[jboss-cvs] JBossAS SVN: r79683 - in projects/security/security-jboss-sx/trunk/jbosssx/src: main/java/org/jboss/security/auth/container/modules and 7 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Oct 17 20:54:23 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-10-17 20:54:23 -0400 (Fri, 17 Oct 2008)
New Revision: 79683
Added:
projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllFailureServerAuthModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllSuccessServerAuthModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/AuthContextUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/test/resources/config/jaspi-config-options.xml
Modified:
projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/config/AuthModuleEntry.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/login/LoginConfigObjectModelFactory.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthConfig.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthContext.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java
projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/config/PolicyConfig.java
projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIConfigUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java
projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/TestLoginModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/TestServerAuthModule.java
projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java
Log:
SECURITY-286: JASPI modules comply with JAAS Control Flag behavior
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/config/AuthModuleEntry.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/config/AuthModuleEntry.java 2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/config/AuthModuleEntry.java 2008-10-18 00:54:23 UTC (rev 79683)
@@ -25,9 +25,8 @@
import java.util.HashMap;
import java.util.Map;
-import javax.security.auth.login.AppConfigurationEntry;
-
import org.jboss.security.auth.login.LoginModuleStackHolder;
+import org.jboss.security.config.ControlFlag;
import org.jboss.security.config.ModuleOption;
//$Id$
@@ -40,8 +39,7 @@
*/
public class AuthModuleEntry
{
- private AppConfigurationEntry.LoginModuleControlFlag controlFlag =
- AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
+ private ControlFlag controlFlag = ControlFlag.REQUIRED;
private Map<String,Object> options = new HashMap<String,Object>();
private String name = null;
private LoginModuleStackHolder loginModuleStackHolder = null;
@@ -131,12 +129,12 @@
this.loginModuleStackHolderName = loginModuleStackHolderName;
}
- public AppConfigurationEntry.LoginModuleControlFlag getControlFlag()
+ public ControlFlag getControlFlag()
{
return controlFlag;
}
- public void setControlFlag(AppConfigurationEntry.LoginModuleControlFlag flag)
+ public void setControlFlag(ControlFlag flag)
{
this.controlFlag = flag;
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java 2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java 2008-10-18 00:54:23 UTC (rev 79683)
@@ -69,8 +69,7 @@
/**
* @see ServerAuthModule#initialize(MessagePolicy, MessagePolicy, CallbackHandler, Map, boolean)
- */
- @SuppressWarnings("unchecked")
+ */
public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
CallbackHandler handler, Map options )
throws AuthException
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllFailureServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllFailureServerAuthModule.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllFailureServerAuthModule.java 2008-10-18 00:54:23 UTC (rev 79683)
@@ -0,0 +1,58 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.container.modules;
+
+import javax.security.auth.Subject;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.module.ServerAuthModule;
+
+/**
+ * Server Auth Module that sends a AuthStatus.FAILURE
+ * @author Anil.Saldhana at redhat.com
+ */
+public class AllFailureServerAuthModule extends AbstractServerAuthModule
+{
+
+ @Override
+ protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException
+ {
+ return false;
+ }
+
+ public AuthStatus secureResponse(MessageInfo arg0, Subject arg1) throws AuthException
+ {
+ return AuthStatus.FAILURE;
+ }
+
+ /**
+ * @see ServerAuthModule#getSupportedMessageTypes()
+ */
+ @SuppressWarnings("unchecked")
+ @Override
+ public Class[] getSupportedMessageTypes()
+ {
+ this.supportedTypes.add(Object.class);
+ return super.getSupportedMessageTypes();
+ }
+}
