private void TestTokenSupportsRealm(ShiroAuthToken token, bool supports, params string[] realms)
{
foreach (string realm in realms)
{
assertThat("Token should support '" + realm + "' realm", token.SupportsRealm(realm), equalTo(supports));
}
}
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void shouldSupportBasicAuthTokenWithWildcardRealm() throws Exception
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
public virtual void ShouldSupportBasicAuthTokenWithWildcardRealm()
{
ShiroAuthToken token = new ShiroAuthToken(AuthToken.newBasicAuthToken(USERNAME, PASSWORD, "*"));
TestBasicAuthToken(token, USERNAME, PASSWORD, Org.Neo4j.Kernel.api.security.AuthToken_Fields.BASIC_SCHEME);
assertThat("Token map should have only expected values", token.AuthTokenMap, authTokenMatcher(map(Org.Neo4j.Kernel.api.security.AuthToken_Fields.PRINCIPAL, USERNAME, Org.Neo4j.Kernel.api.security.AuthToken_Fields.CREDENTIALS, PASSWORD, Org.Neo4j.Kernel.api.security.AuthToken_Fields.SCHEME_KEY, Org.Neo4j.Kernel.api.security.AuthToken_Fields.BASIC_SCHEME, Org.Neo4j.Kernel.api.security.AuthToken_Fields.REALM_KEY, "*")));
TestTokenSupportsRealm(token, true, "unknown", "native", "ldap");
}
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void shouldHaveStringRepresentationWithNullRealm() throws Exception
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
public virtual void ShouldHaveStringRepresentationWithNullRealm()
{
ShiroAuthToken token = new ShiroAuthToken(AuthToken.newBasicAuthToken(USERNAME, PASSWORD, null));
TestBasicAuthToken(token, USERNAME, PASSWORD, Org.Neo4j.Kernel.api.security.AuthToken_Fields.BASIC_SCHEME);
string stringRepresentation = token.ToString();
assertThat(stringRepresentation, containsString("realm='null'"));
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: protected org.apache.shiro.authc.AuthenticationInfo doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken token) throws org.apache.shiro.authc.AuthenticationException
protected internal override AuthenticationInfo DoGetAuthenticationInfo( AuthenticationToken token )
{
if ( !_authenticationEnabled )
{
return null;
}
ShiroAuthToken shiroAuthToken = ( ShiroAuthToken ) token;
string username;
sbyte[] password;
try
{
username = AuthToken.safeCast( Org.Neo4j.Kernel.api.security.AuthToken_Fields.PRINCIPAL, shiroAuthToken.AuthTokenMap );
password = AuthToken.safeCastCredentials( Org.Neo4j.Kernel.api.security.AuthToken_Fields.CREDENTIALS, shiroAuthToken.AuthTokenMap );
}
catch ( InvalidAuthTokenException e )
{
throw new UnsupportedTokenException( e );
}
User user = _userRepository.getUserByName( username );
if ( user == null )
{
throw new UnknownAccountException();
}
AuthenticationResult result = _authenticationStrategy.authenticate( user, password );
switch ( result )
{
case AuthenticationResult.FAILURE:
throw new IncorrectCredentialsException();
case AuthenticationResult.TOO_MANY_ATTEMPTS:
throw new ExcessiveAttemptsException();
default:
break;
}
if ( user.HasFlag( InternalFlatFileRealm.IS_SUSPENDED ) )
{
throw new DisabledAccountException( "User '" + user.Name() + "' is suspended." );
}
if ( user.PasswordChangeRequired() )
{
result = AuthenticationResult.PASSWORD_CHANGE_REQUIRED;
}
// NOTE: We do not cache the authentication info using the Shiro cache manager,
// so all authentication request will go through this method.
// Hence the credentials matcher is set to AllowAllCredentialsMatcher,
// and we do not need to store hashed credentials in the AuthenticationInfo.
return new ShiroAuthenticationInfo( user.Name(), Name, result );
}
//JAVA TO C# CONVERTER TODO TASK: Most Java annotations will not have direct .NET equivalent attributes:
//ORIGINAL LINE: @Test public void shouldSupportCustomAuthTokenWithSpecificRealmAndParameters() throws Exception
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
public virtual void ShouldSupportCustomAuthTokenWithSpecificRealmAndParameters()
{
string realm = "ldap";
IDictionary <string, object> @params = map("a", "A", "b", "B");
ShiroAuthToken token = new ShiroAuthToken(AuthToken.newCustomAuthToken(USERNAME, PASSWORD, realm, Org.Neo4j.Kernel.api.security.AuthToken_Fields.BASIC_SCHEME, @params));
TestBasicAuthToken(token, USERNAME, PASSWORD, Org.Neo4j.Kernel.api.security.AuthToken_Fields.BASIC_SCHEME);
assertThat("Token map should have only expected values", token.AuthTokenMap, authTokenMatcher(map(Org.Neo4j.Kernel.api.security.AuthToken_Fields.PRINCIPAL, USERNAME, Org.Neo4j.Kernel.api.security.AuthToken_Fields.CREDENTIALS, PASSWORD, Org.Neo4j.Kernel.api.security.AuthToken_Fields.SCHEME_KEY, Org.Neo4j.Kernel.api.security.AuthToken_Fields.BASIC_SCHEME, Org.Neo4j.Kernel.api.security.AuthToken_Fields.REALM_KEY, "ldap", "parameters", @params)));
TestTokenSupportsRealm(token, true, realm);
TestTokenSupportsRealm(token, false, "unknown", "native");
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: private void assertValidScheme(ShiroAuthToken token) throws org.neo4j.kernel.api.security.exception.InvalidAuthTokenException
private void AssertValidScheme(ShiroAuthToken token)
{
string scheme = token.SchemeSilently;
if (string.ReferenceEquals(scheme, null))
