jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1547765 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authentication/ldap/ main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ test/java/org/apache/jackrabbit/oak/security/authe...
Date Wed, 04 Dec 2013 11:22:01 GMT
Author: angela
Date: Wed Dec  4 11:22:01 2013
New Revision: 1547765

URL: http://svn.apache.org/r1547765
Log:
OAK-516 : Create LdapLoginModule based on ExternalLoginModule

- default synchandler should not sync the password into the repository
- ldaploginmodule does not populate subject during commit
- add test for re-login

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/DefaultSyncHandler.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginTestBase.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginModule.java?rev=1547765&r1=1547764&r2=1547765&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginModule.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginModule.java
Wed Dec  4 11:22:01 2013
@@ -16,18 +16,27 @@
  */
 package org.apache.jackrabbit.oak.security.authentication.ldap;
 
+import java.security.Principal;
+import java.util.HashMap;
 import java.util.Map;
+import java.util.Set;
+import javax.annotation.Nonnull;
 import javax.jcr.Credentials;
 import javax.jcr.SimpleCredentials;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.LoginException;
 
+import org.apache.jackrabbit.oak.api.AuthInfo;
+import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl;
 import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModule;
-import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 public final class LdapLoginModule extends ExternalLoginModule {
 
+    private static final Logger log = LoggerFactory.getLogger(LdapLoginModule.class);
+
     private Credentials credentials;
     private LdapUser ldapUser;
     private boolean success;
@@ -43,8 +52,27 @@ public final class LdapLoginModule exten
     }
 
     @Override
+    public boolean commit() throws LoginException {
+        if (success && super.commit()) {
+            if (!subject.isReadOnly()) {
+                String userId = ldapUser.getId();
+                Set<? extends Principal> principals = getPrincipals(userId);
+
+                subject.getPrincipals().addAll(principals);
+                subject.getPublicCredentials().add(credentials);
+                subject.getPublicCredentials().add(createAuthInfo(userId, principals));
+            } else {
+                log.debug("Could not add information to read only subject {}", subject);
+            }
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    @Override
     public boolean login() throws LoginException {
-        getExternalUser();
+        ldapUser = getExternalUser();
         if (ldapUser != null && search.findUser(ldapUser)) {
             search.authenticate(ldapUser);
             success = true;
@@ -54,14 +82,6 @@ public final class LdapLoginModule exten
 
     //------------------------------------------------< AbstractLoginModule >---
     @Override
-    protected Credentials getCredentials() {
-        if (credentials == null) {
-            credentials = super.getCredentials();
-        }
-        return credentials;
-    }
-
-    @Override
     protected void clearState() {
         super.clearState();
         success = false;
@@ -77,15 +97,27 @@ public final class LdapLoginModule exten
     }
 
     @Override
-    protected ExternalUser getExternalUser() {
+    protected LdapUser getExternalUser() {
         if (ldapUser == null) {
-            Credentials creds = getCredentials();
-            if (creds instanceof SimpleCredentials) {
-                String uid = ((SimpleCredentials) creds).getUserID();
-                char[] pwd = ((SimpleCredentials) creds).getPassword();
-                ldapUser = new LdapUser(uid, new String(pwd), search);
+            credentials = getCredentials();
+            if (credentials instanceof SimpleCredentials) {
+                String uid = ((SimpleCredentials) credentials).getUserID();
+                char[] pwd = ((SimpleCredentials) credentials).getPassword();
+                return new LdapUser(uid, new String(pwd), search);
             }
         }
         return ldapUser;
     }
+
+    //------------------------------------------------------------< private >---
+    private AuthInfo createAuthInfo(@Nonnull String userId, Set<? extends Principal>
principals) {
+        Map<String, Object> attributes = new HashMap<String, Object>();
+        if (credentials instanceof SimpleCredentials) {
+            SimpleCredentials sc = (SimpleCredentials) credentials;
+            for (String attrName : sc.getAttributeNames()) {
+                attributes.put(attrName, sc.getAttribute(attrName));
+            }
+        }
+        return new AuthInfoImpl(userId, attributes, principals);
+    }
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/DefaultSyncHandler.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/DefaultSyncHandler.java?rev=1547765&r1=1547764&r2=1547765&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/DefaultSyncHandler.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/DefaultSyncHandler.java
Wed Dec  4 11:22:01 2013
@@ -111,7 +111,7 @@ public class DefaultSyncHandler implemen
     @CheckForNull
     private User createUser(ExternalUser externalUser) throws RepositoryException, SyncException
{
         if (mode.contains(SyncMode.MODE_CREATE_USER)) {
-            User user = userManager.createUser(externalUser.getId(), externalUser.getPassword(),
externalUser.getPrincipal(), null);
+            User user = userManager.createUser(externalUser.getId(), null, externalUser.getPrincipal(),
null);
             syncAuthorizable(externalUser, user);
             return user;
         } else {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModule.java?rev=1547765&r1=1547764&r2=1547765&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModule.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModule.java
Wed Dec  4 11:22:01 2013
@@ -18,6 +18,7 @@ package org.apache.jackrabbit.oak.spi.se
 
 import java.util.Collections;
 import java.util.Set;
+import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.jcr.SimpleCredentials;
 import javax.security.auth.login.LoginException;
@@ -34,9 +35,6 @@ import org.slf4j.LoggerFactory;
  */
 public abstract class ExternalLoginModule extends AbstractLoginModule {
 
-    /**
-     * logger instance
-     */
     private static final Logger log = LoggerFactory.getLogger(ExternalLoginModule.class);
 
     public static final String PARAM_SYNC_MODE = "syncMode";
@@ -58,7 +56,7 @@ public abstract class ExternalLoginModul
      *
      * @return
      */
-    @Nonnull
+    @CheckForNull
     protected abstract ExternalUser getExternalUser();
 
