[jboss-cvs] JBossAS SVN: r64817 - in projects/security/security-jboss-sx/trunk/src: tests/org/jboss/test/securityassociation and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Aug 23 17:26:38 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-08-23 17:26:38 -0400 (Thu, 23 Aug 2007)
New Revision: 64817
Modified:
projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/SecurityAssociation.java
projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/securityassociation/LegacySecurityAssociationTestCase.java
Log:
SECURITY-76:SecurityAssociation methods need to use SecurityContext currently set
Modified: projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/SecurityAssociation.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/SecurityAssociation.java 2007-08-23 20:59:40 UTC (rev 64816)
+++ projects/security/security-jboss-sx/trunk/src/main/org/jboss/security/SecurityAssociation.java 2007-08-23 21:26:38 UTC (rev 64817)
@@ -218,13 +218,26 @@
if (sm != null)
sm.checkPermission(getPrincipalInfoPermission);
- Principal thePrincipal = peekRunAsIdentity(1);
+ /*Principal thePrincipal = peekRunAsIdentity(1);
if( thePrincipal == null )
{
if (server)
thePrincipal = (Principal) threadPrincipal.get();
else
thePrincipal = principal;
+ }*/
+
+ //Just pluck it from the current security context
+ SecurityContext sc = SecurityContextAssociation.getSecurityContext();
+ Principal thePrincipal = null;
+ if(sc != null)
+ {
+ //Check for runas
+ RunAs ras = sc.getIncomingRunAs();
+ if(ras != null)
+ thePrincipal = new SimplePrincipal(ras.getName());
+ else
+ thePrincipal = sc.getUtil().getUserPrincipal();
}
if( trace )
log.trace("getCallerPrincipal, principal="+thePrincipal);
@@ -313,7 +326,7 @@
if (trace)
log.trace("setPrincipal, p=" + principal + ", server=" + server);
- if (server)
+ /*if (server)
{
threadPrincipal.set(principal);
}
@@ -335,7 +348,7 @@
}
sc.setPrincipal(principal);
if (trace)
- log.trace("setPrincipal, sc="+sc);
+ log.trace("setPrincipal, sc="+sc);*/
SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
//Clients code that may have set directly (Legacy)
if(!server && securityContext == null)
@@ -370,7 +383,7 @@
if (sm != null)
sm.checkPermission(setPrincipalInfoPermission);
- if (server)
+ /*if (server)
threadCredential.set(credential);
else
SecurityAssociation.credential = credential;
@@ -390,7 +403,7 @@
}
sc.setCredential(credential);
if (trace)
- log.trace("setCredential, sc="+sc);
+ log.trace("setCredential, sc="+sc);*/
SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
//Clients code that may have set directly (Legacy)
if(!server && securityContext == null)
@@ -763,7 +776,9 @@
RunAsIdentity ra = null;
if( sc != null)
{
- ra = (RunAsIdentity) sc.getIncomingRunAs();
+ RunAs ras = sc.getIncomingRunAs();
+ if(ras instanceof RunAsIdentity)
+ ra = (RunAsIdentity) ras;
}
return ra;
}
Modified: projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/securityassociation/LegacySecurityAssociationTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/securityassociation/LegacySecurityAssociationTestCase.java 2007-08-23 20:59:40 UTC (rev 64816)
+++ projects/security/security-jboss-sx/trunk/src/tests/org/jboss/test/securityassociation/LegacySecurityAssociationTestCase.java 2007-08-23 21:26:38 UTC (rev 64817)
@@ -21,9 +21,15 @@
*/
package org.jboss.test.securityassociation;
+import java.security.Principal;
+
+import org.jboss.security.RunAs;
+import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SecurityContext;
import org.jboss.security.SimplePrincipal;
+import org.jboss.security.plugins.JBossSecurityContext;
+import org.jboss.security.plugins.SecurityContextAssociation;
import org.jboss.test.AbstractJBossSXTest;
//$Id$
@@ -63,7 +69,86 @@
SecurityAssociation.popSubjectContext();
assertNull(SecurityAssociation.getPrincipal());
}
+
+ public void testCallerPrincipal()
+ {
+ //With no security context
+ assertNull("Caller Principal is null", SecurityAssociation.getCallerPrincipal());
+ //Create a security context
+ SecurityContext sc = new JBossSecurityContext("TEST");
+ Principal p = new SimplePrincipal("anil");
+ sc.getUtil().createSubjectInfo(p, "pass", null);
+ SecurityContextAssociation.setSecurityContext(sc);
+
+ assertEquals("CallerPrincipal=anil",p,SecurityAssociation.getCallerPrincipal());
+
+ //Clear the SecurityContext
+ SecurityContextAssociation.clearSecurityContext();
+ assertNull("Caller Principal is null", SecurityAssociation.getCallerPrincipal());
+
+ //Create a security context with runas
+ sc = new JBossSecurityContext("TEST");
+
+ RunAs ras = new RunAs()
+ {
+ public <T> T getIdentity()
+ {
+ return (T) getName();
+ }
+ public <T> T getProof()
+ {
+ return null;
+ }
+
+ public String getName()
+ {
+ return "anil";
+ }};
+
+ sc.setIncomingRunAs(ras);
+ SecurityContextAssociation.setSecurityContext(sc);
+ assertEquals("CallerPrincipal=anil",p,SecurityAssociation.getCallerPrincipal());
+ }
+
+ public void testSetPrincipal()
+ {
+ assertNull("Principal is null", SecurityAssociation.getPrincipal());
+ Principal p = new SimplePrincipal("anil");
+ SecurityAssociation.setPrincipal(p);
+ assertEquals("Principal=anil",p, SecurityAssociation.getPrincipal());
+
+ //Check the SecurityContext also
+ SecurityContext sc = getSecurityContext();
+ assertEquals("Principal=anil","anil", sc.getUtil().getUserPrincipal().getName());
+ }
+
+ public void testSetCredential()
+ {
+ Object cred = new String("pass");
+ assertNull("Credential is null", SecurityAssociation.getCredential());
+ SecurityAssociation.setCredential(cred);
+ assertEquals("Credential=pass",cred, SecurityAssociation.getCredential());
+
+ //Check the SecurityContext also
+ SecurityContext sc = getSecurityContext();
+ assertEquals("cred=pass",cred, sc.getUtil().getCredential());
+ }
+
+ public void testPushPopRunAsIdentity()
+ {
+ assertNull("RunAsIdentity is null", SecurityAssociation.popRunAsIdentity());
+
+ RunAsIdentity rai = new RunAsIdentity("role", "anil");
+ SecurityAssociation.pushRunAsIdentity(rai);
+
+ //Check the security context
+ SecurityContext sc = getSecurityContext();
+ assertEquals("RAI = anil,role", rai, sc.getOutgoingRunAs());
+ assertEquals("RAI = anil,role", rai, SecurityAssociation.popRunAsIdentity());
+ assertNull("RAI is null", sc.getOutgoingRunAs());
+ }
+
private void checkSA()
{
SecurityAssociation.setPrincipal(new SimplePrincipal("Anil"));
More information about the jboss-cvs-commits
mailing list