Author: frm
Date: Tue Feb  9 14:07:17 2016
New Revision: 1729384

URL: http://svn.apache.org/viewvc?rev=1729384&view=rev
Log:
OAK-2992 - TokenProvider: Make reset of token expiration configurable

Backport change from trunk

Added:
    
jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenNoRefreshTest.java
      - copied unchanged from r1685541, 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenNoRefreshTest.java
Modified:
    jackrabbit/oak/branches/1.2/   (props changed)
    
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java
    
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
    
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java
    
jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java
    
jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplTest.java
    
jackrabbit/oak/branches/1.2/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md

Propchange: jackrabbit/oak/branches/1.2/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Feb  9 14:07:17 2016
@@ -1,3 +1,3 @@
 /jackrabbit/oak/branches/1.0:1665962
-/jackrabbit/oak/trunk:1672350,1672468,1672537,1672603,1672642,1672644,1672834-1672835,1673351,1673410,1673414-1673415,1673436,1673644,1673662-1673664,1673669,1673695,1673713,1673738,1673787,1673791,1674046,1674065,1674075,1674107,1674228,1674780,1674880,1675054-1675055,1675319,1675332,1675354,1675357,1675382,1675555,1675566,1675593,1676198,1676237,1676407,1676458,1676539,1676670,1676693,1676703,1676725,1677579,1677581,1677609,1677611,1677774,1677788,1677797,1677804,1677806,1677939,1677991,1678023,1678095-1678096,1678124,1678171,1678173,1678211,1678323,1678758,1678938,1678954,1679144,1679165,1679191,1679232,1679235,1679503,1679958,1679961,1680170,1680172,1680182,1680222,1680232,1680236,1680461,1680633,1680643,1680747,1680805-1680806,1680903,1681282,1681767,1681918,1681921,1681955,1682042,1682218,1682235,1682437,1682494,1682555,1682855,1682904,1683059,1683089,1683213,1683249,1683259,1683278,1683323,1683687,1683700,1684174-1684175,1684186,1684376,1684442,1684561,1684570,1684601,1684618
 
,1684669,1684820,1684868,1684894,1685023,1685075,1685370,1685552,1685589-1685590,1685840,1685964,1685977,1685989,1685999,1686003,1686023,1686032,1686097,1686162,1686229,1686234,1686253,1686414,1686780,1686854,1686857,1686971,1687053-1687055,1687175,1687196,1687198,1687220,1687239-1687240,1687301,1687441,1687553,1688089-1688090,1688172,1688179,1688349,1688421,1688436,1688453,1688616,1688622,1688634,1688636,1688817,1689003-1689004,1689008,1689577,1689581,1689623,1689810,1689828,1689831,1689833,1689903,1690017,1690043,1690047,1690057,1690247,1690249,1690634-1690637,1690650,1690669,1690674,1690885,1690941,1691139,1691151,1691159,1691167,1691183,1691188,1691210,1691280,1691307,1691331-1691333,1691345,1691384-1691385,1691401,1691509,1692133-1692134,1692156,1692250,1692274,1692363,1692382,1692478,1692955,1693002,1693030,1693050,1693209,1693401,1693421,1693525-1693526,1694007,1694393-1694394,1694651,1694653-1694654,1695032,1695050,1695122,1695280,1695299,1695420,1695457,1695482,1695492,1695
 
507,1695521,1695540,1695571,1695905,1696190,1696194,1696242,1696285,1696375,1696522,1696578,1696759,1696916,1697363,1697373,1697410,1697582,1697589,1697616,1697672,1700191,1700231,1700397,1700403,1700506,1700571,1700718,1700727,1700749,1700769,1700775,1701065,1701619,1701733,1701743,1701750,1701768,1701806,1701810,1701814,1701907,1701948,1701955,1701959,1701965,1701986,1702014,1702022,1702045,1702051,1702241,1702272,1702371,1702387,1702405,1702423,1702426,1702428,1702860,1702866,1702942,1702960,1703212,1703382,1703395,1703411,1703428,1703430,1703568,1703592,1703758,1703858,1703878,1704256,1704282,1704285,1704457,1704479,1704490,1704614,1704629,1704636,1704655,1704670,1704886,1705005,1705027,1705043,1705055,1705250,1705268,1705273,1705323,1705677,1705701,1705871,1705992,1705998,1706009,1706037,1706059,1706212,1706218,1706270,1706764,1706772,1707049,1707191,1707331,1707435,1707509,1708105,1708315,1708546,1708592,1708766,1709012,1709852,1709978,1710013,1710031,1710049,1710205,1710242,1
 
