jackrabbit...

angela Thu, 16 Jan 2014 07:55:11 -0800

Author: angela
Date: Thu Jan 16 15:52:13 2014
New Revision: 1558842

URL: http://svn.apache.org/r1558842
Log:
OAK-1330 : Repository#login doesn't set Session attributes


Modified:
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java
    
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java
    
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java
    
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/AbstractRepositoryTest.java
    
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/RepositoryTest.java

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java?rev=1558842&r1=1558841&r2=1558842&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
 Thu Jan 16 15:52:13 2014
@@ -24,6 +24,7 @@ import java.util.Map;
 import java.util.Set;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 import javax.jcr.Credentials;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.UnsupportedCallbackException;
@@ -151,11 +152,7 @@ public final class TokenLoginModule exte
     @Override
     public boolean commit() throws LoginException {
         if (tokenCredentials != null) {
-            if (!subject.isReadOnly()) {
-                subject.getPublicCredentials().add(tokenCredentials);
-                subject.getPrincipals().addAll(principals);
-                subject.getPublicCredentials().add(getAuthInfo(tokenInfo));
-            }
+            updateSubject(tokenCredentials, getAuthInfo(tokenInfo), 
principals);
             return true;
         }
 
@@ -173,7 +170,7 @@ public final class TokenLoginModule exte
                     for (String name : attributes.keySet()) {
                         tc.setAttribute(name, attributes.get(name));
                     }
-                    subject.getPublicCredentials().add(tc);
+                    updateSubject(tc, getAuthInfo(ti), null);
                 } else {
                     // failed to create token -> fail commit()
                     log.debug("TokenProvider failed to create a login token 
for user " + userId);
@@ -250,4 +247,22 @@ public final class TokenLoginModule exte
         }
         return new AuthInfoImpl(userId, attributes, principals);
     }
+
+    private void updateSubject(@Nonnull TokenCredentials tc, @Nonnull AuthInfo 
authInfo,
+                               @Nullable Set<? extends Principal> principals) {
+        if (!subject.isReadOnly()) {
+            subject.getPublicCredentials().add(tc);
+
+            if (principals != null) {
+                subject.getPrincipals().addAll(principals);
+            }
+
+            // replace all existing auth-info
+            Set<AuthInfo> ais = subject.getPublicCredentials(AuthInfo.class);
+            if (!ais.isEmpty()) {
+                subject.getPublicCredentials().removeAll(ais);
+            }
+            subject.getPublicCredentials().add(authInfo);
+        }
+    }
 }

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java?rev=1558842&r1=1558841&r2=1558842&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImpl.java
 Thu Jan 16 15:52:13 2014
@@ -143,7 +143,10 @@ public final class LoginModuleImpl exten
             if (!subject.isReadOnly()) {
                 subject.getPrincipals().addAll(principals);
                 subject.getPublicCredentials().add(credentials);
-                subject.getPublicCredentials().add(createAuthInfo());
+                Set<AuthInfo> ais = 
subject.getPublicCredentials(AuthInfo.class);
+                if (ais.isEmpty()) {
+                    subject.getPublicCredentials().add(createAuthInfo());
+                }
             } else {
                 log.debug("Could not add information to read only subject {}", 
subject);
             }
@@ -211,8 +214,14 @@ public final class LoginModuleImpl exten
 
     private AuthInfo createAuthInfo() {
         Map<String, Object> attributes = new HashMap<String, Object>();
-        if (credentials instanceof SimpleCredentials) {
-            SimpleCredentials sc = (SimpleCredentials) credentials;
+        Credentials creds;
+        if (credentials instanceof ImpersonationCredentials) {
+            creds = ((ImpersonationCredentials) 
credentials).getBaseCredentials();
+        } else {
+            creds = credentials;
+        }
+        if (creds instanceof SimpleCredentials) {
+            SimpleCredentials sc = (SimpleCredentials) creds;
             for (String attrName : sc.getAttributeNames()) {
                 attributes.put(attrName, sc.getAttribute(attrName));
             }

