Author: angela
Date: Tue Jul 30 07:45:18 2013
New Revision: 1508330
URL: http://svn.apache.org/r1508330
Log:
OAK-91 : Implement Authentication Support
- make all token related properties protected (-> drop nt:unstructured super
type)
- allow for individual expiration time being passed by app overriding the
configured default expiration time
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/resources/org/apache/jackrabbit/oak/plugins/nodetype/write/builtin_nodetypes.cnd
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1508330&r1=1508329&r2=1508330&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
Tue Jul 30 07:45:18 2013
@@ -223,7 +223,14 @@ public class TokenProviderImpl implement
String keyHash = PasswordUtil.buildPasswordHash(key);
tokenNode.setString(TOKEN_ATTRIBUTE_KEY, keyHash);
- final long expirationTime = creationTime + tokenExpiration;
+
+ long exp;
+ if (attributes.containsKey(PARAM_TOKEN_EXPIRATION)) {
+ exp =
Long.parseLong(attributes.get(PARAM_TOKEN_EXPIRATION).toString());
+ } else {
+ exp = tokenExpiration;
+ }
+ long expirationTime = createExpirationTime(creationTime, exp);
tokenNode.setDate(TOKEN_ATTRIBUTE_EXPIRY, expirationTime);
for (String name : attributes.keySet()) {
@@ -302,8 +309,9 @@ public class TokenProviderImpl implement
return false;
}
- if (expTime - loginTime <= tokenExpiration / 2) {
- long expirationTime = loginTime + tokenExpiration;
+ long expiration = tokenNode.getLong(PARAM_TOKEN_EXPIRATION,
tokenExpiration);
+ if (expTime - loginTime <= expiration / 2) {
+ long expirationTime = createExpirationTime(loginTime,
expiration);
try {
tokenNode.setDate(TOKEN_ATTRIBUTE_EXPIRY, expirationTime);
root.commit();
@@ -319,6 +327,9 @@ public class TokenProviderImpl implement
//--------------------------------------------------------------------------
+ private static long createExpirationTime(long creationTime, long
tokenExpiration) {
+ return creationTime + tokenExpiration;
+ }
private static long getExpirationTime(NodeUtil tokenNode, long
defaultValue) {
return tokenNode.getLong(TOKEN_ATTRIBUTE_EXPIRY, defaultValue);
Modified:
jackrabbit/oak/trunk/oak-core/src/main/resources/org/apache/jackrabbit/oak/plugins/nodetype/write/builtin_nodetypes.cnd
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/resources/org/apache/jackrabbit/oak/plugins/nodetype/write/builtin_nodetypes.cnd?rev=1508330&r1=1508329&r2=1508330&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/resources/org/apache/jackrabbit/oak/plugins/nodetype/write/builtin_nodetypes.cnd
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/resources/org/apache/jackrabbit/oak/plugins/nodetype/write/builtin_nodetypes.cnd
Tue Jul 30 07:45:18 2013
@@ -723,9 +723,11 @@
/**
* @since oak 1.0
*/
-[rep:Token] > nt:unstructured, mix:referenceable
+[rep:Token] > mix:referenceable
- rep:token.key (STRING) protected mandatory
- - rep:token.exp (STRING) protected mandatory
+ - rep:token.exp (DATE) protected mandatory
+ - * (UNDEFINED) protected
+ - * (UNDEFINED) multiple protected
//
-----------------------------------------------------------------------------
// J A C K R A B B I T R E T E N T I O N M A N A G E M E N T
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java?rev=1508330&r1=1508329&r2=1508330&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
Tue Jul 30 07:45:18 2013
@@ -16,12 +16,6 @@
*/
package org.apache.jackrabbit.oak.security.authentication.token;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
@@ -29,7 +23,6 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
-
import javax.annotation.Nonnull;
import javax.jcr.Credentials;
import javax.jcr.GuestCredentials;
@@ -39,11 +32,20 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.core.IdentifierManager;
import
org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
+import
org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.junit.Before;
import org.junit.Test;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
/**
* TokenProviderImplTest...
