[jboss-cvs] JBossAS SVN: r92165 - in projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src: main/java/org/jboss/security/auth/spi and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Sat Aug 8 23:11:16 EDT 2009
Author: anil.saldhana at jboss.com
Date: 2009-08-08 23:11:15 -0400 (Sat, 08 Aug 2009)
New Revision: 92165
Modified:
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/ClientLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleServerLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/java/org/jboss/test/authentication/jaas/ClientLoginModuleUnitTestCase.java
Log:
SECURITY-339: merge in from security trunk 92155 and 92164
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/ClientLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/ClientLoginModule.java 2009-08-09 03:09:07 UTC (rev 92164)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/ClientLoginModule.java 2009-08-09 03:11:15 UTC (rev 92165)
@@ -141,6 +141,9 @@
useFirstPass = passwordStacking != null;
if(trace && useFirstPass)
log.trace("Enabling useFirstPass mode");
+
+ //Cache the existing security context
+ this.cachedSecurityContext = SecurityAssociationActions.getSecurityContext();
}
/**
@@ -234,8 +237,6 @@
{
if( trace )
log.trace("commit, subject="+subject);
- //Cache the existing security context
- this.cachedSecurityContext = SecurityAssociationActions.getSecurityContext();
SecurityAssociationActions.setPrincipalInfo(loginPrincipal, loginCredential, subject);
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleServerLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleServerLoginModule.java 2009-08-09 03:09:07 UTC (rev 92164)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/SimpleServerLoginModule.java 2009-08-09 03:11:15 UTC (rev 92165)
@@ -23,6 +23,7 @@
import java.security.Principal;
import java.security.acl.Group;
+import java.util.Set;
import javax.security.auth.login.LoginException;
@@ -86,5 +87,12 @@
{
return getUsername();
}
-
-}
+
+ @Override
+ public boolean logout() throws LoginException
+ {
+ Group[] groups = this.getRoleSets();
+ subject.getPrincipals().remove(groups[0]);
+ return super.logout();
+ }
+}
\ No newline at end of file
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/java/org/jboss/test/authentication/jaas/ClientLoginModuleUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/java/org/jboss/test/authentication/jaas/ClientLoginModuleUnitTestCase.java 2009-08-09 03:09:07 UTC (rev 92164)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/java/org/jboss/test/authentication/jaas/ClientLoginModuleUnitTestCase.java 2009-08-09 03:11:15 UTC (rev 92165)
@@ -140,18 +140,18 @@
AppConfigurationEntry[] entry = {ace};
return entry;
}
-
- @SuppressWarnings("unchecked")
- AppConfigurationEntry[] testAbort()
+
+ AppConfigurationEntry[] testAbortWithRestore()
{
String name1 = "org.jboss.security.auth.spi.SimpleServerLoginModule";
AppConfigurationEntry ace1 = new AppConfigurationEntry(name1,
- AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap());
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap<String,String>());
String name2 = "org.jboss.security.ClientLoginModule";
HashMap<String,String> options = new HashMap<String,String>();
options.put("multi-threaded", "true");
+ options.put("restore-login-identity", "true");
AppConfigurationEntry ace2 = new AppConfigurationEntry(name2,
@@ -160,6 +160,24 @@
AppConfigurationEntry[] entry = {ace1,ace2};
return entry;
}
+
+ AppConfigurationEntry[] testAbortWithNoRestore()
+ {
+ String name1 = "org.jboss.security.auth.spi.SimpleServerLoginModule";
+ AppConfigurationEntry ace1 = new AppConfigurationEntry(name1,
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap<String,String>());
+
+
+ String name2 = "org.jboss.security.ClientLoginModule";
+ HashMap<String,String> options = new HashMap<String,String>();
+ options.put("multi-threaded", "true");
+
