[jboss-cvs] JBossAS SVN: r81748 - in trunk: security/src/main/org/jboss/security/plugins and 3 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Nov 27 19:22:21 EST 2008
Author: sguilhen at redhat.com
Date: 2008-11-27 19:22:21 -0500 (Thu, 27 Nov 2008)
New Revision: 81748
Added:
trunk/testsuite/src/resources/profileservice/security/
trunk/testsuite/src/resources/profileservice/security/testdomains-jboss-beans.xml
Modified:
trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
trunk/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java
trunk/testsuite/src/main/org/jboss/test/profileservice/test/SecurityManagedObjectsTestCase.java
Log:
JBAS-5989: Added management annotations to JNDIBasedSecurityManagement and to JaasSecurityDomain, updating the SecurityManagedObjectsTestCase accordingly.
Modified: trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java 2008-11-27 23:40:15 UTC (rev 81747)
+++ trunk/security/src/main/org/jboss/security/integration/JNDIBasedSecurityManagement.java 2008-11-28 00:22:21 UTC (rev 81748)
@@ -31,6 +31,13 @@
import javax.security.auth.callback.CallbackHandler;
import org.jboss.logging.Logger;
+import org.jboss.managed.api.annotation.ManagementComponent;
+import org.jboss.managed.api.annotation.ManagementObject;
+import org.jboss.managed.api.annotation.ManagementOperation;
+import org.jboss.managed.api.annotation.ManagementParameter;
+import org.jboss.managed.api.annotation.ManagementProperties;
+import org.jboss.managed.api.annotation.ManagementProperty;
+import org.jboss.managed.api.annotation.ViewUse;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.ISecurityManagement;
@@ -51,6 +58,8 @@
* @since Sep 9, 2007
* @version $Revision$
*/
+ at ManagementObject(name="JNDIBasedSecurityManagement", componentType = @ManagementComponent(type = "MCBean", subtype = "Security"),
+ properties = ManagementProperties.EXPLICIT)
public class JNDIBasedSecurityManagement implements ISecurityManagement
{
private static final long serialVersionUID = 1L;
@@ -92,6 +101,8 @@
initializeMaps();
}
+ @ManagementOperation(description = "Get the audit manager for the specified security domain",
+ params = {@ManagementParameter(name = "securityDomain", description = "The security domain name")})
public AuditManager getAuditManager(String securityDomain)
{
initializeMaps();
@@ -115,6 +126,8 @@
return auditManager;
}
+ @ManagementOperation(description = "Get the authentication manager for the specified security domain",
+ params = {@ManagementParameter(name = "securityDomain", description = "The security domain name")})
public AuthenticationManager getAuthenticationManager(String securityDomain)
{
initializeMaps();
@@ -136,6 +149,8 @@
return am;
}
+ @ManagementOperation(description = "Get the authorization manager for the specified security domain",
+ params = {@ManagementParameter(name = "securityDomain", description = "The security domain name")})
public AuthorizationManager getAuthorizationManager(String securityDomain)
{
initializeMaps();
@@ -156,6 +171,8 @@
return am;
}
+ @ManagementOperation(description = "Get the identity trust manager for the specified security domain",
+ params = {@ManagementParameter(name = "securityDomain", description = "The security domain name")})
public IdentityTrustManager getIdentityTrustManager(String securityDomain)
{
initializeMaps();
@@ -179,6 +196,8 @@
return am;
}
+ @ManagementOperation(description = "Get the mapping manager for the specified security domain",
+ params = {@ManagementParameter(name = "securityDomain", description = "The security domain name")})
public MappingManager getMappingManager(String securityDomain)
{
initializeMaps();
@@ -199,36 +218,36 @@
return am;
}
+ @ManagementProperty(use = {ViewUse.CONFIGURATION},
+ description = "The class that implements the AuthenticationManager interface")
public void setAuthenticationMgrClass(String authenticationMgrClass)
{
this.authenticationMgrClass = authenticationMgrClass;
}
+ @ManagementProperty(use = {ViewUse.CONFIGURATION},
+ description = "The class that implements the AuthorizationManager interface")
public void setAuthorizationMgrClass(String authorizationMgrClass)
{
this.authorizationMgrClass = authorizationMgrClass;
}
+ @ManagementProperty(use = {ViewUse.CONFIGURATION},
+ description = "The class that implements the AuditManager interface")
public void setAuditMgrClass(String auditMgrClass)
{
this.auditMgrClass = auditMgrClass;
}
- public void setEnableAudit(boolean enableAudit)
- {
- this.enableAudit = enableAudit;
- }
-
- public void setEnableIdentity(boolean enableIdentity)
- {
- this.enableIdentity = enableIdentity;
- }
-
+ @ManagementProperty(use = {ViewUse.CONFIGURATION},
+ description = "The class that implements the IdentityTrustManager interface")
public void setIdentityTrustMgrClass(String identityTrustMgrClass)
{
this.identityTrustMgrClass = identityTrustMgrClass;
}
+ @ManagementProperty(use = {ViewUse.CONFIGURATION},
+ description = "The class that implements the MappingManager interface")
public void setMappingMgrClass(String mappingMgrClass)
{
this.mappingMgrClass = mappingMgrClass;
@@ -239,6 +258,21 @@
this.callBackHandler = callBackHandler;
}
+ public void setEnableAudit(boolean enableAudit)
+ {
+ this.enableAudit = enableAudit;
+ }
+
+ public void setEnableIdentity(boolean enableIdentity)
+ {
+ this.enableIdentity = enableIdentity;
+ }
+
+ public void setCachePolicy(CachePolicy cp)
+ {
+ this.cachePolicy = cp;
+ }
+
public void setBaseContext(String ctx)
{
if(ctx == null)
@@ -246,11 +280,6 @@
this.BASE_CTX = ctx;
}
- public void setCachePolicy(CachePolicy cp)
- {
- this.cachePolicy = cp;
- }
-
/** Set the indicated security domain cache timeout. This only has an
effect if the security domain is using the default jboss TimedCachePolicy
implementation.