Modified: 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java?rev=1558842&r1=1558841&r2=1558842&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/TokenDefaultLoginModuleTest.java
 Thu Jan 16 15:52:13 2014
@@ -18,27 +18,32 @@ package org.apache.jackrabbit.oak.securi
 
 import java.security.Principal;
 import java.util.Collections;
+import java.util.Set;
 import javax.jcr.GuestCredentials;
 import javax.jcr.SimpleCredentials;
 import javax.security.auth.login.AppConfigurationEntry;
 import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginException;
 
+import com.google.common.collect.ImmutableSet;
 import 
org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.AuthInfo;
 import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
 import 
org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule;
+import org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl;
 import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl;
 import 
org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
 import 
org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
 import 
org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
-import org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl;
 import org.junit.Test;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
 /**
@@ -234,4 +239,51 @@ public class TokenDefaultLoginModuleTest
             cs.close();
         }
     }
+
+    @Test
+    public void testTokenCreationWithAttributes() throws Exception {
+        ContentSession cs = null;
+        try {
+            SimpleCredentials sc = (SimpleCredentials) getAdminCredentials();
+            sc.setAttribute(".token", "");
+            sc.setAttribute(".token.mandatory", "something");
+            sc.setAttribute("attr", "val");
+
+            cs = login(sc);
+
+            AuthInfo ai = cs.getAuthInfo();
+            Set<String> attrNames = 
ImmutableSet.copyOf(ai.getAttributeNames());
+            assertTrue(attrNames.contains("attr"));
+            assertFalse(attrNames.contains(".token"));
+            assertFalse(attrNames.contains(".token.mandatory"));
+        } finally {
+            if (cs != null) {
+                cs.close();
+            }
+        }
+    }
+
+    @Test
+    public void testTokenCreationWithImpersonationAttributes() throws 
Exception {
+        ContentSession cs = null;
+        try {
+            SimpleCredentials sc = (SimpleCredentials) getAdminCredentials();
+            sc.setAttribute(".token", "");
+            sc.setAttribute(".token.mandatory", "something");
+            sc.setAttribute("attr", "val");
+
+            ImpersonationCredentials ic = new ImpersonationCredentials(sc, new 
AuthInfoImpl(((SimpleCredentials) getAdminCredentials()).getUserID(), 
Collections.<String, Object>emptyMap(), Collections.<Principal>emptySet()));
+            cs = login(ic);
+
+            AuthInfo ai = cs.getAuthInfo();
+            Set<String> attrNames = 
ImmutableSet.copyOf(ai.getAttributeNames());
+            assertTrue(attrNames.contains("attr"));
+            assertFalse(attrNames.contains(".token"));
+            assertFalse(attrNames.contains(".token.mandatory"));
+        } finally {
+            if (cs != null) {
+                cs.close();
+            }
+        }
+    }
 }
\ No newline at end of file

Modified: 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java?rev=1558842&r1=1558841&r2=1558842&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java
 Thu Jan 16 15:52:13 2014
@@ -16,7 +16,9 @@
  */
 package org.apache.jackrabbit.oak.security.authentication.user;
 
+import java.util.Arrays;
 import javax.jcr.GuestCredentials;
+import javax.jcr.RepositoryException;
 import javax.jcr.SimpleCredentials;
 import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginException;
@@ -26,6 +28,7 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.api.AuthInfo;
+import org.apache.jackrabbit.oak.api.CommitFailedException;
 import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil;
@@ -38,6 +41,7 @@ import org.junit.Test;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
 /**
@@ -45,11 +49,38 @@ import static org.junit.Assert.fail;
  */
 public class LoginModuleImplTest extends AbstractSecurityTest {
 
+    private static final String USER_ID = "test";
+    private static final String USER_PW = "pw";
+    private User user;
+
+    @Override
+    public void before() throws Exception {
+        // TODO
+        super.before();
+    }
+
+    @Override
+    public void after() throws Exception {
+        if (user != null) {
+            user.remove();
+            root.commit();
+        }
+    }
+
     @Override
     protected Configuration getConfiguration() {
         return 
ConfigurationUtil.getDefaultConfiguration(ConfigurationParameters.EMPTY);
     }
 
