[jboss-cvs] JBossAS SVN: r72464 - in projects/security/security-jboss-sx/trunk/jbosssx/src: main/org/jboss/security/plugins/javaee and 4 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Sat Apr 19 22:10:57 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-04-19 22:10:57 -0400 (Sat, 19 Apr 2008)
New Revision: 72464
Added:
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/javaee/
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/javaee/EJBAuthorizationHelper.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/javaee/WebAuthorizationHelper.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/web/TestWebAuthorizationModuleDelegate.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/helpers/
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/helpers/EJBAuthorizationHelperUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/helpers/SecurityHelpersFactoryUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/helpers/WebAuthorizationHelperUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/util/SecurityTestUtil.java
Log:
SECURITY-198: helper frmwk
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/javaee/EJBAuthorizationHelper.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/javaee/EJBAuthorizationHelper.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/javaee/EJBAuthorizationHelper.java 2008-04-20 02:10:57 UTC (rev 72464)
@@ -0,0 +1,189 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.plugins.javaee;
+
+import java.lang.reflect.Method;
+import java.security.CodeSource;
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Set;
+
+import javax.naming.InitialContext;
+import javax.security.auth.Subject;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.RunAs;
+import org.jboss.security.audit.AuditLevel;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.PolicyRegistration;
+import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.authorization.resources.EJBResource;
+import org.jboss.security.callbacks.SecurityContextCallbackHandler;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.javaee.AbstractEJBAuthorizationHelper;
+import org.jboss.security.javaee.SecurityRoleRef;
+
+
+/**
+ * Default implementation of the EJBAuthorizationHelper
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 18, 2008
+ * @version $Revision$
+ */
+public class EJBAuthorizationHelper extends AbstractEJBAuthorizationHelper
+{
+ protected static Logger log = Logger.getLogger(EJBAuthorizationHelper.class);
+
+ @Override
+ public boolean authorize(
+ String ejbName,
+ Method ejbMethod,
+ Principal ejbPrincipal,
+ String invocationInterfaceString,
+ CodeSource ejbCS,
+ Subject callerSubject,
+ RunAs callerRunAs,
+ String contextID,
+ RoleGroup methodRoles)
+ {
+ if(contextID == null)
+ throw new IllegalArgumentException("ContextID is null");
+
+ AuthorizationManager am = securityContext.getAuthorizationManager();
+
+ HashMap<String,Object> map = new HashMap<String,Object>();
+ try
+ {
+ if(this.policyRegistration == null)
+ this.policyRegistration = getPolicyRegistrationFromJNDI();
+ }
+ catch(Exception e)
+ {
+ log.error("Error getting Policy Registration",e);
+ }
+
+ map.put(ResourceKeys.POLICY_REGISTRATION, this.policyRegistration);
+
+ EJBResource ejbResource = new EJBResource(map);
+ ejbResource.setPolicyContextID(contextID);
+ ejbResource.setCallerRunAsIdentity(callerRunAs);
+ ejbResource.setEjbName(ejbName);
+ ejbResource.setEjbMethod(ejbMethod);
+ ejbResource.setPrincipal(ejbPrincipal);
+ ejbResource.setEjbMethodInterface(invocationInterfaceString);
+ ejbResource.setCodeSource(ejbCS);
+ ejbResource.setCallerRunAsIdentity(callerRunAs);
+ ejbResource.setCallerSubject(callerSubject);
+ ejbResource.setEjbMethodRoles(methodRoles);
+
+ SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
+ RoleGroup callerRoles = am.getSubjectRoles(callerSubject, sch);
