[jboss-cvs] JBossAS SVN: r91781 - in branches/JBPAPP_5_0/testsuite: imports and 3 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Jul 29 13:37:23 EDT 2009
Author: pskopek at redhat.com
Date: 2009-07-29 13:37:22 -0400 (Wed, 29 Jul 2009)
New Revision: 91781
Added:
branches/JBPAPP_5_0/testsuite/src/resources/test-configs/logmod-ldap/
branches/JBPAPP_5_0/testsuite/src/resources/test-configs/logmod-ldap/conf/
branches/JBPAPP_5_0/testsuite/src/resources/test-configs/logmod-ldap/conf/login-config.xml
Modified:
branches/JBPAPP_5_0/testsuite/build.xml
branches/JBPAPP_5_0/testsuite/imports/server-config.xml
Log:
New target created for testing LDAP login module.
Modified: branches/JBPAPP_5_0/testsuite/build.xml
===================================================================
--- branches/JBPAPP_5_0/testsuite/build.xml 2009-07-29 17:30:59 UTC (rev 91780)
+++ branches/JBPAPP_5_0/testsuite/build.xml 2009-07-29 17:37:22 UTC (rev 91781)
@@ -1752,6 +1752,26 @@
<server:stop name="securitymgr"/>
</target>
+ <target name="tests-logmod-ldap"
+ description="Tests security tests running agains ldap login module.">
+
+ <antcall target="create-logmod-ldap-config" />
+ <server:start name="logmod-ldap"/>
+
+ <antcall target="tests-security-basic-unit"/>
+
+ <server:stop name="logmod-ldap"/>
+ </target>
+
+ <target name="create-logmod-ldap-config" description="Creates required logmod-ldap configuration">
+ <!-- Create the security-tst config starting with the "all" config -->
+ <create-config baseconf="all" newconf="logmod-ldap" newconf-src="logmod-ldap">
+ <patternset>
+ <include name="**/*"/>
+ </patternset>
+ </create-config>
+ </target>
+
<!-- Tests of the JACC security implementation -->
<target name="tests-jacc-security"
description="Tests run against a jboss server with JACC configured">
Modified: branches/JBPAPP_5_0/testsuite/imports/server-config.xml
===================================================================
--- branches/JBPAPP_5_0/testsuite/imports/server-config.xml 2009-07-29 17:30:59 UTC (rev 91780)
+++ branches/JBPAPP_5_0/testsuite/imports/server-config.xml 2009-07-29 17:37:22 UTC (rev 91781)
@@ -1136,7 +1136,19 @@
<sysproperty key="jgroups.udp.ip_ttl" value="${jbosstest.udp.ip_ttl}" />
<sysproperty key="xb.builder.useUnorderedSequence" value="true" />
</server>
-
+
+ <server name="logmod-ldap" host="${node0}">
+ <jvmarg value="-Xms128m" />
+ <jvmarg value="-Xmx512m" />
+ <jvmarg value="-XX:MaxPermSize=512m" />
+ <jvmarg value="-XX:+HeapDumpOnOutOfMemoryError" />
+ <jvmarg value="-XX:-UseGCOverheadLimit" />
+ <sysproperty key="java.net.preferIPv4Stack" value="true" />
+ <sysproperty key="java.endorsed.dirs" value="${jboss.dist}/lib/endorsed" />
+ <sysproperty key="jgroups.udp.ip_ttl" value="${jbosstest.udp.ip_ttl}" />
+ <sysproperty key="xb.builder.useUnorderedSequence" value="true" />
+ </server>
+
</server:config>
<!-- A macro for printing sleep before going into sleep
Added: branches/JBPAPP_5_0/testsuite/src/resources/test-configs/logmod-ldap/conf/login-config.xml
===================================================================
--- branches/JBPAPP_5_0/testsuite/src/resources/test-configs/logmod-ldap/conf/login-config.xml (rev 0)
+++ branches/JBPAPP_5_0/testsuite/src/resources/test-configs/logmod-ldap/conf/login-config.xml 2009-07-29 17:37:22 UTC (rev 91781)
@@ -0,0 +1,152 @@
+<?xml version='1.0'?>
+
+<!-- The XML based JAAS login configuration read by the
+org.jboss.security.auth.login.XMLLoginConfig mbean. Add
+an application-policy element for each security domain.