710559,1710575,1710590,1710614,1710637,1710789,1710800,1710811,1710816,1710972,1711248,1711282,1711296,1711405,1711498,1711654,1712018,1712042,1712319,1712490,1712531,1712730,1712785,1712963,1713008,1713439,1713461,1713580,1713586,1713599-1713600,1713626,1713698,1713803,1713809,1714034,1714061,1714084,1714170,1714213,1714229,1714238,1714519-1714520,1714543-1714544,1714730,1714739,1714779,1714956,1714961,1715010,1715092,1715191,1715346,1715767,1715771,1715888,1715898,1716178,1716426,1716576,1716596,1716616,1716703,1716712,1716815,1716823,1716830,1716883,1717277,1717462,1717632,1717784,1717789,1717988,1718528,1718533,1718547-1718548,1718626,1718646,1718772,1718801-1718802,1718895,1719111,1719288,1719869,1720335,1720350,1720354,1720500,1721160,1721172,1721337,1722141,1722832,1723227,1723239,1723241,1723251,1723254,1723333,1723347,1723350,1723584,1723713,1723731,1724026,1724057,1724186,1724210,1724401,1724628,1724631,1725216,1725477,1725555,1725960,1726232,1726570,1726579,1726585-172658
 
6,1726621,1726795,1726797,1726809,1726812,1726981,1726993,1727026,1727254,1727331,1727350,1727358,1727429,1727476,1727508,1727515-1727518,1727893,1728037,1728041,1728070,1728114,1728281,1728443,1728642,1729200
+/jackrabbit/oak/trunk:1672350,1672468,1672537,1672603,1672642,1672644,1672834-1672835,1673351,1673410,1673414-1673415,1673436,1673644,1673662-1673664,1673669,1673695,1673713,1673738,1673787,1673791,1674046,1674065,1674075,1674107,1674228,1674780,1674880,1675054-1675055,1675319,1675332,1675354,1675357,1675382,1675555,1675566,1675593,1676198,1676237,1676407,1676458,1676539,1676670,1676693,1676703,1676725,1677579,1677581,1677609,1677611,1677774,1677788,1677797,1677804,1677806,1677939,1677991,1678023,1678095-1678096,1678124,1678171,1678173,1678211,1678323,1678758,1678938,1678954,1679144,1679165,1679191,1679232,1679235,1679503,1679958,1679961,1680170,1680172,1680182,1680222,1680232,1680236,1680461,1680633,1680643,1680747,1680805-1680806,1680903,1681282,1681767,1681918,1681921,1681955,1682042,1682218,1682235,1682437,1682494,1682555,1682855,1682904,1683059,1683089,1683213,1683249,1683259,1683278,1683323,1683687,1683700,1684174-1684175,1684186,1684376,1684442,1684561,1684570,1684601,1684618
 
,1684669,1684820,1684868,1684894,1685023,1685075,1685370,1685541,1685552,1685589-1685590,1685840,1685964,1685977,1685989,1685999,1686003,1686023,1686032,1686097,1686162,1686229,1686234,1686253,1686414,1686780,1686854,1686857,1686971,1687053-1687055,1687175,1687196,1687198,1687220,1687239-1687240,1687301,1687441,1687553,1688089-1688090,1688172,1688179,1688349,1688421,1688436,1688453,1688616,1688622,1688634,1688636,1688817,1689003-1689004,1689008,1689577,1689581,1689623,1689810,1689828,1689831,1689833,1689903,1690017,1690043,1690047,1690057,1690247,1690249,1690634-1690637,1690650,1690669,1690674,1690885,1690941,1691139,1691151,1691159,1691167,1691183,1691188,1691210,1691280,1691307,1691331-1691333,1691345,1691384-1691385,1691401,1691509,1692133-1692134,1692156,1692250,1692274,1692363,1692382,1692478,1692955,1693002,1693030,1693050,1693209,1693401,1693421,1693525-1693526,1694007,1694393-1694394,1694651,1694653-1694654,1695032,1695050,1695122,1695280,1695299,1695420,1695457,1695482,1695
 
