This is an automated email from the ASF dual-hosted git repository.
cziegeler pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-core.git
The following commit(s) were added to refs/heads/master by this push:
new de43cb0 SLING-10248 : Refactor: Move auth requirements handling into
separate component
de43cb0 is described below
commit de43cb0c16f0de307b3f227ff3c0da2e8057806d
Author: Carsten Ziegeler <[email protected]>
AuthorDate: Mon Mar 22 08:04:44 2021 +0100
SLING-10248 : Refactor: Move auth requirements handling into separate
component
---
.../sling/auth/core/impl/SlingAuthenticator.java | 116 ++++++++++-----------
.../impl/SlingAuthenticatorServiceListener.java | 27 ++---
.../SlingAuthenticatorServiceListenerTest.java | 86 +++++++--------
.../auth/core/impl/SlingAuthenticatorTest.java | 43 ++++++--
4 files changed, 138 insertions(+), 134 deletions(-)
diff --git
a/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
b/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
index 027315d..6c82065 100644
--- a/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
+++ b/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
@@ -237,7 +237,7 @@ public class SlingAuthenticator implements Authenticator,
* <code>requestCredentials</code> and <code>dropCredentials</code> methods
* will not send back a 401 response.
*/
- private static final String HTTP_AUTH_PREEMPTIVE = "preemptive";
+ static final String HTTP_AUTH_PREEMPTIVE = "preemptive";
/**
* Default request URI suffix to expect to be handled by authentication
@@ -245,7 +245,7 @@ public class SlingAuthenticator implements Authenticator,
* {@link #handleSecurity(HttpServletRequest, HttpServletResponse)} to
* return <code>true</code>.
*/
- private static final String DEFAULT_AUTH_URI_SUFFIX = "/j_security_check";
+ static final String DEFAULT_AUTH_URI_SUFFIX = "/j_security_check";
/**
* The name of the form submission parameter providing the new password of
@@ -262,17 +262,14 @@ public class SlingAuthenticator implements Authenticator,
private final PathBasedHolderCache<AbstractAuthenticationHandlerHolder>
authHandlerCache = new
PathBasedHolderCache<AbstractAuthenticationHandlerHolder>();
- // package protected for access in inner class ...
- private final PathBasedHolderCache<AuthenticationRequirementHolder>
authRequiredCache = new PathBasedHolderCache<AuthenticationRequirementHolder>();
-
/** The name of the impersonation parameter */
- private String sudoParameterName;
+ private volatile String sudoParameterName;
/** The name of the impersonation cookie */
- private String sudoCookieName;
+ private volatile String sudoCookieName;
/** Cache control flag */
- private boolean cacheControl;
+ private volatile boolean cacheControl;
/**
* The configured URI suffices indicating a authentication requests and
@@ -281,7 +278,7 @@ public class SlingAuthenticator implements Authenticator,
* <p>
* This will be <code>null</code> if there are no suffices to consider.
*/
- private String[] authUriSuffices;
+ private volatile String[] authUriSuffices;
/**
* The name of the user to assume for anonymous access. By default this is
@@ -290,7 +287,7 @@ public class SlingAuthenticator implements Authenticator,
*
* @see #getAnonymousCredentials()
*/
- private String anonUser;
+ private volatile String anonUser;
/**
* The password to use for anonymous access. This property is only used if
@@ -298,10 +295,10 @@ public class SlingAuthenticator implements Authenticator,
*
* @see #getAnonymousCredentials()
*/
- private char[] anonPassword;
+ private volatile char[] anonPassword;
/** HTTP Basic authentication handler */
- private HttpBasicAuthenticationHandler httpBasicHandler;
+ private volatile HttpBasicAuthenticationHandler httpBasicHandler;
/**
* The listener for services registered with "sling.auth.requirements" to
@@ -337,10 +334,11 @@ public class SlingAuthenticator implements Authenticator,
final Config config) {
this.metrics = new SlingAuthenticationMetrics(metricsService);
this.resourceResolverFactory = resourceResolverFactory;
- modified(config);
- serviceListener = SlingAuthenticatorServiceListener.createListener(
