[jboss-cvs] Picketbox SVN: r120 - in trunk/security-jboss-sx/jbosssx/src: test/java/org/jboss/test/authentication/jaas and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Sep 22 17:27:27 EDT 2010
Author: anil.saldhana at jboss.com
Date: 2010-09-22 17:27:25 -0400 (Wed, 22 Sep 2010)
New Revision: 120
Modified:
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/otp/JBossTimeBasedOTPLoginModule.java
trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaas/JBossTimeBasedOTPLoginModuleUnitTestCase.java
Log:
SECURITY-530: totp based login module
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/otp/JBossTimeBasedOTPLoginModule.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/otp/JBossTimeBasedOTPLoginModule.java 2010-09-22 21:05:56 UTC (rev 119)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/otp/JBossTimeBasedOTPLoginModule.java 2010-09-22 21:27:25 UTC (rev 120)
@@ -24,9 +24,12 @@
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
+import java.security.acl.Group;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
+import java.util.Set;
+import java.util.StringTokenizer;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
@@ -39,6 +42,8 @@
import javax.servlet.http.HttpServletRequest;
import org.jboss.logging.Logger;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.SimplePrincipal;
import org.jboss.security.otp.TimeBasedOTP;
import org.jboss.security.otp.TimeBasedOTPUtil;
@@ -114,14 +119,18 @@
//This is the number of digits in the totp
private int NUMBER_OF_DIGITS = 6;
+ private String additionalRoles = null;
+
/**
* Default algorithm is HMAC_SHA1
*/
private String algorithm = TimeBasedOTP.HMAC_SHA1; //Default
+ private Subject subject;
public void initialize( Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
Map<String, ?> options )
{
+ this.subject = subject;
this.callbackHandler = callbackHandler;
this.lmSharedState.putAll( sharedState );
this.lmOptions.putAll( options );
@@ -148,6 +157,8 @@
if( algorithmStr.equalsIgnoreCase( TimeBasedOTP.HMAC_SHA512 ))
algorithm = TimeBasedOTP.HMAC_SHA512;
}
+
+ additionalRoles = (String) options.get( "additionalRoles" );
}
/**
@@ -228,6 +239,13 @@
if( result == false )
throw new LoginException();
+ //add in roles if needed
+ Set<Group> groupPrincipals = subject.getPrincipals( Group.class );
+ if( groupPrincipals != null && groupPrincipals.size() > 0 )
+ {
+ appendRoles( groupPrincipals.iterator().next() );
+ }
+
return result;
}
catch (GeneralSecurityException e)
@@ -283,4 +301,19 @@
}
return totp;
}
+
+ private void appendRoles( Group group )
+ {
+ if( ! group.getName().equals( SecurityConstants.ROLES_IDENTIFIER ) )
+ return;
+
+ if( additionalRoles != null && additionalRoles != "" )
+ {
+ StringTokenizer st = new StringTokenizer( additionalRoles , "," );
+ while( st != null && st.hasMoreTokens() )
+ {
+ group.addMember( new SimplePrincipal( st.nextToken().trim() ) );
+ }
+ }
+ }
}
\ No newline at end of file
Modified: trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaas/JBossTimeBasedOTPLoginModuleUnitTestCase.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaas/JBossTimeBasedOTPLoginModuleUnitTestCase.java 2010-09-22 21:05:56 UTC (rev 119)
+++ trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/authentication/jaas/JBossTimeBasedOTPLoginModuleUnitTestCase.java 2010-09-22 21:27:25 UTC (rev 120)
@@ -21,12 +21,15 @@
*/
package org.jboss.test.authentication.jaas;
+import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import java.security.GeneralSecurityException;
import java.security.Principal;
+import java.security.acl.Group;
import java.util.HashMap;
import java.util.Map;
+import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
@@ -35,12 +38,12 @@
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.PolicyContextHandler;
+import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.callback.JBossCallbackHandler;
import org.jboss.security.auth.spi.otp.JBossTimeBasedOTPLoginModule;
import org.jboss.security.otp.TimeBasedOTP;
import org.jboss.test.util.TestHttpServletRequest;
-import org.junit.BeforeClass;
import org.junit.Test;
/**
@@ -54,8 +57,8 @@
static final String WEB_REQUEST_KEY = "javax.servlet.http.HttpServletRequest";
- @BeforeClass
- public static void setUp() throws Exception
+ @Test
+ public void testTOTP() throws Exception
{
try
{
@@ -66,11 +69,7 @@
{
throw new RuntimeException( e );
}
- }
-
- @Test
- public void testTOTP() throws Exception
- {
+
Principal principal = new SimplePrincipal( "anil" );
Subject subject = new Subject();
@@ -108,6 +107,42 @@
}
}
+ @Test
+ public void testTOTPWithAdditionalRoles() throws Exception
+ {
+ try
+ {
+ String totp = TimeBasedOTP.generateTOTP( seed, 6 ) ;
+ PolicyContext.registerHandler( WEB_REQUEST_KEY, getHandler(totp), true );
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new RuntimeException( e );
+ }
+
+ Principal principal = new SimplePrincipal( "anil" );
+
+ Subject subject = new Subject();
+ CallbackHandler callbackHandler = new JBossCallbackHandler(principal, seed );
+ Map<String,Object> sharedState = new HashMap<String,Object>();
+ Map<String, Object> options = new HashMap<String,Object>();
+ options.put( "additionalRoles", "RoleA,RoleB" );
+
+ //Add in a subject group principal
+ Group group = new SimpleGroup( "Roles" );
+ subject.getPrincipals().add( group );
+
+ JBossTimeBasedOTPLoginModule jtp = new JBossTimeBasedOTPLoginModule();
+ jtp.initialize(subject, callbackHandler, sharedState, options);
+ jtp.login();
+
+ Set<Group> groups = subject.getPrincipals( Group.class );
+ assertTrue( "set has 1 group", groups.size() == 1 );
+ Group retrievedGroup = groups.iterator().next();
+ assertTrue( retrievedGroup.isMember( new SimplePrincipal( "RoleA" )));
+ assertTrue( retrievedGroup.isMember( new SimplePrincipal( "RoleB" )));
+ }
+
/**
* Create a JACC Policy Context Handler that takes in a totp string
* and returns a {@code HttpServletRequest} with the totp as parameter
More information about the jboss-cvs-commits
mailing list