@@ -305,10 +334,12 @@
SecurityConstantsBridge.defaultCacheResolution = defaultCacheResolution;
}
- public SecurityDomainContext createSecurityDomainContext(String domain) throws Exception
+ @ManagementOperation(description = "Create the context for the specified security domain",
+ params = {@ManagementParameter(name = "securityDomain", description = "The security domain name")})
+ public SecurityDomainContext createSecurityDomainContext(String securityDomain) throws Exception
{
- log.debug("Creating SDC for domain="+domain);
- AuthenticationManager am = createAuthenticationManager(domain);
+ log.debug("Creating SDC for domain="+securityDomain);
+ AuthenticationManager am = createAuthenticationManager(securityDomain);
if(cachePolicy == null)
{
cachePolicy = createDefaultCachePolicy();
@@ -323,10 +354,10 @@
SecurityDomainContext securityDomainContext = new SecurityDomainContext(am, cachePolicy);
- securityDomainContext.setAuthorizationManager(createAuthorizationManager(domain));
- securityDomainContext.setAuditMgr(createAuditManager(domain));
- securityDomainContext.setIdentityTrustMgr(createIdentityTrustManager(domain));
- securityDomainContext.setMappingMgr(createMappingManager(domain));
+ securityDomainContext.setAuthorizationManager(createAuthorizationManager(securityDomain));
+ securityDomainContext.setAuditMgr(createAuditManager(securityDomain));
+ securityDomainContext.setIdentityTrustMgr(createIdentityTrustManager(securityDomain));
+ securityDomainContext.setMappingMgr(createMappingManager(securityDomain));
return securityDomainContext;
}
@@ -337,32 +368,36 @@
* @param jsd
* @throws Exception
*/
- public void registerJaasSecurityDomainInstance(String domain, JaasSecurityDomain jsd) throws Exception
+ @ManagementOperation(description = "Register the specified security domain",
+ params = {@ManagementParameter(name = "domain", description = "The security domain being registered")})
+ public void registerJaasSecurityDomainInstance(JaasSecurityDomain domain) throws Exception
{
- SecurityDomainContext sdc = (SecurityDomainContext) securityMgrMap.get(domain);
+ String domainName = domain.getSecurityDomain();
+ SecurityDomainContext sdc = (SecurityDomainContext) securityMgrMap.get(domainName);
if(sdc != null)
{
- sdc.setAuthenticationManager(jsd);
+ sdc.setAuthenticationManager(domain);
}
else
{
- sdc = createSecurityDomainContext(domain);
- sdc.setAuthenticationManager(jsd);
+ sdc = createSecurityDomainContext(domainName);
+ sdc.setAuthenticationManager(domain);
}
- securityMgrMap.put(domain, sdc);
+ securityMgrMap.put(domainName, sdc);
}
/**
* Legacy deregistration of JaasSecurityDomain instance with the JNDI
* Object Factory internal hashmap
- * @param domain
+ * @param securityDomain
* @param jsd
* @throws Exception
*/
- public void deregisterJaasSecurityDomainInstance(String domain,
- JaasSecurityDomain jsd)
+ @ManagementOperation(description = "Deregister the specified security domain",
+ params = {@ManagementParameter(name = "securityDomain", description = "The name of the security domain being deregistered")})
+ public void deregisterJaasSecurityDomainInstance(String securityDomain)
{
- securityMgrMap.remove(domain);
+ securityMgrMap.remove(securityDomain);
}
// Private Methods
Modified: trunk/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java
===================================================================
--- trunk/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java 2008-11-27 23:40:15 UTC (rev 81747)
+++ trunk/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java 2008-11-28 00:22:21 UTC (rev 81748)
@@ -41,6 +41,15 @@
import javax.security.auth.callback.CallbackHandler;
import org.jboss.crypto.CryptoUtil;
+import org.jboss.managed.api.ManagedOperation.Impact;
+import org.jboss.managed.api.annotation.ManagementComponent;
+import org.jboss.managed.api.annotation.ManagementObject;
+import org.jboss.managed.api.annotation.ManagementObjectID;
+import org.jboss.managed.api.annotation.ManagementOperation;
+import org.jboss.managed.api.annotation.ManagementParameter;
+import org.jboss.managed.api.annotation.ManagementProperties;
+import org.jboss.managed.api.annotation.ManagementProperty;
+import org.jboss.managed.api.annotation.ViewUse;
import org.jboss.mx.util.MBeanServerLocator;
import org.jboss.security.ISecurityManagement;
import org.jboss.security.SecurityDomain;
@@ -94,6 +103,7 @@
*
* @version $Revision: 37459 $
*/
+ at ManagementObject(componentType = @ManagementComponent(type = "MCBean", subtype = "Security"), properties = ManagementProperties.EXPLICIT)
public class JaasSecurityDomain extends JaasSecurityManager implements SecurityDomain, JaasSecurityDomainMBean
{
/** The permission required to access encode, encode64 */
@@ -175,54 +185,41 @@
super(securityDomain, handler);
}
- public KeyStore getKeyStore() throws SecurityException
+ @Override
+ @ManagementObjectID(type = "SecurityDomain")
+ @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The security domain name")
+ public String getSecurityDomain()
{
- return keyStore;
+ return super.getSecurityDomain();
}
- public KeyManagerFactory getKeyManagerFactory() throws SecurityException
- {
- return keyMgr;
- }
-
- public KeyStore getTrustStore() throws SecurityException
- {
- return trustStore;
- }
-
- public TrustManagerFactory getTrustManagerFactory() throws SecurityException
- {
- return trustMgr;
- }
-
- /**
- * The JMX object name string of the security manager service.