- bundleContext, Executors.newSingleThreadExecutor(),
resourceResolverFactory, this.authRequiredCache);
+ this.serviceListener =
SlingAuthenticatorServiceListener.createListener(
+ bundleContext, Executors.newSingleThreadExecutor(),
resourceResolverFactory);
+
+ this.modified(config);
}
/**
@@ -353,61 +351,33 @@ public class SlingAuthenticator implements Authenticator,
}
@Modified
- private void modified(Config config) {
- String newCookie = config.auth_sudo_cookie();
- if (!newCookie.equals(this.sudoCookieName)) {
+ private void modified(final Config config) {
+ if (!config.auth_sudo_cookie().equals(this.sudoCookieName)) {
log.info(
"modified: Setting new cookie name for impersonation {} (was
{})",
- newCookie, this.sudoCookieName);
- this.sudoCookieName = newCookie;
+ config.auth_sudo_cookie(), this.sudoCookieName);
+ this.sudoCookieName = config.auth_sudo_cookie();
}
- String newPar = config.auth_sudo_parameter();
- if (!newPar.equals(this.sudoParameterName)) {
+ if (!config.auth_sudo_parameter().equals(this.sudoParameterName)) {
log.info(
"modified: Setting new parameter name for impersonation {}
(was {})",
- newPar, this.sudoParameterName);
- this.sudoParameterName = newPar;
- }
-
- authRequiredCache.clear();
-
- final boolean anonAllowed = config.auth_annonymous();
- authRequiredCache.addHolder(new AuthenticationRequirementHolder("/",
!anonAllowed, null));
-
- String[] authReqs = config.sling_auth_requirements();
- if (authReqs != null) {
- for (String authReq : authReqs) {
- if (authReq != null && authReq.length() > 0) {
-
authRequiredCache.addHolder(AuthenticationRequirementHolder.fromConfig(
- authReq, null));
- }
- }
+ config.auth_sudo_parameter(), this.sudoParameterName);
+ this.sudoParameterName = config.auth_sudo_parameter();
}
- final String anonUser = config.sling_auth_anonymous_user();
- if (anonUser != null && anonUser.length() > 0) {
- this.anonUser = anonUser;
+ if (config.sling_auth_anonymous_user() != null &&
config.sling_auth_anonymous_user().length() > 0) {
+ this.anonUser = config.sling_auth_anonymous_user();
this.anonPassword = config.sling_auth_anonymous_password() == null
? "".toCharArray() : config.sling_auth_anonymous_password().toCharArray();
} else {
this.anonUser = null;
this.anonPassword = null;
}
- authUriSuffices = config.auth_uri_suffix();
- // don't require authentication for login/logout servlets
- authRequiredCache.addHolder(new AuthenticationRequirementHolder(
- LoginServlet.SERVLET_PATH, false, null));
- authRequiredCache.addHolder(new AuthenticationRequirementHolder(
- LogoutServlet.SERVLET_PATH, false, null));
-
- // add all registered services
- if (serviceListener != null) {
- serviceListener.registerAllServices();
- }
+ this.authUriSuffices = config.auth_uri_suffix();
final String http;
- if (anonAllowed) {
+ if (config.auth_annonymous()) {
http = config.auth_http();
} else {
http = HTTP_AUTH_ENABLED;
@@ -415,17 +385,38 @@ public class SlingAuthenticator implements Authenticator,
}
if (HTTP_AUTH_DISABLED.equals(http)) {
- httpBasicHandler = null;
+ this.httpBasicHandler = null;
} else {
- final String realm = config.auth_http_realm();
- httpBasicHandler = new HttpBasicAuthenticationHandler(realm,
HTTP_AUTH_ENABLED.equals(http));
+ this.httpBasicHandler = new
HttpBasicAuthenticationHandler(config.auth_http_realm(),
HTTP_AUTH_ENABLED.equals(http));
+ }
+
+ // update auth requirments based on configuration
+ this.serviceListener.clear();
+ this.serviceListener.addHolder(new
AuthenticationRequirementHolder("/", !config.auth_annonymous(), null));
+
+ if (config.sling_auth_requirements() != null) {
+ for (String authReq : config.sling_auth_requirements()) {
+ if (authReq != null && authReq.length() > 0) {
+
this.serviceListener.addHolder(AuthenticationRequirementHolder.fromConfig(
+ authReq, null));
+ }
+ }
+ }
+
+ // don't require authentication for login/logout servlets
+ this.serviceListener.addHolder(new AuthenticationRequirementHolder(
+ LoginServlet.SERVLET_PATH, false, null));
+ this.serviceListener.addHolder(new AuthenticationRequirementHolder(
+ LogoutServlet.SERVLET_PATH, false, null));
+
