[jboss-cvs] JBossAS SVN: r92165 - in projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src: main/java/org/jboss/security/auth/spi and 1 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Sat Aug 8 23:11:16 EDT 2009


Author: anil.saldhana at jboss.com
Date: 2009-08-08 23:11:15 -0400 (Sat, 08 Aug 2009)
New Revision: 92165

Modified:
   projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/ClientLoginModule.java
   projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleServerLoginModule.java
   projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/java/org/jboss/test/authentication/jaas/ClientLoginModuleUnitTestCase.java
Log:
SECURITY-339: merge in from security trunk 92155 and 92164

Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/ClientLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/ClientLoginModule.java	2009-08-09 03:09:07 UTC (rev 92164)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/ClientLoginModule.java	2009-08-09 03:11:15 UTC (rev 92165)
@@ -141,6 +141,9 @@
       useFirstPass = passwordStacking != null;
       if(trace && useFirstPass)
 	 log.trace("Enabling useFirstPass mode");
+
+      //Cache the existing security context
+      this.cachedSecurityContext = SecurityAssociationActions.getSecurityContext();
    }
 
    /**
@@ -234,8 +237,6 @@
    {
       if( trace )
          log.trace("commit, subject="+subject);
-      //Cache the existing security context
-      this.cachedSecurityContext = SecurityAssociationActions.getSecurityContext();
       
       SecurityAssociationActions.setPrincipalInfo(loginPrincipal, loginCredential, subject);
 

Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleServerLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleServerLoginModule.java	2009-08-09 03:09:07 UTC (rev 92164)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleServerLoginModule.java	2009-08-09 03:11:15 UTC (rev 92165)
@@ -23,6 +23,7 @@
 
 import java.security.Principal;
 import java.security.acl.Group;
+import java.util.Set;
 
 import javax.security.auth.login.LoginException;
 
@@ -86,5 +87,12 @@
    {
       return getUsername();
    }
-
-}
+   
+   @Override
+   public boolean logout() throws LoginException
+   {
+      Group[] groups = this.getRoleSets();
+      subject.getPrincipals().remove(groups[0]); 
+      return super.logout();
+   }  
+}
\ No newline at end of file

Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/java/org/jboss/test/authentication/jaas/ClientLoginModuleUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/java/org/jboss/test/authentication/jaas/ClientLoginModuleUnitTestCase.java	2009-08-09 03:09:07 UTC (rev 92164)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/java/org/jboss/test/authentication/jaas/ClientLoginModuleUnitTestCase.java	2009-08-09 03:11:15 UTC (rev 92165)
@@ -140,18 +140,18 @@
          AppConfigurationEntry[] entry = {ace};
          return entry;
       }
-      
-      @SuppressWarnings("unchecked")
-      AppConfigurationEntry[] testAbort()
+       
+      AppConfigurationEntry[] testAbortWithRestore()
       {
          String name1 = "org.jboss.security.auth.spi.SimpleServerLoginModule";
          AppConfigurationEntry ace1 = new AppConfigurationEntry(name1,
-         AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap()); 
+         AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap<String,String>()); 
          
          
          String name2 = "org.jboss.security.ClientLoginModule";
          HashMap<String,String> options = new HashMap<String,String>();
          options.put("multi-threaded", "true"); 
+         options.put("restore-login-identity", "true");
          
          
          AppConfigurationEntry ace2 = new AppConfigurationEntry(name2,
@@ -160,6 +160,24 @@
          AppConfigurationEntry[] entry = {ace1,ace2};
          return entry; 
       }
+       
+      AppConfigurationEntry[] testAbortWithNoRestore()
+      {
+         String name1 = "org.jboss.security.auth.spi.SimpleServerLoginModule";
+         AppConfigurationEntry ace1 = new AppConfigurationEntry(name1,
+         AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap<String,String>()); 
+         
+         
+         String name2 = "org.jboss.security.ClientLoginModule";
+         HashMap<String,String> options = new HashMap<String,String>();
+         options.put("multi-threaded", "true"); 
+         
+         AppConfigurationEntry ace2 = new AppConfigurationEntry(name2,
+         AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
+         
+         AppConfigurationEntry[] entry = {ace1,ace2};
+         return entry; 
+      }
       
