[jboss-cvs] JBossAS SVN: r79683 - in projects/security/security-jboss-sx/trunk/jbosssx/src: main/java/org/jboss/security/auth/container/modules and 7 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Fri Oct 17 20:54:23 EDT 2008


Author: anil.saldhana at jboss.com
Date: 2008-10-17 20:54:23 -0400 (Fri, 17 Oct 2008)
New Revision: 79683

Added:
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllFailureServerAuthModule.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllSuccessServerAuthModule.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/AuthContextUnitTestCase.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/test/resources/config/jaspi-config-options.xml
Modified:
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/config/AuthModuleEntry.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/login/LoginConfigObjectModelFactory.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthConfig.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthContext.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/config/PolicyConfig.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIConfigUnitTestCase.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/TestLoginModule.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/TestServerAuthModule.java
   projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java
Log:
SECURITY-286: JASPI modules comply with JAAS Control Flag behavior

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/config/AuthModuleEntry.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/config/AuthModuleEntry.java	2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/config/AuthModuleEntry.java	2008-10-18 00:54:23 UTC (rev 79683)
@@ -25,9 +25,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.security.auth.login.AppConfigurationEntry;
-
 import org.jboss.security.auth.login.LoginModuleStackHolder;
+import org.jboss.security.config.ControlFlag;
 import org.jboss.security.config.ModuleOption;
 
 //$Id$
@@ -40,8 +39,7 @@
  */
 public class AuthModuleEntry
 {
-   private AppConfigurationEntry.LoginModuleControlFlag controlFlag =
-                  AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
+   private ControlFlag controlFlag = ControlFlag.REQUIRED;
    private Map<String,Object> options = new HashMap<String,Object>();
    private String name = null;
    private LoginModuleStackHolder loginModuleStackHolder = null;
@@ -131,12 +129,12 @@
       this.loginModuleStackHolderName = loginModuleStackHolderName;
    }
 
-   public AppConfigurationEntry.LoginModuleControlFlag getControlFlag()
+   public ControlFlag getControlFlag()
    {
       return controlFlag;
    }
 
-   public void setControlFlag(AppConfigurationEntry.LoginModuleControlFlag flag)
+   public void setControlFlag(ControlFlag flag)
    {
       this.controlFlag = flag;
    }

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java	2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AbstractServerAuthModule.java	2008-10-18 00:54:23 UTC (rev 79683)
@@ -69,8 +69,7 @@
 
    /**
     * @see ServerAuthModule#initialize(MessagePolicy, MessagePolicy, CallbackHandler, Map, boolean)
-    */
-   @SuppressWarnings("unchecked")
+    */ 
    public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, 
          CallbackHandler handler, Map options )
          throws AuthException

Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllFailureServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllFailureServerAuthModule.java	                        (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllFailureServerAuthModule.java	2008-10-18 00:54:23 UTC (rev 79683)
@@ -0,0 +1,58 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.container.modules;
+
+import javax.security.auth.Subject;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.module.ServerAuthModule;
+
+/**
+ * Server Auth Module that sends a AuthStatus.FAILURE
+ * @author Anil.Saldhana at redhat.com
+ */
+public class AllFailureServerAuthModule extends AbstractServerAuthModule
+{ 
+   
+   @Override
+   protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException
+   { 
+      return false;
+   }
+
+   public AuthStatus secureResponse(MessageInfo arg0, Subject arg1) throws AuthException
+   { 
+      return AuthStatus.FAILURE;
+   } 
+   
+   /**
+    * @see ServerAuthModule#getSupportedMessageTypes()
+    */
+   @SuppressWarnings("unchecked")
+   @Override
+   public Class[] getSupportedMessageTypes()
+   {
+      this.supportedTypes.add(Object.class); 
+      return super.getSupportedMessageTypes();
+   } 
+}

Added: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllSuccessServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllSuccessServerAuthModule.java	                        (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/container/modules/AllSuccessServerAuthModule.java	2008-10-18 00:54:23 UTC (rev 79683)
@@ -0,0 +1,53 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.auth.container.modules;
+
+import javax.security.auth.Subject;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+
+/**
+ * ServerAuthModule that returns AuthStatus.SUCCESS
+ * @author Anil.Saldhana at redhat.com
+ */
+public class AllSuccessServerAuthModule extends AbstractServerAuthModule
+{ 
+   @SuppressWarnings("unchecked")
+   @Override
+   public Class[] getSupportedMessageTypes()
+   {
+      this.supportedTypes.add(Object.class); 
+      return super.getSupportedMessageTypes();
+   }
+
+   @Override
+   protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException
+   { 
+      return true;
+   }
+
+   public AuthStatus secureResponse(MessageInfo arg0, Subject arg1) throws AuthException
+   { 
+      return AuthStatus.SUCCESS;
+   } 
+}