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllSuccessServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllSuccessServerAuthModule.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllSuccessServerAuthModule.java 2008-10-18 00:54:23 UTC (rev 79683)
@@ -0,0 +1,53 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.container.modules;
+
+import javax.security.auth.Subject;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+
+/**
+ * ServerAuthModule that returns AuthStatus.SUCCESS
+ * @author Anil.Saldhana at redhat.com
+ */
+public class AllSuccessServerAuthModule extends AbstractServerAuthModule
+{
+ @SuppressWarnings("unchecked")
+ @Override
+ public Class[] getSupportedMessageTypes()
+ {
+ this.supportedTypes.add(Object.class);
+ return super.getSupportedMessageTypes();
+ }
+
+ @Override
+ protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException
+ {
+ return true;
+ }
+
+ public AuthStatus secureResponse(MessageInfo arg0, Subject arg1) throws AuthException
+ {
+ return AuthStatus.SUCCESS;
+ }
+}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/login/LoginConfigObjectModelFactory.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/login/LoginConfigObjectModelFactory.java 2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/login/LoginConfigObjectModelFactory.java 2008-10-18 00:54:23 UTC (rev 79683)
@@ -21,11 +21,15 @@
*/
package org.jboss.security.auth.login;
+import java.util.HashMap;
+import java.util.Map;
+
import javax.security.auth.login.AppConfigurationEntry;
import org.jboss.logging.Logger;
import org.jboss.security.auth.container.config.AuthModuleEntry;
import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.ControlFlag;
import org.jboss.security.config.ModuleOption;
import org.jboss.security.config.PolicyConfig;
import org.jboss.util.StringPropertyReplacer;
@@ -45,7 +49,18 @@
private static Logger log = Logger.getLogger(LoginConfigObjectModelFactory.class);
private boolean trace;
+
+ protected final Map<String, ControlFlag> controlFlags;
+ public LoginConfigObjectModelFactory()
+ {
+ this.controlFlags = new HashMap<String, ControlFlag>();
+ controlFlags.put("REQUIRED", ControlFlag.REQUIRED);
+ controlFlags.put("REQUISITE", ControlFlag.REQUISITE);
+ controlFlags.put("OPTIONAL", ControlFlag.OPTIONAL);
+ controlFlags.put("SUFFICIENT", ControlFlag.SUFFICIENT);
+ }
+
public Object completeRoot(Object root, UnmarshallingContext ctx, String uri, String name)
{
if (trace)
@@ -170,10 +185,15 @@
else if ("auth-module".equals(localName))
{
String code = attrs.getValue("code");
- child = new AuthModuleEntry(code, null, null);
+ AuthModuleEntry authModuleEntry = new AuthModuleEntry(code, null, null);
+
+ String flag = attrs.getValue("flag");
+ authModuleEntry.setControlFlag(getControlFlag(flag));
+
String lmsRef = attrs.getValue("login-module-stack-ref");
if (lmsRef != null)
- ((AuthModuleEntry) child).setLoginModuleStackHolder(info.getLoginModuleStackHolder(lmsRef));
+ authModuleEntry.setLoginModuleStackHolder(info.getLoginModuleStackHolder(lmsRef));
+ child = authModuleEntry;
}
return child;
@@ -322,5 +342,20 @@
if (trace)
log.trace("Added ApplicationPolicy to PolicyConfig, name: " + aPolicy.getName());
}
+
+ public ControlFlag getControlFlag(String flag)
+ {
+ ControlFlag controlFlag = null;
+
+ if(flag != null)
+ {
+ flag = StringPropertyReplacer.replaceProperties(flag.trim());
+ controlFlag = this.controlFlags.get(flag.toUpperCase());
+ }
+ if (controlFlag == null)
+ controlFlag = ControlFlag.REQUIRED;
+
+ return controlFlag;
+ }
}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthConfig.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthConfig.java 2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthConfig.java 2008-10-18 00:54:23 UTC (rev 79683)
@@ -45,6 +45,7 @@
import org.jboss.security.auth.login.BaseAuthenticationInfo;
import org.jboss.security.auth.login.JASPIAuthenticationInfo;
import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.ControlFlag;
import org.jboss.security.config.SecurityConfiguration;
//$Id$
@@ -91,6 +92,8 @@
Subject serviceSubject, Map properties)
throws AuthException
{
+ List<ControlFlag> controlFlags = new ArrayList<ControlFlag>();
+
Map<String,Map> mapOptionsByName = new HashMap<String,Map>();
SecurityContext securityContext = SecurityActions.getSecurityContext();
if(securityContext == null)
@@ -131,7 +134,7 @@
try
{
mapOptionsByName.put(ame.getAuthModuleName(), ame.getOptions());
-
+ controlFlags.add(ame.getControlFlag());
