[jboss-svn-commits] JBL Code SVN: r21100 - in labs/jbossesb/workspace/dbevenius/security/product/rosetta: src/org/jboss/soa/esb/listeners/message and 3 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Fri Jul 18 01:34:25 EDT 2008
Author: beve
Date: 2008-07-18 01:34:24 -0400 (Fri, 18 Jul 2008)
New Revision: 21100
Added:
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/JaasSecurityContext.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigInfo.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigUtil.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityServiceFactory.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityConfigUtilUnitTest.java
Modified:
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerTagNames.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/MessageAwareListener.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityServiceImpl.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/listeners/config/mappers/SecurityMapperUnitTest.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/listeners/config/mappers/jbossesb_config_security.xml
labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityServiceImplUnitTest.java
Log:
Work in progress.
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerTagNames.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerTagNames.java 2008-07-18 03:02:42 UTC (rev 21099)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerTagNames.java 2008-07-18 05:34:24 UTC (rev 21100)
@@ -74,9 +74,11 @@
public static final String HTTP_ROUTER_ROUTE_URL = "routeUrl";
public static final String SECURITY_TAG = "security";
public static final String AUTHENTICATION_TAG = "authentication";
- public static final String CONFIG_POLICY_TAG = "config-policy";
+ public static final String CONFIG_POLICY_TAG = "policy-config";
+ public static final String CONFIG_POLICY_FILE_TAG = "file";
public static final String RUN_AS_TAG = "runAs";
public static final String USE_CALLERS_IDENTIDY_TAG = "useCallersIdentity";
+ public static final String MODULE_NAME_TAG = "moduleName";
public static final String MEP_ONE_WAY = "OneWay" ;
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/MessageAwareListener.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/MessageAwareListener.java 2008-07-18 03:02:42 UTC (rev 21099)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/MessageAwareListener.java 2008-07-18 05:34:24 UTC (rev 21100)
@@ -23,10 +23,14 @@
package org.jboss.soa.esb.listeners.message;
import java.lang.reflect.Method;
+import java.security.PrivilegedAction;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+
import org.apache.log4j.Logger;
import org.jboss.internal.soa.esb.couriers.PickUpOnlyCourier;
import org.jboss.soa.esb.ConfigurationException;
@@ -48,6 +52,10 @@
import org.jboss.soa.esb.listeners.lifecycle.ManagedLifecycleThreadState;
import org.jboss.soa.esb.message.Message;
import org.jboss.soa.esb.services.registry.RegistryException;
+import org.jboss.soa.esb.services.security.JaasSecurityContext;
+import org.jboss.soa.esb.services.security.SecurityConfigInfo;
+import org.jboss.soa.esb.services.security.SecurityConfigUtil;
+import org.jboss.soa.esb.services.security.SecurityServiceFactory;
import org.jboss.soa.esb.util.Util;
/**
@@ -91,6 +99,8 @@
private boolean transactional = false;
private boolean rollbackOnPipelineFaults = true;
+ private SecurityConfigInfo securityConf;
+
/**
* public constructor
*
@@ -146,6 +156,12 @@
throw new ConfigurationException(
"Missing or invalid " + ListenerTagNames.EPR_TAG + " element");
_epr = ListenerUtil.assembleEpr(eprElement);
+ ConfigTree[] securityConfigs = _config.getChildren( ListenerTagNames.SECURITY_TAG );
+ if (securityConfigs.length > 0)
+ {
+ securityConf = SecurityConfigUtil.createSecurityConfigInfo(securityConfigs[0]);
+ _logger.info(securityConf);
+ }
String latency = _config.getAttribute(ListenerTagNames.POLL_LATENCY_SECS_TAG);
long lSeconds = 10;
@@ -176,6 +192,10 @@
protected void doInitialise()
throws ManagedLifecycleException
{
+ if ( securityConf != null )
+ {
+ SecurityServiceFactory.getJaasSecurityService().addPolicy(securityConf.getPolicyConfig());
+ }
final ActionProcessingPipeline pipeline ;
try
{
@@ -271,6 +291,9 @@
boolean problem = false;
PickUpOnlyCourier pickUpCourier = null ;
+
+
+
try
{
transactionStrategy.begin();
@@ -335,11 +358,29 @@
if (null != message)
{
+ // check if this service has declared a security policy.