*/
@@ -140,29 +142,28 @@ public class TokenProviderImplTest exten
attributes.putAll(privateAttributes);
TokenInfo info = tokenProvider.createToken(userId, attributes);
-
- Tree userTree =
root.getTree(getUserManager(root).getAuthorizable(userId).getPath());
- Tree tokens = userTree.getChild(".tokens");
- assertTrue(tokens.exists());
- assertEquals(1, tokens.getChildrenCount());
-
- Tree tokenNode = tokens.getChildren().iterator().next();
- assertNotNull(tokenNode.getProperty("rep:token.key"));
- assertNotNull(tokenNode.getProperty("rep:token.exp"));
+ Tree tokenTree = getTokenTree(info);
+ PropertyState prop = tokenTree.getProperty("rep:token.key");
+ assertNotNull(prop);
+ assertEquals(Type.STRING, prop.getType());
+
+ prop = tokenTree.getProperty("rep:token.exp");
+ assertNotNull(prop);
+ assertEquals(Type.DATE, prop.getType());
for (String key : reserved.keySet()) {
- PropertyState p = tokenNode.getProperty(key);
+ PropertyState p = tokenTree.getProperty(key);
if (p != null) {
assertFalse(reserved.get(key).equals(p.getValue(Type.STRING)));
}
}
for (String key : privateAttributes.keySet()) {
- assertEquals(privateAttributes.get(key),
tokenNode.getProperty(key).getValue(Type.STRING));
+ assertEquals(privateAttributes.get(key),
tokenTree.getProperty(key).getValue(Type.STRING));
}
for (String key : publicAttributes.keySet()) {
- assertEquals(publicAttributes.get(key),
tokenNode.getProperty(key).getValue(Type.STRING));
+ assertEquals(publicAttributes.get(key),
tokenTree.getProperty(key).getValue(Type.STRING));
}
}
@@ -245,6 +246,34 @@ public class TokenProviderImplTest exten
assertTrue(tokenProvider.resetTokenExpiration(info, loginTime));
}
+ @Test
+ public void testCreateTokenWithExpirationParam() throws Exception {
+ SimpleCredentials sc = new SimpleCredentials(userId, new char[0]);
+ sc.setAttribute(TokenProvider.PARAM_TOKEN_EXPIRATION, 100000);
+
+ TokenInfo info = tokenProvider.createToken(sc);
+ assertTokenInfo(info, userId);
+
+ Tree tokenTree = getTokenTree(info);
+ assertNotNull(tokenTree);
+ assertTrue(tokenTree.exists());
+
assertTrue(tokenTree.hasProperty(TokenProvider.PARAM_TOKEN_EXPIRATION));
+ assertEquals(100000,
tokenTree.getProperty(TokenProvider.PARAM_TOKEN_EXPIRATION).getValue(Type.LONG).longValue());
+ }
+
+ @Test
+ public void testCreateTokenWithInvalidExpirationParam() throws Exception {
+ SimpleCredentials sc = new SimpleCredentials(userId, new char[0]);
+ sc.setAttribute(TokenProvider.PARAM_TOKEN_EXPIRATION, "invalid");
+
+ try {
+ tokenProvider.createToken(sc);
+ fail();
+ } catch (NumberFormatException e) {
+ // success
+ }
+ }
+
//--------------------------------------------------------------------------
private static void assertTokenInfo(TokenInfo info, String userId) {
assertNotNull(info);
@@ -253,6 +282,13 @@ public class TokenProviderImplTest exten
assertFalse(info.isExpired(new Date().getTime()));
}
+ private Tree getTokenTree(TokenInfo info) {
+ String token = info.getToken();
+ int pos = token.indexOf('_');
+ String nodeId = (pos == -1) ? token : token.substring(0, pos);
+ return new IdentifierManager(root).getTree(nodeId);
+ }
+
private final class InvalidTokenInfo implements TokenInfo {
@Nonnull
@Override