     /**
@@ -132,8 +130,9 @@ public abstract class ExternalLoginModul
             } else {
                 syncMode = SyncMode.fromObject(smValue);
             }
-            if (handler.initialize(userManager, root, syncMode, options)) {
-                handler.sync(getExternalUser());
+            ExternalUser eu = getExternalUser();
+            if (eu != null && handler.initialize(userManager, root, syncMode, options))
{
+                handler.sync(eu);
                 root.commit();
                 return true;
             } else {

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginTestBase.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginTestBase.java?rev=1547765&r1=1547764&r2=1547765&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginTestBase.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginTestBase.java
Wed Dec  4 11:22:01 2013
@@ -16,9 +16,11 @@
  */
 package org.apache.jackrabbit.oak.security.authentication.ldap;
 
+import java.security.Principal;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
+import java.util.Set;
 import javax.jcr.SimpleCredentials;
 import javax.security.auth.login.LoginException;
 
@@ -26,11 +28,16 @@ import org.apache.directory.server.const
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.AuthInfo;
 import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModule;
 import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncMode;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.junit.After;
 import org.junit.AfterClass;
 import org.junit.Before;
@@ -38,6 +45,8 @@ import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
@@ -157,6 +166,9 @@ public abstract class LdapLoginTestBase 
             Authorizable user = userManager.getAuthorizable(USER_ID);
             assertNotNull(user);
             assertTrue(user.hasProperty(USER_PROP));
+            Tree userTree = cs.getLatestRoot().getTree(user.getPath());
+            assertFalse(userTree.hasProperty(UserConstants.REP_PASSWORD));
+
             assertNull(userManager.getAuthorizable(GROUP_DN));
         } finally {
             if (cs != null) {
@@ -312,13 +324,107 @@ public abstract class LdapLoginTestBase 
         }
     }
 
-    @Ignore
+    @Test
+    public void testLoginSetsAuthInfo() throws Exception {
+        ContentSession cs = null;
+        try {
+            SimpleCredentials sc = new SimpleCredentials(USER_ID, USER_PWD.toCharArray());
+            sc.setAttribute("attr", "val");
+
+            cs = login(sc);
+            AuthInfo ai = cs.getAuthInfo();
+
+            assertEquals(USER_ID, ai.getUserID());
+            assertEquals("val", ai.getAttribute("attr"));
+        } finally {
+            if (cs != null) {
+                cs.close();
+            }
+        }
+    }
+
+    @Test
+    public void testPrincipalsFromAuthInfo() throws Exception {
+        options.put(ExternalLoginModule.PARAM_SYNC_MODE, SyncMode.CREATE_USER);
+
+        ContentSession cs = null;
+        try {
+            SimpleCredentials sc = new SimpleCredentials(USER_ID, USER_PWD.toCharArray());
+            sc.setAttribute("attr", "val");
+
+            cs = login(sc);
+            AuthInfo ai = cs.getAuthInfo();
+
+            root.refresh();
+            PrincipalProvider pp = getSecurityProvider().getConfiguration(PrincipalConfiguration.class).getPrincipalProvider(root,
NamePathMapper.DEFAULT);
+            Set<? extends Principal> expected = pp.getPrincipals(USER_ID);
+            assertEquals(2, expected.size());
+            assertEquals(expected, ai.getPrincipals());
+
+        } finally {
+            if (cs != null) {
+                cs.close();
+            }
+        }
+    }
+
+    @Test
+    public void testPrincipalsFromAuthInfo2() throws Exception {
+        options.put(ExternalLoginModule.PARAM_SYNC_MODE, new String[]{SyncMode.CREATE_USER,
SyncMode.CREATE_GROUP});
+
+        ContentSession cs = null;
+        try {
+            SimpleCredentials sc = new SimpleCredentials(USER_ID, USER_PWD.toCharArray());
+            sc.setAttribute("attr", "val");
+
+            cs = login(sc);
+            AuthInfo ai = cs.getAuthInfo();
+
+            root.refresh();
+            PrincipalProvider pp = getSecurityProvider().getConfiguration(PrincipalConfiguration.class).getPrincipalProvider(root,
NamePathMapper.DEFAULT);
+            Set<? extends Principal> expected = pp.getPrincipals(USER_ID);
+            assertEquals(3, expected.size());
+            assertEquals(expected, ai.getPrincipals());
+
+        } finally {
+            if (cs != null) {
+                cs.close();
+            }
+        }
+    }
+
+    @Test
+    public void testReLogin() throws Exception {
+        options.put(ExternalLoginModule.PARAM_SYNC_MODE, SyncMode.CREATE_USER);
+
+        ContentSession cs = null;
+        try {
+            cs = login(new SimpleCredentials(USER_ID, USER_PWD.toCharArray()));
+
+            root.refresh();
+            Authorizable user = userManager.getAuthorizable(USER_ID);
+            assertNotNull(user);
+            assertFalse(root.getTree(user.getPath()).hasProperty(UserConstants.REP_PASSWORD));
+
+            cs.close();
+            // login again
+            cs = login(new SimpleCredentials(USER_ID, USER_PWD.toCharArray()));
+            assertEquals(USER_ID, cs.getAuthInfo().getUserID());
+        } finally {
+            if (cs != null) {
+                cs.close();
+            }
+            options.clear();
+        }
+    }
+
+    @Ignore // FIXME
     @Test
     public void testConcurrentLogin() throws Exception {
         concurrentLogin(false);
     }
 
-    @Ignore
+    @Ignore // FIXME
     @Test
     public void testConcurrentLoginSameGroup() throws Exception {
         concurrentLogin(true);



Mime
View raw message