Author: stillalex
Date: Thu Sep 6 14:45:42 2018
New Revision: 1840226
URL: http://svn.apache.org/viewvc?rev=1840226&view=rev
Log:
OAK-7741 Token LoginModule flag to skip refreshing the token expiration
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConstants.java
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java?rev=1840226&r1=1840225&r2=1840226&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
Thu Sep 6 14:45:42 2018
@@ -23,6 +23,7 @@ import javax.security.auth.login.LoginEx
import
org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
+import
org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConstants;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
import
org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.jetbrains.annotations.NotNull;
@@ -116,7 +117,12 @@ class TokenAuthentication implements Aut
}
if (tokenInfo.matches(tokenCredentials)) {
- tokenInfo.resetExpiration(loginTime);
+ if
(tokenCredentials.getAttribute(TokenConstants.TOKEN_SKIP_REFRESH) == null) {
+ boolean reset = tokenInfo.resetExpiration(loginTime);
+ log.debug("Token reset={}", reset);
+ } else {
+ log.debug("Token reset skipped.");
+ }
return true;
}
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java?rev=1840226&r1=1840225&r2=1840226&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java
Thu Sep 6 14:45:42 2018
@@ -36,6 +36,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.jetbrains.annotations.NotNull;
import org.junit.Before;
import org.junit.Test;
+import org.mockito.Mockito;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
@@ -177,4 +178,65 @@ public class TokenAuthenticationTest ext
assertTrue(authentication.authenticate(new
TokenCredentials(info.getToken())));
assertEquals(getTestUser().getPrincipal(),
authentication.getUserPrincipal());
}
+
+ @Test
+ public void testAuthenticateRefreshToken() throws Exception {
+ TokenCredentials tc = new TokenCredentials("token");
+ TokenProvider tp = Mockito.mock(TokenProvider.class);
+ TokenInfo ti = Mockito.mock(TokenInfo.class);
+
+ Mockito.when(tp.getTokenInfo(Mockito.anyString())).thenReturn(ti);
+ Mockito.when(ti.isExpired(Mockito.anyLong())).thenReturn(false);
+ Mockito.when(ti.matches(tc)).thenReturn(true);
+
+ TokenAuthentication auth = new TokenAuthentication(tp);
+ try {
+ assertTrue(auth.authenticate(tc));
+ Mockito.verify(ti).resetExpiration(Mockito.anyLong());
+ } catch (LoginException e) {
+ fail(e.getMessage());
+ }
+ }
+
+ @Test
+ public void testAuthenticateSkipRefreshToken() throws Exception {
+ TokenCredentials tc = new TokenCredentials("token");
+ tc.setAttribute(TokenConstants.TOKEN_SKIP_REFRESH, "");
+
+ TokenProvider tp = Mockito.mock(TokenProvider.class);
+ TokenInfo ti = Mockito.mock(TokenInfo.class);
+
+ Mockito.when(tp.getTokenInfo(Mockito.anyString())).thenReturn(ti);
+ Mockito.when(ti.isExpired(Mockito.anyLong())).thenReturn(false);
+ Mockito.when(ti.matches(tc)).thenReturn(true);
+
+ TokenAuthentication auth = new TokenAuthentication(tp);
+ try {
+ assertTrue(auth.authenticate(tc));
+ Mockito.verify(ti,
Mockito.never()).resetExpiration(Mockito.anyLong());
+ } catch (LoginException e) {
+ fail(e.getMessage());
+ }
+ }
+
+ @Test
+ public void testAuthenticateExpiredTokenMock() throws Exception {
+ TokenCredentials tc = new TokenCredentials("token");
+ TokenProvider tp = Mockito.mock(TokenProvider.class);
+ TokenInfo ti = Mockito.mock(TokenInfo.class);
+
+ Mockito.when(tp.getTokenInfo(Mockito.anyString())).thenReturn(ti);
+ Mockito.when(ti.isExpired(Mockito.anyLong())).thenReturn(true);
+
+ TokenAuthentication auth = new TokenAuthentication(tp);
+ try {
+ auth.authenticate(tc);
+ fail("LoginException expected");
+ } catch (LoginException e) {
+ // success
+ }
+
+ Mockito.verify(ti, Mockito.never()).matches(Mockito.any());
+ Mockito.verify(ti, Mockito.never()).resetExpiration(Mockito.anyLong());
+ }
}
Modified:
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConstants.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConstants.java?rev=1840226&r1=1840225&r2=1840226&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConstants.java
(original)
+++
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConstants.java
Thu Sep 6 14:45:42 2018
@@ -42,4 +42,9 @@ public interface TokenConstants {
TOKEN_ATTRIBUTE_KEY);
Set<String> TOKEN_PROPERTY_NAMES = ImmutableSet.of(TOKEN_ATTRIBUTE_EXPIRY,
TOKEN_ATTRIBUTE_KEY);
+
+ /**
+ * Flag set on the TokenCredentials to skip refreshing the token
expiration time
+ */
+ String TOKEN_SKIP_REFRESH = "tokenSkipRefresh";
}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java?rev=1840226&r1=1840225&r2=1840226&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
(original)
+++
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
Thu Sep 6 14:45:42 2018
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("1.5.1")
+@Version("1.6.0")
package org.apache.jackrabbit.oak.spi.security.authentication.token;
import org.osgi.annotation.versioning.Version;