+ /*
+ * (non-Javadoc)
*
- * @return The JMX object name string of the security manager service.
+ * @see org.jboss.security.plugins.JaasSecurityDomainMBean#getKeyStoreType()
*/
- public ObjectName getManagerServiceName()
- {
- return this.managerServiceName;
- }
-
- /**
- * Set the JMX object name string of the security manager service.
- */
- public void setManagerServiceName(ObjectName managerServiceName)
- {
- this.managerServiceName = managerServiceName;
- }
-
+ @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The keystore implementation type - default is JKS")
public String getKeyStoreType()
{
return this.keyStoreType;
}
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.plugins.JaasSecurityDomainMBean#setKeyStoreType(java.lang.String)
+ */
public void setKeyStoreType(String type)
{
this.keyStoreType = type;
}
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.plugins.JaasSecurityDomainMBean#getKeyStoreURL()
+ */
+ @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The keystore location")
public String getKeyStoreURL()
{
String url = null;
@@ -231,32 +228,55 @@
return url;
}
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.plugins.JaasSecurityDomainMBean#setKeyStoreURL(java.lang.String)
+ */
public void setKeyStoreURL(String storeURL) throws IOException
{
this.keyStoreURL = this.validateStoreURL(storeURL);
log.debug("Using KeyStore=" + keyStoreURL.toExternalForm());
}
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.plugins.JaasSecurityDomainMBean#setKeyStorePass(java.lang.String)
+ */
+ @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The keystore password", mandatory = true)
public void setKeyStorePass(String password) throws Exception
{
this.keyStorePassword = Util.loadPassword(password);
}
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.plugins.JaasSecurityDomainMBean#getTrustStoreType()
+ */
+ @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The truststore implementation type - default is JKS")
public String getTrustStoreType()
{
return this.trustStoreType;
}
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.plugins.JaasSecurityDomainMBean#setTrustStoreType(java.lang.String)
+ */
public void setTrustStoreType(String type)
{
this.trustStoreType = type;
}
- public void setTrustStorePass(String password) throws Exception
- {
- this.trustStorePassword = Util.loadPassword(password);
- }
-
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.plugins.JaasSecurityDomainMBean#getTrustStoreURL()
+ */
+ @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The truststore location")
public String getTrustStoreURL()
{
String url = null;
@@ -265,60 +285,188 @@
return url;
}
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.plugins.JaasSecurityDomainMBean#setTrustStoreURL(java.lang.String)
+ */
public void setTrustStoreURL(String storeURL) throws IOException
{
this.trustStoreURL = validateStoreURL(storeURL);
}
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.plugins.JaasSecurityDomainMBean#setTrustStorePass(java.lang.String)
+ */
+ @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The truststore password")
+ public void setTrustStorePass(String password) throws Exception
+ {
+ this.trustStorePassword = Util.loadPassword(password);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.plugins.JaasSecurityDomainMBean#setSalt(java.lang.String)
+ */
+ @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The salt for password-based encryption (PBE)")
public void setSalt(String salt)
{
this.salt = salt.getBytes();
}
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.plugins.JaasSecurityDomainMBean#setIterationCount(int)
+ */
+ @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The iteration count for password-based encryption (PBE)")
public void setIterationCount(int iterationCount)
{
this.iterationCount = iterationCount;
}
+ /**
+ * <p>
+ * Obtains the cypher algorithm used in then encode and decode operations.
+ * </p>
+ *
+ * @return a {@code String} representing the name of the cipher algorithm.
+ */
+ @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The cipher algorithm used in the encode/decode operations - default is PBEwithMD5andDES")
public String getCipherAlgorithm()
{
return cipherAlgorithm;
}
+ /**
+ * <p>
+ * Sets the cipher algorithm to be used in the encode and decode operations.
+ * </p>
+ *
+ * @param cipherAlgorithm a {@code String} representing the name of the cipher algorithm.
+ */
public void setCipherAlgorithm(String cipherAlgorithm)
{
this.cipherAlgorithm = cipherAlgorithm;
}
- @Override
- public String getName()
+ /**
+ * The JMX object name string of the security manager service.
+ *
+ * @return The JMX object name string of the security manager service.
+ */
+ @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The object name of the security manager service")
+ public ObjectName getManagerServiceName()
{
- return "JaasSecurityDomain(" + getSecurityDomain() + ")";
+ return this.managerServiceName;
}
+ /**
+ * Set the JMX object name string of the security manager service.
+ */
+ public void setManagerServiceName(ObjectName managerServiceName)
+ {
+ this.managerServiceName = managerServiceName;
+ }
+
+ /**
+ * <p>
+ * Obtains a reference to the {@code ISecurityManagement} implementation that registered this domain.