+ JaasSecurityContext securityContext = null;
+ if ( securityConf != null )
+ {
+ try
+ {
+ // if the gateway or another service passed a subject use that subject for authentication.
+ final Subject subject = (Subject) message.getAttachment().get( "JaasSubject" );
+ securityContext = new JaasSecurityContext(securityConf, subject);
+ // authenticate the subject
+ SecurityServiceFactory.getJaasSecurityService().authenticate(securityContext);
+ }
+ catch (LoginException e)
+ {
+ _logger.error( "LoginException in service: " , e);
+ //TODO: take action.
+ }
+ }
try
{
final Message pipelineMessage = message ;
final Object txHandle = transactionStrategy.suspend();
- final TransactionalRunner txRunner = new TransactionalRunner(pickUpCourier, pipelineMessage, txHandle);
+ final TransactionalRunner txRunner = new TransactionalRunner(pickUpCourier, pipelineMessage, txHandle, securityContext);
updateThreadCount(+1);
_execService.execute(txRunner);
@@ -497,18 +538,64 @@
CourierUtil.cleanCourier(pickUpOnlyCourier) ;
}
}
+
+ class ESBPriviledgeAction implements PrivilegedAction<Object>
+ {
+ private TransactionalRunner runner;
+
+ public ESBPriviledgeAction(final TransactionalRunner runner)
+ {
+ this.runner = runner;
+ }
+ public Object run()
+ {
+ return null;
+ }
+
+ }
+
class TransactionalRunner implements Runnable
{
- public TransactionalRunner (PickUpOnlyCourier courier, Message pipelineMessage, Object txHandle)
+ private JaasSecurityContext securityContext;
+
+ public TransactionalRunner (PickUpOnlyCourier courier, Message pipelineMessage, Object txHandle)
{
_courier = courier;
_pipelineMessage = pipelineMessage;
_txHandle = txHandle;
}
+ public TransactionalRunner (PickUpOnlyCourier courier, Message pipelineMessage, Object txHandle, JaasSecurityContext context)
+ {
+ this(courier, pipelineMessage, txHandle);
+ this.securityContext = context;
+ }
+
public void run()
{
+ if ( securityContext == null )
+ {
+ processPipeline();
+ }
+ else
+ {
+ // create a priviledged action
+ PrivilegedAction<Object> action = new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ processPipeline();
+ return null;
+ }
+ };
+ // run with a fresh AccessControll context (this is the last argument which is null.
