[jboss-cvs] JBossAS SVN: r57367 - in branches/JBoss_4_0_3_SP1_CP/security/src/main/org/jboss: security/auth/spi test
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Oct 2 15:24:03 EDT 2006
Author: scott.stark at jboss.org
Date: 2006-10-02 15:23:58 -0400 (Mon, 02 Oct 2006)
New Revision: 57367
Modified:
branches/JBoss_4_0_3_SP1_CP/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
branches/JBoss_4_0_3_SP1_CP/security/src/main/org/jboss/security/auth/spi/LdapLoginModule.java
branches/JBoss_4_0_3_SP1_CP/security/src/main/org/jboss/test/LoginModulesTestCase.java
Log:
ASPATCH-34, merge the ldap login module connection leak and role retrivial fixes.
Modified: branches/JBoss_4_0_3_SP1_CP/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
===================================================================
--- branches/JBoss_4_0_3_SP1_CP/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java 2006-10-02 18:39:53 UTC (rev 57366)
+++ branches/JBoss_4_0_3_SP1_CP/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java 2006-10-02 19:23:58 UTC (rev 57367)
@@ -1,8 +1,23 @@
/*
- * JBoss, Home of Professional Open Source
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
*
- * Distributable under LGPL license.
- * See terms of license at gnu.org.
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.security.auth.spi;
@@ -216,7 +231,7 @@
defaultRole();
isValid = true;
}
- catch (Exception e)
+ catch (Throwable e)
{
log.debug("Failed to validate password", e);
}
@@ -314,17 +329,25 @@
searchScope = SearchControls.SUBTREE_SCOPE;
// Get the admin context for searching
- InitialLdapContext ctx = constructInitialLdapContext(bindDN, bindCredential);
- // Validate the user by binding against the userDN
- String userDN = bindDNAuthentication(ctx, username, credential, baseDN, baseFilter);
-
- // Query for roles matching the role filter
- SearchControls constraints = new SearchControls();
- constraints.setSearchScope(searchScope);
- constraints.setReturningAttributes(new String[0]);
- constraints.setTimeLimit(searchTimeLimit);
- rolesSearch(ctx, constraints, username, userDN, recursion, 0);
- ctx.close();
+ InitialLdapContext ctx = null;
+ try
+ {
+ ctx = constructInitialLdapContext(bindDN, bindCredential);
+ // Validate the user by binding against the userDN
+ String userDN = bindDNAuthentication(ctx, username, credential, baseDN, baseFilter);
+
+ // Query for roles matching the role filter
+ SearchControls constraints = new SearchControls();
+ constraints.setSearchScope(searchScope);
+ constraints.setReturningAttributes(new String[0]);
+ constraints.setTimeLimit(searchTimeLimit);
+ rolesSearch(ctx, constraints, username, userDN, recursion, 0);
+ }
+ finally
+ {
+ if( ctx != null )
+ ctx.close();
+ }
return true;
}
@@ -353,6 +376,7 @@
results = ctx.search(baseDN, filter, filterArgs, constraints);
if (results.hasMore() == false)
{
+ results.close();
throw new NamingException("Search of baseDN(" + baseDN + ") found no matches");
}
@@ -364,6 +388,7 @@
else
throw new NamingException("Can't follow referal for authentication: " + name);
+ results.close();
results = null;
// Bind as the user dn to authenticate the user
InitialLdapContext userCtx = constructInitialLdapContext(userDN, credential);
@@ -387,20 +412,37 @@
{
Object[] filterArgs = {user, userDN};
NamingEnumeration results = ctx.search(rolesCtxDN, roleFilter, filterArgs, constraints);
- while (results.hasMore())
+ try
{
- SearchResult sr = (SearchResult) results.next();
- String dn = sr.getName() + "," + rolesCtxDN;
- String[] attrNames = {roleAttributeID};