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/login/LoginConfigObjectModelFactory.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/login/LoginConfigObjectModelFactory.java	2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/login/LoginConfigObjectModelFactory.java	2008-10-18 00:54:23 UTC (rev 79683)
@@ -21,11 +21,15 @@
  */
 package org.jboss.security.auth.login;
 
+import java.util.HashMap;
+import java.util.Map;
+
 import javax.security.auth.login.AppConfigurationEntry;
 
 import org.jboss.logging.Logger;
 import org.jboss.security.auth.container.config.AuthModuleEntry;
 import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.ControlFlag;
 import org.jboss.security.config.ModuleOption;
 import org.jboss.security.config.PolicyConfig;
 import org.jboss.util.StringPropertyReplacer;
@@ -45,7 +49,18 @@
    private static Logger log = Logger.getLogger(LoginConfigObjectModelFactory.class);
 
    private boolean trace;
+   
+   protected final Map<String, ControlFlag> controlFlags;
 
+   public LoginConfigObjectModelFactory()
+   { 
+      this.controlFlags = new HashMap<String, ControlFlag>();
+      controlFlags.put("REQUIRED", ControlFlag.REQUIRED);
+      controlFlags.put("REQUISITE", ControlFlag.REQUISITE);
+      controlFlags.put("OPTIONAL", ControlFlag.OPTIONAL);
+      controlFlags.put("SUFFICIENT", ControlFlag.SUFFICIENT);
+   }
+
    public Object completeRoot(Object root, UnmarshallingContext ctx, String uri, String name)
    {
       if (trace)
@@ -170,10 +185,15 @@
       else if ("auth-module".equals(localName))
       {
          String code = attrs.getValue("code");
-         child = new AuthModuleEntry(code, null, null);
+         AuthModuleEntry authModuleEntry = new AuthModuleEntry(code, null, null);
+         
+         String flag = attrs.getValue("flag"); 
+         authModuleEntry.setControlFlag(getControlFlag(flag));
+         
          String lmsRef = attrs.getValue("login-module-stack-ref");
          if (lmsRef != null)
-            ((AuthModuleEntry) child).setLoginModuleStackHolder(info.getLoginModuleStackHolder(lmsRef));
+            authModuleEntry.setLoginModuleStackHolder(info.getLoginModuleStackHolder(lmsRef));
+         child = authModuleEntry;
       }
 
       return child;
@@ -322,5 +342,20 @@
       if (trace)
          log.trace("Added ApplicationPolicy to PolicyConfig, name: " + aPolicy.getName());
    }
+   
+   public ControlFlag getControlFlag(String flag)
+   {
+      ControlFlag controlFlag = null;
+      
+      if(flag != null)
+      {
+         flag = StringPropertyReplacer.replaceProperties(flag.trim());
+         controlFlag = this.controlFlags.get(flag.toUpperCase()); 
+      }
+      if (controlFlag == null)
+         controlFlag = ControlFlag.REQUIRED;
+      
+      return controlFlag;
+   }
 
 }
\ No newline at end of file

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthConfig.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthConfig.java	2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthConfig.java	2008-10-18 00:54:23 UTC (rev 79683)
@@ -45,6 +45,7 @@
 import org.jboss.security.auth.login.BaseAuthenticationInfo;
 import org.jboss.security.auth.login.JASPIAuthenticationInfo;
 import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.ControlFlag;
 import org.jboss.security.config.SecurityConfiguration;
 
 //$Id$
@@ -91,6 +92,8 @@
          Subject serviceSubject, Map properties) 
    throws AuthException
    { 
+      List<ControlFlag> controlFlags = new ArrayList<ControlFlag>();
+      
       Map<String,Map> mapOptionsByName = new HashMap<String,Map>();
       SecurityContext securityContext = SecurityActions.getSecurityContext();
       if(securityContext == null)
@@ -131,7 +134,7 @@
                try
                {
                   mapOptionsByName.put(ame.getAuthModuleName(), ame.getOptions());
-                  
+                  controlFlags.add(ame.getControlFlag());            
                   modules.add(this.createSAM(ame.getAuthModuleName(), 
                         ame.getLoginModuleStackHolderName()));
                }
@@ -145,6 +148,7 @@
                try
                {
                   mapOptionsByName.put(ame.getAuthModuleName(), ame.getOptions());
+                  controlFlags.add(ame.getControlFlag());            
                   modules.add(this.createSAM(ame.getAuthModuleName()));
                }
                catch (Exception e)
@@ -155,7 +159,9 @@
          } 
       } 
        
-      return new JBossServerAuthContext(modules, mapOptionsByName, this.callbackHandler);
+      JBossServerAuthContext serverAuthContext = new JBossServerAuthContext(modules, mapOptionsByName, this.callbackHandler);
+      serverAuthContext.setControlFlags(controlFlags);
+      return serverAuthContext;
    }
  
    /**

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthContext.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthContext.java	2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/message/config/JBossServerAuthContext.java	2008-10-18 00:54:23 UTC (rev 79683)
@@ -36,6 +36,9 @@
 import javax.security.auth.message.config.ServerAuthContext;
 import javax.security.auth.message.module.ServerAuthModule;
 
