Author: angela
Date: Fri Mar 7 10:23:41 2014
New Revision: 1575222
URL: http://svn.apache.org/r1575222
Log:
OAK-1519 : UserAuthentication: Return false if userId cannot be resolved
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java?rev=1575222&r1=1575221&r2=1575222&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthentication.java
Fri Mar 7 10:23:41 2014
@@ -78,8 +78,12 @@ class UserAuthentication implements Auth
boolean success = false;
try {
Authorizable authorizable = userManager.getAuthorizable(userId);
- if (authorizable == null || authorizable.isGroup()) {
- throw new LoginException("Unknown user " + userId);
+ if (authorizable == null) {
+ return false;
+ }
+
+ if (authorizable.isGroup()) {
+ throw new LoginException("Not a user " + userId);
}
User user = (User) authorizable;
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java?rev=1575222&r1=1575221&r2=1575222&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java
Fri Mar 7 10:23:41 2014
@@ -143,6 +143,21 @@ public class LoginModuleImplTest extends
}
@Test
+ public void testUnknownUserLogin() throws Exception {
+ ContentSession cs = null;
+ try {
+ cs = login(new SimpleCredentials("unknown", "".toCharArray()));
+ fail("Unknown user must not be able to login");
+ } catch (LoginException e) {
+ // success
+ } finally {
+ if (cs != null) {
+ cs.close();
+ }
+ }
+ }
+
+ @Test
public void testSelfImpersonation() throws Exception {
ContentSession cs = null;
try {
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java?rev=1575222&r1=1575221&r2=1575222&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/UserAuthenticationTest.java
Fri Mar 7 10:23:41 2014
@@ -27,8 +27,10 @@ import javax.jcr.SimpleCredentials;
import javax.security.auth.login.LoginException;
import
org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
+import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.AuthInfo;
+import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
import
org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
import org.junit.Before;
import org.junit.Test;
@@ -76,6 +78,33 @@ public class UserAuthenticationTest exte
}
@Test
+ public void testAuthenticateCannotResolveUser() throws Exception {
+ SimpleCredentials sc = new SimpleCredentials("unknownUser",
"pw".toCharArray());
+ Authentication a = new UserAuthentication(sc.getUserID(),
getUserManager(root));
+
+ assertFalse(a.authenticate(sc));
+ }
+
+ @Test
+ public void testAuthenticateResolvesToGroup() throws Exception {
+ Group g = getUserManager(root).createGroup("g1");
+ SimpleCredentials sc = new SimpleCredentials(g.getID(),
"pw".toCharArray());
+ Authentication a = new UserAuthentication(sc.getUserID(),
getUserManager(root));
+
+ try {
+ a.authenticate(sc);
+ fail("Authenticating Group should fail");
+ } catch (LoginException e) {
+ // success
+ } finally {
+ if (g != null) {
+ g.remove();
+ root.commit();
+ }
+ }
+ }
+
+ @Test
public void testAuthenticateInvalidSimpleCredentials() throws Exception {
List<Credentials> invalid = new ArrayList<Credentials>();
invalid.add(new SimpleCredentials(userId, "wrongPw".toCharArray()));
@@ -93,6 +122,16 @@ public class UserAuthenticationTest exte
}
@Test
+ public void testAuthenticateIdMismatch() throws Exception {
+ try {
+ authentication.authenticate(new SimpleCredentials("unknownUser",
"pw".toCharArray()));
+ fail("LoginException expected");
+ } catch (LoginException e) {
+ // success
+ }
+ }
+
+ @Test
public void testAuthenticateSimpleCredentials() throws Exception {
assertTrue(authentication.authenticate(new SimpleCredentials(userId,
userId.toCharArray())));
}
