[jboss-cvs] JBossAS SVN: r114808 - branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/test.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Apr 29 07:02:05 EDT 2014
Author: baranowb
Date: 2014-04-29 07:02:04 -0400 (Tue, 29 Apr 2014)
New Revision: 114808
Modified:
branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/test/NegotiationTestCase.java
Log:
JBPAPP-10748
Modified: branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/test/NegotiationTestCase.java
===================================================================
--- branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/test/NegotiationTestCase.java 2014-04-23 23:58:48 UTC (rev 114807)
+++ branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/test/NegotiationTestCase.java 2014-04-29 11:02:04 UTC (rev 114808)
@@ -23,15 +23,19 @@
import java.io.File;
import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
import java.util.Properties;
import javax.naming.Context;
import javax.naming.InitialContext;
+import javax.security.auth.Subject;
import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginContext;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.SystemUtils;
import org.jboss.logging.Logger;
+import org.jboss.security.auth.callback.UsernamePasswordHandler;
import org.jboss.test.JBossTestCase;
import org.jboss.test.security.ejb3.SimpleSession;
import org.jboss.test.security.negotiation.GSSTestServer;
@@ -40,6 +44,7 @@
import org.jboss.test.security.negotiation.NegotiationUtils;
import org.jboss.test.security.negotiation.PropagateIdentityServlet;
+
/**
* A JBoss Negotiation tests. Two processes must be started before this TC runs - KDC Server ({@link KerberosServerControl}) and
* sample server for testing identity propagation ({@link GSSTestServer}).
@@ -150,51 +155,63 @@
assertEquals("Unexpected response body", "OK", responseBody);
}
- /**
- * Tests EJB authentication using SPNEGO.
- *
- * @throws Exception
- */
+
public void testEjbAccess() throws Exception
{
- if (SystemUtils.JAVA_VENDOR.startsWith("IBM"))
- {
- return;
- // fail("Providing client credentials is not supported by SPNEGOSocket.");
- }
+ try{
LOGGER.info("Testing EJB3 access.");
final String jarName = JAR_NAME + ".jar";
undeploy(jarName);
deploy(jarName);
- final Properties env = new Properties();
- env.put(Context.PROVIDER_URL, NAMING_PROVIDER_URL);
- env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
- env.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
-
- //hnelson - regular user
- Configuration.setConfiguration(new Krb5LoginConfiguration("hnelson",
- new File(JBOSS_SERVER_HOME, "hnelson.keytab"), false));
- InitialContext ctx = new InitialContext(env);
- SimpleSession session = (SimpleSession) ctx.lookup("SimpleStatelessSessionBean/remote");
- Principal principal = session.invokeRegularMethod();
+ // Use our custom configuration to avoid reliance on external config
+ Configuration.setConfiguration(new Krb5LoginConfiguration("hnelson at JBOSS.ORG", null, false));
+ LoginContext lc = new LoginContext(getClass().getName(), new UsernamePasswordHandler("hnelson", "secret"));
+ lc.login();
+ Principal principal = Subject.doAs(lc.getSubject(), new InvokeProtectedEjb(false));
assertEquals("User's principal name doesn't match.", "hnelson at JBOSS.ORG", principal.getName());
- ctx.close();
+ lc.logout();
- //TODO call invokeAdministrativeMethod() - should fail (but for now it hangs-up and test fails on timeout)
+ //TODO try to call invokeAdministrativeMethod() - should fail (but for now it hangs-up and test fails on timeout)
- //jduke - administrator
- Configuration.setConfiguration(new Krb5LoginConfiguration("jduke", new File(JBOSS_SERVER_HOME, "jduke.keytab"),
- false));
- ctx = new InitialContext(env);
- session = (SimpleSession) ctx.lookup("SimpleStatelessSessionBean/remote");
- principal = session.invokeAdministrativeMethod();
+ Configuration.setConfiguration(new Krb5LoginConfiguration("jduke at JBOSS.ORG", null, false));
+ lc = new LoginContext(getClass().getName(), new UsernamePasswordHandler("jduke", "theduke"));
+ lc.login();
+ principal = Subject.doAs(lc.getSubject(), new InvokeProtectedEjb(true));
assertEquals("User's principal name doesn't match.", "jduke at JBOSS.ORG", principal.getName());
- ctx.close();
-
+ lc.logout();
+ } catch(Exception e){
+ e.printStackTrace();
+ }
}
+
+ private static class InvokeProtectedEjb implements PrivilegedExceptionAction<Principal>
+ {
+ boolean administrative;
+
+ public InvokeProtectedEjb(boolean administrative)
+ {
+ this.administrative = administrative;
+ }
+
+ public Principal run() throws Exception
+ {
+ final Properties env = new Properties();
+ env.put(Context.PROVIDER_URL, NAMING_PROVIDER_URL);
+ env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
+ env.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
+
+ InitialContext ctx = new InitialContext(env);
+ SimpleSession session = (SimpleSession) ctx.lookup("SimpleStatelessSessionBean/remote");
+
+ Principal principal = administrative ? session.invokeAdministrativeMethod() : session.invokeRegularMethod();
+ ctx.close();
+ return principal;
+ }
+ };
+
// Private methods -------------------------------------------------------
/**
More information about the jboss-cvs-commits
mailing list