[jboss-cvs] JBossAS SVN: r79307 - in projects/security/security-jboss-sx/trunk: jbosssx-mc-int/src/test/java/org/jboss/test/security/microcontainer/metadata and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Oct 9 15:58:48 EDT 2008
Author: sguilhen at redhat.com
Date: 2008-10-09 15:58:47 -0400 (Thu, 09 Oct 2008)
New Revision: 79307
Modified:
projects/security/security-jboss-sx/trunk/jbosssx-mc-int/src/test/java/org/jboss/test/security/microcontainer/metadata/BasicApplicationPolicyTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfo.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/BaseAuthenticationInfo.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/JASPIAuthenticationInfo.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/XMLLoginConfigImpl.java
Log:
SECURITY-280: JASPIAuthenticationInfo can now return the modules that have been configured in a login-module-stack when the getAppConfigurationEntry method is called in XMLLoginConfig. Some code was moved from AuthenticationInfo to the superclass BasicAuthenticationInfo. Tests have been added to the BasicApplicationPolicyTestCase to validate the returned entries.
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfo.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfo.java 2008-10-09 17:26:00 UTC (rev 79306)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/AuthenticationInfo.java 2008-10-09 19:58:47 UTC (rev 79307)
@@ -21,10 +21,7 @@
*/
package org.jboss.security.auth.login;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.Arrays;
-import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Map.Entry;
@@ -33,7 +30,6 @@
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
-import org.jboss.security.SecurityConstants;
import org.jboss.security.config.BaseSecurityInfo;
/**
@@ -60,48 +56,14 @@
this.name = name;
}
- /**
- * Get a copy of the application authentication configuration. This requires an
- * AuthPermission("getLoginConfiguration") access.
- */
- public AppConfigurationEntry[] copyAppConfigurationEntry()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(GET_CONFIG_ENTRY_PERM);
- AppConfigurationEntry[] copy = new AppConfigurationEntry[moduleEntries.size()];
- for (int i = 0; i < copy.length; i++)
- {
- AppConfigurationEntry entry = (AppConfigurationEntry) moduleEntries.get(i);
- HashMap<String, Object> options = new HashMap<String, Object>(entry.getOptions());
- if (!disableSecurityDomainInOptions())
- {
- options.put(SecurityConstants.SECURITY_DOMAIN_OPTION, this.getName());
- }
- copy[i] = new AppConfigurationEntry(entry.getLoginModuleName(), entry.getControlFlag(), options);
- }
- return copy;
- }
+
public void addAppConfigurationEntry(AppConfigurationEntry entry)
{
moduleEntries.add(entry);
}
/**
- * Get an application authentication configuration. This requires an AuthPermission("getLoginConfiguration") access.
- */
- public AppConfigurationEntry[] getAppConfigurationEntry()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(GET_CONFIG_ENTRY_PERM);
- AppConfigurationEntry[] entries = new AppConfigurationEntry[moduleEntries.size()];
- moduleEntries.toArray(entries);
- return entries;
- }
-
- /**
* Set an application authentication configuration. This requires an AuthPermission("setLoginConfiguration") access.