+
+ boolean isAuthorized = false;
+ try
+ {
+ int check = am.authorize(ejbResource, callerSubject, callerRoles);
+ isAuthorized = (check == AuthorizationContext.PERMIT);
+ authorizationAudit((isAuthorized ? AuditLevel.SUCCESS : AuditLevel.FAILURE)
+ ,ejbResource, null);
+ }
+ catch (Exception e)
+ {
+ isAuthorized = false;
+ if(log.isTraceEnabled())
+ log.trace("Error in authorization:",e);
+ authorizationAudit(AuditLevel.ERROR,ejbResource,e);
+ }
+
+ return isAuthorized;
+ }
+
+ @Override
+ public boolean isCallerInRole(
+ String roleName,
+ String ejbName,
+ Principal ejbPrincipal,
+ Subject callerSubject,
+ String contextID,
+ Set<SecurityRoleRef> securityRoleRefs)
+ {
+ if(contextID == null)
+ throw new IllegalArgumentException("ContextID is null");
+
+ boolean isAuthorized = false;
+ AuthorizationManager am = securityContext.getAuthorizationManager();
+
+ if(am == null)
+ throw new IllegalStateException("AuthorizationManager is null");
+
+ HashMap<String,Object> map = new HashMap<String,Object>();
+
+ try
+ {
+ if(this.policyRegistration == null)
+ this.policyRegistration = getPolicyRegistrationFromJNDI();
+ }
+ catch(Exception e)
+ {
+ log.error("Error getting Policy Registration",e);
+ }
+
+ map.put(ResourceKeys.POLICY_REGISTRATION, this.policyRegistration);
+
+ map.put(ResourceKeys.ROLENAME, roleName);
+ map.put(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
+
+ EJBResource ejbResource = new EJBResource(map);
+ ejbResource.setPolicyContextID(contextID);
+
+ RunAs callerRunAs = securityContext.getIncomingRunAs();
+
+ ejbResource.setEjbName(ejbName);
+ ejbResource.setPrincipal(ejbPrincipal);
+ ejbResource.setCallerRunAsIdentity(callerRunAs);
+ ejbResource.setSecurityRoleReferences(securityRoleRefs);
+
+ ejbResource.setCallerSubject(callerSubject);
+ SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
+ RoleGroup callerRoles = am.getSubjectRoles(callerSubject, sch);
+
+ try
+ {
+ int check = am.authorize(ejbResource, callerSubject, callerRoles);
+ isAuthorized = (check == AuthorizationContext.PERMIT);
+ }
+ catch (Exception e)
+ {
+ isAuthorized = false;
+ if(log.isTraceEnabled())
+ log.trace(roleName + "::isCallerInRole check failed:"+e.getLocalizedMessage());
+ authorizationAudit(AuditLevel.ERROR,ejbResource,e);
+ }
+ return isAuthorized;
+ }
+
+ private PolicyRegistration getPolicyRegistrationFromJNDI() throws Exception
+ {
+ return (PolicyRegistration) (new InitialContext()).lookup("java:/policyRegistration");
+ }
+}
\ No newline at end of file
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/javaee/WebAuthorizationHelper.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/javaee/WebAuthorizationHelper.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/plugins/javaee/WebAuthorizationHelper.java 2008-04-20 02:10:57 UTC (rev 72464)
@@ -0,0 +1,195 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.plugins.javaee;
+
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.audit.AuditLevel;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.AuthorizationException;
+import org.jboss.security.authorization.ResourceKeys;
+import org.jboss.security.authorization.resources.WebResource;
+import org.jboss.security.callbacks.SecurityContextCallbackHandler;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.javaee.AbstractWebAuthorizationHelper;
+
+/**
+ * Web Authorization Helper Implementation
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 18, 2008
+ * @version $Revision$
+ */
+public class WebAuthorizationHelper
+extends AbstractWebAuthorizationHelper
+{
+ protected static Logger log = Logger.getLogger(WebAuthorizationHelper.class);
+
+ @Override
+ public boolean checkResourcePermission(
+ Map<String, Object> contextMap,
+ ServletRequest request,
+ ServletResponse response,
+ Subject callerSubject,
+ String contextID,
+ String canonicalRequestURI)
