[jboss-cvs] Picketlink SVN: r975 - in trust/trunk/jbossws/src: test/java/org/picketlink/test/trust/jbossws and 1 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Mon Jun 6 19:15:18 EDT 2011 

Author: anil.saldhana at jboss.com
Date: 2011-06-06 19:15:17 -0400 (Mon, 06 Jun 2011)
New Revision: 975

Added:
   trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/jaas/
   trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/jaas/SAMLRoleLoginModuleUnitTestCase.java
Modified:
   trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java
Log:
test the saml role lm

Modified: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java
===================================================================
--- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java	2011-06-06 22:10:38 UTC (rev 974)
+++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/jaas/SAMLRoleLoginModule.java	2011-06-06 23:15:17 UTC (rev 975)
@@ -46,12 +46,19 @@
  * A login module that extracts the roles from the SAML assertion 
  * that has been set in the Subject. This module is always a follow up
  * to other modules such as {@code JBWSTokenIssuingLoginModule}
+ * 
+ * This login module checks the {@code Subject} for a {@code SamlCredential}
+ * in the public credentials section. From the credential, we extract the 
+ * assertion. The assertion should contain the roles.
+ * 
  * @author Anil.Saldhana at redhat.com
  * @since Jun 6, 2011
  */
 public class SAMLRoleLoginModule extends AbstractServerLoginModule
 {  
    protected Subject theSubject = null;
+   @SuppressWarnings("rawtypes")
+   protected Map sharedState = null;
    
    @Override
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
@@ -59,11 +66,25 @@
    { 
       super.initialize(subject, callbackHandler, sharedState, options);
       theSubject = subject;
+      this.sharedState = sharedState;
    }
 
+   
    @Override
+   public boolean commit() throws LoginException
+   { 
+      super.loginOk = true;
+      return super.commit();
+   }
+
+
+   @Override
    protected Principal getIdentity()
    { 
+      if(super.getUseFirstPass())
+      {
+         return (Principal) sharedState.get("javax.security.auth.login.name");
+      }
       Set<Principal> principals = subject.getPrincipals();
       for(Principal p: principals)
       {
@@ -72,7 +93,7 @@
             return p;
          }
       }
-      throw new RuntimeException("Unable to get the Identity from the subject");
+      throw new RuntimeException("Unable to get the Identity from the subject. Set password-stacking to useFirstPass.");
    }
 
    @SuppressWarnings("static-access")

Added: trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/jaas/SAMLRoleLoginModuleUnitTestCase.java
===================================================================
--- trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/jaas/SAMLRoleLoginModuleUnitTestCase.java	                        (rev 0)
+++ trust/trunk/jbossws/src/test/java/org/picketlink/test/trust/jbossws/jaas/SAMLRoleLoginModuleUnitTestCase.java	2011-06-06 23:15:17 UTC (rev 975)
@@ -0,0 +1,160 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.trust.jbossws.jaas;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayOutputStream;
+import java.security.acl.Group;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.jboss.security.SimplePrincipal;
+import org.junit.Before;
+import org.junit.Test;
+import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
+import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLAssertionWriter;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import org.picketlink.trust.jbossws.jaas.SAMLRoleLoginModule;
+
+/**
+ * Unit test the {@code SAMLRoleLoginModule}
+ * @author Anil.Saldhana at redhat.com
+ * @since Jun 6, 2011
+ */
+public class SAMLRoleLoginModuleUnitTestCase
+{
+   public static class MySAMLModule implements LoginModule
+   {
+      public MySAMLModule(){}
+      
+      private Subject theSubject = null;
+      @SuppressWarnings("rawtypes")
+      private Map sharedState = null;
+      
+      public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
+            Map<String, ?> options)
+      {
+         theSubject = subject;
+         this.sharedState = sharedState;
+      }
+
+      @SuppressWarnings("unchecked")
+      public boolean login() throws LoginException
+      {
+         sharedState.put("javax.security.auth.login.name", new PicketLinkPrincipal(""));
+         return true;
+      }
+
+      public boolean commit() throws LoginException
+      {
+         NameIDType issuer = new NameIDType();
+         AssertionType assertion = AssertionUtil.createAssertion(IDGenerator.create("ID_"), issuer);
+         
+         List<String> roles = new ArrayList<String>();
+         roles.add("test1"); roles.add("test2");
+         
+         AttributeStatementType att = StatementUtil.createAttributeStatement(roles);
+         assertion.addStatement(att);
+         
+         ByteArrayOutputStream baos = new ByteArrayOutputStream();
+         try
+         {
+            SAMLAssertionWriter writer = new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(baos));
+            writer.write(assertion);
+            SamlCredential cred = new SamlCredential(new String(baos.toByteArray()));
+            theSubject.getPublicCredentials().add(cred);
+         }
+         catch (ProcessingException e)
+         { 
+            throw new RuntimeException(e);
+         }
+         return true;
+      }
+
+      public boolean abort() throws LoginException
+      {
+         return true;
+      }
+
+      public boolean logout() throws LoginException
+      {
+         return true;
+      }
+   }
+   
+   @Before
+   public void setup()
+   {
+      Configuration.setConfiguration(new Configuration(){
+
+         @SuppressWarnings({"rawtypes", "unchecked"})
+         @Override
+         public AppConfigurationEntry[] getAppConfigurationEntry(String name)
+         {
+            final Map options = new HashMap();
+            options.put("password-stacking", "useFirstPass");
+            
+            AppConfigurationEntry a1 = new AppConfigurationEntry(MySAMLModule.class.getName(), LoginModuleControlFlag.REQUIRED, options);
+            AppConfigurationEntry a2 = new AppConfigurationEntry(SAMLRoleLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, options);
+            return new AppConfigurationEntry[]{a1,a2};
+         }});
+   }
+   
+   @Test
+   public void testAuth() throws Exception
+   {
+      Subject subject = new Subject();
+      
+      LoginContext lc = new LoginContext("something", subject);
+      lc.login();
+      
+      Set<Group> groups = subject.getPrincipals(Group.class);
+      assertNotNull(groups);
+      assertEquals(1, groups.size());
+      Group gp = groups.iterator().next();
+      assertTrue(gp.isMember(new SimplePrincipal("test1")));
+      assertTrue(gp.isMember(new SimplePrincipal("test2")));
+   }
+}
\ No newline at end of file

More information about the jboss-cvs-commits mailing list