    }
 
@@ -172,7 +190,8 @@
       suite.addTest(new ClientLoginModuleUnitTestCase("testMultiThreaded"));
       suite.addTest(new ClientLoginModuleUnitTestCase("testMultiThreadedRestoreIdentity"));
       suite.addTest(new ClientLoginModuleUnitTestCase("testMultiThreadedRestoreStack"));
-      suite.addTest(new ClientLoginModuleUnitTestCase("testAbort"));
+      suite.addTest(new ClientLoginModuleUnitTestCase("testAbortWithRestore"));
+      suite.addTest(new ClientLoginModuleUnitTestCase("testAbortWithNoRestore"));
       return suite;
    }
 
@@ -451,8 +470,8 @@
             assertTrue("password == theduke3",
                Arrays.equals(theduke3, "theduke3".toCharArray()));
 
-            lc.logout();
-
+            lc.logout(); 
+            
             // Validate restored state
             SecurityAssociation.SubjectContext sc2 = SecurityAssociation.peekSubjectContext();
             System.out.println(sc2);
@@ -475,14 +494,25 @@
    }
 
    //SECURITY-339: ClientLoginModule abort should not clear security context
-   public void testAbort() throws Exception
+   public void testAbortWithRestore() throws Exception
    {
       SecurityContext sc = SecurityContextFactory.createSecurityContext("test");
       SecurityContextAssociation.setSecurityContext(sc);
       
+      //Start with successful login. Then a failed login
+      UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke", "jduke");
+      LoginContext lc = new LoginContext("testAbortWithRestore", handler);
+      lc.login();
+      Subject subject = lc.getSubject();
+      assertNotNull("Subject is not null", subject);
+      
+      SecurityContext currentSC = SecurityContextAssociation.getSecurityContext();
+      assertNotNull("Current Security Context is not null", currentSC);
+      verifySubjectInfo(currentSC);
+      
       //Failed Login
-      UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke3", "BAD_PASSWORD");
-      LoginContext lc = new LoginContext("testAbort", handler);
+      handler = new UsernamePasswordHandler("jduke", "BAD_PASSWORD");
+      lc = new LoginContext("testAbortWithRestore", handler);
       try
       {
          lc.login(); 
@@ -492,29 +522,145 @@
       {
          //pass
       }
-      Subject subject = lc.getSubject();
+      subject = lc.getSubject();
+      assertNull("Subject from login context is null", subject);
+      
+      currentSC = SecurityContextAssociation.getSecurityContext();
+      assertNotNull("Current Security Context is not null", currentSC); 
+      verifySubjectInfo(currentSC);
+      
+      
+      //Successful Login
+      SecurityContextAssociation.setSecurityContext(sc);
+      handler = new UsernamePasswordHandler("jduke", "jduke");
+      lc = new LoginContext("testAbortWithRestore", handler);
+      lc.login();
+      subject = lc.getSubject();
+      assertNotNull("Subject is not null", subject);
+      
+      currentSC = SecurityContextAssociation.getSecurityContext();
+      assertNotNull("Current Security Context is not null", currentSC);
+      verifySubjectInfo(currentSC);
+      
+      //Failed Login
+      handler = new UsernamePasswordHandler("jduke", "BAD_PASSWORD");
+      lc = new LoginContext("testAbortWithRestore", handler);
+      try
+      {
+         lc.login(); 
+         fail("Should have failed");
+      }
+      catch(LoginException le)
+      {
+         //pass
+      }
+      subject = lc.getSubject();
       assertNull("Subject is null", subject);
       
-      SecurityContext currentSC = SecurityContextAssociation.getSecurityContext();
+      currentSC = SecurityContextAssociation.getSecurityContext();
       assertNotNull("Current Security Context is not null", currentSC);
-      SubjectInfo subjectInfo = currentSC.getSubjectInfo();
-      assertNotNull("SubjectInfo", subjectInfo);
-      assertNull("Subject is null", subjectInfo.getAuthenticatedSubject());
+      verifySubjectInfo(currentSC);
       
+      lc.logout();
+      subject = lc.getSubject();
+      assertNull("Subject from login context is null", subject);
+   }
+   
+   //SECURITY-339: ClientLoginModule abort should not clear security context
+   public void testAbortWithNoRestore() throws Exception
+   {
+      SecurityContext sc = SecurityContextFactory.createSecurityContext("test");
+      SecurityContextAssociation.setSecurityContext(sc);
       