- Attributes result = ctx.getAttributes(dn, attrNames);
- if( result != null && result.size() > 0 )
- {
- Attribute roles = result.get(roleAttributeID);
- for (int n = 0; n < roles.size(); n ++)
+ while (results.hasMore())
+ {
+ SearchResult sr = (SearchResult) results.next();
+ String dn = canonicalize(sr.getName());
+ if( nesting == 0 && roleAttributeIsDN && roleNameAttributeID != null )
{
- String roleName = (String) roles.get(n);
- try
+ // Check the top context for role names
+ String[] attrNames = {roleNameAttributeID};
+ Attributes result2 = ctx.getAttributes(dn, attrNames);
+ Attribute roles2 = result2.get(roleNameAttributeID);
+ if( roles2 != null )
{
+ for(int m = 0; m < roles2.size(); m ++)
+ {
+ String roleName = (String) roles2.get(m);
+ addRole(roleName);
+ }
+ }
+ }
+
+ // Query the context for the roleDN values
+ String[] attrNames = {roleAttributeID};
+ Attributes result = ctx.getAttributes(dn, attrNames);
+ if( result != null && result.size() > 0 )
+ {
+ Attribute roles = result.get(roleAttributeID);
+ for (int n = 0; n < roles.size(); n ++)
+ {
+ String roleName = (String) roles.get(n);
if (roleAttributeIsDN)
{
// Query the roleDN location for the value of roleNameAttributeID
@@ -409,10 +451,15 @@
log.trace("Using roleDN: " + roleDN);
try
{
- result = ctx.getAttributes(roleDN, returnAttribute);
- if (result.get(roleNameAttributeID) != null)
+ Attributes result2 = ctx.getAttributes(roleDN, returnAttribute);
+ Attribute roles2 = result2.get(roleNameAttributeID);
+ if( roles2 != null )
{
- roleName = result.get(roleNameAttributeID).get().toString();
+ for(int m = 0; m < roles2.size(); m ++)
+ {
+ roleName = (String) roles2.get(m);
+ addRole(roleName);
+ }
}
}
catch (NamingException e)
@@ -420,24 +467,26 @@
log.trace("Failed to query roleNameAttrName", e);
}
}
-
- Principal p = super.createIdentity(roleName);
- log.trace("Assign user to role " + roleName);
- userRoles.addMember(p);
- }
- catch (Exception e)
- {
- log.debug("Failed to create principal: " + roleName, e);
- }
- }
- }
-
- if (nesting < recursionMax)
- {
- rolesSearch(ctx, constraints, user, dn,
- recursionMax, nesting + 1);
- }
+ else
+ {
+ // The role attribute value is the role name
+ addRole(roleName);
+ }
+ }
+ }
+
+ if (nesting < recursionMax)
+ {
+ rolesSearch(ctx, constraints, user, dn,
+ recursionMax, nesting + 1);
+ }
+ }
}
+ finally
+ {
+ if( results != null )
+ results.close();
+ }
}
@@ -467,8 +516,11 @@
providerURL = "ldap://localhost:" + ((protocol != null && protocol.equals("ssl")) ? "636" : "389");
env.setProperty(Context.PROVIDER_URL, providerURL);
+ // JBAS-3555, allow anonymous login with no bindDN and bindCredential
+ if (dn != null)
env.setProperty(Context.SECURITY_PRINCIPAL, dn);
- env.put(Context.SECURITY_CREDENTIALS, credential);
+ if (credential != null)
+ env.put(Context.SECURITY_CREDENTIALS, credential);
traceLdapEnv(env);
return new InitialLdapContext(env, null);
}
@@ -483,4 +535,40 @@
log.trace("Logging into LDAP server, env=" + tmp.toString());
}
}
+
+ //JBAS-3438 : Handle "/" correctly
+ private String canonicalize(String searchResult)
+ {
+ String result = searchResult;
+ int len = searchResult.length();
+
+ if (searchResult.endsWith("\""))
+ {
+ result = searchResult.substring(0,len - 1)
+ + "," + rolesCtxDN + "\"";
+ }
+ else
+ {
+ result = searchResult + "," + rolesCtxDN;
+ }
+ return result;
+ }
+
+ private void addRole(String roleName)
+ {
+ if (roleName != null)
+ {
+ try
+ {
+ Principal p = super.createIdentity(roleName);
+ log.trace("Assign user to role " + roleName);
+ userRoles.addMember(p);
+ }