*/
public void setAppConfigurationEntry(AppConfigurationEntry[] loginModules)
@@ -150,18 +112,6 @@
return buffer.toString();
}
- private boolean disableSecurityDomainInOptions()
- {
- String sysprop = AccessController.doPrivileged(new PrivilegedAction<String>()
- {
- public String run()
- {
- return System.getProperty(SecurityConstants.DISABLE_SECDOMAIN_OPTION);
- }
- });
- return "true".equalsIgnoreCase(sysprop);
- }
-
@Override
protected BaseSecurityInfo<Object> create(String name)
{
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/BaseAuthenticationInfo.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/BaseAuthenticationInfo.java 2008-10-09 17:26:00 UTC (rev 79306)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/BaseAuthenticationInfo.java 2008-10-09 19:58:47 UTC (rev 79307)
@@ -21,22 +21,31 @@
*/
package org.jboss.security.auth.login;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.util.HashMap;
+import java.util.List;
+
+import javax.security.auth.login.AppConfigurationEntry;
+
+import org.jboss.security.SecurityConstants;
import org.jboss.security.config.BaseSecurityInfo;
-//$Id$
+// $Id$
/**
- * Base for AuthenticationInfo(JAAS) and JASPIAuthenticationInfo(JSR-196)
- * @author <a href="mailto:anil.saldhana at jboss.org>Anil.Saldhana at jboss.org</a>
- * @since Dec 21, 2005
+ * Base for AuthenticationInfo(JAAS) and JASPIAuthenticationInfo(JSR-196)
+ *
+ * @author <a href="mailto:anil.saldhana at jboss.org>Anil.Saldhana at jboss.org</a>
+ * @since Dec 21, 2005
*/
public class BaseAuthenticationInfo extends BaseSecurityInfo<Object>
-{
+{
public BaseAuthenticationInfo()
{
super();
}
-
+
public BaseAuthenticationInfo(String name)
{
super(name);
@@ -44,7 +53,88 @@
@Override
protected BaseSecurityInfo<Object> create(String name)
- {
+ {
return new BaseAuthenticationInfo(name);
- }
+ }
+
+ /**
+ * <p>
+ * Gets the application authentication configuration. Execution of this method requires a
+ * {@code getLoginConfiguration} permission.
+ * </p>
+ *
+ * @return an {@code AppConfigurationEntry} array containing the application's authentication configuration.
+ */
+ public AppConfigurationEntry[] getAppConfigurationEntry()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(GET_CONFIG_ENTRY_PERM);
+ AppConfigurationEntry[] entries = new AppConfigurationEntry[super.moduleEntries.size()];
+ super.moduleEntries.toArray(entries);
+ return entries;
+ }
+
+ /**
+ * <p>
+ * Creates and returns a copy of the application authentication configuration. By default this returns the array
+ * created by the {@code copyAppConfigurationEntry(List)} method using the {@code moduleEntries} as a parameter.
+ * </p>
+ *
+ * @return an {@code AppConfigurationEntry} array containing the copied entries.
+ */
+ public AppConfigurationEntry[] copyAppConfigurationEntry()
+ {
+ return this.copyAppConfigurationEntry(super.moduleEntries);
+ }
+
+ /**
+ * <p>
+ * Creates and returns a copy of the specified list of {@code AppConfigurationEntry} objects, adding the security
+ * domain option when necessary. Execution of this method requires a {@code getLoginConfiguration} permission.
+ *
+ * </p>
+ *
+ * @param entries a {@code List} containing the {@code AppConfigurationEntry} objects to be copied.
+ * @return an {@code AppConfigurationEntry} array containing the copied entries.
+ */
+ protected AppConfigurationEntry[] copyAppConfigurationEntry(List<Object> entries)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(GET_CONFIG_ENTRY_PERM);
+ AppConfigurationEntry[] copy = new AppConfigurationEntry[entries.size()];
+ for (int i = 0; i < copy.length; i++)
+ {
+ AppConfigurationEntry entry = (AppConfigurationEntry) entries.get(i);
+ HashMap<String, Object> options = new HashMap<String, Object>(entry.getOptions());
+ if (!disableSecurityDomainInOptions())
+ {
+ options.put(SecurityConstants.SECURITY_DOMAIN_OPTION, this.getName());
+ }
+ copy[i] = new AppConfigurationEntry(entry.getLoginModuleName(), entry.getControlFlag(), options);
+ }
+ return copy;
+ }
+
+ /**
+ * <p>
+ * Checks whether the {@code jboss.security.disable.secdomain.option} system property has been specified with a value
+ * of {@code true} or not.
+ * </p>
+ *
+ * @return {@code true} if the {@code jboss.security.disable.secdomain.option=true} has been specified; {@code false}
+ * otherwise.
