[jboss-cvs] JBossAS SVN: r72496 - in projects/security/security-jboss-sx/trunk/jbosssx/src: tests/org/jboss/test/authentication and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Apr 21 12:34:28 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-04-21 12:34:28 -0400 (Mon, 21 Apr 2008)
New Revision: 72496
Added:
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaas/
projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaas/LoginModulesUnitTestCase.java
Modified:
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/ClientLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java
Log:
SECURITY-199: client login module client side usage
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/ClientLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/ClientLoginModule.java 2008-04-21 16:10:34 UTC (rev 72495)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/ClientLoginModule.java 2008-04-21 16:34:28 UTC (rev 72496)
@@ -231,15 +231,7 @@
//Cache the existing security context
this.cachedSecurityContext = SecurityAssociationActions.getSecurityContext();
- SecurityAssociationActions.pushSecurityContext(loginPrincipal,
- loginCredential, subject, "CLIENT_LOGIN_MODULE");
-
- // Set the login principal and credential and subject
- if(!this.serverMode)
- SecurityAssociationActions.setLegacySecurityAssociationSubjectContext(loginPrincipal,
- loginCredential, subject);
-
- //SecurityAssociationActions.setPrincipalInfo(loginPrincipal, loginCredential, subject);
+ SecurityAssociationActions.setPrincipalInfo(loginPrincipal, loginCredential, subject);
// Add the login principal to the subject if is not there
Set<Principal> principals = subject.getPrincipals();
@@ -257,13 +249,13 @@
log.trace("abort");
if( restoreLoginIdentity == true )
{
- //SecurityAssociationActions.popPrincipalInfo();
+ SecurityAssociationActions.popPrincipalInfo();
SecurityAssociationActions.setSecurityContext(this.cachedSecurityContext);
}
else
{
// Clear the entire security association stack
- //SecurityAssociationActions.clear();
+ SecurityAssociationActions.clear();
SecurityAssociationActions.setSecurityContext(null);
}
@@ -276,13 +268,13 @@
log.trace("logout");
if( restoreLoginIdentity == true )
{
- //SecurityAssociationActions.popPrincipalInfo();
+ SecurityAssociationActions.popPrincipalInfo();
SecurityAssociationActions.setSecurityContext(this.cachedSecurityContext);
}
else
{
// Clear the entire security association stack
- //SecurityAssociationActions.clear();
+ SecurityAssociationActions.clear();
SecurityAssociationActions.setSecurityContext(null);
}
Set<Principal> principals = subject.getPrincipals();
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java 2008-04-21 16:10:34 UTC (rev 72495)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/SecurityAssociationActions.java 2008-04-21 16:34:28 UTC (rev 72496)
@@ -50,21 +50,26 @@
}
public Object run()
{
- //SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ //Client Side usage
+ if(!getServer())
+ {
+ SecurityAssociation.pushSubjectContext(subject, principal, credential);
+ }
SecurityContext sc = SecurityContextAssociation.getSecurityContext();
if(sc == null)
{
try
{
sc = SecurityContextFactory.createSecurityContext(principal,
- credential, subject, "CLIENT_PROXY");
+ credential, subject, "CLIENT_LOGIN_MODULE");
}
catch (Exception e)
{
throw new RuntimeException(e);
}
}
- SecurityContextAssociation.setSecurityContext(sc);
+ setSecurityContext(sc);
+
credential = null;
principal = null;
subject = null;
@@ -75,8 +80,8 @@
{
public Object run()
{
- //SecurityAssociation.popSubjectContext();
- SecurityContextAssociation.clearSecurityContext();
+ if(!getServer())
+ SecurityAssociation.popSubjectContext();
return null;
}
}
@@ -94,8 +99,8 @@
static PrivilegedAction ACTION = new ClearAction();
public Object run()
{
- SecurityAssociation.clear();
- SecurityContextAssociation.clearSecurityContext();
+ if(!getServer())
+ SecurityAssociation.clear();
return null;
}
}
@@ -167,7 +172,12 @@
{
throw new RuntimeException(e);
}
- SecurityContextAssociation.setSecurityContext(sc);
+ setSecurityContext(sc);
+ //For Client Side legacy usage