+ catch (Exception e)
+ {
+ log.debug("Failed to create principal: " + roleName, e);
+ }
+ }
+ }
+
}
Modified: branches/JBoss_4_0_3_SP1_CP/security/src/main/org/jboss/security/auth/spi/LdapLoginModule.java
===================================================================
--- branches/JBoss_4_0_3_SP1_CP/security/src/main/org/jboss/security/auth/spi/LdapLoginModule.java 2006-10-02 18:39:53 UTC (rev 57366)
+++ branches/JBoss_4_0_3_SP1_CP/security/src/main/org/jboss/security/auth/spi/LdapLoginModule.java 2006-10-02 19:23:58 UTC (rev 57367)
@@ -1,8 +1,8 @@
/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
@@ -239,7 +239,7 @@
createLdapInitContext(username, inputPassword);
isValid = true;
}
- catch (Exception e)
+ catch (Throwable e)
{
super.log.debug("Failed to validate password", e);
}
@@ -430,10 +430,15 @@
log.trace("Following roleDN: " + roleDN);
try
{
- Attributes result = ctx.getAttributes(roleDN, returnAttribute);
- if (result.get(roleNameAttributeID) != null)
+ Attributes result2 = ctx.getAttributes(roleDN, returnAttribute);
+ Attribute roles2 = result2.get(roleNameAttributeID);
+ if( roles2 != null )
{
- roleName = result.get(roleNameAttributeID).get().toString();
+ for(int m = 0; m < roles2.size(); m ++)
+ {
+ roleName = (String) roles2.get(m);
+ addRole(roleName);
+ }
}
}
catch (NamingException e)
@@ -445,24 +450,11 @@
{
// The role attribute value is the role name
roleName = value.toString();
+ addRole(roleName);
}
-
- if (roleName != null)
- {
- try
- {
- Principal p = super.createIdentity(roleName);
- if( trace )
- log.trace("Assign user to role " + roleName);
- userRoles.addMember(p);
- }
- catch (Exception e)
- {
- log.debug("Failed to create principal: " + roleName, e);
- }
- }
}
}
+ answer.close();
}
catch (NamingException e)
{
@@ -473,5 +465,22 @@
// Close the context to release the connection
ctx.close();
}
+
+ private void addRole(String roleName)
+ {
+ if (roleName != null)
+ {
+ try
+ {
+ Principal p = super.createIdentity(roleName);
+ log.trace("Assign user to role " + roleName);
+ userRoles.addMember(p);
+ }
+ catch (Exception e)
+ {
+ log.debug("Failed to create principal: " + roleName, e);
+ }
+ }
+ }
}
Modified: branches/JBoss_4_0_3_SP1_CP/security/src/main/org/jboss/test/LoginModulesTestCase.java
===================================================================
--- branches/JBoss_4_0_3_SP1_CP/security/src/main/org/jboss/test/LoginModulesTestCase.java 2006-10-02 18:39:53 UTC (rev 57366)
+++ branches/JBoss_4_0_3_SP1_CP/security/src/main/org/jboss/test/LoginModulesTestCase.java 2006-10-02 19:23:58 UTC (rev 57367)
@@ -1,27 +1,51 @@
/*
- * JBoss, Home of Professional Open Source
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
*
- * Distributable under LGPL license.
- * See terms of license at gnu.org.
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.test;
import java.lang.reflect.Method;
import java.security.acl.Group;
+import java.util.Enumeration;
import java.util.HashMap;
import java.util.Set;
+import java.util.logging.Level;
+import java.util.logging.LogManager;
+import java.util.logging.ConsoleHandler;
import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
+import javax.management.MBeanServer;
+import javax.management.MBeanServerFactory;
+import javax.management.ObjectName;
import junit.framework.TestCase;
import junit.framework.TestSuite;
import org.jboss.security.SimplePrincipal;
+import org.jboss.security.plugins.JaasSecurityDomain;
import org.jboss.security.auth.callback.UsernamePasswordHandler;
+import org.jboss.logging.Logger;
/** Tests of the LoginModule classes.