+import org.jboss.logging.Logger;
+import org.jboss.security.config.ControlFlag;
+
 //$Id$
 
 /**
@@ -46,11 +49,20 @@
  */
 public class JBossServerAuthContext implements ServerAuthContext
 {  
+   protected static Logger log = Logger.getLogger(JBossServerAuthContext.class);
+   
+   protected boolean trace = log.isTraceEnabled();
+   
    private List<ServerAuthModule> modules = new ArrayList<ServerAuthModule>(); 
    
    @SuppressWarnings("unchecked")
    private Map<String,Map> moduleOptionsByName = new HashMap<String,Map>();
    
+   /**
+    * Control Flags for the individual modules
+    */
+   protected List<ControlFlag> controlFlags = new ArrayList<ControlFlag>();
+   
    @SuppressWarnings("unchecked")
    public JBossServerAuthContext(List<ServerAuthModule> modules,
          Map<String,Map> moduleNameToOptions, CallbackHandler cbh) throws AuthException
@@ -64,7 +76,12 @@
       }
    }
    
+   public void setControlFlags(List<ControlFlag> controlFlags)
+   {
+      this.controlFlags = controlFlags;
+   }
    
+   
    /**
     * @see ServerAuth#cleanSubject(Subject, Map)
     */
@@ -102,7 +119,7 @@
       Class[] requestInterfaces = requestType.getInterfaces(); 
       
       List<Class> intfaee = Arrays.asList(requestInterfaces);
-      AuthStatus status = null; 
+      
       for(ServerAuthModule sam:modules)
       { 
          List<Class> supportedTypes = Arrays.asList(sam.getSupportedMessageTypes());
@@ -122,12 +139,93 @@
       if(supportingModules.size() == 0)
          throw new RuntimeException("No ServerAuthModule configured to support type:"+requestType);
       
-      for(ServerAuthModule sam:supportingModules)
+      AuthStatus authStatus = invokeModules(messageInfo, clientSubject, serviceSubject);
+      return authStatus;
+      
+      /*for(ServerAuthModule sam:supportingModules)
       {
          status = sam.validateRequest(messageInfo, clientSubject, serviceSubject);
          if(status == AuthStatus.FAILURE)
             break;
       }
-      return status;
+      return status;*/
    } 
+   
+   private AuthStatus invokeModules(MessageInfo messageInfo,
+         Subject clientSubject, Subject serviceSubject) 
+   throws AuthException
+   {
+      //Control Flag behavior
+      boolean encounteredRequiredError = false; 
+      boolean encounteredOptionalError = false; 
+      AuthException moduleException = null;
+      AuthStatus overallDecision = AuthStatus.FAILURE;
+      
+      int length = modules.size();
+      for(int i = 0; i < length; i++)
+      {
+         ServerAuthModule module = (ServerAuthModule)modules.get(i);
+         ControlFlag flag = (ControlFlag)this.controlFlags.get(i); 
+         AuthStatus decision = AuthStatus.FAILURE;
+         try
+         {
+            decision = module.validateRequest(messageInfo, clientSubject, serviceSubject);
+         }
+         catch(Exception ae)
+         { 
+            decision = AuthStatus.FAILURE;
+            if(moduleException == null)
+               moduleException = new AuthException(ae.getMessage());
+         }
+         
+         if(decision == AuthStatus.SUCCESS)
+         { 
+            overallDecision =  AuthStatus.SUCCESS;
+            //SUFFICIENT case
+            if(flag == ControlFlag.SUFFICIENT && encounteredRequiredError == false)
+               return AuthStatus.SUCCESS;
+            continue; //Continue with the other modules
+         }
+         //Go through the failure cases 
+         //REQUISITE case
+         if(flag == ControlFlag.REQUISITE)
+         {
+            if(trace)
+               log.trace("REQUISITE failed for " + module); 
+            if(moduleException == null)
+               moduleException = new AuthException("Auth  failed");
+            else
+               throw moduleException;
+         }
+         //REQUIRED Case
+         if(flag == ControlFlag.REQUIRED)
+         {
+            if(trace)
+               log.trace("REQUIRED failed for " + module);
+            if(encounteredRequiredError == false)
+               encounteredRequiredError = true;
+         }
+         if(flag == ControlFlag.OPTIONAL)
+            encounteredOptionalError = true; 
+      }
+      
+      //All the authorization modules have been visited.
+      String msg = getAdditionalErrorMessage(moduleException);
+      if(encounteredRequiredError)
+         throw new AuthException("Auth Failed:"+ msg);
+      if(overallDecision == AuthStatus.FAILURE && encounteredOptionalError)
+         throw new AuthException("Auth Failed:" + msg);
+      if(overallDecision == AuthStatus.FAILURE)
+         throw new AuthException("Auth Failed:Denied.");
+      return AuthStatus.SUCCESS;
+   }
+   
+
+   private String getAdditionalErrorMessage(Exception e)
+   {
+      StringBuilder msg = new StringBuilder(" ");
+      if(e != null)
+         msg.append(e.getLocalizedMessage());
+      return msg.toString();
+   }
 }
\ No newline at end of file