492,1695507,1695521,1695540,1695571,1695905,1696190,1696194,1696242,1696285,1696375,1696522,1696578,1696759,1696916,1697363,1697373,1697410,1697582,1697589,1697616,1697672,1700191,1700231,1700397,1700403,1700506,1700571,1700718,1700727,1700749,1700769,1700775,1701065,1701619,1701733,1701743,1701750,1701768,1701806,1701810,1701814,1701907,1701948,1701955,1701959,1701965,1701986,1702014,1702022,1702045,1702051,1702241,1702272,1702371,1702387,1702405,1702423,1702426,1702428,1702860,1702866,1702942,1702960,1703212,1703382,1703395,1703411,1703428,1703430,1703568,1703592,1703758,1703858,1703878,1704256,1704282,1704285,1704457,1704479,1704490,1704614,1704629,1704636,1704655,1704670,1704886,1705005,1705027,1705043,1705055,1705250,1705268,1705273,1705323,1705677,1705701,1705871,1705992,1705998,1706009,1706037,1706059,1706212,1706218,1706270,1706764,1706772,1707049,1707191,1707331,1707435,1707509,1708105,1708315,1708546,1708592,1708766,1709012,1709852,1709978,1710013,1710031,1710049,1710205,1
 
710242,1710559,1710575,1710590,1710614,1710637,1710789,1710800,1710811,1710816,1710972,1711248,1711282,1711296,1711405,1711498,1711654,1712018,1712042,1712319,1712490,1712531,1712730,1712785,1712963,1713008,1713439,1713461,1713580,1713586,1713599-1713600,1713626,1713698,1713803,1713809,1714034,1714061,1714084,1714170,1714213,1714229,1714238,1714519-1714520,1714543-1714544,1714730,1714739,1714779,1714956,1714961,1715010,1715092,1715191,1715346,1715767,1715771,1715888,1715898,1716178,1716426,1716576,1716596,1716616,1716703,1716712,1716815,1716823,1716830,1716883,1717277,1717462,1717632,1717784,1717789,1717988,1718528,1718533,1718547-1718548,1718626,1718646,1718772,1718801-1718802,1718895,1719111,1719288,1719869,1720335,1720350,1720354,1720500,1721160,1721172,1721337,1722141,1722832,1723227,1723239,1723241,1723251,1723254,1723333,1723347,1723350,1723584,1723713,1723731,1724026,1724057,1724186,1724210,1724401,1724628,1724631,1725216,1725477,1725555,1725960,1726232,1726570,1726579,172658
 
5-1726586,1726621,1726795,1726797,1726809,1726812,1726981,1726993,1727026,1727254,1727331,1727350,1727358,1727429,1727476,1727508,1727515-1727518,1727893,1728037,1728041,1728070,1728114,1728281,1728443,1728642,1729200
 /jackrabbit/trunk:1345480

Modified: 
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java?rev=1729384&r1=1729383&r2=1729384&view=diff
==============================================================================
--- 
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java
 (original)
+++ 
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java
 Tue Feb  9 14:07:17 2016
@@ -53,6 +53,10 @@ import org.apache.jackrabbit.oak.spi.sec
         @Property(name = TokenProvider.PARAM_TOKEN_LENGTH,
                 label = "Token Length",
                 description = "Length of the generated token."),
+        @Property(name = TokenProvider.PARAM_TOKEN_REFRESH,
+                label = "Token Refresh",
+                description = "Enable/disable refresh of login tokens (i.e. 
resetting the expiration time).",
+                boolValue = true),
         @Property(name = UserConstants.PARAM_PASSWORD_HASH_ALGORITHM,
                 label = "Hash Algorithm",
                 description = "Name of the algorithm to hash the token.",