+ Subject.doAsPrivileged(securityContext.getSubject(), action, null);
+ }
+ }
+
+ public void processPipeline()
+ {
boolean problem = false;
try
Added: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/JaasSecurityContext.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/JaasSecurityContext.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/JaasSecurityContext.java 2008-07-18 05:34:24 UTC (rev 21100)
@@ -0,0 +1,72 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security;
+
+import javax.security.auth.Subject;
+
+/**
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public class JaasSecurityContext
+{
+ private Subject subject;
+ private SecurityConfigInfo configInfo;
+
+ public JaasSecurityContext( final Subject subject )
+ {
+ if ( subject == null )
+ this.subject = new Subject();
+ else
+ this.subject = subject;
+ }
+
+ public JaasSecurityContext( final SecurityConfigInfo configInfo )
+ {
+ this.configInfo = configInfo;
+ }
+
+ public JaasSecurityContext(SecurityConfigInfo configInfo, Subject subject)
+ {
+ this(subject);
+ this.configInfo = configInfo;
+ }
+
+ public SecurityConfigInfo getConfigInfo()
+ {
+ return configInfo;
+ }
+
+ public void setConfigInfo(SecurityConfigInfo configInfo)
+ {
+ this.configInfo = configInfo;
+ }
+
+ public Subject getSubject()
+ {
+ return subject;
+ }
+
+
+
+
+}
Added: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigInfo.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigInfo.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigInfo.java 2008-07-18 05:34:24 UTC (rev 21100)
@@ -0,0 +1,82 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security;
+
+/**
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public class SecurityConfigInfo
+{
+ private String runAs;
+ private String useCallerIdentity;
+ private String policyConfig;
+ private String moduleName;
+
+ private SecurityConfigInfo(
+ final String policyConfig,
+ final String runAs,
+ final String useCallerIdentity,
+ final String moduleName)
+ {
+ this.policyConfig = policyConfig;
+ this.runAs = runAs;
+ this.useCallerIdentity = useCallerIdentity;
+ this.moduleName = moduleName;
+ }
+
+ public static SecurityConfigInfo createSecurityInfo(
+ final String policyConfig,
+ final String runAs,
+ final String useCallerIdentity,
+ final String moduleName)
+ {
+ return new SecurityConfigInfo(policyConfig, runAs, useCallerIdentity, moduleName);
+ }
+
+ public String getRunAs()
+ {
+ return runAs;
+ }
+ public String getUseCallerIdentity()
+ {
+ return useCallerIdentity;
+ }
+ public String getPolicyConfig()
+ {
+ return policyConfig;
+ }
+
+ public String getModuleName()
+ {
+ return moduleName;
+ }
+
+ @Override
+ public String toString()
+ {
+ return "[SecurityConfigInfo : runAs=" + runAs + ", useCallerIdentity=" + useCallerIdentity + ", moduleName=" + moduleName + ", policyConfig=" + policyConfig + "]";
+ }
+
+ //TODO: add equals and hashcode methods
+
+}
Added: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigUtil.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigUtil.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigUtil.java 2008-07-18 05:34:24 UTC (rev 21100)
@@ -0,0 +1,58 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security;
+
+import org.jboss.soa.esb.helpers.ConfigTree;
+import org.jboss.soa.esb.listeners.ListenerTagNames;
+
+/**
+ * This util class provides methods to extract information from a security
+ * configuration. <p/>
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ * @since 4.4.
+ *
+ */
+public class SecurityConfigUtil
+{
+ private SecurityConfigUtil() { }
+
+ public static SecurityConfigInfo createSecurityConfigInfo( final ConfigTree securityFragment)
+ {
+ String moduleName = null;
+ String policyFile = null;
+ final String runAs = securityFragment .getAttribute(ListenerTagNames.RUN_AS_TAG);
+ final String useCallersIdentity = securityFragment.getAttribute(ListenerTagNames.USE_CALLERS_IDENTIDY_TAG);
+ final ConfigTree[] authElements = securityFragment.getChildren(ListenerTagNames.AUTHENTICATION_TAG);