+ * </p>
+ *
+ * @return a reference to the {@code ISecurityManagement} bean.
+ */
+ @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The security manager service bean where this domain is registered")
public ISecurityManagement getSecurityManagement()
{
return securityManagement;
}
+ /**
+ * <p>
+ * Sets the {@code ISecurityManagement} implementation that must be used to register this domain.
+ * </p>
+ *
+ * @param securityManagement a reference to the {@code ISecurityManagement} be to be used.
+ */
public void setSecurityManagement(ISecurityManagement securityManagement)
{
this.securityManagement = securityManagement;
}
- /**
- * Encrypt the secret using the cipherKey.
+ /*
+ * (non-Javadoc)
*
- * @param secret - the plaintext secret to encrypt
- * @return the encrypted secret
- * @throws Exception
+ * @see org.jboss.system.ServiceMBeanSupport#getName()
*/
+ @Override
+ public String getName()
+ {
+ return "JaasSecurityDomain(" + getSecurityDomain() + ")";
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.SecurityDomain#getKeyStore()
+ */
+ @ManagementOperation(description = "Get the KeyStore constructed by this domain", impact = Impact.ReadOnly)
+ public KeyStore getKeyStore() throws SecurityException
+ {
+ return keyStore;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.SecurityDomain#getKeyManagerFactory()
+ */
+ @ManagementOperation(description = "Get the KeyManagerFactory constructed by this domain", impact = Impact.ReadOnly)
+ public KeyManagerFactory getKeyManagerFactory() throws SecurityException
+ {
+ return keyMgr;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.SecurityDomain#getTrustStore()
+ */
+ @ManagementOperation(description = "Get the TrustStore constructed by this domain", impact = Impact.ReadOnly)
+ public KeyStore getTrustStore() throws SecurityException
+ {
+ return trustStore;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.SecurityDomain#getTrustManagerFactory()
+ */
+ @ManagementOperation(description = "Get the TrustManagerFactory constructed by this domain", impact = Impact.ReadOnly)
+ public TrustManagerFactory getTrustManagerFactory() throws SecurityException
+ {
+ return trustMgr;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.plugins.JaasSecurityDomainMBean#encode(byte[])
+ */
+ @ManagementOperation(description = "Encode a secret using the cipher algorithm and the KeyStore password",
+ params = {@ManagementParameter(name = "secret", description = "The secret to be encoded")},
+ impact = Impact.ReadOnly)
public byte[] encode(byte[] secret) throws Exception
{
SecurityManager sm = System.getSecurityManager();
if (sm != null)
{
- System.out.println("Checking: " + encodePermission);
+ if(log.isTraceEnabled())
+ log.trace("Checking: " + encodePermission);
sm.checkPermission(encodePermission);
}
@@ -328,13 +476,14 @@
return encoding;
}
- /**
- * Decrypt the secret using the cipherKey.
+ /*
+ * (non-Javadoc)
*
- * @param secret - the encrypted secret to decrypt.
- * @return the decrypted secret
- * @throws Exception
+ * @see org.jboss.security.plugins.JaasSecurityDomainMBean#decode(byte[])
*/
+ @ManagementOperation(description = "Decode a secret using the cipher algorithm and the KeyStore password",
+ params = {@ManagementParameter(name = "secret", description = "The secret to be encoded")},
+ impact = Impact.ReadOnly)
public byte[] decode(byte[] secret) throws Exception
{
SecurityManager sm = System.getSecurityManager();
@@ -347,13 +496,14 @@
return decode;
}
- /**
- * Encrypt the secret using the cipherKey and return a base64 encoding.
+ /*
+ * (non-Javadoc)
*
- * @param secret - the plaintext secret to encrypt
- * @return the encrypted secret as a base64 string
- * @throws Exception
+ * @see org.jboss.security.plugins.JaasSecurityDomainMBean#encode64(byte[])
*/
+ @ManagementOperation(description = "Encode a secret as a base64 string using the cipher algorithm and the KeyStore password",
+ params = {@ManagementParameter(name = "secret", description = "The secret to be encoded")},
+ impact = Impact.ReadOnly)
public String encode64(byte[] secret) throws Exception
{
byte[] encoding = encode(secret);
@@ -361,13 +511,14 @@
return b64;
}
- /**
- * Decrypt the base64 encoded secret using the cipherKey.
+ /*
+ * (non-Javadoc)
*
- * @param secret - the base64 encoded encrypted secret to decrypt.
