private void TestTokenSupportsRealm(ShiroAuthToken token, bool supports, params string[] realms) { foreach (string realm in realms) { assertThat("Token should support '" + realm + "' realm", token.SupportsRealm(realm), equalTo(supports)); } }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldSupportBasicAuthTokenWithWildcardRealm() throws Exception //JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: public virtual void ShouldSupportBasicAuthTokenWithWildcardRealm() { ShiroAuthToken token = new ShiroAuthToken(AuthToken.newBasicAuthToken(USERNAME, PASSWORD, "*")); TestBasicAuthToken(token, USERNAME, PASSWORD, Org.Neo4j.Kernel.api.security.AuthToken_Fields.BASIC_SCHEME); assertThat("Token map should have only expected values", token.AuthTokenMap, authTokenMatcher(map(Org.Neo4j.Kernel.api.security.AuthToken_Fields.PRINCIPAL, USERNAME, Org.Neo4j.Kernel.api.security.AuthToken_Fields.CREDENTIALS, PASSWORD, Org.Neo4j.Kernel.api.security.AuthToken_Fields.SCHEME_KEY, Org.Neo4j.Kernel.api.security.AuthToken_Fields.BASIC_SCHEME, Org.Neo4j.Kernel.api.security.AuthToken_Fields.REALM_KEY, "*"))); TestTokenSupportsRealm(token, true, "unknown", "native", "ldap"); }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldHaveStringRepresentationWithNullRealm() throws Exception //JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: public virtual void ShouldHaveStringRepresentationWithNullRealm() { ShiroAuthToken token = new ShiroAuthToken(AuthToken.newBasicAuthToken(USERNAME, PASSWORD, null)); TestBasicAuthToken(token, USERNAME, PASSWORD, Org.Neo4j.Kernel.api.security.AuthToken_Fields.BASIC_SCHEME); string stringRepresentation = token.ToString(); assertThat(stringRepresentation, containsString("realm='null'")); }
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: //ORIGINAL LINE: protected org.apache.shiro.authc.AuthenticationInfo doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken token) throws org.apache.shiro.authc.AuthenticationException protected internal override AuthenticationInfo DoGetAuthenticationInfo( AuthenticationToken token ) { if ( !_authenticationEnabled ) { return null; } ShiroAuthToken shiroAuthToken = ( ShiroAuthToken ) token; string username; sbyte[] password; try { username = AuthToken.safeCast( Org.Neo4j.Kernel.api.security.AuthToken_Fields.PRINCIPAL, shiroAuthToken.AuthTokenMap ); password = AuthToken.safeCastCredentials( Org.Neo4j.Kernel.api.security.AuthToken_Fields.CREDENTIALS, shiroAuthToken.AuthTokenMap ); } catch ( InvalidAuthTokenException e ) { throw new UnsupportedTokenException( e ); } User user = _userRepository.getUserByName( username ); if ( user == null ) { throw new UnknownAccountException(); } AuthenticationResult result = _authenticationStrategy.authenticate( user, password ); switch ( result ) { case AuthenticationResult.FAILURE: throw new IncorrectCredentialsException(); case AuthenticationResult.TOO_MANY_ATTEMPTS: throw new ExcessiveAttemptsException(); default: break; } if ( user.HasFlag( InternalFlatFileRealm.IS_SUSPENDED ) ) { throw new DisabledAccountException( "User '" + user.Name() + "' is suspended." ); } if ( user.PasswordChangeRequired() ) { result = AuthenticationResult.PASSWORD_CHANGE_REQUIRED; } // NOTE: We do not cache the authentication info using the Shiro cache manager, // so all authentication request will go through this method. // Hence the credentials matcher is set to AllowAllCredentialsMatcher, // and we do not need to store hashed credentials in the AuthenticationInfo. return new ShiroAuthenticationInfo( user.Name(), Name, result ); }
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes: //ORIGINAL LINE: @Test public void shouldSupportCustomAuthTokenWithSpecificRealmAndParameters() throws Exception //JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: public virtual void ShouldSupportCustomAuthTokenWithSpecificRealmAndParameters() { string realm = "ldap"; IDictionary <string, object> @params = map("a", "A", "b", "B"); ShiroAuthToken token = new ShiroAuthToken(AuthToken.newCustomAuthToken(USERNAME, PASSWORD, realm, Org.Neo4j.Kernel.api.security.AuthToken_Fields.BASIC_SCHEME, @params)); TestBasicAuthToken(token, USERNAME, PASSWORD, Org.Neo4j.Kernel.api.security.AuthToken_Fields.BASIC_SCHEME); assertThat("Token map should have only expected values", token.AuthTokenMap, authTokenMatcher(map(Org.Neo4j.Kernel.api.security.AuthToken_Fields.PRINCIPAL, USERNAME, Org.Neo4j.Kernel.api.security.AuthToken_Fields.CREDENTIALS, PASSWORD, Org.Neo4j.Kernel.api.security.AuthToken_Fields.SCHEME_KEY, Org.Neo4j.Kernel.api.security.AuthToken_Fields.BASIC_SCHEME, Org.Neo4j.Kernel.api.security.AuthToken_Fields.REALM_KEY, "ldap", "parameters", @params))); TestTokenSupportsRealm(token, true, realm); TestTokenSupportsRealm(token, false, "unknown", "native"); }
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: //ORIGINAL LINE: private void assertValidScheme(ShiroAuthToken token) throws org.neo4j.kernel.api.security.exception.InvalidAuthTokenException private void AssertValidScheme(ShiroAuthToken token) { string scheme = token.SchemeSilently; if (string.ReferenceEquals(scheme, null)) { throw invalidToken("missing key `scheme`: " + token); } else if (scheme.Equals("none")) { throw invalidToken("scheme='none' only allowed when auth is disabled: " + token); } }
