jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1575222 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authentication/user/ test/java/org/apache/jackrabbit/oak/security/authentication/user/
Date Fri, 07 Mar 2014 10:23:42 GMT
Author: angela
Date: Fri Mar  7 10:23:41 2014
New Revision: 1575222

URL: http://svn.apache.org/r1575222
Log:
OAK-1519 : UserAuthentication: Return false if userId cannot be resolved

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java?rev=1575222&r1=1575221&r2=1575222&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java
Fri Mar  7 10:23:41 2014
@@ -78,8 +78,12 @@ class UserAuthentication implements Auth
         boolean success = false;
         try {
             Authorizable authorizable = userManager.getAuthorizable(userId);
-            if (authorizable == null || authorizable.isGroup()) {
-                throw new LoginException("Unknown user " + userId);
+            if (authorizable == null) {
+                return false;
+            }
+
+            if (authorizable.isGroup()) {
+                throw new LoginException("Not a user " + userId);
             }
 
             User user = (User) authorizable;

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java?rev=1575222&r1=1575221&r2=1575222&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java
Fri Mar  7 10:23:41 2014
@@ -143,6 +143,21 @@ public class LoginModuleImplTest extends
     }
 
     @Test
+    public void testUnknownUserLogin() throws Exception {
+        ContentSession cs = null;
+        try {
+            cs = login(new SimpleCredentials("unknown", "".toCharArray()));
+            fail("Unknown user must not be able to login");
+        } catch (LoginException e) {
+            // success
+        } finally {
+            if (cs != null) {
+                cs.close();
+            }
+        }
+    }
+
+    @Test
     public void testSelfImpersonation() throws Exception {
         ContentSession cs = null;
         try {

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java?rev=1575222&r1=1575221&r2=1575222&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java
Fri Mar  7 10:23:41 2014
@@ -27,8 +27,10 @@ import javax.jcr.SimpleCredentials;
 import javax.security.auth.login.LoginException;
 
 import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
+import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.api.AuthInfo;
+import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
 import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
 import org.junit.Before;
 import org.junit.Test;
@@ -76,6 +78,33 @@ public class UserAuthenticationTest exte
     }
 
     @Test
+    public void testAuthenticateCannotResolveUser() throws Exception {
+        SimpleCredentials sc = new SimpleCredentials("unknownUser", "pw".toCharArray());
+        Authentication a = new UserAuthentication(sc.getUserID(), getUserManager(root));
+
+        assertFalse(a.authenticate(sc));
+    }
+
+    @Test
+    public void testAuthenticateResolvesToGroup() throws Exception {
+        Group g = getUserManager(root).createGroup("g1");
+        SimpleCredentials sc = new SimpleCredentials(g.getID(), "pw".toCharArray());
+        Authentication a = new UserAuthentication(sc.getUserID(), getUserManager(root));
+
+        try {
+            a.authenticate(sc);
+            fail("Authenticating Group should fail");
+        } catch (LoginException e) {
+            // success
+        } finally {
+            if (g != null) {
+                g.remove();
+                root.commit();
+            }
+        }
+    }
+
+    @Test
     public void testAuthenticateInvalidSimpleCredentials() throws Exception {
         List<Credentials> invalid = new ArrayList<Credentials>();
         invalid.add(new SimpleCredentials(userId, "wrongPw".toCharArray()));
@@ -93,6 +122,16 @@ public class UserAuthenticationTest exte
     }
 
     @Test
+    public void testAuthenticateIdMismatch() throws Exception {
+        try {
+            authentication.authenticate(new SimpleCredentials("unknownUser", "pw".toCharArray()));
+            fail("LoginException expected");
+        } catch (LoginException e) {
+            // success
+        }
+    }
+
+    @Test
     public void testAuthenticateSimpleCredentials() throws Exception {
        assertTrue(authentication.authenticate(new SimpleCredentials(userId, userId.toCharArray())));
     }



Mime
View raw message