Author: stillalex
Date: Mon Nov 20 15:11:27 2017
New Revision: 1815818
URL: http://svn.apache.org/viewvc?rev=1815818&view=rev
Log:
OAK-6940 Login token name generation is prone to race conditions
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1815818&r1=1815817&r2=1815818&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
Mon Nov 20 15:11:27 2017
@@ -24,8 +24,6 @@ import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Collections;
-import java.util.Date;
-import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
@@ -204,7 +202,7 @@ class TokenProviderImpl implements Token
if (tokenParent != null) {
try {
String id = user.getID();
- long creationTime = new Date().getTime();
+ long creationTime = System.currentTimeMillis();
long exp;
if (attributes.containsKey(PARAM_TOKEN_EXPIRATION)) {
exp =
Long.parseLong(attributes.get(PARAM_TOKEN_EXPIRATION).toString());
@@ -216,7 +214,7 @@ class TokenProviderImpl implements Token
TokenInfo tokenInfo;
try {
- String tokenName = generateTokenName(creationTime);
+ String tokenName = uuid;
tokenInfo = createTokenNode(tokenParent, tokenName,
expTime, uuid, id, attributes);
root.commit(CommitMarker.asCommitAttributes());
} catch (CommitFailedException e) {
@@ -327,13 +325,6 @@ class TokenProviderImpl implements Token
}
@Nonnull
- private static String generateTokenName(long creationTime) {
- Calendar creation = GregorianCalendar.getInstance();
- creation.setTimeInMillis(creationTime);
- return Text.replace(ISO8601.format(creation), ":", ".");
- }
-
- @Nonnull
private Tree getTokenTree(@Nonnull TokenInfoImpl tokenInfo) {
return root.getTree(tokenInfo.tokenPath);
}
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java?rev=1815818&r1=1815817&r2=1815818&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
Mon Nov 20 15:11:27 2017
@@ -411,21 +411,6 @@ public class TokenProviderImplTest exten
assertEquals(userId, info.getUserId());
}
- @Test
- public void testTokenNodeName() throws Exception {
- TokenInfo info = tokenProvider.createToken(userId,
Collections.<String, Object>emptyMap());
- Tree tokenTree = getTokenTree(info);
-
- // name must not be a uuid which is only used in case of conflict
during
- // creation which is not expected here.
- try {
- UUID.fromString(tokenTree.getName());
- fail("UUID-name should only be used in case of conflict");
- } catch (IllegalArgumentException e) {
- // success
- }
- }
-
//--------------------------------------------------------------------------
private static void assertTokenInfo(TokenInfo info, String userId) {
assertNotNull(info);