+ // add all registered services
+ if (serviceListener != null) {
+ serviceListener.registerAllServices();
}
}
@Deactivate
private void deactivate(final BundleContext bundleContext) {
- this.authRequiredCache.clear();
-
this.serviceListener.stop(bundleContext);
}
@@ -693,7 +684,7 @@ public class SlingAuthenticator implements Authenticator,
}
List<AuthenticationRequirementHolder> getAuthenticationRequirements() {
- return authRequiredCache.getHolders();
+ return this.serviceListener.getHolders();
}
/**
@@ -931,12 +922,11 @@ public class SlingAuthenticator implements Authenticator,
return false;
}
- private boolean isAnonAllowed(HttpServletRequest request) {
+ boolean isAnonAllowed(HttpServletRequest request) {
String path = getPath(request);
- final Collection<AuthenticationRequirementHolder>[] holderSetArray =
authRequiredCache
- .findApplicableHolders(request);
+ final Collection<AuthenticationRequirementHolder>[] holderSetArray =
this.serviceListener.findApplicableHolders(request);
for (int m = 0; m < holderSetArray.length; m++) {
final Collection<AuthenticationRequirementHolder> holders =
holderSetArray[m];
if (holders != null) {
diff --git
a/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticatorServiceListener.java
b/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticatorServiceListener.java
index 4bf1ab0..6a6cc48 100644
---
a/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticatorServiceListener.java
+++
b/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticatorServiceListener.java
@@ -55,7 +55,8 @@ import org.slf4j.LoggerFactory;
* the service registry.
*
*/
-public class SlingAuthenticatorServiceListener implements AllServiceListener,
EventHandler {
+public class SlingAuthenticatorServiceListener extends
PathBasedHolderCache<AuthenticationRequirementHolder>
+ implements AllServiceListener, EventHandler {
/** Filter expression for auth requirements */
private static final String FILTER_EXPR =
"(".concat(AuthConstants.AUTH_REQUIREMENTS).concat("=*)");
@@ -72,9 +73,6 @@ public class SlingAuthenticatorServiceListener implements
AllServiceListener, Ev
/** Resource resolver factory */
private final ResourceResolverFactory resolverFactory;
- /** Auth requirements cache */
- private final PathBasedHolderCache<AuthenticationRequirementHolder>
authRequiredCache;
-
/** Cache for registration properties of auth requirements */
private final Map<Long, Set<String>> regProps = new ConcurrentHashMap<>();
@@ -104,11 +102,9 @@ public class SlingAuthenticatorServiceListener implements
AllServiceListener, Ev
static SlingAuthenticatorServiceListener createListener(
final BundleContext context,
final Executor executor,
- final ResourceResolverFactory factory,
- final PathBasedHolderCache<AuthenticationRequirementHolder>
authRequiredCache) {
+ final ResourceResolverFactory factory) {
- final SlingAuthenticatorServiceListener listener = new
SlingAuthenticatorServiceListener(authRequiredCache,
- executor,
+ final SlingAuthenticatorServiceListener listener = new
SlingAuthenticatorServiceListener(executor,
factory);
try {
context.addServiceListener(listener, FILTER_EXPR);
@@ -133,14 +129,11 @@ public class SlingAuthenticatorServiceListener implements
AllServiceListener, Ev
/**
* Create a new listener
- * @param authRequiredCache The cache
* @param executor For updating
* @param factory The resource resolver factory
*/
- private SlingAuthenticatorServiceListener(final
PathBasedHolderCache<AuthenticationRequirementHolder> authRequiredCache,
- final Executor executor,
+ private SlingAuthenticatorServiceListener(final Executor executor,
final ResourceResolverFactory factory) {
- this.authRequiredCache = authRequiredCache;
this.executor = executor;
this.resolverFactory = factory;
logger.debug("Started auth requirements listener");
@@ -151,6 +144,8 @@ public class SlingAuthenticatorServiceListener implements
AllServiceListener, Ev
}
public void stop(final BundleContext bundleContext) {
+ this.clear();
+
bundleContext.removeServiceListener(this);
if ( this.serviceRegistration != null ) {
this.serviceRegistration.unregister();
