[jboss-cvs] JBossAS SVN: r100638 - in projects/security/picketbox/trunk: picketbox/src/main/java/org/picketbox/factories and 4 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Feb 5 18:15:57 EST 2010
Author: anil.saldhana at jboss.com
Date: 2010-02-05 18:15:56 -0500 (Fri, 05 Feb 2010)
New Revision: 100638
Added:
projects/security/picketbox/trunk/picketbox/src/main/java/org/picketbox/util/
projects/security/picketbox/trunk/picketbox/src/main/java/org/picketbox/util/PicketBoxUtil.java
projects/security/picketbox/trunk/picketbox/src/test/java/org/picketbox/test/api/MappingUnitTestCase.java
projects/security/picketbox/trunk/picketbox/src/test/resources/config/mapping.conf
projects/security/picketbox/trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/principal/SimplePrincipalMappingProvider.java
Modified:
projects/security/picketbox/trunk/picketbox/src/main/java/org/picketbox/factories/SecurityFactory.java
Log:
include mapping
Modified: projects/security/picketbox/trunk/picketbox/src/main/java/org/picketbox/factories/SecurityFactory.java
===================================================================
--- projects/security/picketbox/trunk/picketbox/src/main/java/org/picketbox/factories/SecurityFactory.java 2010-02-05 23:15:39 UTC (rev 100637)
+++ projects/security/picketbox/trunk/picketbox/src/main/java/org/picketbox/factories/SecurityFactory.java 2010-02-05 23:15:56 UTC (rev 100638)
@@ -31,6 +31,7 @@
import org.jboss.security.audit.AuditManager;
import org.jboss.security.config.ApplicationPolicyRegistration;
import org.jboss.security.config.StandaloneConfiguration;
+import org.jboss.security.mapping.MappingManager;
import org.picketbox.plugins.PicketBoxSecurityManagement;
/**
@@ -100,6 +101,17 @@
}
/**
+ * Get the {@code MappingManager}
+ * @param securityDomain
+ * @return
+ */
+ public static MappingManager getMappingManager(String securityDomain)
+ {
+ validate();
+ return securityManagement.getMappingManager(securityDomain);
+ }
+
+ /**
* Get the {@code ISecurityManagement} interface
* @return
*/
Added: projects/security/picketbox/trunk/picketbox/src/main/java/org/picketbox/util/PicketBoxUtil.java
===================================================================
--- projects/security/picketbox/trunk/picketbox/src/main/java/org/picketbox/util/PicketBoxUtil.java (rev 0)
+++ projects/security/picketbox/trunk/picketbox/src/main/java/org/picketbox/util/PicketBoxUtil.java 2010-02-05 23:15:56 UTC (rev 100638)
@@ -0,0 +1,80 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketbox.util;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
+
+/**
+ * Utility Methods
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 5, 2010
+ */
+public class PicketBoxUtil
+{
+ /**
+ * Given a JAAS Subject, will look for {@code Group} principals
+ * with name "Roles" and return that in a {@code RoleGroup}
+ * @param subject
+ * @return a RoleGroup containing the roles
+ */
+ public static RoleGroup getRolesFromSubject(Subject subject)
+ {
+ Set<Group> groupPrincipals = subject.getPrincipals(Group.class);
+ if(groupPrincipals!= null)
+ {
+ for(Group groupPrincipal: groupPrincipals)
+ {
+ if(SecurityConstants.ROLES_IDENTIFIER.equals(groupPrincipal.getName()))
+ return new SimpleRoleGroup(groupPrincipal);
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Get the first non-group principal
+ * @param subject
+ * @return
+ */
+ public static Principal getPrincipalFromSubject(Subject subject)
+ {
+ Set<Principal> principals = subject.getPrincipals();
+ if(principals != null)
+ {
+ for(Principal p: principals)
+ {
+ if(p instanceof Group != false)
+ return p;
+ }
+ }
+ return null;
+ }
+
+}
\ No newline at end of file
Added: projects/security/picketbox/trunk/picketbox/src/test/java/org/picketbox/test/api/MappingUnitTestCase.java
===================================================================
--- projects/security/picketbox/trunk/picketbox/src/test/java/org/picketbox/test/api/MappingUnitTestCase.java (rev 0)
+++ projects/security/picketbox/trunk/picketbox/src/test/java/org/picketbox/test/api/MappingUnitTestCase.java 2010-02-05 23:15:56 UTC (rev 100638)