-
+
@author Scott.Stark at jboss.org
@version $Revision$
*/
@@ -33,6 +57,14 @@
{
Configuration.setConfiguration(new TestConfig());
System.out.println("Installed TestConfig as JAAS Configuration");
+ Logger.setPluginClassName("org.jboss.logging.JDK14LoggerPlugin");
+ java.util.logging.Logger security = java.util.logging.Logger.getLogger("org.jboss.security");
+ security.setLevel(Level.FINEST);
+ ConsoleHandler console = new ConsoleHandler();
+ console.setLevel(Level.FINEST);
+ security.addHandler(console);
+ Logger log = Logger.getLogger("org.jboss.security");
+ log.trace("Configured JDK trace logging");
}
catch(Exception e)
{
@@ -47,7 +79,7 @@
public void refresh()
{
}
-
+
public AppConfigurationEntry[] getAppConfigurationEntry(String name)
{
AppConfigurationEntry[] entry = null;
@@ -106,6 +138,30 @@
AppConfigurationEntry[] entry = {ace};
return entry;
}
+ AppConfigurationEntry[] testLdapExample11Encrypt()
+ {
+ String name = "org.jboss.security.auth.spi.LdapLoginModule";
+ HashMap options = new HashMap();
+ options.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
+ options.put("java.naming.provider.url", "ldap://lamia/");
+ options.put("java.naming.security.authentication", "simple");
+ options.put("java.naming.security.principal", "cn=Root,dc=jboss,dc=org");
+ // secret1 encrypted
+ options.put("java.naming.security.credentials", "7hInTB4HCBL");
+
+ options.put("jaasSecurityDomain", "jboss.test:service=JaasSecurityDomain,domain=testLdapExample11Encrypt");
+ options.put("principalDNPrefix", "uid=");
+ options.put("principalDNSuffix", ",ou=People,dc=jboss,dc=org");
+ options.put("rolesCtxDN", "ou=Roles,dc=jboss,dc=org");
+ options.put("uidAttributeID", "member");
+ options.put("matchOnUserDN", "true");
+ options.put("roleAttributeID", "cn");
+ options.put("roleAttributeIsDN", "false");
+ AppConfigurationEntry ace = new AppConfigurationEntry(name,
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
+ AppConfigurationEntry[] entry = {ace};
+ return entry;
+ }
AppConfigurationEntry[] testLdapExample2()
{
String name = "org.jboss.security.auth.spi.LdapLoginModule";
@@ -167,6 +223,31 @@
AppConfigurationEntry[] entry = {ace};
return entry;
}
+ AppConfigurationEntry[] testLdapExample21Encrypt()
+ {
+ String name = "org.jboss.security.auth.spi.LdapExtLoginModule";
+ HashMap options = new HashMap();
+ options.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
+ options.put("java.naming.provider.url", "ldap://lamia/");
+ options.put("java.naming.security.authentication", "simple");
+
+ options.put("jaasSecurityDomain", "jboss.test:service=JaasSecurityDomain,domain=testLdapExample21Encrypt");
+ options.put("bindDN", "cn=Root,dc=jboss,dc=org");
+ // secret1 encrypted
+ options.put("bindCredential", "7hInTB4HCBL");
+ options.put("baseCtxDN", "ou=People,dc=jboss,dc=org");
+ options.put("baseFilter", "(uid={0})");
+
+ options.put("rolesCtxDN", "ou=Roles,dc=jboss,dc=org");
+ options.put("roleFilter", "(member={1})");
+ options.put("roleAttributeID", "cn");
+ options.put("roleRecursion", "0");
+
+ AppConfigurationEntry ace = new AppConfigurationEntry(name,
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
+ AppConfigurationEntry[] entry = {ace};
+ return entry;
+ }
/**
testLdapExample23 {
org.jboss.security.auth.spi.LdapExtLoginModule
@@ -191,7 +272,7 @@
options.put("java.naming.provider.url", "ldap://lamia/");