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java	2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/authorization/config/SecurityConfigObjectModelFactory.java	2008-10-18 00:54:23 UTC (rev 79683)
@@ -59,9 +59,7 @@
    private static Logger log = Logger.getLogger(SecurityConfigObjectModelFactory.class);
 
    private final boolean trace = log.isTraceEnabled();
-
-   private final Map<String, ControlFlag> controlFlags;
-
+ 
    /**
     * <p>
     * Creates an instance of {@code SecurityConfigObjectModelFactory}.
@@ -69,11 +67,6 @@
     */
    public SecurityConfigObjectModelFactory()
    {
-      this.controlFlags = new HashMap<String, ControlFlag>();
-      controlFlags.put("REQUIRED", ControlFlag.REQUIRED);
-      controlFlags.put("REQUISITE", ControlFlag.REQUISITE);
-      controlFlags.put("OPTIONAL", ControlFlag.OPTIONAL);
-      controlFlags.put("SUFFICIENT", ControlFlag.SUFFICIENT);
    }
 
    @Override
@@ -483,5 +476,4 @@
    {
       auditInfo.add(entry);
    }
-
 }

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/config/PolicyConfig.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/config/PolicyConfig.java	2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/config/PolicyConfig.java	2008-10-18 00:54:23 UTC (rev 79683)
@@ -21,6 +21,7 @@
 */
 package org.jboss.security.config;
 
+import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
@@ -75,4 +76,9 @@
    {
       config.putAll(pc.config);
    }
+   
+   public Collection<ApplicationPolicy> getPolicies()
+   {
+      return Collections.unmodifiableCollection(this.config.values());
+   }
 }

