Examples of org.apache.jackrabbit.oak.spi.security.authentication.Authentication

• org.apache.jackrabbit.oak.spi.security.authentication.Authentication
  The {@code Authentication} interface defines methods to validate{@link javax.jcr.Credentials Credentials} during the{@link javax.security.auth.spi.LoginModule#login() login step} of theauthentication process. The validation depends on the authentication mechanism in place.

  A given implementation may only handle certain types of {@code Credentials}as the authentication process is tightly coupled to the semantics of the {@code Credentials}.

  For example a implementation may only be able to validate UserID/password pairs such as passed with {@link javax.jcr.SimpleCredentials}, while another might be responsible for validating login token issued by the repository or an external access token generation mechanism.

        if (credentials == null || userId == null) {
            log.debug("Could not extract userId/credentials");
            return false;
        }

        Authentication authentication = new UserAuthentication(userId, getUserManager());
        boolean success = authentication.authenticate(credentials);
        if (success) {
            principals = getPrincipals(userId);

            log.debug("Adding Credentials to shared state.");
            sharedState.put(SHARED_KEY_CREDENTIALS, credentials);

        if (credentials == null || userId == null) {
            log.debug("Could not extract userId/credentials");
            return false;
        }

        Authentication authentication = new UserAuthentication(userId, getUserManager());
        boolean success = authentication.authenticate(credentials);
        if (success) {
            principals = getPrincipals(userId);

            log.debug("Adding Credentials to shared state.");
            sharedState.put(SHARED_KEY_CREDENTIALS, credentials);

        if (credentials == null || userId == null) {
            log.debug("Could not extract userId/credentials");
            return false;
        }

        Authentication authentication = new UserAuthentication(userId, getUserManager());
        boolean success = authentication.authenticate(credentials);
        if (success) {
            principals = getPrincipals(userId);

            log.debug("Adding Credentials to shared state.");
            sharedState.put(SHARED_KEY_CREDENTIALS, credentials);

        // TODO
        credentials = getCredentials();
        userID = getUserID();
        principals = getPrincipals(userID);

        Authentication authentication = new AuthenticationImpl(userID);
        boolean success = authentication.authenticate(credentials);
        if (!success) {
            success = impersonate(authentication);
        }

        if (success) {

        if (credentials == null || userId == null) {
            log.debug("Could not extract userId/credentials");
            return false;
        }

        Authentication authentication = new UserAuthentication(userId, getUserManager());
        boolean success = authentication.authenticate(credentials);
        if (success) {
            principals = getPrincipals(userId);

            log.debug("Adding Credentials to shared state.");
            sharedState.put(SHARED_KEY_CREDENTIALS, credentials);

        // check if we have a pre authenticated login from a previous login module
        PreAuthenticatedLogin preAuthLogin = getSharedPreAuthLogin();
        if (preAuthLogin != null) {
            userId = preAuthLogin.getUserId();
            Authentication authentication = new UserAuthentication(userId, getUserManager());
            success = authentication.authenticate(UserAuthentication.PRE_AUTHENTICATED);

        } else {
            userId = getUserId();
            Authentication authentication = new UserAuthentication(userId, getUserManager());
            success = authentication.authenticate(credentials);
        }

        if (success) {
            principals = getPrincipals(userId);

    }

    @Test
    public void testAuthenticateCannotResolveUser() throws Exception {
        SimpleCredentials sc = new SimpleCredentials("unknownUser", "pw".toCharArray());
        Authentication a = new UserAuthentication(getUserConfiguration(), root, sc.getUserID());

        assertFalse(a.authenticate(sc));
    }

    @Test
    public void testAuthenticateResolvesToGroup() throws Exception {
        Group g = getUserManager(root).createGroup("g1");
        SimpleCredentials sc = new SimpleCredentials(g.getID(), "pw".toCharArray());
        Authentication a = new UserAuthentication(getUserConfiguration(), root, sc.getUserID());

        try {
            a.authenticate(sc);
            fail("Authenticating Group should fail");
        } catch (LoginException e) {
            // success
            assertTrue(e instanceof AccountNotFoundException);
        } finally {

    @Test
    public void testAuthenticateResolvesToDisabledUser() throws Exception {
        User testUser = getTestUser();
        SimpleCredentials sc = new SimpleCredentials(testUser.getID(), testUser.getID().toCharArray());
        Authentication a = new UserAuthentication(getUserConfiguration(), root, sc.getUserID());

        try {
            getTestUser().disable("disabled");
            root.commit();

            a.authenticate(sc);
            fail("Authenticating disabled user should fail");
        } catch (LoginException e) {
            // success
            assertTrue(e instanceof AccountLockedException);
        } finally {

        assertTrue(newModTime > oldModTime);
    }

    @Test
    public void testAuthenticatePasswordExpiredNewUser() throws Exception {
        Authentication a = new UserAuthentication(getUserConfiguration(), root, userId);
        // during user creation pw last modified is set, thus it shouldn't expire
        a.authenticate(new SimpleCredentials(userId, userId.toCharArray()));
    }