[jboss-cvs] JBossAS SVN: r57223 - in branches/Branch_4_0/security/src: main/org/jboss/security/auth/spi tests/org/jboss/test
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Sep 27 00:22:44 EDT 2006
Author: scott.stark at jboss.org
Date: 2006-09-27 00:22:40 -0400 (Wed, 27 Sep 2006)
New Revision: 57223
Modified:
branches/Branch_4_0/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
branches/Branch_4_0/security/src/tests/org/jboss/test/LoginModulesTestCase.java
Log:
JBAS-3312, query the top level role context for matching roles.
Modified: branches/Branch_4_0/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
===================================================================
--- branches/Branch_4_0/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java 2006-09-26 23:31:44 UTC (rev 57222)
+++ branches/Branch_4_0/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java 2006-09-27 04:22:40 UTC (rev 57223)
@@ -417,6 +417,23 @@
{
SearchResult sr = (SearchResult) results.next();
String dn = canonicalize(sr.getName());
+ if( nesting == 0 && roleAttributeIsDN && roleNameAttributeID != null )
+ {
+ // Check the top context for role names
+ String[] attrNames = {roleNameAttributeID};
+ Attributes result2 = ctx.getAttributes(dn, attrNames);
+ Attribute roles2 = result2.get(roleNameAttributeID);
+ if( roles2 != null )
+ {
+ for(int m = 0; m < roles2.size(); m ++)
+ {
+ String roleName = (String) roles2.get(m);
+ addRole(roleName);
+ }
+ }
+ }
+
+ // Query the context for the roleDN values
String[] attrNames = {roleAttributeID};
Attributes result = ctx.getAttributes(dn, attrNames);
if( result != null && result.size() > 0 )
@@ -538,6 +555,7 @@
private void addRole(String roleName)
{
+ System.out.println("addRole, "+roleName);
if (roleName != null)
{
try
Modified: branches/Branch_4_0/security/src/tests/org/jboss/test/LoginModulesTestCase.java
===================================================================
--- branches/Branch_4_0/security/src/tests/org/jboss/test/LoginModulesTestCase.java 2006-09-26 23:31:44 UTC (rev 57222)
+++ branches/Branch_4_0/security/src/tests/org/jboss/test/LoginModulesTestCase.java 2006-09-27 04:22:40 UTC (rev 57223)
@@ -23,6 +23,7 @@
import java.lang.reflect.Method;
import java.security.acl.Group;
+import java.util.Enumeration;
import java.util.HashMap;
import java.util.Set;
import java.util.logging.Level;
@@ -51,11 +52,11 @@
public class LoginModulesTestCase extends TestCase
{
static
- {
+ {
try
{
Configuration.setConfiguration(new TestConfig());
- System.out.println("Installed TestConfig as JAAS Configuration");
+ System.out.println("Installed TestConfig as JAAS Configuration");
Logger.setPluginClassName("org.jboss.logging.JDK14LoggerPlugin");
java.util.logging.Logger security = java.util.logging.Logger.getLogger("org.jboss.security");
security.setLevel(Level.FINEST);
@@ -63,12 +64,12 @@
console.setLevel(Level.FINEST);
security.addHandler(console);
Logger log = Logger.getLogger("org.jboss.security");
- log.trace("Configured JDK trace logging");
+ log.trace("Configured JDK trace logging");
}
catch(Exception e)
{
e.printStackTrace();
- }
+ }
}
/** Hard coded login configurations for the test cases. The configuration
name corresponds to the unit test function that uses the configuration.