+    private User createTestUser() throws RepositoryException, 
CommitFailedException {
+        if (user == null) {
+            UserManager userManager = getUserManager(root);
+            user = userManager.createUser(USER_ID, USER_PW);
+            root.commit();
+        }
+        return user;
+    }
+
     @Test
     public void testNullLogin() throws Exception {
         ContentSession cs = null;
@@ -103,21 +134,14 @@ public class LoginModuleImplTest extends
 
     @Test
     public void testUserLogin() throws Exception {
-        UserManager userManager = getUserManager(root);
         ContentSession cs = null;
-        User user = null;
         try {
-            user = userManager.createUser("test", "pw");
-            root.commit();
+            createTestUser();
 
-            cs = login(new SimpleCredentials("test", "pw".toCharArray()));
+            cs = login(new SimpleCredentials(USER_ID, USER_PW.toCharArray()));
             AuthInfo authInfo = cs.getAuthInfo();
-            assertEquals("test", authInfo.getUserID());
+            assertEquals(USER_ID, authInfo.getUserID());
         } finally {
-            if (user != null) {
-                user.remove();
-                root.commit();
-            }
             if (cs != null) {
                 cs.close();
             }
@@ -126,32 +150,25 @@ public class LoginModuleImplTest extends
 
     @Test
     public void testSelfImpersonation() throws Exception {
-        UserManager userManager = getUserManager(root);
         ContentSession cs = null;
-        User user = null;
         try {
-            user = userManager.createUser("test", "pw");
-            root.commit();
+            createTestUser();
 
-            SimpleCredentials sc = new SimpleCredentials("test", 
"pw".toCharArray());
+            SimpleCredentials sc = new SimpleCredentials(USER_ID, 
USER_PW.toCharArray());
             cs = login(sc);
 
             AuthInfo authInfo = cs.getAuthInfo();
-            assertEquals("test", authInfo.getUserID());
+            assertEquals(USER_ID, authInfo.getUserID());
 
             cs.close();
 
-            sc = new SimpleCredentials("test", new char[0]);
+            sc = new SimpleCredentials(USER_ID, new char[0]);
             ImpersonationCredentials ic = new ImpersonationCredentials(sc, 
authInfo);
             cs = login(ic);
 
             authInfo = cs.getAuthInfo();
-            assertEquals("test", authInfo.getUserID());
+            assertEquals(USER_ID, authInfo.getUserID());
         } finally {
-            if (user != null) {
-                user.remove();
-                root.commit();
-            }
             if (cs != null) {
                 cs.close();
             }
@@ -160,18 +177,15 @@ public class LoginModuleImplTest extends
 
     @Test
     public void testInvalidImpersonation() throws Exception {
-        UserManager userManager = getUserManager(root);
         ContentSession cs = null;
-        User user = null;
         try {
-            user = userManager.createUser("test", "pw");
-            root.commit();
+            createTestUser();
 
-            SimpleCredentials sc = new SimpleCredentials("test", 
"pw".toCharArray());
+            SimpleCredentials sc = new SimpleCredentials(USER_ID, 
USER_PW.toCharArray());
             cs = login(sc);
 
             AuthInfo authInfo = cs.getAuthInfo();
-            assertEquals("test", authInfo.getUserID());
+            assertEquals(USER_ID, authInfo.getUserID());
 