modules.add(this.createSAM(ame.getAuthModuleName(),
ame.getLoginModuleStackHolderName()));
}
@@ -145,6 +148,7 @@
try
{
mapOptionsByName.put(ame.getAuthModuleName(), ame.getOptions());
+ controlFlags.add(ame.getControlFlag());
modules.add(this.createSAM(ame.getAuthModuleName()));
}
catch (Exception e)
@@ -155,7 +159,9 @@
}
}
- return new JBossServerAuthContext(modules, mapOptionsByName, this.callbackHandler);
+ JBossServerAuthContext serverAuthContext = new JBossServerAuthContext(modules, mapOptionsByName, this.callbackHandler);
+ serverAuthContext.setControlFlags(controlFlags);
+ return serverAuthContext;
}
/**
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthContext.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthContext.java 2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthContext.java 2008-10-18 00:54:23 UTC (rev 79683)
@@ -36,6 +36,9 @@
import javax.security.auth.message.config.ServerAuthContext;
import javax.security.auth.message.module.ServerAuthModule;
+import org.jboss.logging.Logger;
+import org.jboss.security.config.ControlFlag;
+
//$Id$
/**
@@ -46,11 +49,20 @@
*/
public class JBossServerAuthContext implements ServerAuthContext
{
+ protected static Logger log = Logger.getLogger(JBossServerAuthContext.class);
+
+ protected boolean trace = log.isTraceEnabled();
+
private List<ServerAuthModule> modules = new ArrayList<ServerAuthModule>();
@SuppressWarnings("unchecked")
private Map<String,Map> moduleOptionsByName = new HashMap<String,Map>();
+ /**
+ * Control Flags for the individual modules
+ */
+ protected List<ControlFlag> controlFlags = new ArrayList<ControlFlag>();
+
@SuppressWarnings("unchecked")
public JBossServerAuthContext(List<ServerAuthModule> modules,
Map<String,Map> moduleNameToOptions, CallbackHandler cbh) throws AuthException
@@ -64,7 +76,12 @@
}
}
+ public void setControlFlags(List<ControlFlag> controlFlags)
+ {
+ this.controlFlags = controlFlags;
+ }
+
/**
* @see ServerAuth#cleanSubject(Subject, Map)
*/
@@ -102,7 +119,7 @@
Class[] requestInterfaces = requestType.getInterfaces();
List<Class> intfaee = Arrays.asList(requestInterfaces);
- AuthStatus status = null;
+
for(ServerAuthModule sam:modules)
{
List<Class> supportedTypes = Arrays.asList(sam.getSupportedMessageTypes());
@@ -122,12 +139,93 @@
if(supportingModules.size() == 0)
throw new RuntimeException("No ServerAuthModule configured to support type:"+requestType);
- for(ServerAuthModule sam:supportingModules)
+ AuthStatus authStatus = invokeModules(messageInfo, clientSubject, serviceSubject);
+ return authStatus;
+
+ /*for(ServerAuthModule sam:supportingModules)
{
status = sam.validateRequest(messageInfo, clientSubject, serviceSubject);
if(status == AuthStatus.FAILURE)
break;
}
- return status;
+ return status;*/
}
+
+ private AuthStatus invokeModules(MessageInfo messageInfo,
+ Subject clientSubject, Subject serviceSubject)
+ throws AuthException
+ {
+ //Control Flag behavior
+ boolean encounteredRequiredError = false;
+ boolean encounteredOptionalError = false;
+ AuthException moduleException = null;
+ AuthStatus overallDecision = AuthStatus.FAILURE;
+
+ int length = modules.size();
+ for(int i = 0; i < length; i++)
+ {
+ ServerAuthModule module = (ServerAuthModule)modules.get(i);
+ ControlFlag flag = (ControlFlag)this.controlFlags.get(i);
+ AuthStatus decision = AuthStatus.FAILURE;
+ try
+ {
+ decision = module.validateRequest(messageInfo, clientSubject, serviceSubject);
+ }
+ catch(Exception ae)
+ {
+ decision = AuthStatus.FAILURE;
+ if(moduleException == null)
+ moduleException = new AuthException(ae.getMessage());
+ }
+
+ if(decision == AuthStatus.SUCCESS)
+ {
+ overallDecision = AuthStatus.SUCCESS;
+ //SUFFICIENT case
+ if(flag == ControlFlag.SUFFICIENT && encounteredRequiredError == false)
+ return AuthStatus.SUCCESS;
+ continue; //Continue with the other modules
+ }
+ //Go through the failure cases
+ //REQUISITE case
+ if(flag == ControlFlag.REQUISITE)
+ {
+ if(trace)
+ log.trace("REQUISITE failed for " + module);
+ if(moduleException == null)
+ moduleException = new AuthException("Auth failed");
+ else
+ throw moduleException;
+ }
+ //REQUIRED Case
+ if(flag == ControlFlag.REQUIRED)
+ {
+ if(trace)
+ log.trace("REQUIRED failed for " + module);
+ if(encounteredRequiredError == false)
+ encounteredRequiredError = true;
+ }
+ if(flag == ControlFlag.OPTIONAL)
+ encounteredOptionalError = true;
+ }
+
+ //All the authorization modules have been visited.