+ if(getServer() == Boolean.FALSE)
+ {
+ SecurityAssociation.pushSubjectContext(subject, p, cred);
+ }
return null;
}
});
@@ -183,6 +193,18 @@
PopPrincipalInfoAction action = new PopPrincipalInfoAction();
AccessController.doPrivileged(action);
}
+
+ static Boolean getServer()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Boolean>()
+ {
+ public Boolean run()
+ {
+ return SecurityAssociation.isServer();
+ }
+ });
+ }
+
static void setServer()
{
AccessController.doPrivileged(SetServerAction.ACTION);
@@ -206,19 +228,6 @@
Object credential = AccessController.doPrivileged(GetCredentialAction.ACTION);
return credential;
}
-
- static void setLegacySecurityAssociationSubjectContext(final Principal principal,
- final Object credential, final Subject subject)
- {
- AccessController.doPrivileged(new PrivilegedAction<Object>()
- {
- public Object run()
- {
- SecurityAssociation.pushSubjectContext(subject, principal, credential);
- return null;
- }
- });
- }
static SecurityContext createSecurityContext(final String securityDomain)
throws PrivilegedActionException
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaas/LoginModulesUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaas/LoginModulesUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/tests/org/jboss/test/authentication/jaas/LoginModulesUnitTestCase.java 2008-04-21 16:34:28 UTC (rev 72496)
@@ -0,0 +1,355 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authentication.jaas;
+
+import java.lang.reflect.Method;
+import java.security.MessageDigest;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.HashMap;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import junit.framework.TestCase;
+
+import org.jboss.crypto.CryptoUtil;
+import org.jboss.logging.Logger;
+import org.jboss.security.SecurityAssociation;
+import org.jboss.security.SimpleGroup;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.auth.callback.UsernamePasswordHandler;
+import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
+
+/** Tests of the LoginModule classes.
+ *
+ * ANIL: Not all the login modules are tested here. There is a larger
+ * test case in AS trunk that tests most of the LMs
+ * @author Scott.Stark at jboss.org
+ * @version $Revision$
+ */
+public class LoginModulesUnitTestCase extends TestCase
+{
+
+ private static Logger log = Logger.getLogger(LoginModulesUnitTestCase.class);
+
+ /** Hard coded login configurations for the test cases. The configuration
+ name corresponds to the unit test function that uses the configuration.
+ */
+ static class TestConfig extends Configuration
+ {
+ public void refresh()
+ {
+ }
+
+ public AppConfigurationEntry[] getAppConfigurationEntry(String name)
+ {
+ AppConfigurationEntry[] entry = null;
+ try
+ {
+ Class[] parameterTypes = {};
+ Method m = getClass().getDeclaredMethod(name, parameterTypes);
+ Object[] args = {};
+ entry = (AppConfigurationEntry[]) m.invoke(this, args);
+ }
+ catch(Exception e)
+ {
+ }
+ return entry;
+ }
+
+ AppConfigurationEntry[] testClientLogin()
+ {
+ String name = "org.jboss.security.ClientLoginModule";
+ HashMap options = new HashMap();
+ options.put("restore-login-identity", "true");
+ AppConfigurationEntry ace = new AppConfigurationEntry(name,
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
+ AppConfigurationEntry[] entry = {ace};
+ return entry;
+ }
+
+ AppConfigurationEntry[] testIdentity()
+ {
+ String name = "org.jboss.security.auth.spi.IdentityLoginModule";
+ HashMap options = new HashMap();
+ options.put("principal", "stark");
+ options.put("roles", "Role3,Role4");
+ AppConfigurationEntry ace = new AppConfigurationEntry(name,
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
+ AppConfigurationEntry[] entry = {ace};
+ return entry;
+ }
+
+ AppConfigurationEntry[] testSimple()
+ {
+ String name = "org.jboss.security.auth.spi.SimpleServerLoginModule";
+ AppConfigurationEntry ace = new AppConfigurationEntry(name,
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap());
+ AppConfigurationEntry[] entry = {ace};
+ return entry;
+ }
+ AppConfigurationEntry[] testUsernamePassword()
+ {
+ return other();
+ }
+ AppConfigurationEntry[] testAnon()
