[jboss-cvs] JBossAS SVN: r68964 - in projects/security/security-jboss-sx/trunk/jbosssx/src: tests/org/jboss/test/security/mapping and 1 other directory.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Mon Jan 14 22:48:38 EST 2008 

Author: anil.saldhana at jboss.com
Date: 2008-01-14 22:48:38 -0500 (Mon, 14 Jan 2008)
New Revision: 68964

Added:
   projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/mapping/DeploymentRolesMappingUnitTestCase.java
Modified:
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java
Log:
SECURITY-110: DeploymentRoleMappingProvider should consider the principalsSet from subject

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java	2008-01-15 03:44:38 UTC (rev 68963)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/mapping/providers/DeploymentRolesMappingProvider.java	2008-01-15 03:48:38 UTC (rev 68964)
@@ -51,11 +51,11 @@
    
    private MappingResult<Group> result;
 
-   public void init(Map options)
+   public void init(Map<String,Object> options)
    { 
    } 
 
-   public void setMappingResult(MappingResult res)
+   public void setMappingResult(MappingResult<Group> res)
    { 
       result = res;
    }
@@ -65,7 +65,8 @@
     * on the mappedObject
     * @see MappingProvider#performMapping(Map, Object)
     */ 
-   public void performMapping(Map map, Group mappedObject)
+   @SuppressWarnings("unchecked")
+   public void performMapping(Map<String,Object> map, Group mappedObject)
    {  
       if(map == null || map.isEmpty())
          throw new IllegalArgumentException("Context Map is null or empty");
@@ -76,24 +77,62 @@
       if(trace)
          log.trace("Principal="+principal+":principalRolesMap="+principalRolesMap);
       
-      if(principal == null || principalRolesMap == null || principalRolesMap.isEmpty())
+      Set<Principal> subjectPrincipals = (Set<Principal>) map.get(SecurityConstants.PRINCIPALS_SET_IDENTIFIER);
+      
+      if(principalRolesMap == null || principalRolesMap.isEmpty())
+      {
+         result.setMappedObject(mappedObject);
          return ; // No Mapping
+      }
       
-      Set<String> roleset = (Set<String>)principalRolesMap.get(principal.getName());
+      if(principal != null)
+      {
+         mappedObject = mapGroup(principal, principalRolesMap, mappedObject);
+      }
+      
+      if(subjectPrincipals != null)
+      {
+         for(Principal p: subjectPrincipals)
+         {
+            if(p instanceof Group)
+               continue;
+            mappedObject = mapGroup(p, principalRolesMap, mappedObject);
+         } 
+      }
+         
+      /*Set<String> roleset = (Set<String>)principalRolesMap.get(principal.getName());
       if(roleset != null)
       {
          Group newRoles = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
-         Iterator iter = roleset.iterator();
+         Iterator<String> iter = roleset.iterator();
          while(iter.hasNext())
          {
-            String rolename = (String)iter.next();
+            String rolename = iter.next();
             newRoles.addMember(createNewPrincipal(mappedObject,rolename));
          }
          mappedObject = MappingProviderUtil.replacePrincipals(mappedObject, newRoles);  
-      } 
+      }*/ 
       result.setMappedObject(mappedObject);
    } 
    
+   private Group mapGroup(Principal principal, Map<String, Set<String>> principalRolesMap,
+         Group mappedObject)
+   {
+      Set<String> roleset = (Set<String>)principalRolesMap.get(principal.getName());
+      if(roleset != null)
+      {
+         Group newRoles = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
+         Iterator<String> iter = roleset.iterator();
+         while(iter.hasNext())
+         {
+            String rolename = iter.next();
+            newRoles.addMember(createNewPrincipal(mappedObject,rolename));
+         }
+         mappedObject = MappingProviderUtil.replacePrincipals(mappedObject, newRoles);  
+      } 
+      return mappedObject;
+   }
+   
    /**
     * Need to maintain the Principal type from the original group
     * @param mappedObject