+ {
+ if(contextID == null)
+ throw new IllegalArgumentException("ContextID is null");
+
+ AuthorizationManager authzMgr = securityContext.getAuthorizationManager();
+
+ boolean isAuthorized = false;
+
+ WebResource webResource = new WebResource(Collections.unmodifiableMap(contextMap));
+ webResource.setPolicyContextID(contextID);
+ webResource.setServletRequest(request);
+ webResource.setServletResponse(response);
+ webResource.setCallerSubject(callerSubject);
+ webResource.setCanonicalRequestURI(canonicalRequestURI);
+
+ SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
+ RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);
+
+ try
+ {
+ int permit = authzMgr.authorize(webResource, callerSubject, callerRoles);
+ isAuthorized = (permit == AuthorizationContext.PERMIT);
+ String level = (permit == AuthorizationContext.PERMIT ? AuditLevel.SUCCESS : AuditLevel.FAILURE);
+ if(this.enableAudit)
+ this.authorizationAudit(level,webResource, null);
+ }
+ catch (AuthorizationException e)
+ {
+ isAuthorized = false;
+ if(log.isTraceEnabled())
+ log.trace("hasResourcePermission check failed:"+e.getLocalizedMessage());
+ if(this.enableAudit)
+ authorizationAudit(AuditLevel.ERROR,webResource,e);
+ }
+ return isAuthorized;
+ }
+
+ @Override
+ public boolean hasRole(
+ String roleName,
+ Principal principal,
+ String servletName,
+ Set<Principal> principalRoles,
+ String contextID,
+ Subject callerSubject)
+ {
+ if(contextID == null)
+ throw new IllegalArgumentException("ContextID is null");
+
+ AuthorizationManager authzMgr = securityContext.getAuthorizationManager();
+
+ if(callerSubject == null)
+ throw new IllegalArgumentException("callerSubject is null");
+ boolean hasTheRole = false;
+ Map<String,Object> map = new HashMap<String,Object>();
+ map.put(ResourceKeys.ROLENAME, roleName);
+ map.put(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
+ map.put(ResourceKeys.PRINCIPAL_ROLES, principalRoles);
+
+ map.put(ResourceKeys.POLICY_REGISTRATION, getPolicyRegistration());
+
+ WebResource webResource = new WebResource(Collections.unmodifiableMap(map));
+ webResource.setPolicyContextID(contextID);
+ webResource.setPrincipal(principal);
+ webResource.setServletName(servletName);
+
+ webResource.setCallerSubject(callerSubject);
+ SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
+ RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);
+
+ try
+ {
+ int permit = authzMgr.authorize(webResource, callerSubject, callerRoles);
+ hasTheRole = (permit == AuthorizationContext.PERMIT);
+ String level = (hasTheRole ? AuditLevel.SUCCESS : AuditLevel.FAILURE);
+ if(this.enableAudit)
+ this.authorizationAudit(level,webResource, null);
+ }
+ catch (AuthorizationException e)
+ {
+ hasTheRole = false;
+ if(log.isTraceEnabled())
+ log.trace("hasRole check failed:"+e.getLocalizedMessage());
+ if(this.enableAudit)
+ authorizationAudit(AuditLevel.ERROR,webResource,e);
+ }
+ return hasTheRole;
+ }
+
+ @Override
+ public boolean hasUserDataPermission(Map<String, Object> contextMap,
+ ServletRequest request,
+ ServletResponse response,
+ String contextID,
+ Subject callerSubject)
+ {
+ if(contextID == null)
+ throw new IllegalArgumentException("ContextID is null");
+
+ AuthorizationManager authzMgr = securityContext.getAuthorizationManager();
+
+ boolean hasPerm = false;
+ contextMap.put(ResourceKeys.POLICY_REGISTRATION, getPolicyRegistration());
+
+ WebResource webResource = new WebResource(Collections.unmodifiableMap(contextMap));
+ webResource.setPolicyContextID(contextID);
+ webResource.setServletRequest(request);
+ webResource.setServletResponse(response);
+
+ webResource.setCallerSubject(callerSubject);
+ SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
+ RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);
+
+ try
+ {
+ int permit = authzMgr.authorize(webResource, callerSubject, callerRoles);