+ */
+ private boolean disableSecurityDomainInOptions()
+ {
+ String sysprop = AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return System.getProperty(SecurityConstants.DISABLE_SECDOMAIN_OPTION);
+ }
+ });
+ return "true".equalsIgnoreCase(sysprop);
+ }
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/JASPIAuthenticationInfo.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/JASPIAuthenticationInfo.java 2008-10-09 17:26:00 UTC (rev 79306)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/JASPIAuthenticationInfo.java 2008-10-09 19:58:47 UTC (rev 79307)
@@ -23,10 +23,13 @@
import java.util.ArrayList;
import java.util.Collections;
-import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
+import javax.security.auth.login.AppConfigurationEntry;
+
import org.jboss.security.auth.container.config.AuthModuleEntry;
import org.jboss.security.config.BaseSecurityInfo;
@@ -40,8 +43,8 @@
*/
public class JASPIAuthenticationInfo extends BaseAuthenticationInfo
{
- Map<String, LoginModuleStackHolder> loginModuleStack = Collections
- .synchronizedMap(new HashMap<String, LoginModuleStackHolder>());
+ List<LoginModuleStackHolder> loginModuleStack = Collections
+ .synchronizedList(new ArrayList<LoginModuleStackHolder>());
/**
* <p>
@@ -67,7 +70,7 @@
public void add(LoginModuleStackHolder lmsHolder)
{
- loginModuleStack.put(lmsHolder.getName(), lmsHolder);
+ this.loginModuleStack.add(lmsHolder);
}
public void add(AuthModuleEntry ame)
@@ -84,30 +87,71 @@
public LoginModuleStackHolder getLoginModuleStackHolder(String name)
{
- LoginModuleStackHolder info = loginModuleStack.get(name);
- return info;
+ for (LoginModuleStackHolder holder : this.loginModuleStack)
+ {
+ if (holder.getName().equals(name))
+ return holder;
+ }
+ return null;
}
public LoginModuleStackHolder[] getLoginModuleStackHolder()
{
- ArrayList<LoginModuleStackHolder> alist = new ArrayList<LoginModuleStackHolder>(this.loginModuleStack.values());
- LoginModuleStackHolder[] lmshArr = new LoginModuleStackHolder[alist.size()];
- alist.toArray(lmshArr);
+ LoginModuleStackHolder[] lmshArr = new LoginModuleStackHolder[this.loginModuleStack.size()];
+ this.loginModuleStack.toArray(lmshArr);
return lmshArr;
}
public LoginModuleStackHolder removeLoginModuleStackHolder(String name)
{
- LoginModuleStackHolder info = loginModuleStack.remove(name);
- return info;
+ for (Iterator<LoginModuleStackHolder> it = this.loginModuleStack.iterator(); it.hasNext();)
+ {
+ LoginModuleStackHolder holder = it.next();
+ if (holder.getName().equals(name))
+ {
+ it.remove();
+ return holder;
+ }
+ }
+ return null;
}
public void copy(JASPIAuthenticationInfo pc)
{
- loginModuleStack.putAll(pc.loginModuleStack);
+ this.loginModuleStack.addAll(pc.loginModuleStack);
moduleEntries.addAll(pc.moduleEntries);
}
+ /**
+ * <p>
+ * Overridden to return the entries that have been configured in the login-config-stack. If more than one
+ * stack has been configured, then the entries corresponding to the first stack will be returned.
+ * </p>
+ */
+ @Override
+ public AppConfigurationEntry[] getAppConfigurationEntry()
+ {
+ if (this.loginModuleStack.size() > 0)
+ return loginModuleStack.get(0).getAppConfigurationEntry();
+ else
+ return new AppConfigurationEntry[0];
+ }
+
+ /**
+ * <p>
+ * Overridden to copy the entries that have been configured in the login-module-stack. If more than one stack
+ * has been configured, then the entries corresponding to the first stack will be copied and returned.