+ String msg = getAdditionalErrorMessage(moduleException);
+ if(encounteredRequiredError)
+ throw new AuthException("Auth Failed:"+ msg);
+ if(overallDecision == AuthStatus.FAILURE && encounteredOptionalError)
+ throw new AuthException("Auth Failed:" + msg);
+ if(overallDecision == AuthStatus.FAILURE)
+ throw new AuthException("Auth Failed:Denied.");
+ return AuthStatus.SUCCESS;
+ }
+
+
+ private String getAdditionalErrorMessage(Exception e)
+ {
+ StringBuilder msg = new StringBuilder(" ");
+ if(e != null)
+ msg.append(e.getLocalizedMessage());
+ return msg.toString();
+ }
}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java 2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java 2008-10-18 00:54:23 UTC (rev 79683)
@@ -59,9 +59,7 @@
private static Logger log = Logger.getLogger(SecurityConfigObjectModelFactory.class);
private final boolean trace = log.isTraceEnabled();
-
- private final Map<String, ControlFlag> controlFlags;
-
+
/**
* <p>
* Creates an instance of {@code SecurityConfigObjectModelFactory}.
@@ -69,11 +67,6 @@
*/
public SecurityConfigObjectModelFactory()
{
- this.controlFlags = new HashMap<String, ControlFlag>();
- controlFlags.put("REQUIRED", ControlFlag.REQUIRED);
- controlFlags.put("REQUISITE", ControlFlag.REQUISITE);
- controlFlags.put("OPTIONAL", ControlFlag.OPTIONAL);
- controlFlags.put("SUFFICIENT", ControlFlag.SUFFICIENT);
}
@Override
@@ -483,5 +476,4 @@
{
auditInfo.add(entry);
}
-
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/config/PolicyConfig.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/config/PolicyConfig.java 2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/config/PolicyConfig.java 2008-10-18 00:54:23 UTC (rev 79683)
@@ -21,6 +21,7 @@
*/
package org.jboss.security.config;
+import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
@@ -75,4 +76,9 @@
{
config.putAll(pc.config);
}
+
+ public Collection<ApplicationPolicy> getPolicies()
+ {
+ return Collections.unmodifiableCollection(this.config.values());
+ }
}
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/AuthContextUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/AuthContextUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/AuthContextUnitTestCase.java 2008-10-18 00:54:23 UTC (rev 79683)
@@ -0,0 +1,231 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authentication.jaspi;
+
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.URL;
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.auth.message.GenericMessageInfo;
+import org.jboss.security.auth.spi.UsersObjectModelFactory;
+import org.jboss.security.authorization.config.SecurityConfigObjectModelFactory;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.PolicyConfig;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.plugins.JBossSecurityContext;
+import org.jboss.security.plugins.auth.JASPIServerAuthenticationManager;
+import org.jboss.test.JBossTestCase;
+import org.jboss.test.JBossTestSetup;
+import org.jboss.xb.binding.Unmarshaller;
+import org.jboss.xb.binding.UnmarshallerFactory;
+
+
+/**
+ * Test the JASPI options (required, requisite, sufficient, optional) behavior
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 16, 2007
+ * @version $Revision$
+ */
+public class AuthContextUnitTestCase extends JBossTestCase
+{
+ private static PolicyConfig policyConfig = null;
+
+ public AuthContextUnitTestCase(String name)
+ {
+ super(name);
+ }
+
+
+ public static Test suite() throws Exception
+ {
+ TestSuite suite = new TestSuite();
+ suite.addTest(new TestSuite(AuthContextUnitTestCase.class));
+ // Create an initializer for the test suite
+ TestSetup wrapper = new JBossTestSetup(suite)
+ {
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ URL url = tcl.getResource("config/jaspi-config-options.xml");
+ if(url == null)
+ throw new IllegalStateException("config url is null");
+ loadXMLConfig(url);
+
+ for(ApplicationPolicy policy : policyConfig.getPolicies())
+ SecurityConfiguration.addApplicationPolicy(policy);
+ }
+ protected void tearDown() throws Exception
+ {
+ super.tearDown();
+ }
+ };
+ return wrapper;
+ }
+
+
+ /**
+ * Test the AuthorizationModule required behavior
+ */
+ public void testRequiredOptionBehavior() throws Exception
+ {
+ assertNotNull("PolicyConfig != null", policyConfig);
+ boolean result = getResult("required-permit-policy");
+ assertTrue("PERMIT?", true == result);
+ result = getResult("required-deny-policy");
+ assertTrue("DENY?", false == result);
+ }
+
+ /**
+ * Test the AuthorizationModule requisite behavior
+ */
