Google Git
Sign in
apache / jackrabbit-oak / 89773459d65d1753f05feecbae18333d42e4d775 / . / trunk / oak-exercise / src / test / java / org / apache / jackrabbit / oak / exercise / security / authentication / L5_GuestLoginTest.java
blob: 9c8d426136fa8772924f079bd3a9975c41de2b5c [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jackrabbit.oak.exercise.security.authentication;
import javax.jcr.GuestCredentials;
import javax.jcr.LoginException;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import org.apache.jackrabbit.oak.exercise.security.user.L15_RepositoryWithoutAnonymousTest;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.test.AbstractJCRTest;
/**
* <pre>
* Module: Authentication
* =============================================================================
*
* Title: Guest Login (aka Anonymous Login)
* -----------------------------------------------------------------------------
*
* Goal:
* Understand how to login as guest, the meaning of the {@link javax.jcr.GuestCredentials}
* and how this is linked to the 'anonymous' user.
*
* Exercises:
*
* - {@link #testAnonymousGuestLogin()}
* Walk through the anonymous login {@link #testAnonymousGuestLogin()}
* Question: Can you identify ares in the default authentication setup that apply special handling for anonymous?
*
* - {@link #testAnonymousSimpleCredentialsLogin()}
* Try to login as anonymous with SimpleCredentials
* Question: Why can't you login as anonymous with {@link javax.jcr.SimpleCredentials}?
*
* - {@link #testAnonymousSimpleCredentialsLoginSuccess}
* In order to understand what makes the guest-login special compared to a
* regular user-login, modify the test-case such that a regular login with
* SimpleCredentials succeeds.
*
* - {@link #testDisableGuestLogin()}
* Use this test to prevent anonymous access in an existing/running oak repository.
* Modify the test such that it success. How many variants do you find?
*
*
* Additional Exercises:
* -----------------------------------------------------------------------------
*
* - Run a Sling (Granite|Cq) application and identify how the Sling Authentication
* deals with guest login.
* Question: What is the Sling way to disable anonymous (guest) access?
*
*
* Related Exercises:
* -----------------------------------------------------------------------------
*
* - {@link L6_AnonymousIdTest ()}
* - {@link L15_RepositoryWithoutAnonymousTest ()}
* - {@link L9_NullLoginTest ()}
*
* </pre>
*
* @see javax.jcr.GuestCredentials
* @see org.apache.jackrabbit.api.security.user.User#getCredentials()
* @see org.apache.jackrabbit.api.security.user.User#changePassword(String, String)
* @see org.apache.jackrabbit.api.security.user.User#disable(String)
*/
public class L5_GuestLoginTest extends AbstractJCRTest {
private Repository repository;
private Session testSession;
@Override
protected void setUp() throws Exception {
super.setUp();
repository = getHelper().getRepository();
superuser.save();
}
@Override
protected void tearDown() throws Exception {
try {
if (testSession != null && testSession.isLive()) {
testSession.logout();
}
} finally {
super.tearDown();
}
}
public void testAnonymousGuestLogin() throws RepositoryException {
testSession = repository.login(new GuestCredentials());
}
public void testAnonymousSimpleCredentialsLogin() throws RepositoryException {
testSession = repository.login(new GuestCredentials());
String anonymousID = testSession.getUserID();
testSession.logout();
try {
testSession = repository.login(new SimpleCredentials(anonymousID, new char[0]));
fail("Anonymous cannot login with simple credentials.");
} catch (LoginException e) {
// success
// EXERCISE: explain why
}
}
public void testAnonymousSimpleCredentialsLoginSuccess() throws RepositoryException {
testSession = repository.login(new GuestCredentials());
String anonymousID = testSession.getUserID();
// EXERCISE: how to you need to modify the test-case that this would work?
Session anonymousUserSession = repository.login(new SimpleCredentials(anonymousID, new char[0]));
assertEquals(UserConstants.DEFAULT_ANONYMOUS_ID, testSession.getUserID());
}
public void testDisableGuestLogin() throws RepositoryException {
// EXERCISE : identify ways to prevent anonymous login with GuestCredentials in an existing repository
// extend the test here such that the login below fails
// 1:
// 2:
try {
testSession = repository.login(new GuestCredentials());
fail("Anonymous login must fail.");
} catch (LoginException e) {
// success
}
}
}