private bool SupportsSchemeAndRealm(AuthenticationToken token) { try { if (token is ShiroAuthToken) { ShiroAuthToken shiroAuthToken = ( ShiroAuthToken )token; return(shiroAuthToken.Scheme.Equals(Org.Neo4j.Kernel.api.security.AuthToken_Fields.BASIC_SCHEME) && (shiroAuthToken.SupportsRealm(LDAP_REALM))); } return(false); } catch (InvalidAuthTokenException) { return(false); } }
public override bool Supports( AuthenticationToken token ) { try { if ( token is ShiroAuthToken ) { ShiroAuthToken shiroAuthToken = ( ShiroAuthToken ) token; return shiroAuthToken.Scheme.Equals( Org.Neo4j.Kernel.api.security.AuthToken_Fields.BASIC_SCHEME ) && ( shiroAuthToken.SupportsRealm( Org.Neo4j.Kernel.api.security.AuthToken_Fields.NATIVE_REALM ) ); } return false; } catch ( InvalidAuthTokenException ) { return false; } }
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: //ORIGINAL LINE: public org.neo4j.kernel.enterprise.api.security.EnterpriseLoginContext login(java.util.Map<String,Object> authToken) throws org.neo4j.kernel.api.security.exception.InvalidAuthTokenException public override EnterpriseLoginContext Login(IDictionary <string, object> authToken) { try { EnterpriseLoginContext securityContext; ShiroAuthToken token = new ShiroAuthToken(authToken); AssertValidScheme(token); try { securityContext = new StandardEnterpriseLoginContext(this, ( ShiroSubject )_securityManager.login(null, token)); AuthenticationResult authenticationResult = securityContext.Subject().AuthenticationResult; if (authenticationResult == AuthenticationResult.SUCCESS) { if (_logSuccessfulLogin) { _securityLog.info(securityContext.Subject(), "logged in"); } } else if (authenticationResult == AuthenticationResult.PASSWORD_CHANGE_REQUIRED) { _securityLog.info(securityContext.Subject(), "logged in (password change required)"); } else { string errorMessage = ((StandardEnterpriseLoginContext.NeoShiroSubject)securityContext.Subject()).AuthenticationFailureMessage; _securityLog.error("[%s]: failed to log in: %s", escape(token.Principal.ToString()), errorMessage); } // No need to keep full Shiro authentication info around on the subject ((StandardEnterpriseLoginContext.NeoShiroSubject)securityContext.Subject()).clearAuthenticationInfo(); } catch (UnsupportedTokenException e) { _securityLog.error("Unknown user failed to log in: %s", e.Message); Exception cause = e.InnerException; if (cause is InvalidAuthTokenException) { throw new InvalidAuthTokenException(cause.Message + ": " + token); } throw invalidToken(": " + token); } catch (ExcessiveAttemptsException) { // NOTE: We only get this with single (internal) realm authentication securityContext = new StandardEnterpriseLoginContext(this, new ShiroSubject(_securityManager, AuthenticationResult.TOO_MANY_ATTEMPTS)); _securityLog.error("[%s]: failed to log in: too many failed attempts", escape(token.Principal.ToString())); } catch (AuthenticationException e) { if (e.InnerException != null && e.InnerException is AuthProviderTimeoutException) { Exception cause = e.InnerException.InnerException; _securityLog.error("[%s]: failed to log in: auth server timeout%s", escape(token.Principal.ToString()), cause != null && cause.Message != null ? " (" + cause.Message + ")" : ""); throw new AuthProviderTimeoutException(e.InnerException.Message, e.InnerException); } else if (e.InnerException != null && e.InnerException is AuthProviderFailedException) { Exception cause = e.InnerException.InnerException; _securityLog.error("[%s]: failed to log in: auth server connection refused%s", escape(token.Principal.ToString()), cause != null && cause.Message != null ? " (" + cause.Message + ")" : ""); throw new AuthProviderFailedException(e.InnerException.Message, e.InnerException); } securityContext = new StandardEnterpriseLoginContext(this, new ShiroSubject(_securityManager, AuthenticationResult.FAILURE)); Exception cause = e.InnerException; Exception causeCause = e.InnerException != null ? e.InnerException.InnerException : null; string errorMessage = string.Format("invalid principal or credentials{0}{1}", cause != null && cause.Message != null ? " (" + cause.Message + ")" : "", causeCause != null && causeCause.Message != null ? " (" + causeCause.Message + ")" : ""); _securityLog.error("[%s]: failed to log in: %s", escape(token.Principal.ToString()), errorMessage); } return(securityContext); } finally { AuthToken.clearCredentials(authToken); } }
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: //ORIGINAL LINE: private void testBasicAuthToken(ShiroAuthToken token, String username, String password, String scheme) throws org.neo4j.kernel.api.security.exception.InvalidAuthTokenException private void TestBasicAuthToken(ShiroAuthToken token, string username, string password, string scheme) { assertThat("Token should have basic scheme", token.Scheme, equalTo(scheme)); assertThat("Token have correct principal", token.Principal, equalTo(username)); assertThat("Token have correct credentials", token.Credentials, equalTo(password(password))); }