+ if (authElements.length > 0)
+ {
+ final ConfigTree authElement = authElements[0];
+ final ConfigTree[] configPolicies = authElement.getChildren(ListenerTagNames.CONFIG_POLICY_TAG);
+ if (configPolicies.length > 0 )
+ {
+ policyFile = configPolicies[0].getAttribute(ListenerTagNames.CONFIG_POLICY_FILE_TAG);
+ moduleName = configPolicies[0].getAttribute(ListenerTagNames.MODULE_NAME_TAG);
+ }
+ }
+ return SecurityConfigInfo.createSecurityInfo(policyFile, runAs, useCallersIdentity, moduleName);
+ }
+
+}
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java 2008-07-18 03:02:42 UTC (rev 21099)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java 2008-07-18 05:34:24 UTC (rev 21100)
@@ -28,11 +28,13 @@
/**
*
* @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
- *
+ *
*/
public interface SecurityService
{
- <T> T runAsSubject( Subject subject, PrivilegedAction<T> action );
-
- void login( final String configurationName, final Subject subject ) throws LoginException;
+ void addPolicy(final String fileName);
+
+ <T> T runAsSubject(Subject subject, PrivilegedAction<T> action);
+
+ void authenticate(final JaasSecurityContext securityContext) throws LoginException;
}
Added: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityServiceFactory.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityServiceFactory.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityServiceFactory.java 2008-07-18 05:34:24 UTC (rev 21100)
@@ -0,0 +1,34 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security;
+
+public class SecurityServiceFactory
+{
+ private static SecurityService jaasSecurityService = new SecurityServiceImpl();
+
+ private SecurityServiceFactory() {}
+
+ public static SecurityService getJaasSecurityService()
+ {
+ return jaasSecurityService;
+ }
+
+}
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityServiceImpl.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityServiceImpl.java 2008-07-18 03:02:42 UTC (rev 21099)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityServiceImpl.java 2008-07-18 05:34:24 UTC (rev 21100)
@@ -21,6 +21,7 @@
package org.jboss.soa.esb.services.security;
import java.security.PrivilegedAction;
+import java.security.Security;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
@@ -35,6 +36,8 @@
*/
public class SecurityServiceImpl implements SecurityService
{
+ public static final String POLICY_URL_PRIFIX = "login.config.url.";
+
/**
* Will run the priviledged action with a fresh ActionControlContext
*/
@@ -44,10 +47,35 @@
return (T) Subject.doAsPrivileged( subject , action, null);
}
- public void login( final String configurationName, final Subject subject ) throws LoginException
+ public void authenticate( final JaasSecurityContext context) throws LoginException
{
- LoginContext loginContext = new LoginContext( configurationName, subject, null, null );
+ LoginContext loginContext = new LoginContext( context.getConfigInfo().getModuleName(), context.getSubject(), null, null );
loginContext.login();
}
+
+ public void addPolicy(final String fileName)
+ {
+ int urlIndex = 1;
+ boolean policyUrlRegistered = false;
+ String policyUrl;
+ while ((policyUrl = Security.getProperty(POLICY_URL_PRIFIX + urlIndex)) != null)
+ {
+ policyUrlRegistered = policyUrl.equals(fileName);
+ if (policyUrlRegistered)
+ {
+ break;
+ }
+ else
+ {
+ urlIndex++;
+ }
+ }
+
+ if (!policyUrlRegistered)
+ {
+ Security.setProperty(POLICY_URL_PRIFIX + urlIndex, fileName);
+ }
+ }
+
}
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/listeners/config/mappers/SecurityMapperUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/listeners/config/mappers/SecurityMapperUnitTest.java 2008-07-18 03:02:42 UTC (rev 21099)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/listeners/config/mappers/SecurityMapperUnitTest.java 2008-07-18 05:34:24 UTC (rev 21100)
@@ -25,14 +25,12 @@
import java.io.IOException;
import java.io.InputStream;
-import java.io.StringWriter;