Added: projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/AuthContextUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/AuthContextUnitTestCase.java	                        (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/AuthContextUnitTestCase.java	2008-10-18 00:54:23 UTC (rev 79683)
@@ -0,0 +1,231 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.authentication.jaspi;
+
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.URL;
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.auth.message.GenericMessageInfo;
+import org.jboss.security.auth.spi.UsersObjectModelFactory;
+import org.jboss.security.authorization.config.SecurityConfigObjectModelFactory;
+import org.jboss.security.config.ApplicationPolicy;
+import org.jboss.security.config.PolicyConfig;
+import org.jboss.security.config.SecurityConfiguration;
+import org.jboss.security.plugins.JBossSecurityContext;
+import org.jboss.security.plugins.auth.JASPIServerAuthenticationManager;
+import org.jboss.test.JBossTestCase;
+import org.jboss.test.JBossTestSetup;
+import org.jboss.xb.binding.Unmarshaller;
+import org.jboss.xb.binding.UnmarshallerFactory;
+
+
+/**
+ * Test the JASPI options (required, requisite, sufficient, optional) behavior
+ * 
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 16, 2007
+ * @version $Revision$
+ */
+public class AuthContextUnitTestCase extends JBossTestCase
+{ 
+   private static PolicyConfig policyConfig = null;
+
+   public AuthContextUnitTestCase(String name)
+   {
+      super(name); 
+   }
+
+
+   public static Test suite() throws Exception
+   {
+      TestSuite suite = new TestSuite();
+      suite.addTest(new TestSuite(AuthContextUnitTestCase.class));
+      // Create an initializer for the test suite
+      TestSetup wrapper = new JBossTestSetup(suite)
+      { 
+         protected void setUp() throws Exception
+         {
+            super.setUp(); 
+            ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+            URL url = tcl.getResource("config/jaspi-config-options.xml");
+            if(url == null)
+               throw new IllegalStateException("config url is null");
+            loadXMLConfig(url);
+            
+            for(ApplicationPolicy policy : policyConfig.getPolicies())
+               SecurityConfiguration.addApplicationPolicy(policy); 
+         }
+         protected void tearDown() throws Exception
+         {  
+            super.tearDown(); 
+         }
+      };
+      return wrapper; 
+   } 
+
+
+   /**
+    * Test the AuthorizationModule required behavior
+    */
+   public void testRequiredOptionBehavior() throws Exception
+   {   
+      assertNotNull("PolicyConfig != null", policyConfig);
+      boolean result = getResult("required-permit-policy");
+      assertTrue("PERMIT?", true == result);
+      result = getResult("required-deny-policy");
+      assertTrue("DENY?", false == result);
+   }
+
+   /**
+    * Test the AuthorizationModule requisite behavior
+    */
+   public void testRequisiteOptionBehavior() throws Exception
+   {   
+      assertNotNull("PolicyConfig != null", policyConfig);
+      boolean result = getResult("requisite-permit-policy");
+      assertTrue("PERMIT?", true == result);
+      result = getResult("requisite-deny-policy");
+      assertTrue("DENY?", false == result);
+   }
+
+
+   /**
+    * Test the AuthorizationModule sufficient behavior
+    */
+   public void testSufficientOptionBehavior() throws Exception
+   {   
+      assertNotNull("PolicyConfig != null", policyConfig);
+      boolean result = getResult("sufficient-permit-policy");
+      assertTrue("PERMIT?", true == result);
+      result = getResult("sufficient-deny-policy");
+      assertTrue("DENY?", false == result);
+   }
+
+
+   /**
+    * Test the AuthorizationModule optional behavior
+    */
+   public void testOptionalOptionBehavior() throws Exception
+   {   
+      assertNotNull("PolicyConfig != null", policyConfig);
+      boolean result = getResult("optional-permit-policy");
+      assertTrue("PERMIT?", true == result);
+      result = getResult("optional-deny-policy");
+      assertTrue("DENY?", false == result);
+   }
+
+   /**
+    * Test the AuthorizationModules combination behavior
+    */
+   public void testCombinationBehavior() throws Exception
+   {   
+      assertNotNull("PolicyConfig != null", policyConfig);
+      boolean result = getResult("required-deny-sufficient-permit-policy");
+      assertTrue("DENY?", false == result); 
+      result = getResult("required-permit-sufficient-deny-policy");
+      assertTrue("PERMIT?", true == result); 
+      result = getResult("required-permit-required-deny-policy");
+      assertTrue("DENY?", false == result);
+      result = getResult("required-permit-required-permit-policy");
+      assertTrue("PERMIT?", true == result);
+      result = getResult("required-permit-required-permit-sufficient-deny-policy");
+      assertTrue("PERMIT?", true == result);
+      result = getResult("required-permit-required-permit-requisite-deny-policy");
+      assertTrue("PERMIT?", true == result);
+      result = getResult("required-permit-required-permit-optional-deny-policy");
+      assertTrue("PERMIT?", true == result);
+      result = getResult("required-permit-required-deny-requisite-permit-policy");
+      assertTrue("DENY?", false == result); 
+      result = getResult("requisite-permit-requisite-permit-sufficient-deny-policy");
+      assertTrue("PERMIT?", true == result);
+
+      result = getResult("sufficient-permit-required-deny-policy");
+      assertTrue("PERMIT?", true == result);
+      result = getResult("sufficient-permit-sufficient-deny-policy");
+      assertTrue("PERMIT?", true == result);
+      result = getResult("optional-deny-sufficient-permit-required-deny-policy");
+      assertTrue("PERMIT?", true == result);
+
+      result = getResult("sufficient-deny-optional-deny-policy");
+      assertTrue("DENY?", false == result);
+   }
+
+   private boolean getResult(String policyName) throws Exception
+   {  
+      SecurityContext securityContext = new JBossSecurityContext(policyName);
+      SecurityContextAssociation.setSecurityContext(securityContext);
+      
+      CallbackHandler handler = new TestCallbackHandler();
+      JASPIServerAuthenticationManager aContext = new JASPIServerAuthenticationManager(policyName,
+            handler);  
+      GenericMessageInfo requestMessage = new GenericMessageInfo(new Object(), new Object());
+      return  aContext.isValid(requestMessage, new Subject(), "HttpServlet", 
+            handler); 
+   }
+
+   /**
+    * Use JBossXB to parse the security config file
+    * @param loginConfigURL
+    * @throws Exception
+    */
+   private static void loadXMLConfig(URL loginConfigURL)
+   throws Exception 
+   {
+      if(loginConfigURL == null)
+         throw new IllegalArgumentException("loginConfigURL is null");
+      SecurityConfigObjectModelFactory lcomf = new SecurityConfigObjectModelFactory();
+      UsersObjectModelFactory uomf = new UsersObjectModelFactory();
+
+      InputStreamReader xmlReader = new InputStreamReader(loginConfigURL.openStream());
+      Unmarshaller unmarshaller = UnmarshallerFactory.newInstance().newUnmarshaller();
+      unmarshaller.mapFactoryToNamespace(uomf, "http://www.jboss.org/j2ee/schemas/XMLLoginModule");
+      policyConfig = (PolicyConfig) unmarshaller.unmarshal(xmlReader, lcomf, (Object)null); 
+   } 
+
+   /**
+    * Dummy CallbackHandler
+    */
+   private static class TestCallbackHandler implements CallbackHandler
+   { 
+      public void setSecurityInfo(Principal p, Object cred)
+      {}
+      
+      public void handle(Callback[] arg0) 
+      throws IOException, UnsupportedCallbackException
+      {
+      } 
+   } 
+}
\ No newline at end of file

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIConfigUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIConfigUnitTestCase.java	2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIConfigUnitTestCase.java	2008-10-18 00:54:23 UTC (rev 79683)
@@ -21,9 +21,13 @@
   */
 package org.jboss.test.authentication.jaspi;
 