+
+The outline of the application-policy is:
+<application-policy name="security-domain-name">
+ <authentication>
+ <login-module code="login.module1.class.name" flag="control_flag">
+ <module-option name = "option1-name">option1-value</module-option>
+ <module-option name = "option2-name">option2-value</module-option>
+ ...
+ </login-module>
+
+ <login-module code="login.module2.class.name" flag="control_flag">
+ ...
+ </login-module>
+ ...
+ </authentication>
+</application-policy>
+
+$Id: login-config.xml 87078 2009-04-09 14:23:47Z bstansberry at jboss.com $
+$Revision: 87078 $
+-->
+
+<policy>
+ <!-- Used by clients within the application server VM such as
+ mbeans and servlets that access EJBs.
+ -->
+ <application-policy name="client-login">
+ <authentication>
+ <login-module code="org.jboss.security.ClientLoginModule"
+ flag="required">
+ <!-- Any existing security context will be restored on logout -->
+ <module-option name="restore-login-identity">true</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- Security domains for testing new jca framework -->
+ <application-policy name="HsqlDbRealm">
+ <authentication>
+ <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule"
+ flag="required">
+ <module-option name="principal">sa</module-option>
+ <module-option name="userName">sa</module-option>
+ <module-option name="password"></module-option>
+ <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <application-policy name="JmsXARealm">
+ <authentication>
+ <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule"
+ flag="required">
+ <module-option name="principal">guest</module-option>
+ <module-option name="userName">guest</module-option>
+ <module-option name="password">guest</module-option>
+ <module-option name="managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the jmx-console web application. This
+ defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name="jmx-console">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
+ flag="required">
+ <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
+ <module-option name="java.naming.provider.url">ldap://dev39.qa.atl2.redhat.com:390/</module-option>
+ <module-option name="java.naming.security.authentication">simple</module-option>
+ <module-option name="principalDNPrefix">uid=</module-option>
+ <module-option name="principalDNSuffix">,ou=People,dc=my-domain,dc=com</module-option>
+ <module-option name="rolesCtxDN">ou=Roles,dc=my-domain,dc=com</module-option>
+ <module-option name="uidAttributeID">member</module-option>
+ <module-option name="matchOnUserDN">true</module-option>
+ <module-option name="roleAttributeID">cn</module-option>
+ <module-option name="roleAttributeIsDN">false</module-option>
+ <module-option name="searchTimeLimit">5000</module-option>
+ <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the web-console web application. This
+ defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name="web-console">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
+ flag="required">
+ <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
+ <module-option name="java.naming.provider.url">ldap://dev39.qa.atl2.redhat.com:390/</module-option>
+ <module-option name="java.naming.security.authentication">simple</module-option>
+ <module-option name="principalDNPrefix">uid=</module-option>
+ <module-option name="principalDNSuffix">,ou=People,dc=my-domain,dc=com</module-option>
+ <module-option name="rolesCtxDN">ou=Roles,dc=my-domain,dc=com</module-option>
+ <module-option name="uidAttributeID">member</module-option>
+ <module-option name="matchOnUserDN">true</module-option>
+ <module-option name="roleAttributeID">cn</module-option>
+ <module-option name="roleAttributeIsDN">false</module-option>
+ <module-option name="searchTimeLimit">5000</module-option>
+ <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!--
+ A template configuration for the JBossWS security domain.
+ This defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name="JBossWS">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag="required">
+ <module-option name="usersProperties">props/jbossws-users.properties</module-option>
+ <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
+ <module-option name="unauthenticatedIdentity">anonymous</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- The default login configuration used by any security domain that
+ does not have a application-policy entry with a matching name
+ -->
+ <application-policy name="other">
+ <!-- A simple server login module, which can be used when the number
+ of users is relatively small. It uses two properties files:
+ users.properties, which holds users (key) and their password (value).
+ roles.properties, which holds users (key) and a comma-separated list of
+ their roles (value).
+ The unauthenticatedIdentity property defines the name of the principal
+ that will be used when a null username and password are presented as is
+ the case for an unuathenticated web client or MDB. If you want to
+ allow such users to be authenticated add the property, e.g.,
+ unauthenticatedIdentity="nobody"
+ -->
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag="required"/>
+ </authentication>
+ </application-policy>
+
+</policy>
+
More information about the jboss-cvs-commits
mailing list