+ {
+ String name = "org.jboss.security.auth.spi.AnonLoginModule";
+ HashMap options = new HashMap();
+ options.put("unauthenticatedIdentity", "nobody");
+ AppConfigurationEntry ace = new AppConfigurationEntry(name,
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
+ AppConfigurationEntry[] entry = {ace};
+ return entry;
+ }
+ AppConfigurationEntry[] testNull()
+ {
+ String name = "org.jboss.security.auth.spi.AnonLoginModule";
+ HashMap options = new HashMap();
+ AppConfigurationEntry ace = new AppConfigurationEntry(name,
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
+ AppConfigurationEntry[] entry = {ace};
+ return entry;
+ }
+ AppConfigurationEntry[] testUsersRoles()
+ {
+ String name = "org.jboss.security.auth.spi.UsersRolesLoginModule";
+ HashMap options = new HashMap();
+ options.put("usersProperties", "security/users.properties");
+ options.put("rolesProperties", "security/roles.properties");
+ AppConfigurationEntry ace = new AppConfigurationEntry(name,
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
+ AppConfigurationEntry[] entry = {ace};
+ return entry;
+ }
+
+ AppConfigurationEntry[] other()
+ {
+ AppConfigurationEntry ace = new AppConfigurationEntry(TestLoginModule.class.getName(),
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap());
+ AppConfigurationEntry[] entry = {ace};
+ return entry;
+ }
+ }
+
+ public static class TestLoginModule extends UsernamePasswordLoginModule
+ {
+ protected Group[] getRoleSets()
+ {
+ SimpleGroup roles = new SimpleGroup("Roles");
+ Group[] roleSets = {roles};
+ roles.addMember(new SimplePrincipal("TestRole"));
+ roles.addMember(new SimplePrincipal("Role2"));
+ return roleSets;
+ }
+ /** This represents the 'true' password
+ */
+ protected String getUsersPassword()
+ {
+ return "secret";
+ }
+ }
+ public static class HashTestLoginModule extends TestLoginModule
+ {
+ /** This represents the 'true' password in its hashed form
+ */
+ protected String getUsersPassword()
+ {
+ MessageDigest md = null;
+ try
+ {
+ md = MessageDigest.getInstance("MD5");
+ }
+ catch(Exception e)
+ {
+ e.printStackTrace();
+ }
+ byte[] passwordBytes = "secret".getBytes();
+ byte[] hash = md.digest(passwordBytes);
+ String passwordHash = CryptoUtil.encodeBase64(hash);
+ return passwordHash;
+ }
+ }
+ public static class HashTestDigestCallbackLoginModule extends TestLoginModule
+ {
+ /** This represents the 'true' password in its hashed form
+ */
+ protected String getUsersPassword()
+ {
+ MessageDigest md = null;
+ try
+ {
+ md = MessageDigest.getInstance("MD5");
+ }
+ catch(Exception e)
+ {
+ e.printStackTrace();
+ }
+ byte[] passwordBytes = "secret".getBytes();
+ md.update("pre".getBytes());
+ md.update(passwordBytes);
+ md.update("post".getBytes());
+ byte[] hash = md.digest();
+ String passwordHash = CryptoUtil.encodeBase64(hash);
+ return passwordHash;
+ }
+ }
+
+ public LoginModulesUnitTestCase(String testName)
+ {
+ super(testName);
+ }
+
+ protected void setUp() throws Exception
+ {
+ // Install the custom JAAS configuration
+ Configuration.setConfiguration(new TestConfig());
+ super.setUp();
+ }
+
+ public void testClientLogin() throws Exception
+ {
+ log.info("testClientLogin");
+ UsernamePasswordHandler handler = new UsernamePasswordHandler("scott", "secret".toCharArray());
+ LoginContext lc = new LoginContext("testClientLogin", handler);
+ lc.login();
+ Subject subject = lc.getSubject();
+ Principal scott = new SimplePrincipal("scott");
+ assertTrue("Principals contains scott", subject.getPrincipals().contains(scott));
+ Principal saPrincipal = SecurityAssociation.getPrincipal();
+ assertTrue("SecurityAssociation.getPrincipal == scott", saPrincipal.equals(scott));
+
+ UsernamePasswordHandler handler2 = new UsernamePasswordHandler("scott2", "secret2".toCharArray());
+ LoginContext lc2 = new LoginContext("testClientLogin", handler2);
+ lc2.login();
+ Principal scott2 = new SimplePrincipal("scott2");
+ saPrincipal = SecurityAssociation.getPrincipal();
+ assertTrue("SecurityAssociation.getPrincipal == scott2", saPrincipal.equals(scott2));
+ lc2.logout();
+ saPrincipal = SecurityAssociation.getPrincipal();