+import java.net.URL;
 import java.util.HashMap;
 
 import javax.security.auth.Subject;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
 import javax.security.auth.message.MessageInfo;
 import javax.security.auth.message.config.AuthConfigFactory;
 import javax.security.auth.message.config.AuthConfigProvider;
@@ -34,11 +38,14 @@
 
 import junit.framework.TestCase;
 
+import org.jboss.security.SecurityContextAssociation;
 import org.jboss.security.auth.callback.AppCallbackHandler;
+import org.jboss.security.auth.login.XMLLoginConfigImpl;
 import org.jboss.security.auth.message.GenericMessageInfo;
+import org.jboss.security.plugins.JBossSecurityContext;
+import org.jboss.test.SecurityActions;
 import org.jboss.test.authentication.jaspi.helpers.TestAuthConfigProvider;
 
-//$Id$
 
 /**
  *  Unit Tests for the JASPI Configuration
@@ -58,6 +65,7 @@
             "Test Config Provider");
    }
    
+   @SuppressWarnings("unchecked")
    public void testServerFactoryConfig() throws Exception
    { 
       assertNotNull("AuthConfigFactory is ! null", factory); 
@@ -76,6 +84,7 @@
       assertNotNull("ServerAuthContext != null",sctx); 
    } 
    
+   @SuppressWarnings("unchecked")
    public void testClientFactoryConfig() throws Exception
    { 
       assertNotNull("AuthConfigFactory is ! null", factory); 
@@ -93,5 +102,47 @@
             new Subject(), new HashMap());
       assertNotNull("ClientAuthContext != null",sctx); 
    }
+   
+   public void testLoginConfigStackHolder() throws Exception
+   {
+      String securityDomain = "conf-jaspi";
+      JBossSecurityContext jsc = new JBossSecurityContext(securityDomain);
+      SecurityContextAssociation.setSecurityContext(jsc);
+
+      String configFile = "config/jaspi-config.xml";
+      loadConfig(configFile);
+      
+      //Lets validate the configuration
+      Configuration config = Configuration.getConfiguration();
+      AppConfigurationEntry[] appConfigEntries = config.getAppConfigurationEntry(securityDomain);
+      assertTrue(appConfigEntries.length > 0);
+      for(AppConfigurationEntry appConfigEntry: appConfigEntries)
+      {
+         assertEquals("org.jboss.test.authentication.jaspi.TestLoginModule",
+               appConfigEntry.getLoginModuleName());
+         assertEquals(LoginModuleControlFlag.OPTIONAL, appConfigEntry.getControlFlag());
+      }
+      
+      appConfigEntries = config.getAppConfigurationEntry("lm-stack");
+      assertTrue(appConfigEntries.length > 0);
+      for(AppConfigurationEntry appConfigEntry: appConfigEntries)
+      {
+         assertEquals("org.jboss.test.authentication.jaspi.TestLoginModule",
+               appConfigEntry.getLoginModuleName());
+         assertEquals(LoginModuleControlFlag.OPTIONAL, appConfigEntry.getControlFlag());
+      }
+   }
+   
+   private void loadConfig(String configFile)
+   {
+      XMLLoginConfigImpl xli = XMLLoginConfigImpl.getInstance();
+      SecurityActions.setJAASConfiguration(xli);
+
+      URL configURL = Thread.currentThread().getContextClassLoader().getResource(configFile);
+      assertNotNull("Config URL", configURL);
+
+      xli.setConfigURL(configURL);
+      xli.loadConfig();
+   }
     
 }

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java	2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/JASPIWorkflowUnitTestCase.java	2008-10-18 00:54:23 UTC (rev 79683)
@@ -25,6 +25,10 @@
 import java.util.HashMap;
 
 import javax.security.auth.Subject;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
+import javax.security.auth.message.AuthException;
 import javax.security.auth.message.AuthStatus;
 import javax.security.auth.message.MessageInfo;
 import javax.security.auth.message.config.AuthConfigFactory;
@@ -35,6 +39,7 @@
 import junit.framework.TestCase;
 
 import org.jboss.security.SecurityConstants;
+import org.jboss.security.SecurityContext;
 import org.jboss.security.SecurityContextAssociation;
 import org.jboss.security.auth.callback.AppCallbackHandler;
 import org.jboss.security.auth.login.XMLLoginConfigImpl;
@@ -43,7 +48,6 @@
 import org.jboss.security.plugins.JBossSecurityContext;
 import org.jboss.test.SecurityActions;
 
-// $Id$
 
 /**
  * Test the Server side workflow for JASPI
@@ -62,13 +66,14 @@
 
    String configFile = "config/jaspi-config.xml";
 
+   @SuppressWarnings("unchecked")
    @Override
    protected void setUp() throws Exception
    {
       factory = AuthConfigFactory.getFactory();
       factory.registerConfigProvider(new JBossAuthConfigProvider(new HashMap()), layer, appId, "Test Config Provider");
 