+ * </p>
+ */
+ @Override
+ public AppConfigurationEntry[] copyAppConfigurationEntry()
+ {
+ List<Object> entries = new ArrayList<Object>();
+ for(AppConfigurationEntry entry : this.getAppConfigurationEntry())
+ entries.add(entry);
+ return super.copyAppConfigurationEntry(entries);
+ }
+
/*
* (non-Javadoc)
*
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/XMLLoginConfigImpl.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/XMLLoginConfigImpl.java 2008-10-09 17:26:00 UTC (rev 79306)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/org/jboss/security/auth/login/XMLLoginConfigImpl.java 2008-10-09 19:58:47 UTC (rev 79307)
@@ -128,13 +128,9 @@
AppConfigurationEntry[] entry = null;
ApplicationPolicy aPolicy = this.getApplicationPolicy(appName);
- AuthenticationInfo authInfo = null;
+ BaseAuthenticationInfo authInfo = null;
if (aPolicy != null)
- {
- BaseAuthenticationInfo bai = aPolicy.getAuthenticationInfo();
- if (bai instanceof AuthenticationInfo)
- authInfo = (AuthenticationInfo) bai;
- }
+ authInfo = aPolicy.getAuthenticationInfo();
if (authInfo == null)
{
@@ -158,7 +154,7 @@
if (log.isTraceEnabled())
log.trace("End getAppConfigurationEntry(" + appName + "), authInfo=" + authInfo);
// Make a copy of the authInfo object
- final AuthenticationInfo theAuthInfo = authInfo;
+ final BaseAuthenticationInfo theAuthInfo = authInfo;
PrivilegedAction<AppConfigurationEntry[]> action = new PrivilegedAction<AppConfigurationEntry[]>()
{
public AppConfigurationEntry[] run()
@@ -166,7 +162,7 @@
return theAuthInfo.copyAppConfigurationEntry();
}
};
- entry = (AppConfigurationEntry[]) AccessController.doPrivileged(action);
+ entry = AccessController.doPrivileged(action);
}
else
{
Modified: projects/security/security-jboss-sx/trunk/jbosssx-mc-int/src/test/java/org/jboss/test/security/microcontainer/metadata/BasicApplicationPolicyTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx-mc-int/src/test/java/org/jboss/test/security/microcontainer/metadata/BasicApplicationPolicyTestCase.java 2008-10-09 17:26:00 UTC (rev 79306)
+++ projects/security/security-jboss-sx/trunk/jbosssx-mc-int/src/test/java/org/jboss/test/security/microcontainer/metadata/BasicApplicationPolicyTestCase.java 2008-10-09 19:58:47 UTC (rev 79307)
@@ -21,6 +21,14 @@
*/
package org.jboss.test.security.microcontainer.metadata;
+import java.util.Map;
+
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
+
+import junit.framework.Assert;
+
+import org.jboss.security.SecurityConstants;
import org.jboss.security.auth.login.AuthenticationInfo;
import org.jboss.security.auth.login.JASPIAuthenticationInfo;
import org.jboss.security.auth.login.XMLLoginConfigImpl;
@@ -118,8 +126,8 @@
* <p>
* Tests the deployment of the basic application policies. This method first verifies that the expected beans have
* been created by the {@code ApplicationPolicyMetaDataFactory} and validates the contents of those beans. It then
- * verifies that a corresponding {@code ApplicationPolicy} has been successfuly generated by the beans and registered
- * with the security layer.
+ * verifies that a corresponding {@code ApplicationPolicy} has been successfully generated by the beans and
+ * registered with the security layer.
* </p>
*
* @throws Exception if an error occurs while running the test.
@@ -156,5 +164,76 @@
assertEquals("TestPolicy2", policy2.getName());
PolicyValidator.validateJaspiAuthenticationPolicy("TestPolicy2", (JASPIAuthenticationInfo) policy2
.getAuthenticationInfo());
+
+ // check the contents of the array returned by XMLLoginConfigImpl.getAppConfigurationEntry.
+ this.validateAppConfigurationEntryCreation();
}
+
+ /**
+ * <p>
+ * Tests the contents of the {@code AppConfigurationEntry} array that is returned by {@code XMLLoginConfigImpl}. This
+ * method basically verifies if the entries returned by the {@code getAppConfigurationEntry} method corresponds to the
+ * modules that have been specified in the application policy.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ public void validateAppConfigurationEntryCreation() throws Exception
+ {
+ // validate the contents of the array returned by XMLLoginConfigImpl.getAppConfigurationEntry.