- * @return the decrypted secret
- * @throws Exception
+ * @see org.jboss.security.plugins.JaasSecurityDomainMBean#decode64(java.lang.String)
*/
+ @ManagementOperation(description = "Decode a base64 secret using the cipher algorithm and the KeyStore password",
+ params = {@ManagementParameter(name = "secret", description = "The secret to be encoded")},
+ impact = Impact.ReadOnly)
public byte[] decode64(String secret) throws Exception
{
byte[] encoding = CryptoUtil.fromb64(secret);
@@ -375,15 +526,24 @@
return decode;
}
- /**
- * Reload the key- and truststore
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.security.plugins.JaasSecurityDomainMBean#reloadKeyAndTrustStore()
*/
+ @ManagementOperation(description = "Reload the key and trust stores", impact = Impact.WriteOnly)
public void reloadKeyAndTrustStore() throws Exception
{
loadKeyAndTrustStore();
}
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.system.ServiceMBeanSupport#startService()
+ */
@Override
+ @ManagementOperation(description = "Service lifecycle operation", impact = Impact.WriteOnly)
protected void startService() throws Exception
{
// Load the secret key
@@ -408,11 +568,17 @@
if (securityManagement instanceof JNDIBasedSecurityManagement)
{
JNDIBasedSecurityManagement jbs = (JNDIBasedSecurityManagement) securityManagement;
- jbs.registerJaasSecurityDomainInstance(getSecurityDomain(), this);
+ jbs.registerJaasSecurityDomainInstance(this);
}
}
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.system.ServiceMBeanSupport#stopService()
+ */
@Override
+ @ManagementOperation(description = "Service lifecycle operation", impact = Impact.WriteOnly)
protected void stopService()
{
if (keyStorePassword != null)
@@ -421,12 +587,12 @@
keyStorePassword = null;
}
cipherKey = null;
-
+
// Deregister yourself with the security management
if (securityManagement instanceof JNDIBasedSecurityManagement)
{
JNDIBasedSecurityManagement jbs = (JNDIBasedSecurityManagement) securityManagement;
- jbs.deregisterJaasSecurityDomainInstance(getSecurityDomain(), this);
+ jbs.deregisterJaasSecurityDomainInstance(getSecurityDomain());
}
}
Modified: trunk/testsuite/src/main/org/jboss/test/profileservice/test/SecurityManagedObjectsTestCase.java
===================================================================
--- trunk/testsuite/src/main/org/jboss/test/profileservice/test/SecurityManagedObjectsTestCase.java 2008-11-27 23:40:15 UTC (rev 81747)
+++ trunk/testsuite/src/main/org/jboss/test/profileservice/test/SecurityManagedObjectsTestCase.java 2008-11-28 00:22:21 UTC (rev 81748)
@@ -21,16 +21,24 @@
*/
package org.jboss.test.profileservice.test;
+import java.net.URL;
+import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.jboss.deployers.spi.management.ManagementView;
+import org.jboss.deployers.spi.management.deploy.DeploymentManager;
+import org.jboss.deployers.spi.management.deploy.DeploymentProgress;
+import org.jboss.deployers.spi.management.deploy.ProgressEvent;
+import org.jboss.deployers.spi.management.deploy.ProgressListener;
import org.jboss.managed.api.ComponentType;
import org.jboss.managed.api.ManagedComponent;
+import org.jboss.managed.api.ManagedDeployment;
import org.jboss.managed.api.ManagedOperation;
import org.jboss.managed.api.ManagedParameter;
import org.jboss.managed.api.ManagedProperty;
+import org.jboss.managed.api.ManagedDeployment.DeploymentPhase;
/**
* <p>
@@ -43,7 +51,7 @@
*/
public class SecurityManagedObjectsTestCase extends AbstractProfileServiceTest
{
- protected ManagementView activeView;
+ protected ProgressListener listener = new TestProgressListener();
/**
* <p>
@@ -64,12 +72,11 @@
*/
public void testSecurityMCBeans() throws Exception
{
- ManagementView mgtMview = getManagementView();
- mgtMview.reloadProfile();
+ ManagementView managementView = getManagementView();
ComponentType type = new ComponentType("MCBean", "Security");
- Set<ManagedComponent> mcs = mgtMview.getComponentsForType(type);
+ Set<ManagedComponent> mcs = managementView.getComponentsForType(type);
assertTrue("There are MCBean,Security components", mcs.size() > 0);
- getLog().debug("MCBeans: " + mcs);
+ super.getLog().debug("MCBeans: " + mcs);
}
/**
@@ -81,11 +88,11 @@
*/
public void testSecurityConfig() throws Exception
{
- ManagementView view = getManagementView();
+ ManagementView managementView = getManagementView();
ComponentType type = new ComponentType("MCBean", "Security");
- ManagedComponent component = view.getComponent("SecurityConfig", type);
+ ManagedComponent component = managementView.getComponent("SecurityConfig", type);
assertNotNull(component);
-
+
// verify that the component has the expected properties.
Map<String, ManagedProperty> properties = component.getProperties();
assertNotNull(properties);
@@ -93,17 +100,18 @@
assertTrue("Missing expected property: loginConfig", properties.containsKey("loginConfig"));
assertTrue("Missing expected property: mbeanServer", properties.containsKey("mbeanServer"));
assertTrue("Missing expected property: defaultLoginConfig", properties.containsKey("defaultLoginConfig"));
-
+
// verify that the component has the expected operations.
String[] expectedOperations = {"startService", "stopService", "pushLoginConfig", "popLoginConfig"};
Set<ManagedOperation> operations = component.getOperations();
assertEquals("Unexpected number of operations", expectedOperations.length, operations.size());
// copy the names of the operations to a new collection to compare them with the expected names.
Set<String> operationNames = new HashSet<String>();
- for(ManagedOperation operation : operations)
+ for (ManagedOperation operation : operations)
operationNames.add(operation.getName());
- for(String expectedOperation : expectedOperations)
- assertTrue("Expected operation " + expectedOperation + " not found", operationNames.contains(expectedOperation));
+ for (String expectedOperation : expectedOperations)
+ assertTrue("Expected operation " + expectedOperation + " not found", operationNames
+ .contains(expectedOperation));
}
/**
@@ -127,7 +135,7 @@
assertEquals("Unexpected number of properties", 2, properties.size());
assertTrue("Missing expected property: configURL", properties.containsKey("configURL"));
assertTrue("Missing expected property: validateDTD", properties.containsKey("validateDTD"));
-
+
// verify that the component has the expected operations.