-      JBossSecurityContext jsc = new JBossSecurityContext("conf-jaspi");
+      SecurityContext jsc = new JBossSecurityContext("conf-jaspi");
       SecurityContextAssociation.setSecurityContext(jsc);
 
       XMLLoginConfigImpl xli = XMLLoginConfigImpl.getInstance();
@@ -81,6 +86,7 @@
       xli.loadConfig();
    }
 
+   @SuppressWarnings("unchecked")
    public void testSuccessfulJASPI() throws Exception
    {
       AuthConfigProvider provider = factory.getConfigProvider(layer, appId, null);
@@ -99,6 +105,7 @@
       assertEquals(AuthStatus.SUCCESS, status);
    }
 
+   @SuppressWarnings("unchecked")
    public void testUnSuccessfulJASPI() throws Exception
    {
       AuthConfigProvider provider = factory.getConfigProvider(layer, appId, null);
@@ -106,6 +113,7 @@
             "badpwd".toCharArray()));
       assertNotNull("ServerAuthConfig is not null", serverConfig);
 
+      validateJAASConfiguration();
       MessageInfo mi = new GenericMessageInfo(new Object(), new Object());
       String authContextID = serverConfig.getAuthContextID(mi);
       assertNotNull("AuthContext ID != null", authContextID);
@@ -113,7 +121,37 @@
       assertNotNull("ServerAuthContext != null", sctx);
       Subject clientSubject = new Subject();
       Subject serviceSubject = new Subject();
-      AuthStatus status = sctx.validateRequest(mi, clientSubject, serviceSubject);
-      assertEquals(AuthStatus.FAILURE, status);
+      try
+      {
+         AuthStatus status = sctx.validateRequest(mi, clientSubject, serviceSubject);
+         assertEquals(AuthStatus.FAILURE, status);
+      }
+      catch(AuthException ae)
+      {
+         //Ignore - we are fine
+      }
    }
-}
+   
+   private void validateJAASConfiguration()
+   {
+      //Lets validate the configuration
+      Configuration config = Configuration.getConfiguration();
+      AppConfigurationEntry[] appConfigEntries = config.getAppConfigurationEntry("conf-jaspi");
+      assertTrue(appConfigEntries.length > 0);
+      for(AppConfigurationEntry appConfigEntry: appConfigEntries)
+      {
+         assertEquals("org.jboss.test.authentication.jaspi.TestLoginModule",
+               appConfigEntry.getLoginModuleName());
+         assertEquals(LoginModuleControlFlag.OPTIONAL, appConfigEntry.getControlFlag());
+      }
+      
+      appConfigEntries = config.getAppConfigurationEntry("lm-stack");
+      assertTrue(appConfigEntries.length > 0);
+      for(AppConfigurationEntry appConfigEntry: appConfigEntries)
+      {
+         assertEquals("org.jboss.test.authentication.jaspi.TestLoginModule",
+               appConfigEntry.getLoginModuleName());
+         assertEquals(LoginModuleControlFlag.OPTIONAL, appConfigEntry.getControlFlag());
+      }
+   }
+}
\ No newline at end of file

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/TestLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/TestLoginModule.java	2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/TestLoginModule.java	2008-10-18 00:54:23 UTC (rev 79683)
@@ -33,7 +33,6 @@
 
 import org.jboss.security.SimplePrincipal;
 
-//$Id$
 
 /**
  *  Test Login Module

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/TestServerAuthModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/TestServerAuthModule.java	2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/authentication/jaspi/TestServerAuthModule.java	2008-10-18 00:54:23 UTC (rev 79683)
@@ -25,6 +25,8 @@
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.message.AuthException;
@@ -34,7 +36,6 @@
 
 import org.jboss.security.auth.container.modules.AbstractServerAuthModule;
 
-//$Id$
 
 /**
  *  Test Server Auth Module that delegates to a login module stack
@@ -52,12 +53,14 @@
       this.loginContextName = loginContextName;
    } 
 
+   @SuppressWarnings("unchecked")
    public void initialize(MessagePolicy messagePolicyReq, MessagePolicy messagePolicyResp, 
          CallbackHandler cbh, Map options) throws AuthException
    {
       this.options = options;
       try
       {
+         this.validateJAASConfiguration();
          loginContext = new LoginContext(loginContextName, cbh);
       }
       catch (LoginException e)
@@ -91,6 +94,7 @@
    {
       try
       {
+         validateJAASConfiguration();
          this.loginContext.login();
       }
       catch (LoginException e)
@@ -99,4 +103,13 @@
       }
       return true;
    } 
+   
+   private void validateJAASConfiguration()
+   {
+      //Lets validate the configuration
+      Configuration config = Configuration.getConfiguration();
+      AppConfigurationEntry[] appConfigEntries = config.getAppConfigurationEntry(loginContextName);
+      if(appConfigEntries.length < 0)
+        throw new RuntimeException("No entries for " + loginContextName); 
+   }
 }