-import javax.xml.transform.stream.StreamResult;
-
import junit.framework.JUnit4TestAdapter;
import org.jboss.soa.esb.ConfigurationException;
import org.jboss.soa.esb.dom.YADOMUtil;
+import org.jboss.soa.esb.listeners.ListenerTagNames;
import org.jboss.soa.esb.listeners.config.Generator;
import org.jboss.soa.esb.listeners.config.Generator.XMLBeansModel;
import org.jboss.soa.esb.listeners.config.xbeanmodel.ServiceDocument.Service;
@@ -41,7 +39,6 @@
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
/**
* Unit test for {@link SecurityMapper}
@@ -65,19 +62,20 @@
SecurityMapper.map( root, service );
Node securityNode = root.getFirstChild();
- assertEquals( "security", securityNode.getNodeName() );
+ assertEquals( ListenerTagNames.SECURITY_TAG, securityNode.getNodeName() );
- Node runAsNode = securityNode.getAttributes().getNamedItem( "runAs" );
- assertEquals( "runAs", runAsNode.getNodeName() );
+ Node runAsNode = securityNode.getAttributes().getNamedItem( ListenerTagNames.RUN_AS_TAG );
+ assertEquals( ListenerTagNames.RUN_AS_TAG, runAsNode.getNodeName() );
assertEquals( "MrPoon", runAsNode.getNodeValue() );
Node authNode = securityNode.getChildNodes().item( 1 );
- assertEquals( "authentication", authNode.getNodeName() );
+ assertEquals( ListenerTagNames.AUTHENTICATION_TAG, authNode.getNodeName() );
Node policyNode = authNode.getChildNodes().item( 1 );
- assertEquals( "policy-config", policyNode.getNodeName() );
- Node fileNode = policyNode.getAttributes().getNamedItem( "file" );
- assertEquals( "file", fileNode.getNodeName() );
+ assertEquals( ListenerTagNames.CONFIG_POLICY_TAG, policyNode.getNodeName() );
+ Node fileNode = policyNode.getAttributes().getNamedItem( ListenerTagNames.CONFIG_POLICY_FILE_TAG );
+ assertEquals( ListenerTagNames.CONFIG_POLICY_FILE_TAG, fileNode.getNodeName() );
assertEquals( "/jaas.config", fileNode.getNodeValue() );
+ assertEquals( "mod1", policyNode.getAttributes().getNamedItem(ListenerTagNames.MODULE_NAME_TAG).getNodeValue());
}
// setup methods
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/listeners/config/mappers/jbossesb_config_security.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/listeners/config/mappers/jbossesb_config_security.xml 2008-07-18 03:02:42 UTC (rev 21099)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/listeners/config/mappers/jbossesb_config_security.xml 2008-07-18 05:34:24 UTC (rev 21100)
@@ -23,7 +23,7 @@
<service category="Test2" name="JMSJCATest" description="JMS JCA Test">
<security runAs="MrPoon">
<authentication>
- <policy-config file="/jaas.config"/>
+ <policy-config file="/jaas.config" moduleName="mod1"/>
</authentication>
</security>
Added: labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityConfigUtilUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityConfigUtilUnitTest.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityConfigUtilUnitTest.java 2008-07-18 05:34:24 UTC (rev 21100)
@@ -0,0 +1,104 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import junit.framework.JUnit4TestAdapter;
+
+import org.jboss.soa.esb.helpers.ConfigTree;
+import org.jboss.soa.esb.listeners.ListenerTagNames;
+import org.junit.Test;
+
+/**
+ * Unit test for {@link SecurityConfigUtil}
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public class SecurityConfigUtilUnitTest
+{
+ private String runAs = "kalle";
+ private String policyFile = "/some/path/some.policy";
+
+ @Test
+ public void createSecurityConfigInfoWithAuth()
+ {
+ final ConfigTree securityFragment = createSecurityFragment(runAs, null, policyFile, null);
+
+ SecurityConfigInfo securityInfo = SecurityConfigUtil.createSecurityConfigInfo(securityFragment);
+ assertEquals(runAs, securityInfo.getRunAs());
+ assertNull(securityInfo.getUseCallerIdentity());
+ assertEquals(policyFile, securityInfo.getPolicyConfig());
+ }
+
+ @Test
+ public void createSecurityConfigInfoWithoutAuth()
+ {
+ final ConfigTree securityFragment = createSecurityFragment(runAs, null, null, null);
+ SecurityConfigInfo securityInfo = SecurityConfigUtil.createSecurityConfigInfo(securityFragment);