+ hasPerm = (permit == AuthorizationContext.PERMIT);
+ String level = (hasPerm ? AuditLevel.SUCCESS : AuditLevel.FAILURE);
+ if(this.enableAudit)
+ this.authorizationAudit(level,webResource, null);
+ }
+ catch (AuthorizationException e)
+ {
+ hasPerm = false;
+ if(log.isTraceEnabled())
+ log.trace("hasRole check failed:"+e.getLocalizedMessage());
+ if(this.enableAudit)
+ authorizationAudit(AuditLevel.ERROR,webResource,e);
+ }
+ return hasPerm;
+ }
+}
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/web/TestWebAuthorizationModuleDelegate.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/web/TestWebAuthorizationModuleDelegate.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authorization/web/TestWebAuthorizationModuleDelegate.java 2008-04-20 02:10:57 UTC (rev 72464)
@@ -0,0 +1,56 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authorization.web;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
+import org.jboss.security.authorization.resources.WebResource;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+
+/**
+ * Simple Test AuthorizationDelegate that uses the system property
+ * uri=role
+ * @author asaldhana
+ */
+public class TestWebAuthorizationModuleDelegate extends AuthorizationModuleDelegate
+{
+ public TestWebAuthorizationModuleDelegate()
+ {
+ }
+
+ @Override
+ public int authorize(Resource resource, Subject subject, RoleGroup role)
+ {
+ WebResource webResource = (WebResource) resource;
+ String requestURI = webResource.getCanonicalRequestURI();
+
+ String roleName = System.getProperty(requestURI);
+ if( role.containsRole(new SimpleRole(roleName)))
+ return AuthorizationContext.PERMIT;
+
+ return AuthorizationContext.DENY;
+ }
+}
\ No newline at end of file
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/helpers/EJBAuthorizationHelperUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/helpers/EJBAuthorizationHelperUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/helpers/EJBAuthorizationHelperUnitTestCase.java 2008-04-20 02:10:57 UTC (rev 72464)
@@ -0,0 +1,121 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.helpers;
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.plugins.JBossPolicyRegistration;
+import org.jboss.security.plugins.JBossSecurityContext;
+import org.jboss.security.plugins.javaee.EJBAuthorizationHelper;
+import org.jboss.test.util.SecurityTestUtil;
+
+/**
+ * Unit Test the EJBAuthorizationHelper
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 18, 2008
+ * @version $Revision$
+ */
+public class EJBAuthorizationHelperUnitTestCase extends TestCase
+{
+ private SecurityContext sc;
+ private EJBAuthorizationHelper eah;
+ private RoleGroup methodRoleGroup;
+
+ protected void setUp() throws Exception
+ {
+ sc = new JBossSecurityContext("test");
+ eah = new EJBAuthorizationHelper();
+ eah.setSecurityContext(sc);
+ eah.setPolicyRegistration(new JBossPolicyRegistration());
+ methodRoleGroup = SecurityTestUtil.getRoleGroup(new String[]{"roleA", "roleC"});
+
+ ApplicationPolicy ap = SecurityTestUtil.getApplicationPolicy("test", null);
+ SecurityTestUtil.setUpRegularConfiguration(ap);
+ }
+
+ public void testValidAuthorization() throws Exception
+ {
+ Principal ejbPrincipal = new SimplePrincipal("AuthenticatedPrincipal");
+ Subject callerSubject = new Subject();
+ callerSubject.getPrincipals().add(ejbPrincipal);
+
+ RoleGroup roleGroup = SecurityTestUtil.getRoleGroup(new String[]{"roleA", "roleC"});
+
+ //Add good roles to the context
+ sc.getUtil().setRoles(roleGroup);
+
+ boolean result = eah.authorize("TestEJB",
+ DummyClass.class.getMethod("someMethod", new Class[0]),
+ ejbPrincipal,
+ "void someMethod",
+ null,
+ callerSubject,
+ null,
+ "ejb.jar",
+ methodRoleGroup);
+
+ assertTrue("Authz", result);
+ }
+
+ public void testInvalidAuthorization() throws Exception
+ {
