[jboss-cvs] JBossAS SVN: r92164 - in projects/security/security-jboss-sx/trunk/jbosssx/src: main/java/org/jboss/security/auth/spi and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Sat Aug 8 23:09:08 EDT 2009
Author: anil.saldhana at jboss.com
Date: 2009-08-08 23:09:07 -0400 (Sat, 08 Aug 2009)
New Revision: 92164
Modified:
projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/ClientLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleServerLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaas/ClientLoginModuleUnitTestCase.java
Log:
SECURITY-339: ClientLoginModule and JAAS abort
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/ClientLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/ClientLoginModule.java 2009-08-09 03:07:01 UTC (rev 92163)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/ClientLoginModule.java 2009-08-09 03:09:07 UTC (rev 92164)
@@ -141,6 +141,9 @@
useFirstPass = passwordStacking != null;
if(trace && useFirstPass)
log.trace("Enabling useFirstPass mode");
+
+ //Cache the existing security context
+ this.cachedSecurityContext = SecurityAssociationActions.getSecurityContext();
}
/**
@@ -234,8 +237,6 @@
{
if( trace )
log.trace("commit, subject="+subject);
- //Cache the existing security context
- this.cachedSecurityContext = SecurityAssociationActions.getSecurityContext();
SecurityAssociationActions.setPrincipalInfo(loginPrincipal, loginCredential, subject);
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleServerLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleServerLoginModule.java 2009-08-09 03:07:01 UTC (rev 92163)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleServerLoginModule.java 2009-08-09 03:09:07 UTC (rev 92164)
@@ -23,6 +23,7 @@
import java.security.Principal;
import java.security.acl.Group;
+import java.util.Set;
import javax.security.auth.login.LoginException;
@@ -86,5 +87,12 @@
{
return getUsername();
}
-
-}
+
+ @Override
+ public boolean logout() throws LoginException
+ {
+ Group[] groups = this.getRoleSets();
+ subject.getPrincipals().remove(groups[0]);
+ return super.logout();
+ }
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaas/ClientLoginModuleUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaas/ClientLoginModuleUnitTestCase.java 2009-08-09 03:07:01 UTC (rev 92163)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaas/ClientLoginModuleUnitTestCase.java 2009-08-09 03:09:07 UTC (rev 92164)
@@ -470,8 +470,8 @@
assertTrue("password == theduke3",
Arrays.equals(theduke3, "theduke3".toCharArray()));
- lc.logout();
-
+ lc.logout();
+
// Validate restored state
SecurityAssociation.SubjectContext sc2 = SecurityAssociation.peekSubjectContext();
System.out.println(sc2);
@@ -499,9 +499,20 @@
SecurityContext sc = SecurityContextFactory.createSecurityContext("test");
SecurityContextAssociation.setSecurityContext(sc);
+ //Start with successful login. Then a failed login
+ UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke", "jduke");
+ LoginContext lc = new LoginContext("testAbortWithRestore", handler);
+ lc.login();
+ Subject subject = lc.getSubject();
+ assertNotNull("Subject is not null", subject);
+
+ SecurityContext currentSC = SecurityContextAssociation.getSecurityContext();
+ assertNotNull("Current Security Context is not null", currentSC);
+ verifySubjectInfo(currentSC);
+
//Failed Login
- UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke", "BAD_PASSWORD");
- LoginContext lc = new LoginContext("testAbortWithRestore", handler);
+ handler = new UsernamePasswordHandler("jduke", "BAD_PASSWORD");
+ lc = new LoginContext("testAbortWithRestore", handler);
try
{
lc.login();
@@ -511,11 +522,12 @@
{
//pass
}
- Subject subject = lc.getSubject();
- assertNull("Subject is null", subject);
+ subject = lc.getSubject();
+ assertNull("Subject from login context is null", subject);
- SecurityContext currentSC = SecurityContextAssociation.getSecurityContext();
- assertNull("Current Security Context is null", currentSC);
+ currentSC = SecurityContextAssociation.getSecurityContext();
+ assertNotNull("Current Security Context is not null", currentSC);
+ verifySubjectInfo(currentSC);
//Successful Login
@@ -528,13 +540,30 @@
currentSC = SecurityContextAssociation.getSecurityContext();
assertNotNull("Current Security Context is not null", currentSC);
- SubjectInfo subjectInfo = currentSC.getSubjectInfo();
- assertNotNull("SubjectInfo", subjectInfo);
- subject = subjectInfo.getAuthenticatedSubject();
- assertNotNull("Subject is not null", subject);