+ assertEquals(runAs, securityInfo.getRunAs());
+ assertNull(securityInfo.getUseCallerIdentity());
+ }
+
+ @Test
+ public void createSecurityConfigInfoWithUseCallersIdentity()
+ {
+ final String callersIdentity = "DrCox";
+ final ConfigTree securityFragment = createSecurityFragment(runAs, callersIdentity, null, null);
+ SecurityConfigInfo securityInfo = SecurityConfigUtil.createSecurityConfigInfo(securityFragment);
+ assertEquals(callersIdentity, securityInfo.getUseCallerIdentity());
+ }
+
+ @Test
+ public void createSecurityConfigInfoWithModuleName()
+ {
+ final String moduleName = "testModule";
+ final ConfigTree securityFragment = createSecurityFragment(runAs, null, policyFile, moduleName);
+ SecurityConfigInfo securityInfo = SecurityConfigUtil.createSecurityConfigInfo(securityFragment);
+ assertEquals(moduleName, securityInfo.getModuleName());
+ }
+
+ public static junit.framework.Test suite()
+ {
+ return new JUnit4TestAdapter(SecurityConfigUtilUnitTest.class);
+ }
+
+ private ConfigTree createSecurityFragment(
+ final String runAs,
+ final String callerIdentity,
+ final String policyFile,
+ final String moduleName)
+ {
+ final ConfigTree securityElement = new ConfigTree(ListenerTagNames.SECURITY_TAG);
+ securityElement.setAttribute(ListenerTagNames.RUN_AS_TAG, runAs);
+ securityElement.setAttribute(ListenerTagNames.USE_CALLERS_IDENTIDY_TAG, callerIdentity);
+ if (policyFile != null )
+ {
+ final ConfigTree authElement = new ConfigTree(ListenerTagNames.AUTHENTICATION_TAG, securityElement);
+ final ConfigTree policyElement = new ConfigTree(ListenerTagNames.CONFIG_POLICY_TAG, authElement);
+ policyElement.setAttribute(ListenerTagNames.CONFIG_POLICY_FILE_TAG, policyFile);
+ policyElement.setAttribute(ListenerTagNames.MODULE_NAME_TAG, moduleName);
+ }
+ return securityElement;
+ }
+
+}
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityServiceImplUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityServiceImplUnitTest.java 2008-07-18 03:02:42 UTC (rev 21099)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityServiceImplUnitTest.java 2008-07-18 05:34:24 UTC (rev 21100)
@@ -25,6 +25,7 @@
import java.io.File;
import java.security.Principal;
import java.security.PrivilegedAction;
+import java.security.Security;
import java.util.Set;
import javax.security.auth.Subject;
@@ -54,7 +55,6 @@
public void runAsSubject()
{
subject.getPrincipals().add( new MockPrincipal( "danbev") );
-
String name = service.runAsSubject( subject, new Action() );
assertEquals( "somestring", name );
}
@@ -63,8 +63,10 @@
public void loginSuccess() throws LoginException
{
System.setProperty("java.security.auth.login.config", policyConfig );
- service.login( "SuccessfulLogin", subject );
- Set<TestPrincipal> principals = subject.getPrincipals( TestPrincipal.class );
+ SecurityConfigInfo configInfo = SecurityConfigInfo.createSecurityInfo(null, null, null, "SuccessfulLogin");
+ JaasSecurityContext context = new JaasSecurityContext(configInfo, subject);
+ service.authenticate(context);
+ Set<TestPrincipal> principals = context.getSubject().getPrincipals( TestPrincipal.class );
assertEquals( 1, principals.size() );
assertEquals( "test", principals.iterator().next().getName() );
}
@@ -73,9 +75,19 @@
public void loginFailure() throws LoginException
{
System.setProperty("java.security.auth.login.config", policyConfig );
- service.login( "FailureLogin", subject );
+ SecurityConfigInfo configInfo = SecurityConfigInfo.createSecurityInfo(null, null, null, "FailureLogin");
+ JaasSecurityContext context = new JaasSecurityContext(configInfo, subject);
+ service.authenticate( context );
}
+ @Test
+ public void addPolicy()
+ {
+ String policyFile = policyConfig.substring(policyConfig.indexOf('/'));
+ service.addPolicy(policyFile);
+ assertEquals(policyFile, Security.getProperty(SecurityServiceImpl.POLICY_URL_PRIFIX+1));
+ }
+
@BeforeClass
public static void setup()
{
More information about the jboss-svn-commits
mailing list