       //Successful Login
       SecurityContextAssociation.setSecurityContext(sc);
-      handler = new UsernamePasswordHandler("jduke3", "jduke3");
-      lc = new LoginContext("testAbort", handler);
+      UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke", "jduke");
+      LoginContext lc = new LoginContext("testAbortWithNoRestore", handler);
       lc.login();
+      Subject subject = lc.getSubject();
+      assertNotNull("Subject is not null", subject);
+      
+      SecurityContext currentSC = SecurityContextAssociation.getSecurityContext();
+      assertNotNull("Current Security Context is not null", currentSC);
+      this.verifySubjectInfo(currentSC);
+      
+      //Failed Login - calls abort on the login modules
+      handler = new UsernamePasswordHandler("BAD_USER", "BAD_PASSWORD");
+      lc = new LoginContext("testAbortWithNoRestore", handler);
+      try
+      {
+         lc.login(); 
+         fail("Should have failed");
+      }
+      catch(LoginException le)
+      {
+         //pass
+      }
+      //Ensure that the failed login context does not return a subject
       subject = lc.getSubject();
+      assertNull("Subject is null", subject);
+      
+      //We have to ensure that the first successful authentication has not been removed from the stack
+      currentSC = SecurityContextAssociation.getSecurityContext();
+      assertNotNull("Current Security Context is not null", currentSC);
+      this.verifySubjectInfo(currentSC);
+            
+      //Let us go through some logout cycles
+      handler = new UsernamePasswordHandler("jduke", "jduke");
+      lc = new LoginContext("testAbortWithNoRestore", handler);
+      lc.login();
+      subject = lc.getSubject();
       assertNotNull("Subject is not null", subject);
       
       currentSC = SecurityContextAssociation.getSecurityContext();
       assertNotNull("Current Security Context is not null", currentSC);
-      subjectInfo = currentSC.getSubjectInfo();
+      this.verifySubjectInfo(currentSC);
+      
+      lc.logout();
+
+      assertNull("Current Security Context is null", SecurityContextAssociation.getSecurityContext());
+      subject = lc.getSubject();
+      assertEquals("Subject from login context has no principals", 0, subject.getPrincipals().size());
+      
+      sc = SecurityContextFactory.createSecurityContext("test");
+      SecurityContextAssociation.setSecurityContext(sc);
+      
+      //Failed Login - calls abort on the login modules
+      handler = new UsernamePasswordHandler("BAD_USER", "BAD_PASSWORD");
+      lc = new LoginContext("testAbortWithNoRestore", handler);
+      try
+      {
+         lc.login(); 
+         fail("Should have failed");
+      }
+      catch(LoginException le)
+      {
+         //pass
+      }
+      //Ensure that the failed login context does not return a subject
+      subject = lc.getSubject();
+      assertNull("Subject is null", subject);
+      
+      //We have to ensure that the first successful authentication has not been removed from the stack
+      currentSC = SecurityContextAssociation.getSecurityContext();
+      assertNotNull("Current Security Context is not null", currentSC);
+      SubjectInfo subjectInfo = currentSC.getSubjectInfo();
       assertNotNull("SubjectInfo", subjectInfo);
-      assertNotNull("Subject is not null", subjectInfo.getAuthenticatedSubject());
+      subject = subjectInfo.getAuthenticatedSubject();
+      assertNull("Subject is null", subject); 
+      assertNull("Principal on security context is null", currentSC.getUtil().getUserPrincipal());
+      assertNull("Principal on legacy security association is null", SecurityAssociation.getPrincipal());
    }
-
-}
+   
+   private void verifySubjectInfo(SecurityContext currentSC)
+   { 
+      SubjectInfo subjectInfo = currentSC.getSubjectInfo();
+      assertNotNull("SubjectInfo", subjectInfo);
+      Subject subject = subjectInfo.getAuthenticatedSubject();
+      assertNotNull("Subject is not null", subject); 
+      Principal jduke = new SimplePrincipal("jduke");
+      assertTrue("jduke exists in the subject",subject.getPrincipals().contains(jduke));
+      assertEquals("jduke exists", jduke, currentSC.getUtil().getUserPrincipal());
+      assertEquals("jduke exists", jduke, SecurityAssociation.getPrincipal());
+   }
+}
\ No newline at end of file




More information about the jboss-cvs-commits mailing list