+ assertTrue("SecurityAssociation.getPrincipal == scott", saPrincipal.equals(scott));
+
+ lc.logout();
+ }
+
+ public void testUsernamePassword() throws Exception
+ {
+ log.info("testUsernamePassword");
+ UsernamePasswordHandler handler = new UsernamePasswordHandler("scott", "secret".toCharArray());
+ LoginContext lc = new LoginContext("testUsernamePassword", handler);
+ lc.login();
+ Subject subject = lc.getSubject();
+ Set groups = subject.getPrincipals(Group.class);
+ assertTrue("Principals contains scott", subject.getPrincipals().contains(new SimplePrincipal("scott")));
+ assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles")));
+ Group roles = (Group) groups.iterator().next();
+ assertTrue("TestRole is a role", roles.isMember(new SimplePrincipal("TestRole")));
+ assertTrue("Role2 is a role", roles.isMember(new SimplePrincipal("Role2")));
+
+ lc.logout();
+ }
+ public void testUsernamePasswordHash() throws Exception
+ {
+ log.info("testUsernamePasswordHash");
+ UsernamePasswordHandler handler = new UsernamePasswordHandler("scott", "secret".toCharArray());
+ LoginContext lc = new LoginContext("testUsernamePasswordHash", handler);
+ lc.login();
+ Subject subject = lc.getSubject();
+ Set groups = subject.getPrincipals(Group.class);
+ assertTrue("Principals contains scott", subject.getPrincipals().contains(new SimplePrincipal("scott")));
+ assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles")));
+ Group roles = (Group) groups.iterator().next();
+ assertTrue("TestRole is a role", roles.isMember(new SimplePrincipal("TestRole")));
+ assertTrue("Role2 is a role", roles.isMember(new SimplePrincipal("Role2")));
+
+ lc.logout();
+ }
+
+ public void testAnon() throws Exception
+ {
+ log.info("testAnon");
+ UsernamePasswordHandler handler = new UsernamePasswordHandler(null, null);
+ LoginContext lc = new LoginContext("testAnon", handler);
+ lc.login();
+ Subject subject = lc.getSubject();
+ Set groups = subject.getPrincipals(Group.class);
+ assertTrue("Principals contains nobody", subject.getPrincipals().contains(new SimplePrincipal("nobody")));
+ assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles")));
+ Group roles = (Group) groups.iterator().next();
+ assertTrue("Roles has no members", roles.members().hasMoreElements() == false);
+
+ lc.logout();
+ }
+ public void testNull() throws Exception
+ {
+ log.info("testNull");
+ UsernamePasswordHandler handler = new UsernamePasswordHandler(null, null);
+ LoginContext lc = new LoginContext("testNull", handler);
+ try
+ {
+ lc.login();
+ fail("Should not be able to login as null, null");
+ }
+ catch(LoginException e)
+ {
+ // Ok
+ }
+ }
+
+ public void testIdentity() throws Exception
+ {
+ log.info("testIdentity");
+ LoginContext lc = new LoginContext("testIdentity");
+ lc.login();
+ Subject subject = lc.getSubject();
+ Set groups = subject.getPrincipals(Group.class);
+ assertTrue("Principals contains stark", subject.getPrincipals().contains(new SimplePrincipal("stark")));
+ assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles")));
+ Group roles = (Group) groups.iterator().next();
+ assertTrue("Role2 is not a role", roles.isMember(new SimplePrincipal("Role2")) == false);
+ assertTrue("Role3 is a role", roles.isMember(new SimplePrincipal("Role3")));
+ assertTrue("Role4 is a role", roles.isMember(new SimplePrincipal("Role4")));
+
+ lc.logout();
+ }
+ public void testSimple() throws Exception
+ {
+ log.info("testSimple");
+ UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke", "jduke".toCharArray());
+ LoginContext lc = new LoginContext("testSimple", handler);
+ lc.login();
+ Subject subject = lc.getSubject();
+ Set groups = subject.getPrincipals(Group.class);
+ assertTrue("Principals contains jduke", subject.getPrincipals().contains(new SimplePrincipal("jduke")));
+ assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles")));
+ Group roles = (Group) groups.iterator().next();
+ assertTrue("user is a role", roles.isMember(new SimplePrincipal("user")));
+ assertTrue("guest is a role", roles.isMember(new SimplePrincipal("guest")));
+
+ lc.logout();
+ }
+}
More information about the jboss-cvs-commits
mailing list