[jboss-cvs] JBossAS SVN: r57226 - projects/security/trunk/src/tests/org/jboss/test
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Sep 27 00:37:02 EDT 2006
Author: scott.stark at jboss.org
Date: 2006-09-27 00:37:00 -0400 (Wed, 27 Sep 2006)
New Revision: 57226
Modified:
projects/security/trunk/src/tests/org/jboss/test/LoginModulesTestCase.java
Log:
SECURITY-10, query the top level role context for matching roles.
Modified: projects/security/trunk/src/tests/org/jboss/test/LoginModulesTestCase.java
===================================================================
--- projects/security/trunk/src/tests/org/jboss/test/LoginModulesTestCase.java 2006-09-27 04:36:08 UTC (rev 57225)
+++ projects/security/trunk/src/tests/org/jboss/test/LoginModulesTestCase.java 2006-09-27 04:37:00 UTC (rev 57226)
@@ -1,30 +1,34 @@
/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
package org.jboss.test;
import java.lang.reflect.Method;
import java.security.acl.Group;
+import java.util.Enumeration;
import java.util.HashMap;
import java.util.Set;
+import java.util.logging.Level;
+import java.util.logging.LogManager;
+import java.util.logging.ConsoleHandler;
import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
@@ -38,9 +42,10 @@
import org.jboss.security.SimplePrincipal;
import org.jboss.security.plugins.JaasSecurityDomain;
import org.jboss.security.auth.callback.UsernamePasswordHandler;
+import org.jboss.logging.Logger;
/** Tests of the LoginModule classes.
-
+
@author Scott.Stark at jboss.org
@version $Revision$
*/
@@ -52,6 +57,14 @@
{
Configuration.setConfiguration(new TestConfig());
System.out.println("Installed TestConfig as JAAS Configuration");
+ Logger.setPluginClassName("org.jboss.logging.JDK14LoggerPlugin");
+ java.util.logging.Logger security = java.util.logging.Logger.getLogger("org.jboss.security");
+ security.setLevel(Level.FINEST);
+ ConsoleHandler console = new ConsoleHandler();
+ console.setLevel(Level.FINEST);
+ security.addHandler(console);
+ Logger log = Logger.getLogger("org.jboss.security");
+ log.trace("Configured JDK trace logging");
}
catch(Exception e)
{
@@ -66,7 +79,7 @@
public void refresh()
{
}
-
+
public AppConfigurationEntry[] getAppConfigurationEntry(String name)
{
AppConfigurationEntry[] entry = null;
@@ -259,7 +272,7 @@
options.put("java.naming.provider.url", "ldap://lamia/");
options.put("java.naming.security.authentication", "simple");
-
+
options.put("bindDN", "cn=Root,dc=jboss,dc=org");
options.put("bindCredential", "secret1");
options.put("baseCtxDN", "ou=People,o=example3,dc=jboss,dc=org");
@@ -287,8 +300,8 @@
baseFilter="(uid={0})"
rolesCtxDN="ou=Roles,o=example2,dc=jboss,dc=org";
roleFilter="(uid={0})"
- roleAttributeIsDN="cn"
roleAttributeID="memberOf"
+ roleAttributeIsDN="true"
roleNameAttributeID="cn"
roleRecursion=0
};
@@ -301,7 +314,7 @@
options.put("java.naming.provider.url", "ldap://lamia/");
options.put("java.naming.security.authentication", "simple");
-
+
options.put("bindDN", "cn=Root,dc=jboss,dc=org");
options.put("bindCredential", "secret1");
options.put("baseCtxDN", "ou=People,o=example2,dc=jboss,dc=org");
@@ -359,13 +372,40 @@
return entry;
}
+ AppConfigurationEntry[] testJBAS3312()
+ {
+ String name = "org.jboss.security.auth.spi.LdapExtLoginModule";
+ HashMap options = new HashMap();
+ options.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
+ options.put("java.naming.provider.url", "ldap://lamia/");
+ options.put("java.naming.security.authentication", "simple");
+
+ options.put("bindDN", "cn=Root,DC=uz,DC=kuleuven,DC=ac,DC=be");
+ options.put("bindCredential", "root");
+ options.put("baseCtxDN", "ou=People,dc=uz,dc=kuleuven,dc=ac,dc=be");
+ options.put("baseFilter", "(sAMAccountName={0})");