+ AppConfigurationEntry ace2 = new AppConfigurationEntry(name2,
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
+
+ AppConfigurationEntry[] entry = {ace1,ace2};
+ return entry;
+ }
}
@@ -172,7 +190,8 @@
suite.addTest(new ClientLoginModuleUnitTestCase("testMultiThreaded"));
suite.addTest(new ClientLoginModuleUnitTestCase("testMultiThreadedRestoreIdentity"));
suite.addTest(new ClientLoginModuleUnitTestCase("testMultiThreadedRestoreStack"));
- suite.addTest(new ClientLoginModuleUnitTestCase("testAbort"));
+ suite.addTest(new ClientLoginModuleUnitTestCase("testAbortWithRestore"));
+ suite.addTest(new ClientLoginModuleUnitTestCase("testAbortWithNoRestore"));
return suite;
}
@@ -451,8 +470,8 @@
assertTrue("password == theduke3",
Arrays.equals(theduke3, "theduke3".toCharArray()));
- lc.logout();
-
+ lc.logout();
+
// Validate restored state
SecurityAssociation.SubjectContext sc2 = SecurityAssociation.peekSubjectContext();
System.out.println(sc2);
@@ -475,14 +494,25 @@
}
//SECURITY-339: ClientLoginModule abort should not clear security context
- public void testAbort() throws Exception
+ public void testAbortWithRestore() throws Exception
{
SecurityContext sc = SecurityContextFactory.createSecurityContext("test");
SecurityContextAssociation.setSecurityContext(sc);
+ //Start with successful login. Then a failed login
+ UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke", "jduke");
+ LoginContext lc = new LoginContext("testAbortWithRestore", handler);
+ lc.login();
+ Subject subject = lc.getSubject();
+ assertNotNull("Subject is not null", subject);
+
+ SecurityContext currentSC = SecurityContextAssociation.getSecurityContext();
+ assertNotNull("Current Security Context is not null", currentSC);
+ verifySubjectInfo(currentSC);
+
//Failed Login
- UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke3", "BAD_PASSWORD");
- LoginContext lc = new LoginContext("testAbort", handler);
+ handler = new UsernamePasswordHandler("jduke", "BAD_PASSWORD");
+ lc = new LoginContext("testAbortWithRestore", handler);
try
{
lc.login();
@@ -492,29 +522,145 @@
{
//pass
}
- Subject subject = lc.getSubject();
+ subject = lc.getSubject();
+ assertNull("Subject from login context is null", subject);
+
+ currentSC = SecurityContextAssociation.getSecurityContext();
+ assertNotNull("Current Security Context is not null", currentSC);
+ verifySubjectInfo(currentSC);
+
+
+ //Successful Login
+ SecurityContextAssociation.setSecurityContext(sc);
+ handler = new UsernamePasswordHandler("jduke", "jduke");
+ lc = new LoginContext("testAbortWithRestore", handler);
+ lc.login();
+ subject = lc.getSubject();
+ assertNotNull("Subject is not null", subject);
+
+ currentSC = SecurityContextAssociation.getSecurityContext();
+ assertNotNull("Current Security Context is not null", currentSC);
+ verifySubjectInfo(currentSC);
+
+ //Failed Login
+ handler = new UsernamePasswordHandler("jduke", "BAD_PASSWORD");
+ lc = new LoginContext("testAbortWithRestore", handler);
+ try
+ {
+ lc.login();
+ fail("Should have failed");
+ }
+ catch(LoginException le)
+ {
+ //pass
+ }
+ subject = lc.getSubject();
assertNull("Subject is null", subject);
- SecurityContext currentSC = SecurityContextAssociation.getSecurityContext();
+ currentSC = SecurityContextAssociation.getSecurityContext();
assertNotNull("Current Security Context is not null", currentSC);
- SubjectInfo subjectInfo = currentSC.getSubjectInfo();
- assertNotNull("SubjectInfo", subjectInfo);
- assertNull("Subject is null", subjectInfo.getAuthenticatedSubject());
+ verifySubjectInfo(currentSC);
+ lc.logout();
+ subject = lc.getSubject();
+ assertNull("Subject from login context is null", subject);
+ }
+
+ //SECURITY-339: ClientLoginModule abort should not clear security context
+ public void testAbortWithNoRestore() throws Exception
+ {
+ SecurityContext sc = SecurityContextFactory.createSecurityContext("test");
+ SecurityContextAssociation.setSecurityContext(sc);