+ public void testRequisiteOptionBehavior() throws Exception
+ {
+ assertNotNull("PolicyConfig != null", policyConfig);
+ boolean result = getResult("requisite-permit-policy");
+ assertTrue("PERMIT?", true == result);
+ result = getResult("requisite-deny-policy");
+ assertTrue("DENY?", false == result);
+ }
+
+
+ /**
+ * Test the AuthorizationModule sufficient behavior
+ */
+ public void testSufficientOptionBehavior() throws Exception
+ {
+ assertNotNull("PolicyConfig != null", policyConfig);
+ boolean result = getResult("sufficient-permit-policy");
+ assertTrue("PERMIT?", true == result);
+ result = getResult("sufficient-deny-policy");
+ assertTrue("DENY?", false == result);
+ }
+
+
+ /**
+ * Test the AuthorizationModule optional behavior
+ */
+ public void testOptionalOptionBehavior() throws Exception
+ {
+ assertNotNull("PolicyConfig != null", policyConfig);
+ boolean result = getResult("optional-permit-policy");
+ assertTrue("PERMIT?", true == result);
+ result = getResult("optional-deny-policy");
+ assertTrue("DENY?", false == result);
+ }
+
+ /**
+ * Test the AuthorizationModules combination behavior
+ */
+ public void testCombinationBehavior() throws Exception
+ {
+ assertNotNull("PolicyConfig != null", policyConfig);
+ boolean result = getResult("required-deny-sufficient-permit-policy");
+ assertTrue("DENY?", false == result);
+ result = getResult("required-permit-sufficient-deny-policy");
+ assertTrue("PERMIT?", true == result);
+ result = getResult("required-permit-required-deny-policy");
+ assertTrue("DENY?", false == result);
+ result = getResult("required-permit-required-permit-policy");
+ assertTrue("PERMIT?", true == result);
+ result = getResult("required-permit-required-permit-sufficient-deny-policy");
+ assertTrue("PERMIT?", true == result);
+ result = getResult("required-permit-required-permit-requisite-deny-policy");
+ assertTrue("PERMIT?", true == result);
+ result = getResult("required-permit-required-permit-optional-deny-policy");
+ assertTrue("PERMIT?", true == result);
+ result = getResult("required-permit-required-deny-requisite-permit-policy");
+ assertTrue("DENY?", false == result);
+ result = getResult("requisite-permit-requisite-permit-sufficient-deny-policy");
+ assertTrue("PERMIT?", true == result);
+
+ result = getResult("sufficient-permit-required-deny-policy");
+ assertTrue("PERMIT?", true == result);
+ result = getResult("sufficient-permit-sufficient-deny-policy");
+ assertTrue("PERMIT?", true == result);
+ result = getResult("optional-deny-sufficient-permit-required-deny-policy");
+ assertTrue("PERMIT?", true == result);
+
+ result = getResult("sufficient-deny-optional-deny-policy");
+ assertTrue("DENY?", false == result);
+ }
+
+ private boolean getResult(String policyName) throws Exception
+ {
+ SecurityContext securityContext = new JBossSecurityContext(policyName);
+ SecurityContextAssociation.setSecurityContext(securityContext);
+
+ CallbackHandler handler = new TestCallbackHandler();
+ JASPIServerAuthenticationManager aContext = new JASPIServerAuthenticationManager(policyName,
+ handler);
+ GenericMessageInfo requestMessage = new GenericMessageInfo(new Object(), new Object());
+ return aContext.isValid(requestMessage, new Subject(), "HttpServlet",
+ handler);
+ }
+
+ /**
+ * Use JBossXB to parse the security config file
+ * @param loginConfigURL
+ * @throws Exception
+ */
+ private static void loadXMLConfig(URL loginConfigURL)
+ throws Exception
+ {
+ if(loginConfigURL == null)
+ throw new IllegalArgumentException("loginConfigURL is null");
+ SecurityConfigObjectModelFactory lcomf = new SecurityConfigObjectModelFactory();
+ UsersObjectModelFactory uomf = new UsersObjectModelFactory();
+
+ InputStreamReader xmlReader = new InputStreamReader(loginConfigURL.openStream());
+ Unmarshaller unmarshaller = UnmarshallerFactory.newInstance().newUnmarshaller();
+ unmarshaller.mapFactoryToNamespace(uomf, "http://www.jboss.org/j2ee/schemas/XMLLoginModule");
+ policyConfig = (PolicyConfig) unmarshaller.unmarshal(xmlReader, lcomf, (Object)null);
+ }
+
+ /**
+ * Dummy CallbackHandler
+ */
+ private static class TestCallbackHandler implements CallbackHandler
+ {
+ public void setSecurityInfo(Principal p, Object cred)
+ {}
+
+ public void handle(Callback[] arg0)
+ throws IOException, UnsupportedCallbackException
+ {
+ }
+ }
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIConfigUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIConfigUnitTestCase.java 2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIConfigUnitTestCase.java 2008-10-18 00:54:23 UTC (rev 79683)
