@Test(expected = UserAlreadyLoggedInException.class)
public void failUserAlreadyLoggedIn() {
DefaultLoginCredentials credentials = getCredentials();
credentials.setUserId(USER_NAME);
credentials.setPassword(USER_PASSWORD);
Identity identity = getIdentity();
identity.login();
// should throw the exception. user is already authenticated.
identity.login();
}
protected void performAuthentication() {
DefaultLoginCredentials credentials = this.credentials;
credentials.setPassword(USER_PASSWORD);
credentials.setUserId(USER_NAME);
Identity identity = this.identity;
Identity.AuthenticationResult status = identity.login();
assertEquals(Identity.AuthenticationResult.SUCCESS, status);
assertTrue(identity.isLoggedIn());
assertEquals(this.identity.getAccount(), identity.getAccount());
}
@Test
public void testUnsuccessfulPasswordBasedAuthentication() throws Exception {
DefaultLoginCredentials credentials = getCredentials();
credentials.setUserId(USER_NAME);
credentials.setPassword("badpasswd");
Identity identity = getIdentity();
AuthenticationResult status = identity.login();
assertEquals(AuthenticationResult.FAILED, status);
assertFalse(identity.isLoggedIn());
assertNull(identity.getAccount());
}
@Test
public void testSuccessfulPasswordBasedAuthentication() throws Exception {
DefaultLoginCredentials credentials = getCredentials();
credentials.setPassword(USER_PASSWORD);
credentials.setUserId(USER_NAME);
Identity identity = getIdentity();
AuthenticationResult status = identity.login();
assertEquals(AuthenticationResult.SUCCESS, status);
assertTrue(identity.isLoggedIn());
assertEquals(getAccount(), identity.getAccount());
}
@Test(expected = LockedAccountException.class)
public void failLockedAccount() {
Account account = getAccount();
account.setEnabled(false);
getIdentityManager().update(account);
DefaultLoginCredentials credentials = getCredentials();
credentials.setPassword(USER_PASSWORD);
credentials.setUserId(USER_NAME);
// should throw the exception. user is disabled/locked.
Identity identity = getIdentity();
identity.login();
}
@Produces
@PicketLink
public Partition getDefaultPartition() {
if (credentials.getCredential() instanceof TokenCredential) {
return partitionManager.getPartition(Realm.class, "token");
}
return partitionManager.getPartition(Realm.class, Realm.DEFAULT_REALM);
}
@Override
public void authenticate() {
if (credentials.getCredential() == null) {
return;
}
Credentials creds;
if (isUsernamePasswordCredential()) {
creds =
new UsernamePasswordCredentials(
credentials.getUserId(), (Password) credentials.getCredential());
} else if (isDigestCredential()) {
creds = new DigestCredentials((Digest) credentials.getCredential());
} else if (isCustomCredential()) {
creds = (Credentials) credentials.getCredential();
} else {
throw new UnexpectedCredentialException(
"Unsupported credential type [" + credentials.getCredential() + "].");
}
if (AUTHENTICATION_LOGGER.isDebugEnabled()) {
AUTHENTICATION_LOGGER.debugf("Validating credentials [%s] using PicketLink IDM.", creds);
}
identityManager.get().validateCredentials(creds);
this.credentials.setStatus(creds.getStatus());
this.credentials.setValidatedAccount(creds.getValidatedAccount());
if (AUTHENTICATION_LOGGER.isDebugEnabled()) {
AUTHENTICATION_LOGGER.debugf(
"Credential status is [%s] and validated account [%s]",
this.credentials.getStatus(), this.credentials.getValidatedAccount());
}
if (Credentials.Status.VALID.equals(creds.getStatus())) {
setStatus(AuthenticationStatus.SUCCESS);
setAccount(creds.getValidatedAccount());
} else if (Credentials.Status.ACCOUNT_DISABLED.equals(creds.getStatus())) {
throw new LockedAccountException(
"Account [" + this.credentials.getUserId() + "] is disabled.");
} else if (Credentials.Status.EXPIRED.equals(creds.getStatus())) {
throw new CredentialExpiredException(
"Credential is expired for Account [" + this.credentials.getUserId() + "].");
}
}
private boolean isUsernamePasswordCredential() {
return Password.class.equals(credentials.getCredential().getClass())
&& credentials.getUserId() != null;
}
private boolean isDigestCredential() {
return Digest.class.equals(credentials.getCredential().getClass());
}
private boolean isCustomCredential() {
return Credentials.class.isInstance(credentials.getCredential());
}
