[jboss-cvs] JBossAS SVN: r92155 - projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaas.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Aug 7 18:07:51 EDT 2009
Author: anil.saldhana at jboss.com
Date: 2009-08-07 18:07:50 -0400 (Fri, 07 Aug 2009)
New Revision: 92155
Modified:
projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaas/ClientLoginModuleUnitTestCase.java
Log:
SECURITY-339: ClientLoginModule and JAAS abort
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaas/ClientLoginModuleUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaas/ClientLoginModuleUnitTestCase.java 2009-08-07 19:41:38 UTC (rev 92154)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaas/ClientLoginModuleUnitTestCase.java 2009-08-07 22:07:50 UTC (rev 92155)
@@ -140,18 +140,18 @@
AppConfigurationEntry[] entry = {ace};
return entry;
}
-
- @SuppressWarnings("unchecked")
- AppConfigurationEntry[] testAbort()
+
+ AppConfigurationEntry[] testAbortWithRestore()
{
String name1 = "org.jboss.security.auth.spi.SimpleServerLoginModule";
AppConfigurationEntry ace1 = new AppConfigurationEntry(name1,
- AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap());
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap<String,String>());
String name2 = "org.jboss.security.ClientLoginModule";
HashMap<String,String> options = new HashMap<String,String>();
options.put("multi-threaded", "true");
+ options.put("restore-login-identity", "true");
AppConfigurationEntry ace2 = new AppConfigurationEntry(name2,
@@ -160,6 +160,24 @@
AppConfigurationEntry[] entry = {ace1,ace2};
return entry;
}
+
+ AppConfigurationEntry[] testAbortWithNoRestore()
+ {
+ String name1 = "org.jboss.security.auth.spi.SimpleServerLoginModule";
+ AppConfigurationEntry ace1 = new AppConfigurationEntry(name1,
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap<String,String>());
+
+
+ String name2 = "org.jboss.security.ClientLoginModule";
+ HashMap<String,String> options = new HashMap<String,String>();
+ options.put("multi-threaded", "true");
+
+ AppConfigurationEntry ace2 = new AppConfigurationEntry(name2,
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
+
+ AppConfigurationEntry[] entry = {ace1,ace2};
+ return entry;
+ }
}
@@ -172,7 +190,8 @@
suite.addTest(new ClientLoginModuleUnitTestCase("testMultiThreaded"));
suite.addTest(new ClientLoginModuleUnitTestCase("testMultiThreadedRestoreIdentity"));
suite.addTest(new ClientLoginModuleUnitTestCase("testMultiThreadedRestoreStack"));
- suite.addTest(new ClientLoginModuleUnitTestCase("testAbort"));
+ suite.addTest(new ClientLoginModuleUnitTestCase("testAbortWithRestore"));
+ suite.addTest(new ClientLoginModuleUnitTestCase("testAbortWithNoRestore"));
return suite;
}
@@ -475,14 +494,14 @@
}
//SECURITY-339: ClientLoginModule abort should not clear security context
- public void testAbort() throws Exception
+ public void testAbortWithRestore() throws Exception
{
SecurityContext sc = SecurityContextFactory.createSecurityContext("test");
SecurityContextAssociation.setSecurityContext(sc);
//Failed Login
- UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke3", "BAD_PASSWORD");
- LoginContext lc = new LoginContext("testAbort", handler);
+ UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke", "BAD_PASSWORD");
+ LoginContext lc = new LoginContext("testAbortWithRestore", handler);
try
{
lc.login();
@@ -496,25 +515,121 @@
assertNull("Subject is null", subject);
SecurityContext currentSC = SecurityContextAssociation.getSecurityContext();
+ assertNull("Current Security Context is null", currentSC);
+
+
+ //Successful Login
+ SecurityContextAssociation.setSecurityContext(sc);
+ handler = new UsernamePasswordHandler("jduke", "jduke");
+ lc = new LoginContext("testAbortWithRestore", handler);
+ lc.login();
+ subject = lc.getSubject();
+ assertNotNull("Subject is not null", subject);
+
+ currentSC = SecurityContextAssociation.getSecurityContext();
assertNotNull("Current Security Context is not null", currentSC);
SubjectInfo subjectInfo = currentSC.getSubjectInfo();
assertNotNull("SubjectInfo", subjectInfo);
- assertNull("Subject is null", subjectInfo.getAuthenticatedSubject());
+ subject = subjectInfo.getAuthenticatedSubject();
+ assertNotNull("Subject is not null", subject);
+ assertTrue("jduke exists in the subject", subject.getPrincipals().contains(new SimplePrincipal("jduke")));