+ AppConfigurationEntry[] entries = XMLLoginConfigImpl.getInstance().getAppConfigurationEntry("TestPolicy1");
+ assertNotNull("Invalid null AppConfigurationEntry array found", entries);
+ assertEquals("Invalind number of configuration entries", 2, entries.length);
+
+ Assert.assertEquals("org.jboss.security.auth.AuthModule1", entries[0].getLoginModuleName());
+ Assert.assertEquals(LoginModuleControlFlag.REQUIRED, entries[0].getControlFlag());
+ Map<String, ?> options = entries[0].getOptions();
+ Assert.assertNotNull("Unexpected null options map", options);
+ Assert.assertTrue("Option authOption1 was not found", options.containsKey("authOption1"));
+ Assert.assertEquals("value1", options.get("authOption1"));
+ Assert.assertTrue("Option authOption2 was not found", options.containsKey("authOption2"));
+ Assert.assertEquals("value2", options.get("authOption2"));
+ // the options map should contain the SecurityConstants.SECURITY_DOMAIN_OPTION.
+ assertTrue("Option jboss.security.security_domain was not found", options
+ .containsKey(SecurityConstants.SECURITY_DOMAIN_OPTION));
+ assertEquals("TestPolicy1", options.get(SecurityConstants.SECURITY_DOMAIN_OPTION));
+
+ Assert.assertEquals("org.jboss.security.auth.AuthModule2", entries[1].getLoginModuleName());
+ Assert.assertEquals(LoginModuleControlFlag.OPTIONAL, entries[1].getControlFlag());
+ options = entries[1].getOptions();
+ Assert.assertNotNull("Unexpected null options map", options);
+ Assert.assertTrue("Option authOption3 was not found", options.containsKey("authOption3"));
+ Assert.assertEquals("value3", options.get("authOption3"));
+ Assert.assertTrue("Option authOption4 was not found", options.containsKey("authOption4"));
+ Assert.assertEquals("value4", options.get("authOption4"));
+ assertTrue("Option jboss.security.security_domain was not found", options
+ .containsKey(SecurityConstants.SECURITY_DOMAIN_OPTION));
+ assertEquals("TestPolicy1", options.get(SecurityConstants.SECURITY_DOMAIN_OPTION));
+
+ // now check the contents of TestPolicy2 policy.
+ entries = XMLLoginConfigImpl.getInstance().getAppConfigurationEntry("TestPolicy2");
+ assertNotNull("Invalid null AppConfigurationEntry array found", entries);
+ assertEquals("Invalind number of configuration entries", 2, entries.length);
+
+ // getAppConfigurationEntry should return the modules of the first configured stack.
+ assertEquals("org.jboss.security.auth.AuthModule3", entries[0].getLoginModuleName());
+ assertEquals(LoginModuleControlFlag.REQUIRED, entries[0].getControlFlag());
+ options = entries[0].getOptions();
+ assertNotNull("Unexpected null options map", options);
+ assertEquals(2, options.size());
+ assertTrue("Option authOption5 was not found", options.containsKey("authOption5"));
+ assertEquals("value5", options.get("authOption5"));
+ assertTrue("Option jboss.security.security_domain was not found", options
+ .containsKey(SecurityConstants.SECURITY_DOMAIN_OPTION));
+ assertEquals("TestPolicy2", options.get(SecurityConstants.SECURITY_DOMAIN_OPTION));
+
+ Assert.assertEquals("org.jboss.security.auth.AuthModule4", entries[1].getLoginModuleName());
+ Assert.assertEquals(LoginModuleControlFlag.OPTIONAL, entries[1].getControlFlag());
+ options = entries[1].getOptions();
+ Assert.assertNotNull("Unexpected null options map", options);
+ Assert.assertEquals(1, options.size());
+ Assert.assertTrue("Option jboss.security.security_domain was not found", options
+ .containsKey(SecurityConstants.SECURITY_DOMAIN_OPTION));
+ Assert.assertEquals("TestPolicy2", options.get(SecurityConstants.SECURITY_DOMAIN_OPTION));
+ }
}
More information about the jboss-cvs-commits
mailing list