Author: angela
Date: Fri Jul 4 09:25:45 2014
New Revision: 1607805
URL: http://svn.apache.org/r1607805
Log:
OAK-1942 : UserAuthentication: enhance login states with relevant exceptions
(patch provided by Dominique Jaeggi, thanks a lot!)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthentication.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthentication.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthentication.java?rev=1607805&r1=1607804&r2=1607805&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthentication.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthentication.java
Fri Jul 4 09:25:45 2014
@@ -26,6 +26,9 @@ import javax.jcr.GuestCredentials;
import javax.jcr.RepositoryException;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
+import javax.security.auth.login.AccountLockedException;
+import javax.security.auth.login.AccountNotFoundException;
+import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.LoginException;
@@ -99,12 +102,12 @@ class UserAuthentication implements Auth
}
if (authorizable.isGroup()) {
- throw new LoginException("Not a user " + userId);
+ throw new AccountNotFoundException("Not a user " + userId);
}
User user = (User) authorizable;
if (user.isDisabled()) {
- throw new LoginException("User with ID " + userId + " has been
disabled: "+ user.getDisabledReason());
+ throw new AccountLockedException("User with ID " + userId + "
has been disabled: "+ user.getDisabledReason());
}
if (credentials instanceof SimpleCredentials) {
@@ -136,7 +139,7 @@ class UserAuthentication implements Auth
//--------------------------------------------------------------------------
private static void checkSuccess(boolean success, String msg) throws
LoginException {
if (!success) {
- throw new LoginException(msg);
+ throw new FailedLoginException(msg);
}
}
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationTest.java?rev=1607805&r1=1607804&r2=1607805&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationTest.java
Fri Jul 4 09:25:45 2014
@@ -24,10 +24,14 @@ import javax.annotation.Nonnull;
import javax.jcr.Credentials;
import javax.jcr.GuestCredentials;
import javax.jcr.SimpleCredentials;
+import javax.security.auth.login.AccountLockedException;
+import javax.security.auth.login.AccountNotFoundException;
+import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import
org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
@@ -90,6 +94,7 @@ public class UserAuthenticationTest exte
fail("Authenticating Group should fail");
} catch (LoginException e) {
// success
+ assertTrue(e instanceof AccountNotFoundException);
} finally {
if (g != null) {
g.remove();
@@ -99,6 +104,27 @@ public class UserAuthenticationTest exte
}
@Test
+ public void testAuthenticateResolvesToDisabledUser() throws Exception {
+ User testUser = getTestUser();
+ SimpleCredentials sc = new SimpleCredentials(testUser.getID(),
testUser.getID().toCharArray());
+ Authentication a = new UserAuthentication(getUserConfiguration(),
root, sc.getUserID());
+
+ try {
+ getTestUser().disable("disabled");
+ root.commit();
+
+ a.authenticate(sc);
+ fail("Authenticating disabled user should fail");
+ } catch (LoginException e) {
+ // success
+ assertTrue(e instanceof AccountLockedException);
+ } finally {
+ getTestUser().disable(null);
+ root.commit();
+ }
+ }
+
+ @Test
public void testAuthenticateInvalidSimpleCredentials() throws Exception {
List<Credentials> invalid = new ArrayList<Credentials>();
invalid.add(new SimpleCredentials(userId, "wrongPw".toCharArray()));
@@ -111,6 +137,7 @@ public class UserAuthenticationTest exte
fail("LoginException expected");
} catch (LoginException e) {
// success
+ assertTrue(e instanceof FailedLoginException);
}
}
}
@@ -122,6 +149,7 @@ public class UserAuthenticationTest exte
fail("LoginException expected");
} catch (LoginException e) {
// success
+ assertTrue(e instanceof FailedLoginException);
}
}
@@ -144,6 +172,7 @@ public class UserAuthenticationTest exte
fail("LoginException expected");
} catch (LoginException e) {
// success
+ assertTrue(e instanceof FailedLoginException);
}
}
}