+ assertEquals("jduke exists", new SimplePrincipal("jduke"), currentSC.getUtil().getUserPrincipal());
+ assertEquals("jduke exists", new SimplePrincipal("jduke"), SecurityAssociation.getPrincipal());
+ }
+
+ //SECURITY-339: ClientLoginModule abort should not clear security context
+ public void testAbortWithNoRestore() throws Exception
+ {
+ SecurityContext sc = SecurityContextFactory.createSecurityContext("test");
+ SecurityContextAssociation.setSecurityContext(sc);
-
//Successful Login
SecurityContextAssociation.setSecurityContext(sc);
- handler = new UsernamePasswordHandler("jduke3", "jduke3");
- lc = new LoginContext("testAbort", handler);
+ UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke", "jduke");
+ LoginContext lc = new LoginContext("testAbortWithNoRestore", handler);
lc.login();
+ Subject subject = lc.getSubject();
+ assertNotNull("Subject is not null", subject);
+
+ SecurityContext currentSC = SecurityContextAssociation.getSecurityContext();
+ assertNotNull("Current Security Context is not null", currentSC);
+ SubjectInfo subjectInfo = currentSC.getSubjectInfo();
+ assertNotNull("SubjectInfo", subjectInfo);
+ assertNotNull("Subject is not null", subjectInfo.getAuthenticatedSubject());
+
+ //Failed Login - calls abort on the login modules
+ handler = new UsernamePasswordHandler("BAD_USER", "BAD_PASSWORD");
+ lc = new LoginContext("testAbortWithNoRestore", handler);
+ try
+ {
+ lc.login();
+ fail("Should have failed");
+ }
+ catch(LoginException le)
+ {
+ //pass
+ }
+ //Ensure that the failed login context does not return a subject
subject = lc.getSubject();
+ assertNull("Subject is null", subject);
+
+ //We have to ensure that the first successful authentication has not been removed from the stack
+ currentSC = SecurityContextAssociation.getSecurityContext();
+ assertNotNull("Current Security Context is not null", currentSC);
+ subjectInfo = currentSC.getSubjectInfo();
+ assertNotNull("SubjectInfo", subjectInfo);
+ subject = subjectInfo.getAuthenticatedSubject();
assertNotNull("Subject is not null", subject);
+ assertTrue("jduke exists in the subject", subject.getPrincipals().contains(new SimplePrincipal("jduke")));
+ assertEquals("jduke exists", new SimplePrincipal("jduke"), currentSC.getUtil().getUserPrincipal());
+ assertEquals("jduke exists", new SimplePrincipal("jduke"), SecurityAssociation.getPrincipal());
+
+ //Let us go through some logout cycles
+ handler = new UsernamePasswordHandler("jduke", "jduke");
+ lc = new LoginContext("testAbortWithNoRestore", handler);
+ lc.login();
+ subject = lc.getSubject();
+ assertNotNull("Subject is not null", subject);
+
currentSC = SecurityContextAssociation.getSecurityContext();
assertNotNull("Current Security Context is not null", currentSC);
subjectInfo = currentSC.getSubjectInfo();
assertNotNull("SubjectInfo", subjectInfo);
assertNotNull("Subject is not null", subjectInfo.getAuthenticatedSubject());
+
+ lc.logout();
+ assertNotNull("SubjectInfo", subjectInfo);
+ assertNotNull("Subject is not null", subjectInfo.getAuthenticatedSubject());
+
+
+ sc = SecurityContextFactory.createSecurityContext("test");
+ SecurityContextAssociation.setSecurityContext(sc);
+
+ //Failed Login - calls abort on the login modules
+ handler = new UsernamePasswordHandler("BAD_USER", "BAD_PASSWORD");
+ lc = new LoginContext("testAbortWithNoRestore", handler);
+ try
+ {
+ lc.login();
+ fail("Should have failed");
+ }
+ catch(LoginException le)
+ {
+ //pass
+ }
+ //Ensure that the failed login context does not return a subject
+ subject = lc.getSubject();
+ assertNull("Subject is null", subject);
+
+ //We have to ensure that the first successful authentication has not been removed from the stack
+ currentSC = SecurityContextAssociation.getSecurityContext();
+ assertNotNull("Current Security Context is not null", currentSC);
+ subjectInfo = currentSC.getSubjectInfo();
+ assertNotNull("SubjectInfo", subjectInfo);
+ subject = subjectInfo.getAuthenticatedSubject();
+ assertNull("Subject is null", subject);
+ assertNull("Principal on security context is null", currentSC.getUtil().getUserPrincipal());
+ assertNull("Principal on legacy security association is null", SecurityAssociation.getPrincipal());
}
-
-}
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list