+ Principal ejbPrincipal = new SimplePrincipal("AuthenticatedPrincipal");
+ Subject callerSubject = new Subject();
+ callerSubject.getPrincipals().add(ejbPrincipal);
+
+ RoleGroup roleGroup = SecurityTestUtil.getRoleGroup(new String[]{"villain"});
+
+ //Add good roles to the context
+ sc.getUtil().setRoles(roleGroup);
+
+ boolean result = eah.authorize("TestEJB",
+ DummyClass.class.getMethod("someMethod", new Class[0]),
+ ejbPrincipal,
+ "void someMethod",
+ null,
+ callerSubject,
+ null,
+ "ejb.jar",
+ methodRoleGroup);
+
+ assertFalse("InvalidAuthz", result);
+ }
+
+ /**
+ * Dummy Class just to get a Method instance
+ * by calling DummyClass.class.getMethod()
+ * @author asaldhana
+ *
+ */
+ public class DummyClass
+ {
+ public void someMethod(){}
+ }
+}
\ No newline at end of file
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/helpers/SecurityHelpersFactoryUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/helpers/SecurityHelpersFactoryUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/helpers/SecurityHelpersFactoryUnitTestCase.java 2008-04-20 02:10:57 UTC (rev 72464)
@@ -0,0 +1,62 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.helpers;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.javaee.EJBAuthenticationHelper;
+import org.jboss.security.javaee.SecurityHelperFactory;
+import org.jboss.security.plugins.JBossSecurityContext;
+import org.jboss.security.plugins.javaee.EJBAuthorizationHelper;
+import org.jboss.security.plugins.javaee.WebAuthorizationHelper;
+
+/**
+ * Unit tests for the security helper factory
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 18, 2008
+ * @version $Revision$
+ */
+public class SecurityHelpersFactoryUnitTestCase extends TestCase
+{
+ private SecurityContext sc = new JBossSecurityContext("test");
+
+ public void testEJBAuthenticationHelper()
+ {
+ EJBAuthenticationHelper eah = SecurityHelperFactory.getEJBAuthenticationHelper(sc);
+ assertNotNull("auth helper",eah);
+ }
+
+ public void testEJBAuthorizationHelper() throws Exception
+ {
+ Object obj = SecurityHelperFactory.getEJBAuthorizationHelper(sc);
+ assertNotNull("ejb authz", obj);
+ assertTrue(obj instanceof EJBAuthorizationHelper);
+ }
+
+ public void testWebAuthorizationHelper() throws Exception
+ {
+ Object obj = SecurityHelperFactory.getWebAuthorizationHelper(sc);
+ assertNotNull("web authz", obj);
+ assertTrue(obj instanceof WebAuthorizationHelper);
+ }
+}
\ No newline at end of file
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/helpers/WebAuthorizationHelperUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/helpers/WebAuthorizationHelperUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/security/helpers/WebAuthorizationHelperUnitTestCase.java 2008-04-20 02:10:57 UTC (rev 72464)
@@ -0,0 +1,113 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.helpers;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.servlet.http.HttpServletRequest;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.plugins.JBossPolicyRegistration;
+import org.jboss.security.plugins.JBossSecurityContext;
+import org.jboss.security.plugins.javaee.WebAuthorizationHelper;
+import org.jboss.test.util.SecurityTestUtil;
+import org.jboss.test.util.TestHttpServletRequest;
+
+/**
+ * Unit Tests for the Web Authorization Helper
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 18, 2008
+ * @version $Revision$
+ */
+public class WebAuthorizationHelperUnitTestCase extends TestCase
+{
+ private SecurityContext sc;
+ private WebAuthorizationHelper wah;
+
+ protected void setUp() throws Exception
+ {
+ sc = new JBossSecurityContext("test");
+ wah = new WebAuthorizationHelper();
+ wah.setSecurityContext(sc);
+ wah.setPolicyRegistration(new JBossPolicyRegistration());
+
+ Map<String,Object> moduleOptions = SecurityTestUtil.getWebDelegateOptions();
+ ApplicationPolicy ap = SecurityTestUtil.getApplicationPolicy("test", moduleOptions);
