[jboss-cvs] JBossAS SVN: r67472 - in projects/security/security-jboss-sx/trunk/jbosssx/src: tests/org/jboss/test/authorization and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Nov 26 20:41:05 EST 2007
Author: anil.saldhana at jboss.com
Date: 2007-11-26 20:41:05 -0500 (Mon, 26 Nov 2007)
New Revision: 67472
Added:
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/ejb/
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBAuthorizationUnitTestCase.java
Modified:
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/resources/EJBResource.java
Log:
SECURITY-94: EJBResource has methods rather than contextmap
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/resources/EJBResource.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/resources/EJBResource.java 2007-11-27 01:39:35 UTC (rev 67471)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/authorization/resources/EJBResource.java 2007-11-27 01:41:05 UTC (rev 67472)
@@ -21,8 +21,10 @@
*/
package org.jboss.security.authorization.resources;
-import java.util.HashMap;
+import java.lang.reflect.Method;
+import java.security.Principal;
import java.util.Map;
+import java.util.Set;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceType;
@@ -35,16 +37,18 @@
* @since Jul 6, 2006
* @version $Revision: 61962 $
*/
-public class EJBResource implements Resource
-{
- private Map<String,Object> map = new HashMap<String,Object>();
-
+public class EJBResource extends JavaEEResource
+{
+ private Method ejbMethod = null;
+ private String ejbName = null;
+ private String ejbMethodInterface = null;
+ private Set<Principal> methodRoles = null;
/**
* Create a new EJBResource.
*
* @param map
*/
- public EJBResource(Map map)
+ public EJBResource(Map<String,Object> map)
{
this.map = map;
}
@@ -58,26 +62,90 @@
}
/**
- * @see Resource#getMap()
+ * Get the EJB Name
+ * @return
*/
- public Map<String,Object> getMap()
+ public String getEjbName()
{
- return this.map;
+ return ejbName;
+ }
+
+ /**
+ * Set the EJB Name
+ * @param ejbName
+ */
+ public void setEjbName(String ejbName)
+ {
+ this.ejbName = ejbName;
+ }
+
+ /**
+ * Get the EJB Method
+ * @return
+ */
+ public Method getEjbMethod()
+ {
+ return ejbMethod;
+ }
+
+ /**
+ * Set the EJB Method
+ * @param ejbMethod
+ */
+ public void setEjbMethod(Method ejbMethod)
+ {
+ this.ejbMethod = ejbMethod;
+ }
+
+ /**
+ * Get the EJB Method Interface as a String
+ * @return
+ */
+ public String getEjbMethodInterface()
+ {
+ return ejbMethodInterface;
+ }
+
+ /**
+ * Set the EJB Method Interface as a String
+ * @param ejbMethodInterface
+ */
+ public void setEjbMethodInterface(String ejbMethodInterface)
+ {
+ this.ejbMethodInterface = ejbMethodInterface;
}
-
+
/**
- * Set the contextual map
- * @param m Contextual Map
+ * Get the Roles allowed for the EJB Method as
+ * a set of Principal objects
+ * @return
*/
- public void setMap(Map<String,Object> m)
+ public Set<Principal> getMethodRoles()
{
- this.map = m;
+ return methodRoles;
}
-
+
+ /**
+ * Set the Roles allowed for the EJB Method as
+ * a Set of Principal objects
+ * @param methodRoles
+ */
+ public void setMethodRoles(Set<Principal> methodRoles)
+ {
+ this.methodRoles = methodRoles;
+ }
+
public String toString()
{
StringBuffer buf = new StringBuffer();
- buf.append("[").append(getClass().getName()).append(":contextMap=").append(map).append("]");