@@ -21,9 +21,13 @@
*/
package org.jboss.test.authentication.jaspi;
+import java.net.URL;
import java.util.HashMap;
import javax.security.auth.Subject;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.config.AuthConfigFactory;
import javax.security.auth.message.config.AuthConfigProvider;
@@ -34,11 +38,14 @@
import junit.framework.TestCase;
+import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.auth.callback.AppCallbackHandler;
+import org.jboss.security.auth.login.XMLLoginConfigImpl;
import org.jboss.security.auth.message.GenericMessageInfo;
+import org.jboss.security.plugins.JBossSecurityContext;
+import org.jboss.test.SecurityActions;
import org.jboss.test.authentication.jaspi.helpers.TestAuthConfigProvider;
-//$Id$
/**
* Unit Tests for the JASPI Configuration
@@ -58,6 +65,7 @@
"Test Config Provider");
}
+ @SuppressWarnings("unchecked")
public void testServerFactoryConfig() throws Exception
{
assertNotNull("AuthConfigFactory is ! null", factory);
@@ -76,6 +84,7 @@
assertNotNull("ServerAuthContext != null",sctx);
}
+ @SuppressWarnings("unchecked")
public void testClientFactoryConfig() throws Exception
{
assertNotNull("AuthConfigFactory is ! null", factory);
@@ -93,5 +102,47 @@
new Subject(), new HashMap());
assertNotNull("ClientAuthContext != null",sctx);
}
+
+ public void testLoginConfigStackHolder() throws Exception
+ {
+ String securityDomain = "conf-jaspi";
+ JBossSecurityContext jsc = new JBossSecurityContext(securityDomain);
+ SecurityContextAssociation.setSecurityContext(jsc);
+
+ String configFile = "config/jaspi-config.xml";
+ loadConfig(configFile);
+
+ //Lets validate the configuration
+ Configuration config = Configuration.getConfiguration();
+ AppConfigurationEntry[] appConfigEntries = config.getAppConfigurationEntry(securityDomain);
+ assertTrue(appConfigEntries.length > 0);
+ for(AppConfigurationEntry appConfigEntry: appConfigEntries)
+ {
+ assertEquals("org.jboss.test.authentication.jaspi.TestLoginModule",
+ appConfigEntry.getLoginModuleName());
+ assertEquals(LoginModuleControlFlag.OPTIONAL, appConfigEntry.getControlFlag());
+ }
+
+ appConfigEntries = config.getAppConfigurationEntry("lm-stack");
+ assertTrue(appConfigEntries.length > 0);
+ for(AppConfigurationEntry appConfigEntry: appConfigEntries)
+ {
+ assertEquals("org.jboss.test.authentication.jaspi.TestLoginModule",
+ appConfigEntry.getLoginModuleName());
+ assertEquals(LoginModuleControlFlag.OPTIONAL, appConfigEntry.getControlFlag());
+ }
+ }
+
+ private void loadConfig(String configFile)
+ {
+ XMLLoginConfigImpl xli = XMLLoginConfigImpl.getInstance();
+ SecurityActions.setJAASConfiguration(xli);
+
+ URL configURL = Thread.currentThread().getContextClassLoader().getResource(configFile);
+ assertNotNull("Config URL", configURL);
+
+ xli.setConfigURL(configURL);
+ xli.loadConfig();
+ }
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java 2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java 2008-10-18 00:54:23 UTC (rev 79683)
@@ -25,6 +25,10 @@
import java.util.HashMap;
import javax.security.auth.Subject;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
+import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.config.AuthConfigFactory;
@@ -35,6 +39,7 @@
import junit.framework.TestCase;
import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.auth.callback.AppCallbackHandler;
import org.jboss.security.auth.login.XMLLoginConfigImpl;
@@ -43,7 +48,6 @@
import org.jboss.security.plugins.JBossSecurityContext;
import org.jboss.test.SecurityActions;
-// $Id$
/**
* Test the Server side workflow for JASPI
@@ -62,13 +66,14 @@
String configFile = "config/jaspi-config.xml";
+ @SuppressWarnings("unchecked")
@Override
protected void setUp() throws Exception
{
factory = AuthConfigFactory.getFactory();
factory.registerConfigProvider(new JBossAuthConfigProvider(new HashMap()), layer, appId, "Test Config Provider");
- JBossSecurityContext jsc = new JBossSecurityContext("conf-jaspi");
+ SecurityContext jsc = new JBossSecurityContext("conf-jaspi");
SecurityContextAssociation.setSecurityContext(jsc);
XMLLoginConfigImpl xli = XMLLoginConfigImpl.getInstance();
@@ -81,6 +86,7 @@
xli.loadConfig();
}
+ @SuppressWarnings("unchecked")
public void testSuccessfulJASPI() throws Exception
{
AuthConfigProvider provider = factory.getConfigProvider(layer, appId, null);
@@ -99,6 +105,7 @@
assertEquals(AuthStatus.SUCCESS, status);
}
+ @SuppressWarnings("unchecked")
public void testUnSuccessfulJASPI() throws Exception
{
AuthConfigProvider provider = factory.getConfigProvider(layer, appId, null);