options.put("java.naming.security.authentication", "simple");
-
+
options.put("bindDN", "cn=Root,dc=jboss,dc=org");
options.put("bindCredential", "secret1");
options.put("baseCtxDN", "ou=People,o=example3,dc=jboss,dc=org");
@@ -219,8 +300,8 @@
baseFilter="(uid={0})"
rolesCtxDN="ou=Roles,o=example2,dc=jboss,dc=org";
roleFilter="(uid={0})"
- roleAttributeIsDN="cn"
roleAttributeID="memberOf"
+ roleAttributeIsDN="true"
roleNameAttributeID="cn"
roleRecursion=0
};
@@ -233,7 +314,7 @@
options.put("java.naming.provider.url", "ldap://lamia/");
options.put("java.naming.security.authentication", "simple");
-
+
options.put("bindDN", "cn=Root,dc=jboss,dc=org");
options.put("bindCredential", "secret1");
options.put("baseCtxDN", "ou=People,o=example2,dc=jboss,dc=org");
@@ -291,13 +372,40 @@
return entry;
}
+ AppConfigurationEntry[] testJBAS3312()
+ {
+ String name = "org.jboss.security.auth.spi.LdapExtLoginModule";
+ HashMap options = new HashMap();
+ options.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
+ options.put("java.naming.provider.url", "ldap://lamia/");
+ options.put("java.naming.security.authentication", "simple");
+
+ options.put("bindDN", "cn=Root,DC=uz,DC=kuleuven,DC=ac,DC=be");
+ options.put("bindCredential", "root");
+ options.put("baseCtxDN", "ou=People,dc=uz,dc=kuleuven,dc=ac,dc=be");
+ options.put("baseFilter", "(sAMAccountName={0})");
+
+ options.put("rolesCtxDN", "OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be");
+ options.put("roleFilter", "(member={1})");
+ options.put("roleAttributeID", "memberOf");
+ options.put("roleAttributeIsDN", "true");
+ options.put("roleNameAttributeID", "cn");
+ options.put("roleRecursion", "5");
+ options.put("searchScope", "ONELEVEL_SCOPE");
+
+ AppConfigurationEntry ace = new AppConfigurationEntry(name,
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
+ AppConfigurationEntry[] entry = {ace};
+ return entry;
+ }
+
}
public LoginModulesTestCase(String testName)
{
super(testName);
}
-
+
public void testLdapExample1() throws Exception
{
System.out.println("testLdapExample1");
@@ -314,7 +422,7 @@
Group roles = (Group) groups.iterator().next();
assertTrue("Echo is a role", roles.isMember(new SimplePrincipal("Echo")));
assertTrue("TheDuke is a role", roles.isMember(new SimplePrincipal("TheDuke")));
-
+
lc.logout();
}
public void testLdapExample11() throws Exception
@@ -333,9 +441,130 @@
Group roles = (Group) groups.iterator().next();
assertTrue("Echo is a role", roles.isMember(new SimplePrincipal("Echo")));
assertTrue("TheDuke is a role", roles.isMember(new SimplePrincipal("TheDuke")));
-
+
lc.logout();
}
+ public void testLdapExample11Encrypt() throws Exception
+ {
+ System.out.println("testLdapExample11Encrypt");
+ MBeanServer server = MBeanServerFactory.createMBeanServer("jboss");
+ JaasSecurityDomain secDomain = new JaasSecurityDomain("testLdapExample11Encrypt");
+ secDomain.setSalt("abcdefgh");
+ secDomain.setIterationCount(13);
+ secDomain.setKeyStorePass("master");
+ secDomain.setManagerServiceName(null);
+ secDomain.start();
+ ObjectName name = new ObjectName("jboss.test:service=JaasSecurityDomain,domain=testLdapExample11Encrypt");
+ server.registerMBean(secDomain, name);
+
+ // secret1 encrypts to 7hInTB4HCBL
+ UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke", "theduke".toCharArray());