@@ -301,7 +296,7 @@ public class SlingAuthenticatorServiceListener implements
AllServiceListener, Ev
*/
private void registerService(final List<AuthenticationRequirementHolder>
authReqs) {
for (AuthenticationRequirementHolder authReq : authReqs) {
- authRequiredCache.addHolder(authReq);
+ this.addHolder(authReq);
}
}
@@ -382,7 +377,7 @@ public class SlingAuthenticatorServiceListener implements
AllServiceListener, Ev
// remove
final AuthenticationRequirementHolder holder =
AuthenticationRequirementHolder.fromConfig(oldPath, ref);
authReqs.remove(holder);
- authRequiredCache.removeHolder(holder);
+ this.removeHolder(holder);
}
}
for(final String path : paths) {
@@ -390,7 +385,7 @@ public class SlingAuthenticatorServiceListener implements
AllServiceListener, Ev
// add
final AuthenticationRequirementHolder holder =
AuthenticationRequirementHolder.fromConfig(path, ref);
authReqs.add(holder);
- authRequiredCache.addHolder(holder);
+ this.addHolder(holder);
}
}
regProps.put(id, paths);
@@ -410,7 +405,7 @@ public class SlingAuthenticatorServiceListener implements
AllServiceListener, Ev
final List<AuthenticationRequirementHolder> authReqs =
props.remove(id);
if (authReqs != null) {
for (final AuthenticationRequirementHolder authReq : authReqs) {
- authRequiredCache.removeHolder(authReq);
+ this.removeHolder(authReq);
}
}
regProps.remove(id);
diff --git
a/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorServiceListenerTest.java
b/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorServiceListenerTest.java
index c87a1bc..9951dfd 100644
---
a/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorServiceListenerTest.java
+++
b/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorServiceListenerTest.java
@@ -108,40 +108,38 @@ public class SlingAuthenticatorServiceListenerTest {
}
@Test public void testAddRemoveRegistration() throws LoginException {
- final PathBasedHolderCache<AuthenticationRequirementHolder> cache =
new PathBasedHolderCache<AuthenticationRequirementHolder>();
final BundleContext context = mock(BundleContext.class);
final ResourceMapper mapper = mock(ResourceMapper.class);
when(mapper.getAllMappings("/path1")).thenReturn(Collections.singleton("/path1"));
- final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(mapper), cache);
+ final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(mapper));
- assertTrue(cache.getHolders().isEmpty());
+ assertTrue(listener.getHolders().isEmpty());
final ServiceReference<?> ref = createServiceReference(new String[]
{"/path1"});
listener.serviceChanged(new ServiceEvent(ServiceEvent.REGISTERED,
ref));
- assertPaths(cache, new String[] {"/path1"},
+ assertPaths(listener, new String[] {"/path1"},
new ServiceReference<?>[] {ref});
listener.serviceChanged(new ServiceEvent(ServiceEvent.UNREGISTERING,
ref));
- assertTrue(cache.getHolders().isEmpty());
+ assertTrue(listener.getHolders().isEmpty());
}
@Test public void testAddUpdateRemoveRegistration() throws LoginException {
- final PathBasedHolderCache<AuthenticationRequirementHolder> cache =
new PathBasedHolderCache<AuthenticationRequirementHolder>();
final BundleContext context = mock(BundleContext.class);
final ResourceMapper mapper = mock(ResourceMapper.class);
when(mapper.getAllMappings("/path1")).thenReturn(Arrays.asList("/path1",
"/path1a"));
when(mapper.getAllMappings("/path2")).thenReturn(Arrays.asList("/path2",
"/path2a"));
when(mapper.getAllMappings("/path3")).thenReturn(Arrays.asList("/path3",
"/path3a"));
- final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(mapper), cache);
+ final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(mapper));
// add
final ServiceReference<?> ref = createServiceReference(new String[]
{"/path1", "/path2"});
listener.serviceChanged(new ServiceEvent(ServiceEvent.REGISTERED,
ref));
- assertPaths(cache, new String[] {"/path1", "/path1a", "/path2",
"/path2a"},
+ assertPaths(listener, new String[] {"/path1", "/path1a", "/path2",
"/path2a"},
new ServiceReference<?>[] {ref, ref, ref, ref},
new boolean[] {true, true, true, true});
@@ -149,44 +147,42 @@ public class SlingAuthenticatorServiceListenerTest {
when(ref.getProperty(AuthConstants.AUTH_REQUIREMENTS)).thenReturn(new