Added: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/mapping/DeploymentRolesMappingUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/mapping/DeploymentRolesMappingUnitTestCase.java	                        (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/mapping/DeploymentRolesMappingUnitTestCase.java	2008-01-15 03:48:38 UTC (rev 68964)
@@ -0,0 +1,125 @@
+/*
+  * JBoss, Home of Professional Open Source
+  * Copyright 2007, JBoss Inc., and individual contributors as indicated
+  * by the @authors tag. See the copyright.txt in the distribution for a
+  * full listing of individual contributors.
+  *
+  * This is free software; you can redistribute it and/or modify it
+  * under the terms of the GNU Lesser General Public License as
+  * published by the Free Software Foundation; either version 2.1 of
+  * the License, or (at your option) any later version.
+  *
+  * This software is distributed in the hope that it will be useful,
+  * but WITHOUT ANY WARRANTY; without even the implied warranty of
+  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  * Lesser General Public License for more details.
+  *
+  * You should have received a copy of the GNU Lesser General Public
+  * License along with this software; if not, write to the Free
+  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  */
+package org.jboss.test.security.mapping;
+
+import java.security.acl.Group;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SimpleGroup;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.mapping.MappingResult;
+import org.jboss.security.mapping.providers.DeploymentRolesMappingProvider;
+
+import junit.framework.TestCase;
+
+//$Id$
+
+/**
+ *  Unit test the DeploymentRolesMappingProvider
+ *  @author Anil.Saldhana at redhat.com
+ *  @since  Jan 14, 2008 
+ *  @version $Revision$
+ */
+public class DeploymentRolesMappingUnitTestCase extends TestCase
+{
+   public void testMappingWithPrincipal()
+   {
+      Map<String,Object> cmap = new HashMap<String,Object>();
+     
+      cmap.put(SecurityConstants.PRINCIPAL_IDENTIFIER, new SimplePrincipal("anil"));
+      cmap.put(SecurityConstants.DEPLOYMENT_PRINCIPAL_ROLES_MAP, getPrincipalRoleMap());
+      
+      assertTrue(getMapping(cmap));
+   }
+   
+   public void testMappingWithPrincipalSet()
+   {  
+      Map<String,Object> cmap = new HashMap<String,Object>();
+      Subject subject = new Subject();
+      subject.getPrincipals().add(new SimplePrincipal("anil"));
+     
+      cmap.put(SecurityConstants.PRINCIPALS_SET_IDENTIFIER, subject.getPrincipals());
+      cmap.put(SecurityConstants.DEPLOYMENT_PRINCIPAL_ROLES_MAP, getPrincipalRoleMap());
+       
+      assertTrue(getMapping(cmap));
+   }
+   
+   public void testUnsuccessfulMappingWithPrincipal()
+   {
+      Map<String,Object> cmap = new HashMap<String,Object>(); 
+      cmap.put(SecurityConstants.PRINCIPAL_IDENTIFIER, new SimplePrincipal("impostor"));
+      cmap.put(SecurityConstants.DEPLOYMENT_PRINCIPAL_ROLES_MAP, getPrincipalRoleMap());
+      
+      assertFalse(getMapping(cmap));
+   }
+   
+   public void testUnsuccessfulMappingWithPrincipalSet()
+   {  
+      Map<String,Object> cmap = new HashMap<String,Object>();
+      Subject subject = new Subject();
+      subject.getPrincipals().add(new SimplePrincipal("impostor"));
+     
+      cmap.put(SecurityConstants.PRINCIPALS_SET_IDENTIFIER, subject.getPrincipals());
+      cmap.put(SecurityConstants.DEPLOYMENT_PRINCIPAL_ROLES_MAP, getPrincipalRoleMap());
+       
+      assertFalse(getMapping(cmap));
+   }
+   
+   private boolean getMapping(Map<String,Object> cmap)
+   {
+      DeploymentRolesMappingProvider drmp = new DeploymentRolesMappingProvider();
+      MappingResult<Group> result = new MappingResult<Group>();
+      drmp.setMappingResult(result);
+      
+      drmp.performMapping(cmap, getGroup(new String[]{"gooduser","okuser"}));
+      return result.getMappedObject().isMember(new SimplePrincipal("allowedUser")); 
+   }
+   
+   private Map<String,Set<String>> getPrincipalRoleMap()
+   {
+      Map<String,Set<String>> pmap = new HashMap<String,Set<String>>();
+      
+      Set<String> roleSet = new HashSet<String>();
+      String[] rolearr = {"allowedUser"}; 
+      roleSet.addAll(Arrays.asList(rolearr));
+      pmap.put("anil", roleSet);
+      return pmap;
+   }
+   
+   private Group getGroup(String[] principalArr)
+   {
+      SimpleGroup sg = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
+      for(String p: principalArr)
+      {
+         sg.addMember(new SimplePrincipal(p));
+      }
+      return sg;
+   }
+
+}
\ No newline at end of file

More information about the jboss-cvs-commits mailing list