Modified: 
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1729384&r1=1729383&r2=1729384&view=diff
==============================================================================
--- 
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
 (original)
+++ 
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
 Tue Feb  9 14:07:17 2016
@@ -151,6 +151,7 @@ class TokenProviderImpl implements Token
      * @return A new {@code TokenInfo} or {@code null} if the token could not
      *         be created.
      */
+    @CheckForNull
     @Override
     public TokenInfo createToken(@Nonnull Credentials credentials) {
         SimpleCredentials sc = extractSimpleCredentials(credentials);
@@ -305,7 +306,7 @@ class TokenProviderImpl implements Token
             return false;
         } else {
             return TOKENS_NODE_NAME.equals(tokenTree.getParent().getName()) &&
-                    
TOKEN_NT_NAME.equals(TreeUtil.getPrimaryTypeName(tokenTree));
+                   
TOKEN_NT_NAME.equals(TreeUtil.getPrimaryTypeName(tokenTree));
         }
     }
 
@@ -490,24 +491,27 @@ class TokenProviderImpl implements Token
 
         @Override
         public boolean resetExpiration(long loginTime) {
-            Tree tokenTree = getTokenTree(this);
-            if (tokenTree != null && tokenTree.exists()) {
-                NodeUtil tokenNode = new NodeUtil(tokenTree);
-                if (isExpired(loginTime)) {
-                    log.debug("Attempt to reset an expired token.");
-                    return false;
-                }
+            // for backwards compatibility use true as default value for the 
'tokenRefresh' configuration
+            if (options.getConfigValue(PARAM_TOKEN_REFRESH, true)) {
+                Tree tokenTree = getTokenTree(this);
+                if (tokenTree != null && tokenTree.exists()) {
+                    NodeUtil tokenNode = new NodeUtil(tokenTree);
+                    if (isExpired(loginTime)) {
+                        log.debug("Attempt to reset an expired token.");
+                        return false;
+                    }
 
-                if (expirationTime - loginTime <= tokenExpiration / 2) {
-                    try {
-                        long expTime = createExpirationTime(loginTime, 
tokenExpiration);
-                        tokenNode.setDate(TOKEN_ATTRIBUTE_EXPIRY, expTime);
-                        root.commit(CommitMarker.asCommitAttributes());
-                        log.debug("Successfully reset token expiration time.");
-                        return true;
-                    } catch (CommitFailedException e) {
-                        log.debug("Failed to reset token expiration", 
e.getMessage());
-                        root.refresh();
+                    if (expirationTime - loginTime <= tokenExpiration / 2) {
+                        try {
+                            long expTime = createExpirationTime(loginTime, 
tokenExpiration);
+                            tokenNode.setDate(TOKEN_ATTRIBUTE_EXPIRY, expTime);
+                            root.commit(CommitMarker.asCommitAttributes());
+                            log.debug("Successfully reset token expiration 
time.");
+                            return true;
+                        } catch (CommitFailedException e) {
+                            log.debug("Failed to reset token expiration", 
e.getMessage());
+                            root.refresh();
+                        }
                     }
                 }
             }

Modified: 
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java?rev=1729384&r1=1729383&r2=1729384&view=diff
==============================================================================
--- 
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java
 (original)
+++ 
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java
 Tue Feb  9 14:07:17 2016
@@ -41,6 +41,13 @@ public interface TokenProvider {
     String PARAM_TOKEN_LENGTH = "tokenLength";
 
     /**
+     * Optional configuration parameter to define if a given token should be
+     * refreshed or not. Implementations that do not support this option will
+     * ignore any config options with that name.
+     */
+    String PARAM_TOKEN_REFRESH = "tokenRefresh";
+
+    /**
      * Returns {@code true} if the given credentials indicate that a new token
      * needs to be issued.
      *