String[] {"/path2", "/path3"});
listener.serviceChanged(new ServiceEvent(ServiceEvent.MODIFIED, ref));
- assertPaths(cache, new String[] {"/path2", "/path2a", "/path3",
"/path3a"},
+ assertPaths(listener, new String[] {"/path2", "/path2a", "/path3",
"/path3a"},
new ServiceReference<?>[] {ref, ref, ref, ref},
new boolean[] {true, true, true, true});
// remmove
listener.serviceChanged(new ServiceEvent(ServiceEvent.UNREGISTERING,
ref));
- assertTrue(cache.getHolders().isEmpty());
+ assertTrue(listener.getHolders().isEmpty());
}
@Test public void testDuplicateRegistration() throws LoginException {
- final PathBasedHolderCache<AuthenticationRequirementHolder> cache =
new PathBasedHolderCache<AuthenticationRequirementHolder>();
final BundleContext context = mock(BundleContext.class);
final ResourceMapper mapper = mock(ResourceMapper.class);
when(mapper.getAllMappings("/path1")).thenReturn(Collections.singleton("/path1"));
when(mapper.getAllMappings("/path2")).thenReturn(Collections.singleton("/path2"));
when(mapper.getAllMappings("/path3")).thenReturn(Collections.singleton("/path3"));
- final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(mapper), cache);
+ final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(mapper));
final ServiceReference<?> ref1 = createServiceReference(new String[]
{"/path1", "/path1", "/path2"});
listener.serviceChanged(new ServiceEvent(ServiceEvent.REGISTERED,
ref1));
final ServiceReference<?> ref2 = createServiceReference(new String[]
{"/path2", "/path3"});
listener.serviceChanged(new ServiceEvent(ServiceEvent.REGISTERED,
ref2));
- assertPaths(cache, new String[] {"/path1", "/path2", "/path2",
"/path3"},
+ assertPaths(listener, new String[] {"/path1", "/path2", "/path2",
"/path3"},
new ServiceReference<?>[] {ref1, ref1, ref2, ref2});
listener.serviceChanged(new ServiceEvent(ServiceEvent.UNREGISTERING,
ref2));
- assertPaths(cache, new String[] {"/path1", "/path2"},
+ assertPaths(listener, new String[] {"/path1", "/path2"},
new ServiceReference<?>[] {ref1, ref1});
listener.serviceChanged(new ServiceEvent(ServiceEvent.UNREGISTERING,
ref1));
- assertTrue(cache.getHolders().isEmpty());
+ assertTrue(listener.getHolders().isEmpty());
}
@Test public void testAddRemoveRegistrations() throws LoginException {
- final PathBasedHolderCache<AuthenticationRequirementHolder> cache =
new PathBasedHolderCache<AuthenticationRequirementHolder>();
final BundleContext context = mock(BundleContext.class);
final ResourceMapper mapper = mock(ResourceMapper.class);
when(mapper.getAllMappings("/path1")).thenReturn(Collections.singleton("/path1"));
@@ -194,7 +190,7 @@ public class SlingAuthenticatorServiceListenerTest {
when(mapper.getAllMappings("/path3")).thenReturn(Collections.singleton("/path3"));
when(mapper.getAllMappings("/path4")).thenReturn(Collections.singleton("/path4"));
when(mapper.getAllMappings("/path5")).thenReturn(Collections.singleton("/path5"));
- final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(mapper), cache);
+ final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(mapper));
final ServiceReference<?> ref1 = createServiceReference(new String[]
{"/path1"});
listener.serviceChanged(new ServiceEvent(ServiceEvent.REGISTERED,
ref1));
@@ -205,24 +201,23 @@ public class SlingAuthenticatorServiceListenerTest {
final ServiceReference<?> ref3 = createServiceReference(new String[]
{"/path4", "/path5"});
listener.serviceChanged(new ServiceEvent(ServiceEvent.REGISTERED,
ref3));
- assertPaths(cache, new String[] { "/path1", "/path2", "/path3",
"/path4", "/path5"},
+ assertPaths(listener, new String[] { "/path1", "/path2", "/path3",
"/path4", "/path5"},
new ServiceReference<?>[] {ref1, ref2, ref2, ref3,
ref3});
listener.serviceChanged(new ServiceEvent(ServiceEvent.UNREGISTERING,
ref2));
- assertPaths(cache, new String[] { "/path1", "/path4", "/path5"},
+ assertPaths(listener, new String[] { "/path1", "/path4", "/path5"},
new ServiceReference<?>[] {ref1, ref3, ref3});
listener.serviceChanged(new ServiceEvent(ServiceEvent.UNREGISTERING,
ref1));
- assertPaths(cache, new String[] { "/path4", "/path5"},