{
throw invalidToken("missing key `scheme`: " + token);
}
else if (scheme.Equals("none"))
{
throw invalidToken("scheme='none' only allowed when auth is disabled: " + token);
}
}
private bool SupportsSchemeAndRealm(AuthenticationToken token)
{
try
{
if (token is ShiroAuthToken)
{
ShiroAuthToken shiroAuthToken = ( ShiroAuthToken )token;
return(shiroAuthToken.Scheme.Equals(Org.Neo4j.Kernel.api.security.AuthToken_Fields.BASIC_SCHEME) && (shiroAuthToken.SupportsRealm(LDAP_REALM)));
}
return(false);
}
catch (InvalidAuthTokenException)
{
return(false);
}
}
public override bool Supports( AuthenticationToken token )
{
try
{
if ( token is ShiroAuthToken )
{
ShiroAuthToken shiroAuthToken = ( ShiroAuthToken ) token;
return shiroAuthToken.Scheme.Equals( Org.Neo4j.Kernel.api.security.AuthToken_Fields.BASIC_SCHEME ) && ( shiroAuthToken.SupportsRealm( Org.Neo4j.Kernel.api.security.AuthToken_Fields.NATIVE_REALM ) );
}
return false;
}
catch ( InvalidAuthTokenException )
{
return false;
}
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: public org.neo4j.kernel.enterprise.api.security.EnterpriseLoginContext login(java.util.Map<String,Object> authToken) throws org.neo4j.kernel.api.security.exception.InvalidAuthTokenException
public override EnterpriseLoginContext Login(IDictionary <string, object> authToken)
{
try
{
EnterpriseLoginContext securityContext;
ShiroAuthToken token = new ShiroAuthToken(authToken);
AssertValidScheme(token);
try
{
securityContext = new StandardEnterpriseLoginContext(this, ( ShiroSubject )_securityManager.login(null, token));
AuthenticationResult authenticationResult = securityContext.Subject().AuthenticationResult;
if (authenticationResult == AuthenticationResult.SUCCESS)
{
if (_logSuccessfulLogin)
{
_securityLog.info(securityContext.Subject(), "logged in");
}
}
else if (authenticationResult == AuthenticationResult.PASSWORD_CHANGE_REQUIRED)
{
_securityLog.info(securityContext.Subject(), "logged in (password change required)");
}
else
{
string errorMessage = ((StandardEnterpriseLoginContext.NeoShiroSubject)securityContext.Subject()).AuthenticationFailureMessage;
_securityLog.error("[%s]: failed to log in: %s", escape(token.Principal.ToString()), errorMessage);
}
// No need to keep full Shiro authentication info around on the subject
((StandardEnterpriseLoginContext.NeoShiroSubject)securityContext.Subject()).clearAuthenticationInfo();
}
catch (UnsupportedTokenException e)
{
_securityLog.error("Unknown user failed to log in: %s", e.Message);
Exception cause = e.InnerException;
if (cause is InvalidAuthTokenException)
{
throw new InvalidAuthTokenException(cause.Message + ": " + token);
}
throw invalidToken(": " + token);
}
catch (ExcessiveAttemptsException)
{
// NOTE: We only get this with single (internal) realm authentication
securityContext = new StandardEnterpriseLoginContext(this, new ShiroSubject(_securityManager, AuthenticationResult.TOO_MANY_ATTEMPTS));
_securityLog.error("[%s]: failed to log in: too many failed attempts", escape(token.Principal.ToString()));
}
catch (AuthenticationException e)
{
if (e.InnerException != null && e.InnerException is AuthProviderTimeoutException)
{
Exception cause = e.InnerException.InnerException;
_securityLog.error("[%s]: failed to log in: auth server timeout%s", escape(token.Principal.ToString()), cause != null && cause.Message != null ? " (" + cause.Message + ")" : "");
throw new AuthProviderTimeoutException(e.InnerException.Message, e.InnerException);
}
else if (e.InnerException != null && e.InnerException is AuthProviderFailedException)
{
Exception cause = e.InnerException.InnerException;
_securityLog.error("[%s]: failed to log in: auth server connection refused%s", escape(token.Principal.ToString()), cause != null && cause.Message != null ? " (" + cause.Message + ")" : "");
throw new AuthProviderFailedException(e.InnerException.Message, e.InnerException);
}
securityContext = new StandardEnterpriseLoginContext(this, new ShiroSubject(_securityManager, AuthenticationResult.FAILURE));
Exception cause = e.InnerException;
Exception causeCause = e.InnerException != null ? e.InnerException.InnerException : null;
string errorMessage = string.Format("invalid principal or credentials{0}{1}", cause != null && cause.Message != null ? " (" + cause.Message + ")" : "", causeCause != null && causeCause.Message != null ? " (" + causeCause.Message + ")" : "");
_securityLog.error("[%s]: failed to log in: %s", escape(token.Principal.ToString()), errorMessage);
}
return(securityContext);
}
finally
{
AuthToken.clearCredentials(authToken);
}
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: private void testBasicAuthToken(ShiroAuthToken token, String username, String password, String scheme) throws org.neo4j.kernel.api.security.exception.InvalidAuthTokenException
private void TestBasicAuthToken(ShiroAuthToken token, string username, string password, string scheme)
{
assertThat("Token should have basic scheme", token.Scheme, equalTo(scheme));
assertThat("Token have correct principal", token.Principal, equalTo(username));
assertThat("Token have correct credentials", token.Credentials, equalTo(password(password)));
}