Modified: 
jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java?rev=1729384&r1=1729383&r2=1729384&view=diff
==============================================================================
--- 
jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java
 (original)
+++ 
jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java
 Tue Feb  9 14:07:17 2016
@@ -42,7 +42,7 @@ public abstract class AbstractTokenTest
 
         root = adminSession.getLatestRoot();
         tokenProvider = new TokenProviderImpl(root,
-                ConfigurationParameters.EMPTY,
+                getTokenConfig(),
                 getUserConfiguration());
     }
 
@@ -55,6 +55,10 @@ public abstract class AbstractTokenTest
         }
     }
 
+    ConfigurationParameters getTokenConfig() {
+        return ConfigurationParameters.EMPTY;
+    }
+
     @CheckForNull
     Tree getTokenTree(@Nonnull TokenInfo info) {
         String token = info.getToken();

Modified: 
jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplTest.java?rev=1729384&r1=1729383&r2=1729384&view=diff
==============================================================================
--- 
jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplTest.java
 (original)
+++ 
jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplTest.java
 Tue Feb  9 14:07:17 2016
@@ -23,6 +23,7 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.junit.Test;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
 
 public class TokenConfigurationImplTest extends AbstractSecurityTest {
 
@@ -38,7 +39,9 @@ public class TokenConfigurationImplTest
 
     @Override
     protected ConfigurationParameters getSecurityConfigParameters() {
-        ConfigurationParameters config = 
ConfigurationParameters.of(TokenProviderImpl.PARAM_TOKEN_EXPIRATION, 60);
+        ConfigurationParameters config = ConfigurationParameters.of(
+                TokenProvider.PARAM_TOKEN_EXPIRATION, 60,
+                TokenProvider.PARAM_TOKEN_REFRESH, true);
         return ConfigurationParameters.of(TokenConfiguration.NAME, config);
     }
 
@@ -53,4 +56,10 @@ public class TokenConfigurationImplTest
         int exp = 
getConfig(TokenConfiguration.class).getParameters().getConfigValue(TokenProvider.PARAM_TOKEN_EXPIRATION,
 DEFAULT_EXPIRATION);
         assertEquals(60, exp);
     }
+
+    @Test
+    public void testRefresh() {
+        boolean refresh = 
getConfig(TokenConfiguration.class).getParameters().getConfigValue(TokenProvider.PARAM_TOKEN_REFRESH,
 false);
+        assertTrue(refresh);
+    }
 }
\ No newline at end of file

Modified: 
jackrabbit/oak/branches/1.2/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.2/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md?rev=1729384&r1=1729383&r2=1729384&view=diff
==============================================================================
--- 
jackrabbit/oak/branches/1.2/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md
 (original)
+++ 
jackrabbit/oak/branches/1.2/oak-doc/src/site/markdown/security/authentication/tokenmanagement.md
 Tue Feb  9 14:07:17 2016
@@ -102,6 +102,14 @@ will be removed if the authentication fa
 The default `TokenProvider` implementation will automatically reset the 
expiration
 time of a given token upon successful authentication.
 
+This behavior can be disabled by setting the `tokenRefresh` configuration 
parameter
+to `false` (see `PARAM_TOKEN_REFRESH` below). In this case expiration time will
+not be reset and an attempt to do so using the API (e.g. calling `
+TokenInfo.resetExpiration(long loginTime)`) will return `false` indicating
+that the expiration time has not been reset. The token will consequently expire
+and the user will need to login again using the configured default login
+mechanism (e.g. using `SimpleCredentials`).
+
 #### Token Representation in the Repository
 
 ##### Content Structure
@@ -211,6 +219,7 @@ plugged at runtime.
 |-------------------------------------|---------|--------------------------|
 | PARAM_TOKEN_EXPIRATION              | long    | 2 * 3600 * 1000 (2 hours)|
 | PARAM_TOKEN_LENGTH                  | int     | 8                        |
+| PARAM_TOKEN_REFRESH                 | boolean | true                     |
 | | | |
 
 


Reply via email to