@@ -106,6 +113,7 @@
"badpwd".toCharArray()));
assertNotNull("ServerAuthConfig is not null", serverConfig);
+ validateJAASConfiguration();
MessageInfo mi = new GenericMessageInfo(new Object(), new Object());
String authContextID = serverConfig.getAuthContextID(mi);
assertNotNull("AuthContext ID != null", authContextID);
@@ -113,7 +121,37 @@
assertNotNull("ServerAuthContext != null", sctx);
Subject clientSubject = new Subject();
Subject serviceSubject = new Subject();
- AuthStatus status = sctx.validateRequest(mi, clientSubject, serviceSubject);
- assertEquals(AuthStatus.FAILURE, status);
+ try
+ {
+ AuthStatus status = sctx.validateRequest(mi, clientSubject, serviceSubject);
+ assertEquals(AuthStatus.FAILURE, status);
+ }
+ catch(AuthException ae)
+ {
+ //Ignore - we are fine
+ }
}
-}
+
+ private void validateJAASConfiguration()
+ {
+ //Lets validate the configuration
+ Configuration config = Configuration.getConfiguration();
+ AppConfigurationEntry[] appConfigEntries = config.getAppConfigurationEntry("conf-jaspi");
+ assertTrue(appConfigEntries.length > 0);
+ for(AppConfigurationEntry appConfigEntry: appConfigEntries)
+ {
+ assertEquals("org.jboss.test.authentication.jaspi.TestLoginModule",
+ appConfigEntry.getLoginModuleName());
+ assertEquals(LoginModuleControlFlag.OPTIONAL, appConfigEntry.getControlFlag());
+ }
+
+ appConfigEntries = config.getAppConfigurationEntry("lm-stack");
+ assertTrue(appConfigEntries.length > 0);
+ for(AppConfigurationEntry appConfigEntry: appConfigEntries)
+ {
+ assertEquals("org.jboss.test.authentication.jaspi.TestLoginModule",
+ appConfigEntry.getLoginModuleName());
+ assertEquals(LoginModuleControlFlag.OPTIONAL, appConfigEntry.getControlFlag());
+ }
+ }
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/TestLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/TestLoginModule.java 2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/TestLoginModule.java 2008-10-18 00:54:23 UTC (rev 79683)
@@ -33,7 +33,6 @@
import org.jboss.security.SimplePrincipal;
-//$Id$
/**
* Test Login Module
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/TestServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/TestServerAuthModule.java 2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/TestServerAuthModule.java 2008-10-18 00:54:23 UTC (rev 79683)
@@ -25,6 +25,8 @@
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.message.AuthException;
@@ -34,7 +36,6 @@
import org.jboss.security.auth.container.modules.AbstractServerAuthModule;
-//$Id$
/**
* Test Server Auth Module that delegates to a login module stack
@@ -52,12 +53,14 @@
this.loginContextName = loginContextName;
}
+ @SuppressWarnings("unchecked")
public void initialize(MessagePolicy messagePolicyReq, MessagePolicy messagePolicyResp,
CallbackHandler cbh, Map options) throws AuthException
{
this.options = options;
try
{
+ this.validateJAASConfiguration();
loginContext = new LoginContext(loginContextName, cbh);
}
catch (LoginException e)
@@ -91,6 +94,7 @@
{
try
{
+ validateJAASConfiguration();
this.loginContext.login();
}
catch (LoginException e)
@@ -99,4 +103,13 @@
}
return true;
}
+
+ private void validateJAASConfiguration()
+ {
+ //Lets validate the configuration
+ Configuration config = Configuration.getConfiguration();
+ AppConfigurationEntry[] appConfigEntries = config.getAppConfigurationEntry(loginContextName);
+ if(appConfigEntries.length < 0)
+ throw new RuntimeException("No entries for " + loginContextName);
+ }
}
Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java 2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java 2008-10-18 00:54:23 UTC (rev 79683)
@@ -144,7 +144,7 @@
assertTrue("Entry instanceof AppConfigurationEntry", entry instanceof AuthModuleEntry);
AuthModuleEntry ace = (AuthModuleEntry) entry;
assertEquals("LM Name", "TestAuthModule", ace.getAuthModuleName());
- assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, ace.getControlFlag());
+ assertEquals("Required", ControlFlag.REQUIRED, ace.getControlFlag());
Map<String, ?> aceOptions = ace.getOptions();
assertEquals("Number of options = 3", 3, aceOptions.size());
assertEquals("usersProperties=u", "u", aceOptions.get("usersProperties"));
@@ -156,7 +156,7 @@
assertTrue("Entry instanceof AppConfigurationEntry", entry instanceof AuthModuleEntry);
ace = (AuthModuleEntry) entry;
assertEquals("LM Name", "TestAuthModule2", ace.getAuthModuleName());
- assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, ace.getControlFlag());
+ assertEquals("Required", ControlFlag.REQUIRED, ace.getControlFlag());