+
+ options.put("rolesCtxDN", "OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be");
+ options.put("roleFilter", "(member={1})");
+ options.put("roleAttributeID", "memberOf");
+ options.put("roleAttributeIsDN", "true");
+ options.put("roleNameAttributeID", "cn");
+ options.put("roleRecursion", "5");
+ options.put("searchScope", "ONELEVEL_SCOPE");
+
+ AppConfigurationEntry ace = new AppConfigurationEntry(name,
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
+ AppConfigurationEntry[] entry = {ace};
+ return entry;
+ }
+
}
public LoginModulesTestCase(String testName)
{
super(testName);
}
-
+
public void testLdapExample1() throws Exception
{
System.out.println("testLdapExample1");
@@ -382,7 +422,7 @@
Group roles = (Group) groups.iterator().next();
assertTrue("Echo is a role", roles.isMember(new SimplePrincipal("Echo")));
assertTrue("TheDuke is a role", roles.isMember(new SimplePrincipal("TheDuke")));
-
+
lc.logout();
}
public void testLdapExample11() throws Exception
@@ -401,7 +441,7 @@
Group roles = (Group) groups.iterator().next();
assertTrue("Echo is a role", roles.isMember(new SimplePrincipal("Echo")));
assertTrue("TheDuke is a role", roles.isMember(new SimplePrincipal("TheDuke")));
-
+
lc.logout();
}
public void testLdapExample11Encrypt() throws Exception
@@ -431,7 +471,7 @@
Group roles = (Group) groups.iterator().next();
assertTrue("Echo is a role", roles.isMember(new SimplePrincipal("Echo")));
assertTrue("TheDuke is a role", roles.isMember(new SimplePrincipal("TheDuke")));
-
+
lc.logout();
MBeanServerFactory.releaseMBeanServer(server);
}
@@ -543,7 +583,7 @@
assertTrue("TheDuke is a role", roles.isMember(new SimplePrincipal("TheDuke")));
assertFalse("Echo2 is NOT a role", roles.isMember(new SimplePrincipal("Echo2")));
assertFalse("TheDuke2 is NOT a role", roles.isMember(new SimplePrincipal("TheDuke2")));
-
+
lc.logout();
}
public void testLdapExample21() throws Exception
@@ -564,7 +604,7 @@
Group roles = (Group) groups.iterator().next();
assertTrue("Echo is a role", roles.isMember(new SimplePrincipal("Echo")));
assertTrue("TheDuke is a role", roles.isMember(new SimplePrincipal("TheDuke")));
-
+
lc.logout();
}
public void testLdapExample21Encrypt() throws Exception
@@ -595,7 +635,7 @@
Group roles = (Group) groups.iterator().next();
assertTrue("Echo is a role", roles.isMember(new SimplePrincipal("Echo")));
assertTrue("TheDuke is a role", roles.isMember(new SimplePrincipal("TheDuke")));
-
+
lc.logout();
MBeanServerFactory.releaseMBeanServer(server);
}
@@ -617,7 +657,7 @@
Group roles = (Group) groups.iterator().next();
assertTrue("Echo is a role", roles.isMember(new SimplePrincipal("Echo")));
assertTrue("TheDuke is a role", roles.isMember(new SimplePrincipal("TheDuke")));
-
+
lc.logout();
}
public void testLdapExample22() throws Exception
@@ -638,7 +678,7 @@
Group roles = (Group) groups.iterator().next();
assertTrue("Echo is a role", roles.isMember(new SimplePrincipal("Echo")));
assertTrue("TheDuke is a role", roles.isMember(new SimplePrincipal("TheDuke")));
-
+
lc.logout();
}
public void testLdapExample24() throws Exception
@@ -663,15 +703,114 @@
assertTrue("R3 is a role", roles.isMember(new SimplePrincipal("R3")));
assertFalse("R4 is NOT a role", roles.isMember(new SimplePrincipal("R4")));
assertTrue("R5 is a role", roles.isMember(new SimplePrincipal("R5")));
-
+
lc.logout();
}
+ /* JBAS-3312 testcase
+dn: DC=uz,DC=kuleuven,DC=ac,DC=be
+objectClass: top
+
+dn: ou=People,dc=uz,dc=kuleuven,dc=ac,dc=be
+objectClass: organizationalUnit
+ou: People
+
+dn: CN=jduke,ou=People,dc=uz,dc=kuleuven,dc=ac,dc=be
+memberOf: ou=People,dc=uz,dc=kuleuven,dc=ac,dc=be
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+cn: JDuke