- assertTrue("jduke exists in the subject", subject.getPrincipals().contains(new SimplePrincipal("jduke")));
- assertEquals("jduke exists", new SimplePrincipal("jduke"), currentSC.getUtil().getUserPrincipal());
- assertEquals("jduke exists", new SimplePrincipal("jduke"), SecurityAssociation.getPrincipal());
+ verifySubjectInfo(currentSC);
+
+ //Failed Login
+ handler = new UsernamePasswordHandler("jduke", "BAD_PASSWORD");
+ lc = new LoginContext("testAbortWithRestore", handler);
+ try
+ {
+ lc.login();
+ fail("Should have failed");
+ }
+ catch(LoginException le)
+ {
+ //pass
+ }
+ subject = lc.getSubject();
+ assertNull("Subject is null", subject);
+
+ currentSC = SecurityContextAssociation.getSecurityContext();
+ assertNotNull("Current Security Context is not null", currentSC);
+ verifySubjectInfo(currentSC);
+
+ lc.logout();
+ subject = lc.getSubject();
+ assertNull("Subject from login context is null", subject);
}
//SECURITY-339: ClientLoginModule abort should not clear security context
@@ -553,9 +582,7 @@
SecurityContext currentSC = SecurityContextAssociation.getSecurityContext();
assertNotNull("Current Security Context is not null", currentSC);
- SubjectInfo subjectInfo = currentSC.getSubjectInfo();
- assertNotNull("SubjectInfo", subjectInfo);
- assertNotNull("Subject is not null", subjectInfo.getAuthenticatedSubject());
+ this.verifySubjectInfo(currentSC);
//Failed Login - calls abort on the login modules
handler = new UsernamePasswordHandler("BAD_USER", "BAD_PASSWORD");
@@ -576,15 +603,8 @@
//We have to ensure that the first successful authentication has not been removed from the stack
currentSC = SecurityContextAssociation.getSecurityContext();
assertNotNull("Current Security Context is not null", currentSC);
- subjectInfo = currentSC.getSubjectInfo();
- assertNotNull("SubjectInfo", subjectInfo);
- subject = subjectInfo.getAuthenticatedSubject();
- assertNotNull("Subject is not null", subject);
- assertTrue("jduke exists in the subject", subject.getPrincipals().contains(new SimplePrincipal("jduke")));
- assertEquals("jduke exists", new SimplePrincipal("jduke"), currentSC.getUtil().getUserPrincipal());
- assertEquals("jduke exists", new SimplePrincipal("jduke"), SecurityAssociation.getPrincipal());
-
-
+ this.verifySubjectInfo(currentSC);
+
//Let us go through some logout cycles
handler = new UsernamePasswordHandler("jduke", "jduke");
lc = new LoginContext("testAbortWithNoRestore", handler);
@@ -594,15 +614,14 @@
currentSC = SecurityContextAssociation.getSecurityContext();
assertNotNull("Current Security Context is not null", currentSC);
- subjectInfo = currentSC.getSubjectInfo();
- assertNotNull("SubjectInfo", subjectInfo);
- assertNotNull("Subject is not null", subjectInfo.getAuthenticatedSubject());
+ this.verifySubjectInfo(currentSC);
lc.logout();
- assertNotNull("SubjectInfo", subjectInfo);
- assertNotNull("Subject is not null", subjectInfo.getAuthenticatedSubject());
+
+ assertNull("Current Security Context is null", SecurityContextAssociation.getSecurityContext());
+ subject = lc.getSubject();
+ assertEquals("Subject from login context has no principals", 0, subject.getPrincipals().size());
-
sc = SecurityContextFactory.createSecurityContext("test");
SecurityContextAssociation.setSecurityContext(sc);
@@ -625,11 +644,23 @@
//We have to ensure that the first successful authentication has not been removed from the stack
currentSC = SecurityContextAssociation.getSecurityContext();
assertNotNull("Current Security Context is not null", currentSC);
- subjectInfo = currentSC.getSubjectInfo();
+ SubjectInfo subjectInfo = currentSC.getSubjectInfo();
assertNotNull("SubjectInfo", subjectInfo);
subject = subjectInfo.getAuthenticatedSubject();
assertNull("Subject is null", subject);
assertNull("Principal on security context is null", currentSC.getUtil().getUserPrincipal());
assertNull("Principal on legacy security association is null", SecurityAssociation.getPrincipal());
}
+
+ private void verifySubjectInfo(SecurityContext currentSC)
+ {
+ SubjectInfo subjectInfo = currentSC.getSubjectInfo();
+ assertNotNull("SubjectInfo", subjectInfo);
+ Subject subject = subjectInfo.getAuthenticatedSubject();
+ assertNotNull("Subject is not null", subject);
+ Principal jduke = new SimplePrincipal("jduke");
+ assertTrue("jduke exists in the subject",subject.getPrincipals().contains(jduke));
+ assertEquals("jduke exists", jduke, currentSC.getUtil().getUserPrincipal());
+ assertEquals("jduke exists", jduke, SecurityAssociation.getPrincipal());
+ }
}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list