aceOptions = ace.getOptions();
assertEquals("Number of options = 0", 0, aceOptions.size());
LoginModuleStackHolder lmsh = ace.getLoginModuleStackHolder();
Added: projects/security/security-jboss-sx/trunk/jbosssx/src/test/resources/config/jaspi-config-options.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/test/resources/config/jaspi-config-options.xml (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/test/resources/config/jaspi-config-options.xml 2008-10-18 00:54:23 UTC (rev 79683)
@@ -0,0 +1,150 @@
+<jbsx:policy xsi:schemaLocation="urn:jboss:security-config:5.0 resource:security-config_5_0.xsd" xmlns:jbsx="urn:jboss:security-config:5.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+ <jbsx:application-policy name="required-permit-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule"
+ flag="required" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-deny-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="required" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="requisite-permit-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="requisite" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="requisite-deny-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="requisite" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="sufficient-permit-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="sufficient" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="sufficient-deny-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="sufficient" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="optional-permit-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="sufficient" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="optional-deny-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="sufficient" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-deny-sufficient-permit-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="required" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="sufficient" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-permit-sufficient-deny-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="sufficient" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-permit-required-deny-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="required" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-permit-required-permit-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-permit-required-permit-sufficient-deny-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="sufficient" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-permit-required-permit-requisite-deny-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="requisite" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-permit-required-permit-optional-deny-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="optional" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="required-permit-required-deny-requisite-permit-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="required" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="requisite" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="requisite-permit-requisite-permit-sufficient-deny-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="requisite" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="requisite" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="sufficient" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="sufficient-permit-required-deny-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="sufficient" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="required" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="sufficient-permit-sufficient-deny-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="sufficient" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="sufficient" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="optional-deny-sufficient-permit-required-deny-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="optional" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="sufficient" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="required" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+ <jbsx:application-policy name="sufficient-deny-optional-deny-policy">
+ <jbsx:authentication-jaspi>
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="sufficient" />
+ <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="optional" />
+ </jbsx:authentication-jaspi>
+ </jbsx:application-policy>
+
+</jbsx:policy>
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list