+ buf.append("[").append(getClass().getName()).append(":contextMap=").append(map)
+ .append(":method=").append(this.ejbMethod)
+ .append(":ejbMethodInterface=").append(this.ejbMethodInterface)
+ .append(":ejbName=").append(this.ejbName)
+ .append(":ejbPrincipal=").append(this.principal)
+ .append(":methodRoles=").append(this.methodRoles)
+ .append(":securityRoleReferences=").append(this.securityRoleReferences)
+ .append("]");
return buf.toString();
}
-}
+}
\ No newline at end of file
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBAuthorizationUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBAuthorizationUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/ejb/EJBAuthorizationUnitTestCase.java 2007-11-27 01:41:05 UTC (rev 67472)
@@ -0,0 +1,218 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authorization.ejb;
+
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextFactory;
+import org.jboss.security.SecurityRoleRef;
+import org.jboss.security.SimpleGroup;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.auth.callback.AppCallbackHandler;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.AuthorizationException;
+import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.authorization.config.AuthorizationModuleEntry;
+import org.jboss.security.authorization.modules.DelegatingAuthorizationModule;
+import org.jboss.security.authorization.resources.EJBResource;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.AuthorizationInfo;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.jacc.SubjectPolicyContextHandler;
+import org.jboss.security.plugins.JBossAuthorizationManager;
+import org.jboss.security.plugins.SecurityContextAssociation;
+import org.jboss.security.plugins.authorization.JBossAuthorizationContext;
+
+//$Id$
+
+/**
+ * EJB Authorization Unit Test Case
+ * @author Anil.Saldhana at redhat.com
+ * @since Nov 26, 2007
+ * @version $Revision$
+ */
+public class EJBAuthorizationUnitTestCase extends TestCase
+{
+ protected void setUp() throws Exception
+ {
+ PolicyContext.registerHandler(SecurityConstants.SUBJECT_CONTEXT_KEY,
+ new SubjectPolicyContextHandler(), true);
+ }
+
+ /**
+ * Test EJB Authorization.
+ * TestEJB is an ejb that has a method "void someMethod()"
+ * which is usable by roles (roleA,roleB)
+ * @throws Exception
+ */
+ public void testRegularEJBAuthorizationPass() throws Exception
+ {
+ Principal ejbPrincipal = new SimplePrincipal("SomePrincipal");
+ setUpRegularConfiguration(ejbPrincipal);
+
+ //Create a ContextMap
+ Map<String,Object> cmap = new HashMap<String,Object>();
+ cmap.put(ResourceKeys.AUTHORIZATION_MANAGER, new JBossAuthorizationManager("test"));
+
+ EJBResource ejbResource = new EJBResource(cmap);
+ ejbResource.setEjbName("TestEJB");
+ ejbResource.setEjbMethod(DummyClass.class.getMethod("someMethod", new Class[0]));
+ ejbResource.setEjbMethodInterface("void someMethod");
+ ejbResource.setMethodRoles(this.getMethodRoles(new String[]{"roleA", "roleC"}));
+ ejbResource.setPrincipal(ejbPrincipal);
+
+ AuthorizationContext ac = new JBossAuthorizationContext("test",
+ new Subject(), new AppCallbackHandler("a","b".toCharArray()));
+ int result = ac.authorize(ejbResource);
+ assertEquals(AuthorizationContext.PERMIT, result);
+ }
+
+ /**
+ * Test EJB Authorization.