             cs.close();
             cs = null;
@@ -188,10 +202,56 @@ public class LoginModuleImplTest extends
                 // success
             }
         } finally {
-            if (user != null) {
-                user.remove();
-                root.commit();
+            if (cs != null) {
+                cs.close();
+            }
+        }
+    }
+
+    @Test
+    public void testLoginWithAttributes( ) throws Exception {
+        ContentSession cs = null;
+        try {
+            createTestUser();
+
+            SimpleCredentials sc = new SimpleCredentials(USER_ID, 
USER_PW.toCharArray());
+            sc.setAttribute("attr", "value");
+
+            cs = login(sc);
+
+            AuthInfo authInfo = cs.getAuthInfo();
+            
assertTrue(Arrays.asList(authInfo.getAttributeNames()).contains("attr"));
+            assertEquals("value", authInfo.getAttribute("attr"));
+
+            cs.close();
+        } finally {
+            if (cs != null) {
+                cs.close();
             }
+        }
+    }
+
+    @Test
+    public void testImpersonationWithAttributes() throws Exception {
+        ContentSession cs = null;
+        try {
+            createTestUser();
+
+            SimpleCredentials sc = new SimpleCredentials(USER_ID, 
USER_PW.toCharArray());
+            cs = login(sc);
+            AuthInfo authInfo = cs.getAuthInfo();
+            cs.close();
+            cs = null;
+
+            sc = new SimpleCredentials(USER_ID, new char[0]);
+            sc.setAttribute("attr", "value");
+            ImpersonationCredentials ic = new ImpersonationCredentials(sc, 
authInfo);
+            cs = login(ic);
+
+            authInfo = cs.getAuthInfo();
+            
assertTrue(Arrays.asList(authInfo.getAttributeNames()).contains("attr"));
+            assertEquals("value", authInfo.getAttribute("attr"));
+        } finally {
             if (cs != null) {
                 cs.close();
             }

Modified: 
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/AbstractRepositoryTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/AbstractRepositoryTest.java?rev=1558842&r1=1558841&r2=1558842&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/AbstractRepositoryTest.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/AbstractRepositoryTest.java
 Thu Jan 16 15:52:13 2014
@@ -106,7 +106,11 @@ public abstract class AbstractRepository
     }
 
     protected Session createAdminSession() throws RepositoryException {
-        return getRepository().login(new SimpleCredentials("admin", 
"admin".toCharArray()));
+        return getRepository().login(getAdminCredentials());
+    }
+
+    protected SimpleCredentials getAdminCredentials() {
+        return new SimpleCredentials("admin", "admin".toCharArray());
     }
 
 }

Modified: 
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/RepositoryTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/RepositoryTest.java?rev=1558842&r1=1558841&r2=1558842&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/RepositoryTest.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/RepositoryTest.java
 Thu Jan 16 15:52:13 2014
@@ -18,15 +18,6 @@
  */
 package org.apache.jackrabbit.oak.jcr;
 
-import static java.util.Arrays.asList;
-import static org.apache.jackrabbit.commons.JcrUtils.getChildNodes;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -38,7 +29,6 @@ import java.util.Calendar;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
-
 import javax.jcr.Binary;
 import javax.jcr.GuestCredentials;
 import javax.jcr.ImportUUIDBehavior;
@@ -57,6 +47,7 @@ import javax.jcr.PropertyType;
 import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
 import javax.jcr.Value;
 import javax.jcr.ValueFactory;
 import javax.jcr.nodetype.NodeDefinition;
@@ -73,6 +64,15 @@ import org.junit.Before;
 import org.junit.Ignore;
 import org.junit.Test;
 
+import static java.util.Arrays.asList;
+import static org.apache.jackrabbit.commons.JcrUtils.getChildNodes;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
 public class RepositoryTest extends AbstractRepositoryTest {
     private static final String TEST_NODE = "test_node";
     private static final String TEST_PATH = '/' + TEST_NODE;
@@ -122,6 +122,25 @@ public class RepositoryTest extends Abst
         assertEquals(42L, 
session.getAttribute(RepositoryImpl.REFRESH_INTERVAL));
     }
 
+    @Test
+    public void loginWithCredentialsAttribute() throws RepositoryException {
+        SimpleCredentials sc = getAdminCredentials();
+        sc.setAttribute("attr", "val");
+        Session session = null;
+
+        try {
+            session = getRepository().login(sc, null);
+            String[] attributeNames = session.getAttributeNames();
+            assertEquals(1, attributeNames.length);
+            assertEquals("attr", attributeNames[0]);
+            assertEquals("val", session.getAttribute("attr"));
+        } finally {
+            if (session != null) {
+                session.logout();
+            }
+        }
+    }
+
     @Test(expected = NoSuchWorkspaceException.class)
     public void loginInvalidWorkspace() throws RepositoryException {
         Repository repository = getRepository();

svn commit: r1558842 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/ oak-core/src/test/java/org/apache/jackrabbit...

Reply via email to