+ assertPaths(listener, new String[] { "/path4", "/path5"},
new ServiceReference<?>[] {ref3, ref3});
listener.serviceChanged(new ServiceEvent(ServiceEvent.UNREGISTERING,
ref3));
- assertTrue(cache.getHolders().isEmpty());
+ assertTrue(listener.getHolders().isEmpty());
}
@Test public void testModifyRegistration() throws LoginException {
- final PathBasedHolderCache<AuthenticationRequirementHolder> cache =
new PathBasedHolderCache<AuthenticationRequirementHolder>();
final BundleContext context = mock(BundleContext.class);
final ResourceMapper mapper = mock(ResourceMapper.class);
when(mapper.getAllMappings("/path1")).thenReturn(Collections.singleton("/path1"));
@@ -230,97 +225,93 @@ public class SlingAuthenticatorServiceListenerTest {
when(mapper.getAllMappings("/path3")).thenReturn(Collections.singleton("/path3"));
when(mapper.getAllMappings("/path4")).thenReturn(Collections.singleton("/path4"));
when(mapper.getAllMappings("/path5")).thenReturn(Collections.singleton("/path5"));
- final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(mapper), cache);
+ final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(mapper));
final ServiceReference<?> ref1 = createServiceReference(new String[]
{"/path1", "/path2", "/path3"});
listener.serviceChanged(new ServiceEvent(ServiceEvent.REGISTERED,
ref1));
- assertPaths(cache, new String[] { "/path1", "/path2", "/path3"},
+ assertPaths(listener, new String[] { "/path1", "/path2", "/path3"},
new ServiceReference<?>[] {ref1, ref1, ref1});
when(ref1.getProperty(AuthConstants.AUTH_REQUIREMENTS)).thenReturn(new
String[] {"/path1", "/path4", "/path5"});
- assertPaths(cache, new String[] { "/path1", "/path2", "/path3"},
+ assertPaths(listener, new String[] { "/path1", "/path2", "/path3"},
new ServiceReference<?>[] {ref1, ref1, ref1});
listener.serviceChanged(new ServiceEvent(ServiceEvent.MODIFIED, ref1));
- assertPaths(cache, new String[] { "/path1", "/path4", "/path5"},
+ assertPaths(listener, new String[] { "/path1", "/path4", "/path5"},
new ServiceReference<?>[] {ref1, ref1, ref1});
listener.serviceChanged(new
ServiceEvent(ServiceEvent.MODIFIED_ENDMATCH, ref1));
- assertTrue(cache.getHolders().isEmpty());
+ assertTrue(listener.getHolders().isEmpty());
}
@Test public void testRegistrationWithMapping() throws LoginException {
- final PathBasedHolderCache<AuthenticationRequirementHolder> cache =
new PathBasedHolderCache<AuthenticationRequirementHolder>();
final BundleContext context = mock(BundleContext.class);
final ResourceMapper mapper = mock(ResourceMapper.class);
when(mapper.getAllMappings("/path1")).thenReturn(Arrays.asList("/path1",
"/path2", "/path3"));
- final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(mapper), cache);
+ final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(mapper));
final ServiceReference<?> ref = createServiceReference(new String[]
{"/path1"});
listener.serviceChanged(new ServiceEvent(ServiceEvent.REGISTERED,
ref));
- assertPaths(cache, new String[] {"/path1", "/path2", "/path3"},
+ assertPaths(listener, new String[] {"/path1", "/path2", "/path3"},
new ServiceReference<?>[] {ref, ref, ref});
listener.serviceChanged(new ServiceEvent(ServiceEvent.UNREGISTERING,
ref));
- assertTrue(cache.getHolders().isEmpty());
+ assertTrue(listener.getHolders().isEmpty());
}
@Test public void testRegistrationAndUpdatingMapping() throws
LoginException {
- final PathBasedHolderCache<AuthenticationRequirementHolder> cache =
new PathBasedHolderCache<AuthenticationRequirementHolder>();
final BundleContext context = mock(BundleContext.class);
final ResourceMapper mapper = mock(ResourceMapper.class);
when(mapper.getAllMappings("/path1")).thenReturn(Arrays.asList("/path1",
"/path2", "/path3"));
- final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(mapper), cache);
+ final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(mapper));
final ServiceReference<?> ref = createServiceReference(new String[]
{"/path1"});
listener.serviceChanged(new ServiceEvent(ServiceEvent.REGISTERED,
ref));
- assertPaths(cache, new String[] {"/path1", "/path2", "/path3"},
+ assertPaths(listener, new String[] {"/path1", "/path2", "/path3"},
