Return-Path: X-Original-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Delivered-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 313DB10CA4 for ; Wed, 29 Jan 2014 10:07:57 +0000 (UTC) Received: (qmail 80501 invoked by uid 500); 29 Jan 2014 10:07:56 -0000 Delivered-To: apmail-jackrabbit-oak-commits-archive@jackrabbit.apache.org Received: (qmail 80478 invoked by uid 500); 29 Jan 2014 10:07:56 -0000 Mailing-List: contact oak-commits-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: oak-dev@jackrabbit.apache.org Delivered-To: mailing list oak-commits@jackrabbit.apache.org Received: (qmail 80470 invoked by uid 99); 29 Jan 2014 10:07:56 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Jan 2014 10:07:56 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Jan 2014 10:07:52 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 2E91C23888FE; Wed, 29 Jan 2014 10:07:31 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1562390 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authentication/token/ main/java/org/apache/jackrabbit/oak/security/authentication/user/ main/java/org/apache/jackrabbit/oak/spi/security/authenti... Date: Wed, 29 Jan 2014 10:07:31 -0000 To: oak-commits@jackrabbit.apache.org From: angela@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20140129100731.2E91C23888FE@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: angela Date: Wed Jan 29 10:07:30 2014 New Revision: 1562390 URL: http://svn.apache.org/r1562390 Log: OAK-1363 TokenLoginModule does not set userId on auth info Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java?rev=1562390&r1=1562389&r2=1562390&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java Wed Jan 29 10:07:30 2014 @@ -170,7 +170,8 @@ public final class TokenLoginModule exte for (String name : attributes.keySet()) { tc.setAttribute(name, attributes.get(name)); } - updateSubject(tc, getAuthInfo(ti), null); + sharedState.put(SHARED_KEY_ATTRIBUTES, attributes); + updateSubject(tc, null, null); } else { // failed to create token -> fail commit() log.debug("TokenProvider failed to create a login token for user " + userId); @@ -236,19 +237,21 @@ public final class TokenLoginModule exte * @param tokenInfo The tokenInfo to retrieve attributes from. * @return The {@code AuthInfo} resulting from the successful login. */ - @Nonnull - private AuthInfo getAuthInfo(TokenInfo tokenInfo) { - Map attributes = new HashMap(); - if (tokenProvider != null && tokenInfo != null) { + @CheckForNull + private AuthInfo getAuthInfo(@Nullable TokenInfo tokenInfo) { + if (tokenInfo != null) { + Map attributes = new HashMap(); Map publicAttributes = tokenInfo.getPublicAttributes(); for (String attrName : publicAttributes.keySet()) { attributes.put(attrName, publicAttributes.get(attrName)); } + return new AuthInfoImpl(tokenInfo.getUserId(), attributes, principals); + } else { + return null; } - return new AuthInfoImpl(userId, attributes, principals); } - private void updateSubject(@Nonnull TokenCredentials tc, @Nonnull AuthInfo authInfo, + private void updateSubject(@Nonnull TokenCredentials tc, @Nullable AuthInfo authInfo, @Nullable Set principals) { if (!subject.isReadOnly()) { subject.getPublicCredentials().add(tc); @@ -257,12 +260,9 @@ public final class TokenLoginModule exte subject.getPrincipals().addAll(principals); } - // replace all existing auth-info - Set ais = subject.getPublicCredentials(AuthInfo.class); - if (!ais.isEmpty()) { - subject.getPublicCredentials().removeAll(ais); + if (authInfo != null) { + setAuthInfo(authInfo, subject); } - subject.getPublicCredentials().add(authInfo); } } } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java?rev=1562390&r1=1562389&r2=1562390&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java Wed Jan 29 10:07:30 2014 @@ -33,9 +33,9 @@ import javax.security.auth.login.LoginEx import org.apache.jackrabbit.oak.api.AuthInfo; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; -import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule; +import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl; import org.apache.jackrabbit.oak.spi.security.authentication.Authentication; import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials; import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration; @@ -143,10 +143,7 @@ public final class LoginModuleImpl exten if (!subject.isReadOnly()) { subject.getPrincipals().addAll(principals); subject.getPublicCredentials().add(credentials); - Set ais = subject.getPublicCredentials(AuthInfo.class); - if (ais.isEmpty()) { - subject.getPublicCredentials().add(createAuthInfo()); - } + setAuthInfo(createAuthInfo(), subject); } else { log.debug("Could not add information to read only subject {}", subject); } @@ -213,14 +210,19 @@ public final class LoginModuleImpl exten } private AuthInfo createAuthInfo() { - Map attributes = new HashMap(); Credentials creds; if (credentials instanceof ImpersonationCredentials) { creds = ((ImpersonationCredentials) credentials).getBaseCredentials(); } else { creds = credentials; } - if (creds instanceof SimpleCredentials) { + Map attributes = new HashMap(); + Object shared = sharedState.get(SHARED_KEY_ATTRIBUTES); + if (shared instanceof Map) { + for (Object key : ((Map) shared).keySet()) { + attributes.put(key.toString(), ((Map) shared).get(key)); + } + } else if (creds instanceof SimpleCredentials) { SimpleCredentials sc = (SimpleCredentials) creds; for (String attrName : sc.getAttributeNames()) { attributes.put(attrName, sc.getAttribute(attrName)); Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1562390&r1=1562389&r2=1562390&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java Wed Jan 29 10:07:30 2014 @@ -35,6 +35,7 @@ import javax.security.auth.login.LoginEx import javax.security.auth.spi.LoginModule; import org.apache.jackrabbit.api.security.user.UserManager; +import org.apache.jackrabbit.oak.api.AuthInfo; import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; @@ -154,6 +155,12 @@ public abstract class AbstractLoginModul */ public static final String SHARED_KEY_LOGIN_NAME = "javax.security.auth.login.name"; + /** + * Key of the sharedState entry referring to public attributes that are shared + * between multiple login modules. + */ + public static final String SHARED_KEY_ATTRIBUTES = "javax.security.auth.login.attributes"; + protected Subject subject; protected CallbackHandler callbackHandler; protected Map sharedState; @@ -441,4 +448,12 @@ public abstract class AbstractLoginModul return principalProvider.getPrincipals(userId); } } + + static protected void setAuthInfo(@Nonnull AuthInfo authInfo, @Nonnull Subject subject) { + Set ais = subject.getPublicCredentials(AuthInfo.class); + if (!ais.isEmpty()) { + subject.getPublicCredentials().removeAll(ais); + } + subject.getPublicCredentials().add(authInfo); + } } Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java?rev=1562390&r1=1562389&r2=1562390&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java Wed Jan 29 10:07:30 2014 @@ -38,7 +38,6 @@ import org.apache.jackrabbit.oak.spi.sec import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration; import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo; import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider; -import org.junit.Ignore; import org.junit.Test; import static org.junit.Assert.assertEquals; @@ -166,7 +165,6 @@ public class TokenDefaultLoginModuleTest } @Test - @Ignore("OAK-1363") public void testTokenAuthInfo() throws Exception { ContentSession cs = null; try {