@@ -0,0 +1,141 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketbox.test.api;
+
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.mapping.MappingContext;
+import org.jboss.security.mapping.MappingManager;
+import org.jboss.security.mapping.MappingType;
+import org.picketbox.config.PicketBoxConfiguration;
+import org.picketbox.factories.SecurityFactory;
+import org.picketbox.util.PicketBoxUtil;
+
+/**
+ * Unit test the mapping framework
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 5, 2010
+ */
+public class MappingUnitTestCase extends TestCase
+{
+ /**
+ * Test the Role Mapping Functionality
+ */
+ public void testRoleMapping()
+ {
+ String securityDomainName = "role-mapping-test";
+
+ SecurityFactory.prepare();
+ try
+ {
+ String configFile = "config/mapping.conf";
+ PicketBoxConfiguration idtrustConfig = new PicketBoxConfiguration();
+ idtrustConfig.load(configFile);
+
+ AuthenticationManager am = SecurityFactory.getAuthenticationManager(securityDomainName);
+ assertNotNull(am);
+
+ Subject subject = new Subject();
+ Principal principal = new SimplePrincipal("anil");
+ Object credential = new String("pass");
+
+ boolean result = am.isValid(principal, credential);
+ assertTrue("Valid Auth", result);
+ result = am.isValid(principal, credential, subject);
+ assertTrue("Valid Auth", result);
+ assertTrue("Subject has principals", subject.getPrincipals().size() > 0);
+
+ RoleGroup roles = PicketBoxUtil.getRolesFromSubject(subject);
+ if(roles == null)
+ throw new RuntimeException("Roles obtained from subject are null");
+
+ //Lets do the role mapping now
+ MappingManager mm = SecurityFactory.getMappingManager(securityDomainName);
+ MappingContext<RoleGroup> mc = mm.getMappingContext(MappingType.ROLE.name());
+
+ Map<String,Object> contextMap = new HashMap<String,Object>();
+
+ mc.performMapping(contextMap, roles);
+ RoleGroup mappedRoles = mc.getMappingResult().getMappedObject();
+ assertNotNull(mappedRoles);
+ //We added two extra roles to the role group
+ assertEquals("3 roles", 3, mappedRoles.getRoles().size());
+ assertTrue("Contains AuthorizedUser", mappedRoles.containsRole(new SimpleRole("AuthorizedUser")));
+ assertTrue("Contains InternalUser", mappedRoles.containsRole(new SimpleRole("InternalUser")));
+ }
+ finally
+ {
+ SecurityFactory.release();
+ }
+ }
+
+ public void testPrincipalMapping()
+ {
+ String securityDomainName = "principal-mapping-test";
+
+ SecurityFactory.prepare();
+ try
+ {
+ String configFile = "config/mapping.conf";
+ PicketBoxConfiguration idtrustConfig = new PicketBoxConfiguration();
+ idtrustConfig.load(configFile);
+
+ AuthenticationManager am = SecurityFactory.getAuthenticationManager(securityDomainName);
+ assertNotNull(am);
+
+ Subject subject = new Subject();
+ Principal principal = new SimplePrincipal("anil");
+ Object credential = new String("pass");
+
+ boolean result = am.isValid(principal, credential);
+ assertTrue("Valid Auth", result);
+ result = am.isValid(principal, credential, subject);
+ assertTrue("Valid Auth", result);
+ assertTrue("Subject has principals", subject.getPrincipals().size() > 0);
+
+ //Lets do the role mapping now
+ MappingManager mm = SecurityFactory.getMappingManager(securityDomainName);
+ MappingContext<Principal> mc = mm.getMappingContext(MappingType.PRINCIPAL.name());
+
+ Map<String,Object> contextMap = new HashMap<String,Object>();
+
+ mc.performMapping(contextMap, principal);
+ Principal mappedPrincipal = mc.getMappingResult().getMappedObject();
+
+ assertTrue("security-anil".equals(mappedPrincipal.getName()));
+ }
+ finally
+ {
+ SecurityFactory.release();
+ }
+ }
+}
\ No newline at end of file
Added: projects/security/picketbox/trunk/picketbox/src/test/resources/config/mapping.conf
===================================================================
--- projects/security/picketbox/trunk/picketbox/src/test/resources/config/mapping.conf (rev 0)
+++ projects/security/picketbox/trunk/picketbox/src/test/resources/config/mapping.conf 2010-02-05 23:15:56 UTC (rev 100638)