String[] expectedOperations = {"loadConfig", "setConfigResource", "displayAppConfig", "addApplicationPolicy",
"removeConfigs", "getApplicationPolicy", "getConfiguration"};
@@ -135,14 +143,62 @@
assertEquals("Unexpected number of operations", expectedOperations.length, operations.size());
// copy the names of the operations to a new collection to compare them with the expected names.
Set<String> operationNames = new HashSet<String>();
- for(ManagedOperation operation : operations)
+ for (ManagedOperation operation : operations)
operationNames.add(operation.getName());
- for(String expectedOperation : expectedOperations)
- assertTrue("Expected operation " + expectedOperation + " not found", operationNames.contains(expectedOperation));
+ for (String expectedOperation : expectedOperations)
+ assertTrue("Expected operation " + expectedOperation + " not found", operationNames
+ .contains(expectedOperation));
}
/**
* <p>
+ * Validates the {@code JBossSecuritySubjectFactory} managed component.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ public void testJBossSecuritySubjectFactory() throws Exception
+ {
+ // get the XMLLoginConfig managed component.
+ ManagementView managementView = super.getManagementView();
+ ComponentType type = new ComponentType("MCBean", "Security");
+ ManagedComponent component = managementView.getComponent("JBossSecuritySubjectFactory", type);
+ assertNotNull(component);
+
+ // verify that the component has the expected properties.
+ Map<String, ManagedProperty> properties = component.getProperties();
+ assertNotNull(properties);
+ assertEquals("Unexpected number of properties", 1, properties.size());
+ assertTrue("Missing expected property: securityManagement", properties.containsKey("securityManagement"));
+
+ // this component should have 2 createSubject operations - one with no args and one with a String arg.
+ boolean foundNoArgOperation = false;
+ boolean foundStringArgOperation = false;
+ Set<ManagedOperation> operations = component.getOperations();
+ assertEquals("Unexpected number of operations", 2, operations.size());
+ for (ManagedOperation operation : operations)
+ {
+ assertEquals("Unexpected operation found", "createSubject", operation.getName());
+ ManagedParameter[] parameters = operation.getParameters();
+ if (parameters.length == 0)
+ {
+ foundNoArgOperation = true;
+ }
+ else
+ {
+ assertEquals("Unexpected number of parameters", 1, parameters.length);
+ ManagedParameter parameter = parameters[0];
+ assertEquals("Invalid parameter name", "securityDomainName", parameter.getName());
+ assertEquals("Invalid parameter type", "java.lang.String", parameter.getMetaType().getTypeName());
+ foundStringArgOperation = true;
+ }
+ }
+ assertTrue(foundNoArgOperation);
+ assertTrue(foundStringArgOperation);
+ }
+
+ /**
+ * <p>
* Validates the {@code JNDIContextEstablishment} managed component.
* </p>
*
@@ -162,62 +218,159 @@
assertEquals("Unexpected number of properties", 2, properties.size());
assertTrue("Missing expected property: baseContext", properties.containsKey("baseContext"));
assertTrue("Missing expected property: factoryName", properties.containsKey("factoryName"));
-
+
// verify that the component has the expected operations.
Set<ManagedOperation> operations = component.getOperations();
assertEquals("Unexpected number of operations", 0, operations.size());
}
-
+
/**
* <p>
- * Validates the {@code JBossSecuritySubjectFactory} managed component.
+ * Validates the {@code JNDIBasedSecurityManagement} managed component.
* </p>
*
* @throws Exception if an error occurs while running the test.
*/
- public void testJBossSecuritySubjectFactory() throws Exception
+ public void testJNDIBasedSecurityManagement() throws Exception
{
// get the XMLLoginConfig managed component.
ManagementView managementView = super.getManagementView();
ComponentType type = new ComponentType("MCBean", "Security");
- ManagedComponent component = managementView.getComponent("JBossSecuritySubjectFactory", type);
+ ManagedComponent component = managementView.getComponent("JNDIBasedSecurityManagement", type);
assertNotNull(component);
- // verify that the component has the expected properties.
+ // verify that the component has the expected managed properties.
Map<String, ManagedProperty> properties = component.getProperties();
assertNotNull(properties);
- assertEquals("Unexpected number of properties", 1, properties.size());
+ assertEquals("Unexpected number of properties", 5, properties.size());
+ assertTrue("Missing expected property: authenticationMgrClass", properties.containsKey("authenticationMgrClass"));
+ assertTrue("Missing expected property: authorizationMgrClass", properties.containsKey("authorizationMgrClass"));
+ assertTrue("Missing expected property: auditMgrClass", properties.containsKey("auditMgrClass"));
+ assertTrue("Missing expected property: identityTrustMgrClass", properties.containsKey("identityTrustMgrClass"));
+ assertTrue("Missing expected property: mappingMgrClass", properties.containsKey("mappingMgrClass"));
+
+ // verify that the component has the expected managed operations.
+ String[] opsWithStringParam = {"getAuthenticationManager", "getAuthorizationManager", "getAuditManager",
+ "getIdentityTrustManager", "getMappingManager", "createSecurityDomainContext",
+ "deregisterJaasSecurityDomainInstance"};
+ String[] opsWithDomainParam = {"registerJaasSecurityDomainInstance"};
+ Map<String, ManagedOperation> operations = new HashMap<String, ManagedOperation>();
+ for (ManagedOperation operation : component.getOperations())
+ operations.put(operation.getName(), operation);
+ assertEquals("Unexpected number of operations", opsWithStringParam.length + opsWithDomainParam.length, operations
+ .size());
+
+ // first check that all operations that receive a security domain String are present.