+ * TestEJB is an ejb that has a method "void someMethod()"
+ * which is usable by roles (roleA,roleB)
+ *
+ * This method tests with a bad role
+ * @throws Exception
+ */
+ public void testInvalidRegularEJBAuthorization() throws Exception
+ {
+ Principal ejbPrincipal = new SimplePrincipal("SomePrincipal");
+ setUpRegularConfiguration(ejbPrincipal);
+
+ //Create a ContextMap
+ Map<String,Object> cmap = new HashMap<String,Object>();
+ cmap.put(ResourceKeys.AUTHORIZATION_MANAGER, new JBossAuthorizationManager("test"));
+
+ EJBResource ejbResource = new EJBResource(cmap);
+ ejbResource.setEjbName("TestEJB");
+ ejbResource.setEjbMethod(DummyClass.class.getMethod("someMethod", new Class[0]));
+ ejbResource.setEjbMethodInterface("void someMethod");
+ ejbResource.setMethodRoles(getMethodRoles(new String[]{"badrole"}));
+ ejbResource.setPrincipal(ejbPrincipal);
+
+ AuthorizationContext ac = new JBossAuthorizationContext("test",
+ new Subject(), new AppCallbackHandler("a","b".toCharArray()));
+ try
+ {
+ ac.authorize(ejbResource);
+ fail("Should have failed");
+ }
+ catch(AuthorizationException ignore)
+ {
+ }
+ catch(Exception e)
+ {
+ fail(e.getLocalizedMessage());
+ }
+ }
+
+ public void testSecurityRoleRef() throws Exception
+ {
+ Principal ejbPrincipal = new SimplePrincipal("SomePrincipal");
+ setUpRegularConfiguration(ejbPrincipal);
+
+ //Create a ContextMap
+ Map<String,Object> cmap = new HashMap<String,Object>();
+ cmap.put(ResourceKeys.AUTHORIZATION_MANAGER, new JBossAuthorizationManager("test"));
+
+ EJBResource ejbResource = new EJBResource(cmap);
+ ejbResource.setEjbName("TestEJB");
+ ejbResource.setEjbMethod(DummyClass.class.getMethod("someMethod", new Class[0]));
+ ejbResource.setEjbMethodInterface("void someMethod");
+ ejbResource.setMethodRoles(getMethodRoles(new String[]{"badrole"}));
+ ejbResource.setPrincipal(ejbPrincipal);
+
+ //Additional entries needed for role ref
+ Set<SecurityRoleRef> roleRefSet = new HashSet<SecurityRoleRef>();
+ SecurityRoleRef srr = new SecurityRoleRef( "roleLink", "roleA", "something");
+ roleRefSet.add(srr);
+ ejbResource.setSecurityRoleReferences(roleRefSet);
+
+ cmap.put(ResourceKeys.SECURITY_ROLE_REFERENCES, roleRefSet);
+ cmap.put(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
+
+ cmap.put(ResourceKeys.ROLENAME, "roleLink");
+
+ AuthorizationContext ac = new JBossAuthorizationContext("test",
+ new Subject(), new AppCallbackHandler("a","b".toCharArray()));
+ int result = ac.authorize(ejbResource);
+ assertEquals(AuthorizationContext.PERMIT, result);
+ }
+
+ private void setUpRegularConfiguration(Principal ejbPrincipal) throws Exception
+ {
+ Subject subject = new Subject();
+ SimpleGroup sg = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
+ sg.addMember(new SimplePrincipal("roleA"));
+ subject.getPrincipals().add(sg);
+
+ SecurityContext jsc = SecurityContextFactory.createSecurityContext("test");
+ jsc.getUtil().createSubjectInfo(ejbPrincipal, "dummy", subject);
+ SecurityContextAssociation.setSecurityContext(jsc);
+
+ SecurityConfiguration.addApplicationPolicy(getApplicationPolicy("test"));
+ }
+
+ private ApplicationPolicy getApplicationPolicy(String domain)
+ {
+ AuthorizationInfo ai = new AuthorizationInfo(domain);
+ String moduleName = DelegatingAuthorizationModule.class.getName();
+ AuthorizationModuleEntry ame = new AuthorizationModuleEntry(moduleName);
+ ai.add(ame);
+ ApplicationPolicy ap = new ApplicationPolicy(domain);
+ ap.setAuthorizationInfo(ai);
+ return ap;
+ }
+
+ private Set<Principal> getMethodRoles(String[] roles)
+ {
+ Set<Principal> roleSet = new HashSet<Principal>();
+ for(String role:roles)
+ {
+ roleSet.add(new SimplePrincipal(role));
+ }
+ return roleSet;
+ }
+
+ /**
+ * Dummy Class just to get a Method instance
+ * by calling DummyClass.class.getMethod()
+ * @author asaldhana
+ *
+ */
+ public class DummyClass
+ {
+ public void someMethod(){}
+ }
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list