new ServiceReference<?>[] {ref, ref, ref});
// update mapper
when(mapper.getAllMappings("/path1")).thenReturn(Arrays.asList("/path1",
"/path5"));
listener.handleEvent(null);
- assertPaths(cache, new String[] {"/path1", "/path5"},
+ assertPaths(listener, new String[] {"/path1", "/path5"},
new ServiceReference<?>[] {ref, ref});
listener.serviceChanged(new ServiceEvent(ServiceEvent.UNREGISTERING,
ref));
- assertTrue(cache.getHolders().isEmpty());
+ assertTrue(listener.getHolders().isEmpty());
}
@Test public void testAllowDeny() throws LoginException {
- final PathBasedHolderCache<AuthenticationRequirementHolder> cache =
new PathBasedHolderCache<AuthenticationRequirementHolder>();
final BundleContext context = mock(BundleContext.class);
- final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(null), cache);
+ final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(null));
final ServiceReference<?> ref = createServiceReference(new String[]
{"-/path1", "+/path2", "/path3"});
listener.serviceChanged(new ServiceEvent(ServiceEvent.REGISTERED,
ref));
- assertPaths(cache, new String[] {"/path1", "/path2", "/path3"},
+ assertPaths(listener, new String[] {"/path1", "/path2", "/path3"},
new ServiceReference<?>[] {ref, ref, ref},
new boolean[] {false, true, true});
}
@Test public void testAllowDenyWithMapping() throws LoginException {
- final PathBasedHolderCache<AuthenticationRequirementHolder> cache =
new PathBasedHolderCache<AuthenticationRequirementHolder>();
final BundleContext context = mock(BundleContext.class);
final ResourceMapper mapper = mock(ResourceMapper.class);
when(mapper.getAllMappings("/path1")).thenReturn(Arrays.asList("/path1",
"/path1a", "/path1b"));
when(mapper.getAllMappings("/path2")).thenReturn(Arrays.asList("/path2",
"/path2a", "/path2b"));
when(mapper.getAllMappings("/path3")).thenReturn(Arrays.asList("/path3",
"/path3a", "/path3b"));
- final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(mapper), cache);
+ final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(mapper));
final ServiceReference<?> ref = createServiceReference(new String[]
{"-/path1", "+/path2", "/path3"});
listener.serviceChanged(new ServiceEvent(ServiceEvent.REGISTERED,
ref));
- assertPaths(cache, new String[] {"/path1", "/path2", "/path3",
"/path1a", "/path2a", "/path3a", "/path1b", "/path2b", "/path3b"},
+ assertPaths(listener, new String[] {"/path1", "/path2", "/path3",
"/path1a", "/path2a", "/path3a", "/path1b", "/path2b", "/path3b"},
new ServiceReference<?>[] {ref, ref, ref, ref, ref,
ref, ref, ref, ref},
new boolean[] {false, true, true, false, true,
true, false, true, true});
@@ -330,25 +321,24 @@ public class SlingAuthenticatorServiceListenerTest {
when(mapper.getAllMappings("/path3")).thenReturn(Arrays.asList("/path3",
"/path3c"));
listener.handleEvent(null);
- assertPaths(cache, new String[] {"/path1", "/path2", "/path3",
"/path1c", "/path2c", "/path3c"},
+ assertPaths(listener, new String[] {"/path1", "/path2", "/path3",
"/path1c", "/path2c", "/path3c"},
new ServiceReference<?>[] {ref, ref, ref, ref, ref, ref},
new boolean[] {false, true, true, false, true, true});
}
@Test public void testSwitchAllowDeny() throws LoginException {
- final PathBasedHolderCache<AuthenticationRequirementHolder> cache =
new PathBasedHolderCache<AuthenticationRequirementHolder>();
final BundleContext context = mock(BundleContext.class);
final ResourceMapper mapper = mock(ResourceMapper.class);
when(mapper.getAllMappings("/path1")).thenReturn(Arrays.asList("/path1",
"/path1a"));
when(mapper.getAllMappings("/path2")).thenReturn(Arrays.asList("/path2",
"/path2a"));
- final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(mapper), cache);
+ final SlingAuthenticatorServiceListener listener =
SlingAuthenticatorServiceListener.createListener(context, callable ->
callable.run(), createFactoryForMapper(mapper));
// add
final ServiceReference<?> ref = createServiceReference(new String[]
{"+/path1", "-/path2"});
listener.serviceChanged(new ServiceEvent(ServiceEvent.REGISTERED,
ref));
- assertPaths(cache, new String[] {"/path1", "/path1a", "/path2",