+ SecurityTestUtil.setUpRegularConfiguration(ap);
+
+ //Mainly for the TestWebAuthorizationModuleDelegate
+ System.setProperty("/someuri", "roleA");
+ }
+
+ public void testValidWebAuthorization() throws Exception
+ {
+ //Create a ContextMap
+ Map<String,Object> contextMap = new HashMap<String,Object>();
+
+ HttpServletRequest request = new TestHttpServletRequest(new SimplePrincipal("someprincipal"),
+ "/someuri", "GET");
+
+ RoleGroup roleGroup = SecurityTestUtil.getRoleGroup(new String[]{"roleA", "roleC"});
+
+ //Add good roles to the context
+ sc.getUtil().setRoles(roleGroup);
+
+ boolean result = wah.checkResourcePermission(contextMap,
+ request,
+ null,
+ new Subject(),
+ "web.jar",
+ "/someuri");
+
+ assertTrue("Web Authz", result);
+ }
+
+ public void testInvalidWebAuthorization() throws Exception
+ {
+ //Create a ContextMap
+ Map<String,Object> contextMap = new HashMap<String,Object>();
+
+ HttpServletRequest request = new TestHttpServletRequest(new SimplePrincipal("someprincipal"),
+ "/someuri", "GET");
+
+ RoleGroup roleGroup = SecurityTestUtil.getRoleGroup(new String[]{"Villain"});
+
+ //Add good roles to the context
+ sc.getUtil().setRoles(roleGroup);
+
+ boolean result = wah.checkResourcePermission(contextMap,
+ request,
+ null,
+ new Subject(),
+ "web.jar",
+ "/someuri");
+
+ assertFalse("Invalid Web Authz", result);
+ }
+}
\ No newline at end of file
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/util/SecurityTestUtil.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/util/SecurityTestUtil.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/util/SecurityTestUtil.java 2008-04-20 02:10:57 UTC (rev 72464)
@@ -0,0 +1,101 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.util;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.authorization.ResourceType;
+import org.jboss.security.authorization.config.AuthorizationModuleEntry;
+import org.jboss.security.authorization.modules.DelegatingAuthorizationModule;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.AuthorizationInfo;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
+import org.jboss.test.authorization.web.TestWebAuthorizationModuleDelegate;
+
+/**
+ * Util Class
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 18, 2008
+ * @version $Revision$
+ */
+public class SecurityTestUtil
+{
+ public static RoleGroup getRoleGroup(String[] roles)
+ {
+ SimpleRoleGroup srg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+
+ List<Role> roleList = srg.getRoles();
+
+ for(String role:roles)
+ {
+ roleList.add(new SimpleRole(role));
+ }
+ return srg;
+ }
+
+ public static RoleGroup getRoleGroup(String rolename)
+ {
+ SimpleRoleGroup srg = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+ srg.getRoles().add(new SimpleRole(rolename));
+ return srg;
+ }
+
+ public static ApplicationPolicy getApplicationPolicy(String domain,
+ Map<String,Object> moduleOptions)
+ {
+ AuthorizationInfo ai = new AuthorizationInfo(domain);
+ String moduleName = DelegatingAuthorizationModule.class.getName();
+ AuthorizationModuleEntry ame;
+
+ if(moduleOptions != null)
+ ame = new AuthorizationModuleEntry(moduleName, moduleOptions);
+ else
+ ame = new AuthorizationModuleEntry(moduleName);
+
+ ai.add(ame);
+ ApplicationPolicy ap = new ApplicationPolicy(domain);
+ ap.setAuthorizationInfo(ai);
+ return ap;
+ }
+
+ public static Map<String,Object> getWebDelegateOptions()
+ {
+ Map<String,Object> options = new HashMap<String,Object>();
+ options.put("delegateMap",
+ ResourceType.WEB.toString()
+ + "="
+ + TestWebAuthorizationModuleDelegate.class.getName());
+ return options;
+ }
+
+ public static void setUpRegularConfiguration(ApplicationPolicy ap) throws Exception
+ {
+ SecurityConfiguration.addApplicationPolicy(ap);
+ }
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list