@@ -299,8 +300,8 @@
baseFilter="(uid={0})"
rolesCtxDN="ou=Roles,o=example2,dc=jboss,dc=org";
roleFilter="(uid={0})"
- roleAttributeIsDN="cn"
roleAttributeID="memberOf"
+ roleAttributeIsDN="true"
roleNameAttributeID="cn"
roleRecursion=0
};
@@ -370,6 +371,33 @@
AppConfigurationEntry[] entry = {ace};
return entry;
}
+
+ AppConfigurationEntry[] testJBAS3312()
+ {
+ String name = "org.jboss.security.auth.spi.LdapExtLoginModule";
+ HashMap options = new HashMap();
+ options.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
+ options.put("java.naming.provider.url", "ldap://lamia/");
+ options.put("java.naming.security.authentication", "simple");
+
+ options.put("bindDN", "cn=Root,DC=uz,DC=kuleuven,DC=ac,DC=be");
+ options.put("bindCredential", "root");
+ options.put("baseCtxDN", "ou=People,dc=uz,dc=kuleuven,dc=ac,dc=be");
+ options.put("baseFilter", "(sAMAccountName={0})");
+
+ options.put("rolesCtxDN", "OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be");
+ options.put("roleFilter", "(member={1})");
+ options.put("roleAttributeID", "memberOf");
+ options.put("roleAttributeIsDN", "true");
+ options.put("roleNameAttributeID", "cn");
+ options.put("roleRecursion", "5");
+ options.put("searchScope", "ONELEVEL_SCOPE");
+
+ AppConfigurationEntry ace = new AppConfigurationEntry(name,
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
+ AppConfigurationEntry[] entry = {ace};
+ return entry;
+ }
}
@@ -677,7 +705,106 @@
assertTrue("R5 is a role", roles.isMember(new SimplePrincipal("R5")));
lc.logout();
- }
+ }
+
+ /* JBAS-3312 testcase
+dn: DC=uz,DC=kuleuven,DC=ac,DC=be
+objectClass: top
+
+dn: ou=People,dc=uz,dc=kuleuven,dc=ac,dc=be
+objectClass: organizationalUnit
+ou: People
+
+dn: CN=jduke,ou=People,dc=uz,dc=kuleuven,dc=ac,dc=be
+memberOf: ou=People,dc=uz,dc=kuleuven,dc=ac,dc=be
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+cn: JDuke
+name: Java Duke
+sn: TheDuke
+sAMAccountName: jduke
+userPrincipalName: jduke at jboss.org
+userPassword: theduke
+
+dn: OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+objectClass: top
+objectClass: organizationalUnit
+objectClass: orgUnitEx
+ou: Groups
+objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=uz,DC=kuleuven,DC=ac,DC=be
+
+
+dn: OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+objectClass: top
+objectClass: organizationalUnit
+objectClass: orgUnitEx
+ou: Informatiesystemen
+objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=uz,DC=kuleuven,DC=ac,DC=be
+
+
+dn: CN=inf_map_informatiesystemen_lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+objectClass: top
+objectClass: group
+cn: inf_map_informatiesystemen_lijst
+member: CN=inf_map_vmware_Lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+member: CN=inf_map_carenet_Lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+sAMAccountName: inf_map_informatiesystemen_lijst
+objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=uz,DC=kuleuven,DC=ac,DC=be
+
+
+dn: CN=inf_map_vmware_Lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+objectClass: top
+objectClass: group
+cn: inf_map_vmware_Lijst
+description: \\uz\data\Admin\VMWare Lijst
+member: CN=inf_map_vmware_iso_S,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+member: CN=inf_map_vmware_iso_L,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+memberOf: CN=inf_map_informatiesystemen_lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+sAMAccountName: inf_map_vmware_Lijst
+objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=uz,DC=kuleuven,DC=ac,DC=be
+
+
+dn: CN=inf_map_vmware_iso_S,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+objectClass: top
+objectClass: group
+cn: inf_map_vmware_iso_S
+description: \\uz\data\Admin\VMWare\ISO Schrijven
+member: CN=markv,OU=People,DC=uz,DC=kuleuven,DC=ac,DC=be
+member: CN=jduke,OU=People,DC=uz,DC=kuleuven,DC=ac,DC=be
+memberOf: CN=inf_map_informatiesystemen_lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+memberOf: CN=inf_map_vmware_Lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+sAMAccountName: inf_map_vmware_iso_S
+objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=uz,DC=kuleuven,DC=ac,DC=be
+ */
+ public void testJBAS3312() throws Exception
+ {
+ System.out.println("testJBAS3312");
+ UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke",
+ "theduke".toCharArray());
+ LoginContext lc = new LoginContext("testJBAS3312", handler);
+ lc.login();
+
+ Subject subject = lc.getSubject();
+ System.out.println("Subject: "+subject);
+
+ Set groups = subject.getPrincipals(Group.class);
+ Set principals = subject.getPrincipals();
+ assertTrue("Principals contains Java Duke", principals.contains(new SimplePrincipal("jduke")));
+ assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles")));
+ Group roles = (Group) groups.iterator().next();
+ Enumeration names = roles.members();
+ while( names.hasMoreElements() )
+ {
+ System.out.println(names.nextElement());
+ }
+ assertTrue("inf_map_vmware_iso_S is a role", roles.isMember(new SimplePrincipal("inf_map_vmware_iso_S")));
+ assertTrue("inf_map_informatiesystemen_lijst is a role", roles.isMember(new SimplePrincipal("inf_map_informatiesystemen_lijst")));
+ assertTrue("inf_map_vmware_Lijst is a role", roles.isMember(new SimplePrincipal("inf_map_vmware_Lijst")));
+
+ lc.logout();
+ }
public static void main(java.lang.String[] args)
{
More information about the jboss-cvs-commits
mailing list