@@ -0,0 +1,56 @@
+<?xml version='1.0'?>
+
+<policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:jboss:security-config:5.0"
+ xmlns="urn:jboss:security-config:5.0"
+ xmlns:jbxb="urn:jboss:security-config:5.0">
+ <application-policy name = "role-mapping-test">
+ <authentication>
+ <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required">
+ </login-module>
+ </authentication>
+ <mapping>
+ <mapping-module code="org.jboss.security.mapping.providers.OptionsRoleMappingProvider" type="role">
+ <module-option name="rolesMap" >
+ <java:properties xmlns:java="urn:jboss:java-properties"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
+ xs:schemaLocation="urn:jboss:java-properties resource:java-properties_1_0.xsd">
+ <java:property>
+ <java:key>validuser</java:key>
+ <java:value>AuthorizedUser,InternalUser</java:value>
+ </java:property>
+ </java:properties>
+ </module-option>
+ <module-option name="replaceRoles">false</module-option>
+ </mapping-module>
+ </mapping>
+
+ </application-policy>
+
+
+ <application-policy name = "principal-mapping-test">
+ <authentication>
+ <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required">
+ </login-module>
+ </authentication>
+ <mapping>
+ <mapping-module code="org.jboss.security.mapping.providers.principal.SimplePrincipalMappingProvider"
+ type="principal">
+ <module-option name="principalsMap" >
+ <java:properties xmlns:java="urn:jboss:java-properties"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
+ xs:schemaLocation="urn:jboss:java-properties resource:java-properties_1_0.xsd">
+ <java:property>
+ <java:key>anil</java:key>
+ <java:value>security-anil</java:value>
+ </java:property>
+ </java:properties>
+ </module-option>
+ <module-option name="replaceRoles">false</module-option>
+ </mapping-module>
+ </mapping>
+
+ </application-policy>
+</policy>
\ No newline at end of file
Added: projects/security/picketbox/trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/principal/SimplePrincipalMappingProvider.java
===================================================================
--- projects/security/picketbox/trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/principal/SimplePrincipalMappingProvider.java (rev 0)
+++ projects/security/picketbox/trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/mapping/providers/principal/SimplePrincipalMappingProvider.java 2010-02-05 23:15:56 UTC (rev 100638)
@@ -0,0 +1,79 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.mapping.providers.principal;
+
+import java.security.Principal;
+import java.util.Map;
+import java.util.Properties;
+
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.mapping.MappingResult;
+
+/**
+ * A principal mapping provider that takes in a
+ * {@code SimplePrincipal} and converts into
+ * a {@code SimplePrincipal} with a different principal name
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 5, 2010
+ */
+public class SimplePrincipalMappingProvider extends AbstractPrincipalMappingProvider
+{
+ private static final String PRINCIPALS_MAP = "principalsMap";
+
+ private MappingResult<Principal> result;
+
+ Properties principalMapProperties = null;
+
+ public void init(Map<String, Object> options)
+ {
+ if(options != null)
+ {
+ if(options.containsKey(PRINCIPALS_MAP))
+ {
+ principalMapProperties = (Properties)options.get(PRINCIPALS_MAP);
+ }
+ }
+
+ }
+
+ public void performMapping(Map<String, Object> map, Principal mappedObject)
+ {
+ if(mappedObject instanceof SimplePrincipal == false)
+ return;
+
+ SimplePrincipal simplePrincipal = (SimplePrincipal) mappedObject;
+ if(principalMapProperties != null)
+ {
+ String newPrincipalName = principalMapProperties.getProperty(simplePrincipal.getName());
+ if(newPrincipalName != null && newPrincipalName.length() > 0)
+ {
+ result.setMappedObject(new SimplePrincipal(newPrincipalName));
+ }
+ }
+ }
+
+ public void setMappingResult(MappingResult<Principal> result)
+ {
+ this.result = result;
+ }
+
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list