"/path2a"},
+ assertPaths(listener, new String[] {"/path1", "/path1a", "/path2",
"/path2a"},
new ServiceReference<?>[] {ref, ref, ref, ref},
new boolean[] {true, true, false, false});
@@ -356,13 +346,13 @@ public class SlingAuthenticatorServiceListenerTest {
when(ref.getProperty(AuthConstants.AUTH_REQUIREMENTS)).thenReturn(new
String[] {"-/path1", "/path2"});
listener.serviceChanged(new ServiceEvent(ServiceEvent.MODIFIED, ref));
- assertPaths(cache, new String[] {"/path1", "/path1a", "/path2",
"/path2a"},
+ assertPaths(listener, new String[] {"/path1", "/path1a", "/path2",
"/path2a"},
new ServiceReference<?>[] {ref, ref, ref, ref},
new boolean[] {false, false, true, true});
// remmove
listener.serviceChanged(new ServiceEvent(ServiceEvent.UNREGISTERING,
ref));
- assertTrue(cache.getHolders().isEmpty());
+ assertTrue(listener.getHolders().isEmpty());
}
}
diff --git
a/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java
b/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java
index d3654cf..b315f45 100644
--- a/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java
+++ b/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java
@@ -26,9 +26,11 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
+import org.apache.sling.commons.metrics.MetricsService;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;
+import org.osgi.framework.BundleContext;
import junitx.util.PrivateAccessor;
@@ -79,25 +81,52 @@ public class SlingAuthenticatorTest {
checkUnQuote("\"string\ttab\"", "string\ttab");
}
+ private SlingAuthenticator.Config createDefaultConfig() {
+ final SlingAuthenticator.Config config =
Mockito.mock(SlingAuthenticator.Config.class);
+
+ Mockito.when(config.auth_sudo_cookie()).thenReturn("sling.sudo");
+ Mockito.when(config.auth_sudo_parameter()).thenReturn("sudo");
+ Mockito.when(config.auth_annonymous()).thenReturn(true);
+
Mockito.when(config.auth_http()).thenReturn(SlingAuthenticator.HTTP_AUTH_PREEMPTIVE);
+ Mockito.when(config.auth_http_realm()).thenReturn("Sling
(Development)");
+ Mockito.when(config.auth_uri_suffix()).thenReturn(new String[]
{SlingAuthenticator.DEFAULT_AUTH_URI_SUFFIX});
+
+ return config;
+ }
+
//SLING-4864
@Test
public void test_isAnonAllowed() throws Throwable {
- SlingAuthenticator slingAuthenticator = new SlingAuthenticator();
-
- PathBasedHolderCache<AuthenticationRequirementHolder>
authRequiredCache = new PathBasedHolderCache<AuthenticationRequirementHolder>();
+ // anon is allowed by default
+ final SlingAuthenticator.Config config = createDefaultConfig();
- authRequiredCache.addHolder(new AuthenticationRequirementHolder("/",
false, null));
+ final SlingAuthenticator slingAuthenticator = new
SlingAuthenticator(Mockito.mock(MetricsService.class),
+ null, Mockito.mock(BundleContext.class), config);
- PrivateAccessor.setField(slingAuthenticator, "authRequiredCache",
authRequiredCache);
final HttpServletRequest request =
Mockito.mock(HttpServletRequest.class);
Mockito.when(request.getServerName()).thenReturn("localhost");
Mockito.when(request.getServerPort()).thenReturn(80);
Mockito.when(request.getScheme()).thenReturn("http");
- Boolean allowed = (Boolean)
PrivateAccessor.invoke(slingAuthenticator,"isAnonAllowed", new
Class[]{HttpServletRequest.class},new Object[]{request});
- Assert.assertTrue(allowed);
+ Assert.assertTrue(slingAuthenticator.isAnonAllowed(request));
}
+ @Test
+ public void test_isAnonNotAllowed() throws Throwable {
+ // anon is allowed by default
+ final SlingAuthenticator.Config config = createDefaultConfig();
+ Mockito.when(config.auth_annonymous()).thenReturn(false);
+
+ final SlingAuthenticator slingAuthenticator = new
SlingAuthenticator(Mockito.mock(MetricsService.class),
+ null, Mockito.mock(BundleContext.class), config);
+
+ final HttpServletRequest request =
Mockito.mock(HttpServletRequest.class);
+ Mockito.when(request.getServerName()).thenReturn("localhost");
+ Mockito.when(request.getServerPort()).thenReturn(80);
+ Mockito.when(request.getScheme()).thenReturn("http");
+
+ Assert.assertFalse(slingAuthenticator.isAnonAllowed(request));
+ }
/**
* Test is OK for child node;