//Successful Login
SecurityContextAssociation.setSecurityContext(sc);
- handler = new UsernamePasswordHandler("jduke3", "jduke3");
- lc = new LoginContext("testAbort", handler);
+ UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke", "jduke");
+ LoginContext lc = new LoginContext("testAbortWithNoRestore", handler);
lc.login();
+ Subject subject = lc.getSubject();
+ assertNotNull("Subject is not null", subject);
+
+ SecurityContext currentSC = SecurityContextAssociation.getSecurityContext();
+ assertNotNull("Current Security Context is not null", currentSC);
+ this.verifySubjectInfo(currentSC);
+
+ //Failed Login - calls abort on the login modules
+ handler = new UsernamePasswordHandler("BAD_USER", "BAD_PASSWORD");
+ lc = new LoginContext("testAbortWithNoRestore", handler);
+ try
+ {
+ lc.login();
+ fail("Should have failed");
+ }
+ catch(LoginException le)
+ {
+ //pass
+ }
+ //Ensure that the failed login context does not return a subject
subject = lc.getSubject();
+ assertNull("Subject is null", subject);
+
+ //We have to ensure that the first successful authentication has not been removed from the stack
+ currentSC = SecurityContextAssociation.getSecurityContext();
+ assertNotNull("Current Security Context is not null", currentSC);
+ this.verifySubjectInfo(currentSC);
+
+ //Let us go through some logout cycles
+ handler = new UsernamePasswordHandler("jduke", "jduke");
+ lc = new LoginContext("testAbortWithNoRestore", handler);
+ lc.login();
+ subject = lc.getSubject();
assertNotNull("Subject is not null", subject);
currentSC = SecurityContextAssociation.getSecurityContext();
assertNotNull("Current Security Context is not null", currentSC);
- subjectInfo = currentSC.getSubjectInfo();
+ this.verifySubjectInfo(currentSC);
+
+ lc.logout();
+
+ assertNull("Current Security Context is null", SecurityContextAssociation.getSecurityContext());
+ subject = lc.getSubject();
+ assertEquals("Subject from login context has no principals", 0, subject.getPrincipals().size());
+
+ sc = SecurityContextFactory.createSecurityContext("test");
+ SecurityContextAssociation.setSecurityContext(sc);
+
+ //Failed Login - calls abort on the login modules
+ handler = new UsernamePasswordHandler("BAD_USER", "BAD_PASSWORD");
+ lc = new LoginContext("testAbortWithNoRestore", handler);
+ try
+ {
+ lc.login();
+ fail("Should have failed");
+ }
+ catch(LoginException le)
+ {
+ //pass
+ }
+ //Ensure that the failed login context does not return a subject
+ subject = lc.getSubject();
+ assertNull("Subject is null", subject);
+
+ //We have to ensure that the first successful authentication has not been removed from the stack
+ currentSC = SecurityContextAssociation.getSecurityContext();
+ assertNotNull("Current Security Context is not null", currentSC);
+ SubjectInfo subjectInfo = currentSC.getSubjectInfo();
assertNotNull("SubjectInfo", subjectInfo);
- assertNotNull("Subject is not null", subjectInfo.getAuthenticatedSubject());
+ subject = subjectInfo.getAuthenticatedSubject();
+ assertNull("Subject is null", subject);
+ assertNull("Principal on security context is null", currentSC.getUtil().getUserPrincipal());
+ assertNull("Principal on legacy security association is null", SecurityAssociation.getPrincipal());
}
-
-}
+
+ private void verifySubjectInfo(SecurityContext currentSC)
+ {
+ SubjectInfo subjectInfo = currentSC.getSubjectInfo();
+ assertNotNull("SubjectInfo", subjectInfo);
+ Subject subject = subjectInfo.getAuthenticatedSubject();
+ assertNotNull("Subject is not null", subject);
+ Principal jduke = new SimplePrincipal("jduke");
+ assertTrue("jduke exists in the subject",subject.getPrincipals().contains(jduke));
+ assertEquals("jduke exists", jduke, currentSC.getUtil().getUserPrincipal());
+ assertEquals("jduke exists", jduke, SecurityAssociation.getPrincipal());
+ }
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list