+ LoginContext lc = new LoginContext("testLdapExample11Encrypt", handler);
+ lc.login();
+
+ Subject subject = lc.getSubject();
+ System.out.println("Subject: "+subject);
+
+ Set groups = subject.getPrincipals(Group.class);
+ assertTrue("Principals contains jduke", subject.getPrincipals().contains(new SimplePrincipal("jduke")));
+ assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles")));
+ Group roles = (Group) groups.iterator().next();
+ assertTrue("Echo is a role", roles.isMember(new SimplePrincipal("Echo")));
+ assertTrue("TheDuke is a role", roles.isMember(new SimplePrincipal("TheDuke")));
+
+ lc.logout();
+ MBeanServerFactory.releaseMBeanServer(server);
+ }
+ /*
+version: 1
+dn: o=example2,dc=jboss,dc=org
+objectClass: top
+objectClass: dcObject
+objectClass: organization
+dc: jboss
+o: JBoss
+
+dn: ou=People,o=example2,dc=jboss,dc=org
+objectClass: top
+objectClass: organizationalUnit
+ou: People
+
+dn: uid=jduke,ou=People,o=example2,dc=jboss,dc=org
+objectClass: top
+objectClass: uidObject
+objectClass: person
+objectClass: inetOrgPerson
+cn: Java Duke
+employeeNumber: judke-123
+sn: Duke
+uid: jduke
+userPassword:: dGhlZHVrZQ==
+
+dn: uid=jduke2,ou=People,o=example2,dc=jboss,dc=org
+objectClass: top
+objectClass: uidObject
+objectClass: person
+objectClass: inetOrgPerson
+cn: Java Duke2
+employeeNumber: judke2-123
+sn: Duke2
+uid: jduke2
+userPassword:: dGhlZHVrZTI=
+
+dn: ou=Roles,o=example2,dc=jboss,dc=org
+objectClass: top
+objectClass: organizationalUnit
+ou: Roles
+
+dn: uid=jduke,ou=Roles,o=example2,dc=jboss,dc=org
+objectClass: top
+objectClass: groupUserEx
+memberOf: cn=Echo,ou=Roles,o=example2,dc=jboss,dc=org
+memberOf: cn=TheDuke,ou=Roles,o=example2,dc=jboss,dc=org
+uid: jduke
+
+dn: uid=jduke2,ou=Roles,o=example2,dc=jboss,dc=org
+objectClass: top
+objectClass: groupUserEx
+memberOf: cn=Echo2,ou=Roles,o=example2,dc=jboss,dc=org
+memberOf: cn=TheDuke2,ou=Roles,o=example2,dc=jboss,dc=org
+uid: jduke2
+
+dn: cn=Echo,ou=Roles,o=example2,dc=jboss,dc=org
+objectClass: top
+objectClass: groupOfNames
+cn: Echo
+description: the echo role
+member: uid=jduke,ou=People,dc=jboss,dc=org
+
+dn: cn=TheDuke,ou=Roles,o=example2,dc=jboss,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: TheDuke
+description: the duke role
+member: uid=jduke,ou=People,o=example2,dc=jboss,dc=org
+
+dn: cn=Echo2,ou=Roles,o=example2,dc=jboss,dc=org
+objectClass: top
+objectClass: groupOfNames
+cn: Echo2
+description: the Echo2 role
+member: uid=jduke2,ou=People,dc=jboss,dc=org
+
+dn: cn=TheDuke2,ou=Roles,o=example2,dc=jboss,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: TheDuke2
+description: the duke2 role
+member: uid=jduke2,ou=People,o=example2,dc=jboss,dc=org
+
+dn: cn=JBossAdmin,ou=Roles,o=example2,dc=jboss,dc=org
+objectClass: top
+objectClass: groupOfNames
+cn: JBossAdmin
+description: the JBossAdmin group
+member: uid=jduke,ou=People,dc=jboss,dc=org
+ */
public void testLdapExample2() throws Exception
{
System.out.println("testLdapExample2");
@@ -352,7 +581,9 @@
Group roles = (Group) groups.iterator().next();
assertTrue("Echo is a role", roles.isMember(new SimplePrincipal("Echo")));
assertTrue("TheDuke is a role", roles.isMember(new SimplePrincipal("TheDuke")));
-
+ assertFalse("Echo2 is NOT a role", roles.isMember(new SimplePrincipal("Echo2")));
