[jboss-cvs] JBossAS SVN: r114679 - branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/negotiation.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Thu Jan 30 04:13:00 EST 2014 

Author: dpospisil
Date: 2014-01-30 04:13:00 -0500 (Thu, 30 Jan 2014)
New Revision: 114679

Added:
   branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/negotiation/DummyReplayCache.java
   branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/negotiation/NoReplayKdcServer.java
Modified:
   branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/negotiation/KDCServerAnnotationProcessor.java
Log:
JBPAPP-10974 - KrbException: Intermittent Request is a replay (34) failures in NegotiationTestCase


Added: branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/negotiation/DummyReplayCache.java
===================================================================
--- branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/negotiation/DummyReplayCache.java	                        (rev 0)
+++ branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/negotiation/DummyReplayCache.java	2014-01-30 09:13:00 UTC (rev 114679)
@@ -0,0 +1,54 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2013, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.test.security.negotiation;
+
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
+import org.apache.directory.shared.kerberos.KerberosTime;
+/**
+ *
+ * Dummy implementation of the ApacheDS kerberos replay cache. Essentially disables kerbores ticket replay checks.
+ * https://issues.jboss.org/browse/JBPAPP-10974
+ * 
+ * @author Dominik Pospisil <dpospisi at redhat.com>
+ */
+public class DummyReplayCache implements ReplayCache {
+
+    @Override
+    public boolean isReplay(KerberosPrincipal kp, KerberosPrincipal kp1, KerberosTime kt, int i) {
+        return false;
+    }
+
+    @Override
+    public void save(KerberosPrincipal kp, KerberosPrincipal kp1, KerberosTime kt, int i) {
+        return;
+    }
+
+    @Override
+    public void clear() {
+        return;
+    }
+    
+    
+}

Modified: branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/negotiation/KDCServerAnnotationProcessor.java
===================================================================
--- branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/negotiation/KDCServerAnnotationProcessor.java	2014-01-30 09:00:38 UTC (rev 114678)
+++ branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/negotiation/KDCServerAnnotationProcessor.java	2014-01-30 09:13:00 UTC (rev 114679)
@@ -79,7 +79,7 @@
       {
          return null;
       }
-      KdcServer kdcServer = new KdcServer();
+      KdcServer kdcServer = new NoReplayKdcServer();
       kdcServer.setServiceName(createKdcServer.name());
       kdcServer.setKdcPrincipal(createKdcServer.kdcPrincipal());
       kdcServer.setPrimaryRealm(createKdcServer.primaryRealm());

Added: branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/negotiation/NoReplayKdcServer.java
===================================================================
--- branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/negotiation/NoReplayKdcServer.java	                        (rev 0)
+++ branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/negotiation/NoReplayKdcServer.java	2014-01-30 09:13:00 UTC (rev 114679)
@@ -0,0 +1,62 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2013, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.test.security.negotiation;
+
+import java.io.IOException;
+import java.lang.reflect.Field;
+import org.apache.directory.server.kerberos.kdc.KdcServer;
+import org.apache.directory.shared.ldap.model.exception.LdapInvalidDnException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ *
+ * Replacement of apacheDS KdcServer class with disabled ticket replay cache.
+ * 
+ * @author Dominik Pospisil <dpospisi at redhat.com>
+ */
+public class NoReplayKdcServer extends KdcServer {
+    
+    private static Logger LOGGER = LoggerFactory.getLogger(NoReplayKdcServer.class);
+    
+    
+    /**
+     * @throws IOException if we cannot bind to the sockets
+     */
+    public void start() throws IOException, LdapInvalidDnException
+    {
+        super.start();
+
+        try {
+            
+            // override initialized replay cache with a dummy implementation
+            
+            Field replayCacheField = KdcServer.class.getDeclaredField("replayCache");
+            replayCacheField.setAccessible(true);
+            replayCacheField.set(this, new DummyReplayCache());
+        } catch (Exception e) {
+            LOGGER.warn("Unable to override replay cache.", e);
+        }
+    }
+    
+}

More information about the jboss-cvs-commits mailing list