokenTree.hasProperty(TokenProvider.PARAM_TOKEN_EXPIRATION));
+        assertEquals(100000, tokenTree.getProperty(TokenProvider.PARAM_TOKEN_EXPIRATION).getValue(Type.LONG).longValue());
+    }
+
+    @Test
+    public void testCreateTokenWithInvalidExpirationParam() throws Exception {
+        SimpleCredentials sc = new SimpleCredentials(userId, new char[0]);
+        sc.setAttribute(TokenProvider.PARAM_TOKEN_EXPIRATION, "invalid");
+
+        try {
+            tokenProvider.createToken(sc);
+            fail();
+        } catch (NumberFormatException e) {
+            // success
+        }
+    }
+
     //--------------------------------------------------------------------------
     private static void assertTokenInfo(TokenInfo info, String userId) {
         assertNotNull(info);
@@ -253,6 +282,13 @@ public class TokenProviderImplTest exten
         assertFalse(info.isExpired(new Date().getTime()));
     }
 
+    private Tree getTokenTree(TokenInfo info) {
+        String token = info.getToken();
+        int pos = token.indexOf('_');
+        String nodeId = (pos == -1) ? token : token.substring(0, pos);
+        return new IdentifierManager(root).getTree(nodeId);
+    }
+
     private final class InvalidTokenInfo implements TokenInfo {
         @Nonnull
         @Override



Mime
View raw message