+ assertFalse("TheDuke2 is NOT a role", roles.isMember(new SimplePrincipal("TheDuke2")));
+
lc.logout();
}
public void testLdapExample21() throws Exception
@@ -373,9 +604,41 @@
Group roles = (Group) groups.iterator().next();
assertTrue("Echo is a role", roles.isMember(new SimplePrincipal("Echo")));
assertTrue("TheDuke is a role", roles.isMember(new SimplePrincipal("TheDuke")));
-
+
lc.logout();
}
+ public void testLdapExample21Encrypt() throws Exception
+ {
+ System.out.println("testLdapExample21Encrypt");
+ MBeanServer server = MBeanServerFactory.createMBeanServer("jboss");
+ JaasSecurityDomain secDomain = new JaasSecurityDomain("testLdapExample21Encrypt");
+ secDomain.setSalt("abcdefgh");
+ secDomain.setIterationCount(13);
+ secDomain.setKeyStorePass("master");
+ secDomain.setManagerServiceName(null);
+ secDomain.start();
+ ObjectName name = new ObjectName("jboss.test:service=JaasSecurityDomain,domain=testLdapExample21Encrypt");
+ server.registerMBean(secDomain, name);
+
+ UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke",
+ "theduke".toCharArray());
+ LoginContext lc = new LoginContext("testLdapExample21Encrypt", handler);
+ lc.login();
+
+ Subject subject = lc.getSubject();
+ System.out.println("Subject: "+subject);
+
+ Set groups = subject.getPrincipals(Group.class);
+ Set principals = subject.getPrincipals();
+ assertTrue("Principals contains jduke", principals.contains(new SimplePrincipal("jduke")));
+ assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles")));
+ Group roles = (Group) groups.iterator().next();
+ assertTrue("Echo is a role", roles.isMember(new SimplePrincipal("Echo")));
+ assertTrue("TheDuke is a role", roles.isMember(new SimplePrincipal("TheDuke")));
+
+ lc.logout();
+ MBeanServerFactory.releaseMBeanServer(server);
+ }
public void testLdapExample23() throws Exception
{
System.out.println("testLdapExample23");
@@ -394,7 +657,7 @@
Group roles = (Group) groups.iterator().next();
assertTrue("Echo is a role", roles.isMember(new SimplePrincipal("Echo")));
assertTrue("TheDuke is a role", roles.isMember(new SimplePrincipal("TheDuke")));
-
+
lc.logout();
}
public void testLdapExample22() throws Exception
@@ -415,7 +678,7 @@
Group roles = (Group) groups.iterator().next();
assertTrue("Echo is a role", roles.isMember(new SimplePrincipal("Echo")));
assertTrue("TheDuke is a role", roles.isMember(new SimplePrincipal("TheDuke")));
-
+
lc.logout();
}
public void testLdapExample24() throws Exception
@@ -440,15 +703,114 @@
assertTrue("R3 is a role", roles.isMember(new SimplePrincipal("R3")));
assertFalse("R4 is NOT a role", roles.isMember(new SimplePrincipal("R4")));
assertTrue("R5 is a role", roles.isMember(new SimplePrincipal("R5")));
-
+
lc.logout();
}
+ /* JBAS-3312 testcase
+dn: DC=uz,DC=kuleuven,DC=ac,DC=be
+objectClass: top
+
+dn: ou=People,dc=uz,dc=kuleuven,dc=ac,dc=be
+objectClass: organizationalUnit
+ou: People
+
+dn: CN=jduke,ou=People,dc=uz,dc=kuleuven,dc=ac,dc=be
+memberOf: ou=People,dc=uz,dc=kuleuven,dc=ac,dc=be
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+cn: JDuke
+name: Java Duke
+sn: TheDuke
+sAMAccountName: jduke
+userPrincipalName: jduke at jboss.org
+userPassword: theduke
+
+dn: OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+objectClass: top
+objectClass: organizationalUnit
+objectClass: orgUnitEx
+ou: Groups
+objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=uz,DC=kuleuven,DC=ac,DC=be