+ for (String operationName : opsWithStringParam)
+ {
+ ManagedOperation operation = operations.get(operationName);
+ assertNotNull("Missing expected operation: " + operationName, operation);
+ ManagedParameter[] parameters = operation.getParameters();
+ assertEquals("Unexpected number of parameters", 1, parameters.length);
+ assertEquals("Invalid parameter name", "securityDomain", parameters[0].getName());
+ assertEquals("Invalid parameter type", "java.lang.String", parameters[0].getMetaType().getTypeName());
+ }
+
+ // now check that the operations that receive a JaasSecurityDomain are present.
+ for (String operationName : opsWithDomainParam)
+ {
+ ManagedOperation operation = operations.get(operationName);
+ assertNotNull("Missing expected operation: " + operationName, operation);
+ ManagedParameter[] parameters = operation.getParameters();
+ assertEquals("Unexpected number of parameters", 1, parameters.length);
+ assertEquals("Invalid parameter name", "domain", parameters[0].getName());
+ assertEquals("Invalid parameter type", "org.jboss.security.plugins.JaasSecurityDomain", parameters[0]
+ .getMetaType().getTypeName());
+ }
+ }
+
+ /**
+ * <p>
+ * Validates {@code JaasSecurityDomain} managed objects that are created by deploying a
+ * {@code testdomains-jboss-beans.xml} file.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ public void testJaasSecurityDomain() throws Exception
+ {
+ // deploy the XML file that contains the test security domains.
+ String domainsDeployment = "testdomains-jboss-beans.xml";
+ this.deployResource(domainsDeployment, "profileservice/security/" + domainsDeployment);
+
+ // validate the managed deployment.
+ ManagementView managementView = getManagementView();
+ ManagedDeployment deployment = managementView.getDeployment(domainsDeployment, DeploymentPhase.APPLICATION);
+ assertNotNull(deployment);
+ // verify the deployment contains the expected managed components.
+ assertEquals("Unexpected number of components", 2, deployment.getComponents().size());
+ assertNotNull("Missing expected component: TestDomain1", deployment.getComponent("TestDomain1"));
+ assertNotNull("Missing expected component: TestDomain2", deployment.getComponent("TestDomain2"));
+
+ // validate the components created upon deployment.
+ ComponentType type = new ComponentType("MCBean", "Security");
+ ManagedComponent component = managementView.getComponent("TestDomain1", type);
+ assertNotNull(component);
+
+ // verify that the component has the expected managed properties.
+ Map<String, ManagedProperty> properties = component.getProperties();
+ assertNotNull(properties);
+ assertEquals("Unexpected number of properties", 12, properties.size());
+ assertTrue("Missing expected property: securityDomain", properties.containsKey("securityDomain"));
+ // keystore and truststore configuration properties.
+ assertTrue("Missing expected property: keyStoreType", properties.containsKey("keyStoreType"));
+ assertTrue("Missing expected property: keyStoreURL", properties.containsKey("keyStoreURL"));
+ assertTrue("Missing expected property: keyStorePass", properties.containsKey("keyStorePass"));
+ assertTrue("Missing expected property: trustStoreType", properties.containsKey("trustStoreType"));
+ assertTrue("Missing expected property: trustStoreURL", properties.containsKey("trustStoreURL"));
+ assertTrue("Missing expected property: trustStorePass", properties.containsKey("trustStorePass"));
+ // security manager service injection properties.
+ assertTrue("Missing expected property: managerServiceName", properties.containsKey("managerServiceName"));
assertTrue("Missing expected property: securityManagement", properties.containsKey("securityManagement"));
-
- // this component should have 2 createSubject operations - one with no args and one with a String arg.
- boolean foundNoArgOperation = false;
- boolean foundStringArgOperation = false;
- Set<ManagedOperation> operations = component.getOperations();
- assertEquals("Unexpected number of operations", 2, operations.size());
- for(ManagedOperation operation : operations)
+ // cipher algorithm properties.
+ assertTrue("Missing expected property: salt", properties.containsKey("salt"));
+ assertTrue("Missing expected property: iterationCount", properties.containsKey("iterationCount"));
+ assertTrue("Missing expected property: cipherAlgorithm", properties.containsKey("cipherAlgorithm"));
+
+ // verify that the component has the expected managed operations.
+ Map<String, ManagedOperation> operations = new HashMap<String, ManagedOperation>();
+ for (ManagedOperation operation : component.getOperations())
+ operations.put(operation.getName(), operation);
+ String[] noArgsOperations = {"getKeyStore", "getTrustStore", "getKeyManagerFactory", "getTrustManagerFactory",
+ "reloadKeyAndTrustStore"};
+ String[] oneArgOperations = {"encode", "decode", "encode64", "decode64"};
+ assertEquals("Unexpected number of operations", noArgsOperations.length + oneArgOperations.length, operations
+ .size());
+ // first check the methods that don't have any parameter.