+name: Java Duke
+sn: TheDuke
+sAMAccountName: jduke
+userPrincipalName: jduke at jboss.org
+userPassword: theduke
+
+dn: OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+objectClass: top
+objectClass: organizationalUnit
+objectClass: orgUnitEx
+ou: Groups
+objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=uz,DC=kuleuven,DC=ac,DC=be
+
+
+dn: OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+objectClass: top
+objectClass: organizationalUnit
+objectClass: orgUnitEx
+ou: Informatiesystemen
+objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=uz,DC=kuleuven,DC=ac,DC=be
+
+
+dn: CN=inf_map_informatiesystemen_lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+objectClass: top
+objectClass: group
+cn: inf_map_informatiesystemen_lijst
+member: CN=inf_map_vmware_Lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+member: CN=inf_map_carenet_Lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+sAMAccountName: inf_map_informatiesystemen_lijst
+objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=uz,DC=kuleuven,DC=ac,DC=be
+
+
+dn: CN=inf_map_vmware_Lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+objectClass: top
+objectClass: group
+cn: inf_map_vmware_Lijst
+description: \\uz\data\Admin\VMWare Lijst
+member: CN=inf_map_vmware_iso_S,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+member: CN=inf_map_vmware_iso_L,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+memberOf: CN=inf_map_informatiesystemen_lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+sAMAccountName: inf_map_vmware_Lijst
+objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=uz,DC=kuleuven,DC=ac,DC=be
+
+
+dn: CN=inf_map_vmware_iso_S,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+objectClass: top
+objectClass: group
+cn: inf_map_vmware_iso_S
+description: \\uz\data\Admin\VMWare\ISO Schrijven
+member: CN=markv,OU=People,DC=uz,DC=kuleuven,DC=ac,DC=be
+member: CN=jduke,OU=People,DC=uz,DC=kuleuven,DC=ac,DC=be
+memberOf: CN=inf_map_informatiesystemen_lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+memberOf: CN=inf_map_vmware_Lijst,OU=Informatiesystemen,OU=Groups,DC=uz,DC=kuleuven,DC=ac,DC=be
+sAMAccountName: inf_map_vmware_iso_S
+objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=uz,DC=kuleuven,DC=ac,DC=be
+ */
+ public void testJBAS3312() throws Exception
+ {
+ System.out.println("testJBAS3312");
+ UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke",
+ "theduke".toCharArray());
+ LoginContext lc = new LoginContext("testJBAS3312", handler);
+ lc.login();
+
+ Subject subject = lc.getSubject();
+ System.out.println("Subject: "+subject);
+
+ Set groups = subject.getPrincipals(Group.class);
+ Set principals = subject.getPrincipals();
+ assertTrue("Principals contains Java Duke", principals.contains(new SimplePrincipal("jduke")));
+ assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles")));
+ Group roles = (Group) groups.iterator().next();
+ Enumeration names = roles.members();
+ while( names.hasMoreElements() )
+ {
+ System.out.println(names.nextElement());
+ }
+ assertTrue("inf_map_vmware_iso_S is a role", roles.isMember(new SimplePrincipal("inf_map_vmware_iso_S")));
+ assertTrue("inf_map_informatiesystemen_lijst is a role", roles.isMember(new SimplePrincipal("inf_map_informatiesystemen_lijst")));
+ assertTrue("inf_map_vmware_Lijst is a role", roles.isMember(new SimplePrincipal("inf_map_vmware_Lijst")));
+
+ lc.logout();
+ }
+
public static void main(java.lang.String[] args)
{
System.setErr(System.out);
TestSuite suite = new TestSuite(LoginModulesTestCase.class);
junit.textui.TestRunner.run(suite);
}
-
+
}
More information about the jboss-cvs-commits
mailing list