+
+
+dn: OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+objectClass: top
+objectClass: organizationalUnit
+objectClass: orgUnitEx
+ou: Informatiesystemen
+objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=uz,DC=kuleuven,DC=ac,DC=be
+
+
+dn: CN=inf_map_informatiesystemen_lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+objectClass: top
+objectClass: group
+cn: inf_map_informatiesystemen_lijst
+member: CN=inf_map_vmware_Lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+member: CN=inf_map_carenet_Lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+sAMAccountName: inf_map_informatiesystemen_lijst
+objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=uz,DC=kuleuven,DC=ac,DC=be
+
+
+dn: CN=inf_map_vmware_Lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+objectClass: top
+objectClass: group
+cn: inf_map_vmware_Lijst
+description: \\uz\data\Admin\VMWare Lijst
+member: CN=inf_map_vmware_iso_S,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+member: CN=inf_map_vmware_iso_L,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+memberOf: CN=inf_map_informatiesystemen_lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+sAMAccountName: inf_map_vmware_Lijst
+objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=uz,DC=kuleuven,DC=ac,DC=be
+
+
+dn: CN=inf_map_vmware_iso_S,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+objectClass: top
+objectClass: group
+cn: inf_map_vmware_iso_S
+description: \\uz\data\Admin\VMWare\ISO Schrijven
+member: CN=markv,OU=People,DC=uz,DC=kuleuven,DC=ac,DC=be
+member: CN=jduke,OU=People,DC=uz,DC=kuleuven,DC=ac,DC=be
+memberOf: CN=inf_map_informatiesystemen_lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+memberOf: CN=inf_map_vmware_Lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+sAMAccountName: inf_map_vmware_iso_S
+objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=uz,DC=kuleuven,DC=ac,DC=be
+ */
+ public void testJBAS3312() throws Exception
+ {
+ System.out.println("testJBAS3312");
+ UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke",
+ "theduke".toCharArray());
+ LoginContext lc = new LoginContext("testJBAS3312", handler);
+ lc.login();
+
+ Subject subject = lc.getSubject();
+ System.out.println("Subject: "+subject);
+
+ Set groups = subject.getPrincipals(Group.class);
+ Set principals = subject.getPrincipals();
+ assertTrue("Principals contains Java Duke", principals.contains(new SimplePrincipal("jduke")));
+ assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles")));
+ Group roles = (Group) groups.iterator().next();
+ Enumeration names = roles.members();
+ while( names.hasMoreElements() )
+ {
+ System.out.println(names.nextElement());
+ }
+ assertTrue("inf_map_vmware_iso_S is a role", roles.isMember(new SimplePrincipal("inf_map_vmware_iso_S")));
+ assertTrue("inf_map_informatiesystemen_lijst is a role", roles.isMember(new SimplePrincipal("inf_map_informatiesystemen_lijst")));
+ assertTrue("inf_map_vmware_Lijst is a role", roles.isMember(new SimplePrincipal("inf_map_vmware_Lijst")));
+
+ lc.logout();
+ }
+
public static void main(java.lang.String[] args)
{
System.setErr(System.out);
TestSuite suite = new TestSuite(LoginModulesTestCase.class);
junit.textui.TestRunner.run(suite);
}
-
+
}
More information about the jboss-cvs-commits
mailing list