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java	2008-10-18 00:27:55 UTC (rev 79682)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/test/java/org/jboss/test/security/config/SecurityConfigurationUnitTestCase.java	2008-10-18 00:54:23 UTC (rev 79683)
@@ -144,7 +144,7 @@
       assertTrue("Entry instanceof AppConfigurationEntry", entry instanceof AuthModuleEntry);
       AuthModuleEntry ace = (AuthModuleEntry) entry;
       assertEquals("LM Name", "TestAuthModule", ace.getAuthModuleName());
-      assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, ace.getControlFlag());
+      assertEquals("Required", ControlFlag.REQUIRED, ace.getControlFlag());
       Map<String, ?> aceOptions = ace.getOptions();
       assertEquals("Number of options = 3", 3, aceOptions.size());
       assertEquals("usersProperties=u", "u", aceOptions.get("usersProperties"));
@@ -156,7 +156,7 @@
       assertTrue("Entry instanceof AppConfigurationEntry", entry instanceof AuthModuleEntry);
       ace = (AuthModuleEntry) entry;
       assertEquals("LM Name", "TestAuthModule2", ace.getAuthModuleName());
-      assertEquals("Required", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, ace.getControlFlag());
+      assertEquals("Required", ControlFlag.REQUIRED, ace.getControlFlag());
       aceOptions = ace.getOptions();
       assertEquals("Number of options = 0", 0, aceOptions.size());
       LoginModuleStackHolder lmsh = ace.getLoginModuleStackHolder();

Added: projects/security/security-jboss-sx/trunk/jbosssx/src/test/resources/config/jaspi-config-options.xml
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/test/resources/config/jaspi-config-options.xml	                        (rev 0)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/test/resources/config/jaspi-config-options.xml	2008-10-18 00:54:23 UTC (rev 79683)
@@ -0,0 +1,150 @@
+<jbsx:policy xsi:schemaLocation="urn:jboss:security-config:5.0 resource:security-config_5_0.xsd" xmlns:jbsx="urn:jboss:security-config:5.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+   <jbsx:application-policy name="required-permit-policy">
+     <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" 
+        flag="required" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy> 
+
+   <jbsx:application-policy name="required-deny-policy">
+     <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="required" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy>
+
+   <jbsx:application-policy name="requisite-permit-policy">
+     <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="requisite" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy> 
+
+  <jbsx:application-policy name="requisite-deny-policy">
+    <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="requisite" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy>
+
+   <jbsx:application-policy name="sufficient-permit-policy">
+     <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="sufficient" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy> 
+
+  <jbsx:application-policy name="sufficient-deny-policy">
+    <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="sufficient" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy>
+
+   <jbsx:application-policy name="optional-permit-policy">
+     <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="sufficient" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy> 
+
+  <jbsx:application-policy name="optional-deny-policy">
+    <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="sufficient" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy>
+
+   <jbsx:application-policy name="required-deny-sufficient-permit-policy">
+     <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="required" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="sufficient" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy>
+
+   <jbsx:application-policy name="required-permit-sufficient-deny-policy">
+     <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="sufficient" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy>
+
+   <jbsx:application-policy name="required-permit-required-deny-policy">
+     <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="required" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy>
+
+   <jbsx:application-policy name="required-permit-required-permit-policy">
+     <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy>
+
+   <jbsx:application-policy name="required-permit-required-permit-sufficient-deny-policy">
+     <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="sufficient" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy>
+
+   <jbsx:application-policy name="required-permit-required-permit-requisite-deny-policy">
+     <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="requisite" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy>
+
+   <jbsx:application-policy name="required-permit-required-permit-optional-deny-policy">
+     <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="optional" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy>
+
+   <jbsx:application-policy name="required-permit-required-deny-requisite-permit-policy">
+     <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="required" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="required" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="requisite" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy>
+
+   <jbsx:application-policy name="requisite-permit-requisite-permit-sufficient-deny-policy">
+     <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="requisite" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="requisite" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="sufficient" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy>
+
+   <jbsx:application-policy name="sufficient-permit-required-deny-policy">
+     <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="sufficient" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="required" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy>
+
+   <jbsx:application-policy name="sufficient-permit-sufficient-deny-policy">
+     <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="sufficient" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="sufficient" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy>
+
+   <jbsx:application-policy name="optional-deny-sufficient-permit-required-deny-policy">
+     <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="optional" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllSuccessServerAuthModule" flag="sufficient" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="required" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy>
+
+   <jbsx:application-policy name="sufficient-deny-optional-deny-policy">
+     <jbsx:authentication-jaspi>
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="sufficient" />
+        <jbsx:auth-module code="org.jboss.security.auth.container.modules.AllFailureServerAuthModule" flag="optional" />
+     </jbsx:authentication-jaspi>
+   </jbsx:application-policy>
+
+</jbsx:policy>
\ No newline at end of file




More information about the jboss-cvs-commits mailing list