+ for(String operationName : noArgsOperations)
{
- assertEquals("Unexpected operation found", "createSubject", operation.getName());
+ ManagedOperation operation = operations.get(operationName);
+ assertNotNull("Unexpected operation name: " + operationName, operation);
ManagedParameter[] parameters = operation.getParameters();
- if(parameters.length == 0)
- {
- foundNoArgOperation = true;
- }
- else
- {
- assertEquals("Unexpected number of parameters", 1, parameters.length);
- ManagedParameter parameter = parameters[0];
- assertEquals("Invalid parameter name", "securityDomainName", parameter.getName());
- assertEquals("Invalid parameter type", "java.lang.String", parameter.getMetaType().getClassName());
- foundStringArgOperation = true;
- }
+ assertEquals("Unexpected number of parameters", 0, parameters.length);
}
- assertTrue(foundNoArgOperation);
- assertTrue(foundStringArgOperation);
+ // now check the methods that contain a 'secret' parameter.
+ for(String operationName : oneArgOperations)
+ {
+ ManagedOperation operation = operations.get(operationName);
+ assertNotNull("Unexpected operation name: " + operationName, operation);
+ ManagedParameter[] parameters = operation.getParameters();
+ assertEquals("Unexpected number of parameters", 1, parameters.length);
+ assertEquals("Invalid parameter name", "secret", parameters[0].getName());
+ }
+
+ // just the check the second security domain is also available - we don't repeat the tests because the
+ // properties and operations must be the same of those verified in the first domain.
+ component = managementView.getComponent("TestDomain2", type);
+ assertNotNull(component);
+
+ // undeploy the test security domains.
+ this.undeployResource(domainsDeployment);
}
-
+
/**
* <p>
- * Validates at the {@code JNDIBasedSecurityRegistration} managed component.
+ * Validates the {@code JNDIBasedSecurityRegistration} managed component.
* </p>
*
* @throws Exception if an error occurs while running the test.
@@ -241,4 +394,77 @@
return "profileservice";
}
+ /**
+ * <p>
+ * Deploy a resource, registering it with the profile service.
+ * </p>
+ *
+ * @param resourceName a {@code String} representing the resource's unique name. This will be the name the resource
+ * will have when it is 'copied' to the server/partition/deploy directory.
+ * @param resourcePath the path to the resource that will be deployed.
+ * @throws Exception if an error occurs while deploying the resource.
+ */
+ private void deployResource(String resourceName, String resourcePath) throws Exception
+ {
+ // create a URL for the resource.
+ String contentURLString = super.getResourceURL(resourcePath);
+ int index = contentURLString.indexOf(":/");
+ URL contentURL = new URL("vfsfile" + contentURLString.substring(index));
+
+ // distribute the resource deployment.
+ DeploymentManager manager = super.getDeploymentManager();
+ DeploymentProgress progress = manager.distribute(resourceName, DeploymentPhase.APPLICATION, contentURL, true);
+ progress.addProgressListener(this.listener);
+ progress.run();
+
+ // start the deployment.
+ String[] uploadedNames = progress.getDeploymentID().getRepositoryNames();
+ progress = manager.start(DeploymentPhase.APPLICATION, uploadedNames);
+ progress.addProgressListener(this.listener);
+ progress.run();
+ }
+
+ /**
+ * <p>
+ * Undeploys the specified resource.
+ * </p>
+ *
+ * @param resourceName the resource's unique name. This must match the {@code resourceName} used when deploying the
+ * resource.
+ * @throws Exception if an error occurs while undeploying the resource.
+ */
+ private void undeployResource(String resourceName) throws Exception
+ {
+ // stop the resource deployment.
+ DeploymentManager manager = super.getDeploymentManager();
+ DeploymentProgress progress = manager.stop(DeploymentPhase.APPLICATION, resourceName);
+ progress.addProgressListener(this.listener);
+ progress.run();
+
+ // undeploy the resource.
+ progress = manager.undeploy(DeploymentPhase.APPLICATION, resourceName);
+ progress.addProgressListener(this.listener);
+ progress.run();
+ }
+
+ /**
+ * <p>
+ * Simple {@code ProgressListener} that logs progress events.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+ private class TestProgressListener implements ProgressListener
+ {
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.deployers.spi.management.deploy.ProgressListener#progressEvent(org.jboss.deployers.spi.management.deploy.ProgressEvent)
+ */
+ public void progressEvent(ProgressEvent eventInfo)
+ {
+ log.trace("Received progress event: " + eventInfo);
+ }
+ }
}
Added: trunk/testsuite/src/resources/profileservice/security/testdomains-jboss-beans.xml
===================================================================
--- trunk/testsuite/src/resources/profileservice/security/testdomains-jboss-beans.xml (rev 0)
+++ trunk/testsuite/src/resources/profileservice/security/testdomains-jboss-beans.xml 2008-11-28 00:22:21 UTC (rev 81748)
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- sample security domain beans used in the profile service tests -->
+<deployment xmlns="urn:jboss:bean-deployer:2.0">
+
+ <annotation>@org.jboss.managed.api.annotation.ManagementDeployment(description="JBoss SecurityDomain Beans")</annotation>
+
+ <bean name="TestDomain1" class="org.jboss.security.plugins.JaasSecurityDomain">
+ <constructor>
+ <parameter>TestDomain1</parameter>
+ </constructor>
+ <property name="keyStorePass">somepass1</property>
+ <property name="salt">abcdefgh</property>
+ <property name="iterationCount">13</property>
+ </bean>
+
+ <bean name="TestDomain2" class="org.jboss.security.plugins.JaasSecurityDomain">
+ <constructor>
+ <parameter>TestDomain2</parameter>
+ </constructor>
+ <property name="keyStorePass">somepass2</property>
+ <property name="salt">abcdefgh</property>
+ <property name="iterationCount">17</property>
+ </bean>
+
+</deployment>
+
More information about the jboss-cvs-commits
mailing list