[jboss-cvs] JBossAS SVN: r114808 - branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/test.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Tue Apr 29 07:02:05 EDT 2014 

Author: baranowb
Date: 2014-04-29 07:02:04 -0400 (Tue, 29 Apr 2014)
New Revision: 114808

Modified:
   branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/test/NegotiationTestCase.java
Log:
JBPAPP-10748

Modified: branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/test/NegotiationTestCase.java
===================================================================
--- branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/test/NegotiationTestCase.java	2014-04-23 23:58:48 UTC (rev 114807)
+++ branches/JBPAPP_5/testsuite/src/main/org/jboss/test/security/test/NegotiationTestCase.java	2014-04-29 11:02:04 UTC (rev 114808)
@@ -23,15 +23,19 @@
 
 import java.io.File;
 import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
 import java.util.Properties;
 
 import javax.naming.Context;
 import javax.naming.InitialContext;
+import javax.security.auth.Subject;
 import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginContext;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.SystemUtils;
 import org.jboss.logging.Logger;
+import org.jboss.security.auth.callback.UsernamePasswordHandler;
 import org.jboss.test.JBossTestCase;
 import org.jboss.test.security.ejb3.SimpleSession;
 import org.jboss.test.security.negotiation.GSSTestServer;
@@ -40,6 +44,7 @@
 import org.jboss.test.security.negotiation.NegotiationUtils;
 import org.jboss.test.security.negotiation.PropagateIdentityServlet;
 
+
 /**
  * A JBoss Negotiation tests. Two processes must be started before this TC runs - KDC Server ({@link KerberosServerControl}) and
  * sample server for testing identity propagation ({@link GSSTestServer}).
@@ -150,51 +155,63 @@
       assertEquals("Unexpected response body", "OK", responseBody);
    }
 
-   /**
-    * Tests EJB authentication using SPNEGO.
-    * 
-    * @throws Exception
-    */
+
    public void testEjbAccess() throws Exception
    {
-      if (SystemUtils.JAVA_VENDOR.startsWith("IBM"))
-      {
-         return;
-         //  fail("Providing client credentials is not supported by SPNEGOSocket.");
-      }
+       try{
       LOGGER.info("Testing EJB3 access.");
 
       final String jarName = JAR_NAME + ".jar";
       undeploy(jarName);
       deploy(jarName);
 
-      final Properties env = new Properties();
-      env.put(Context.PROVIDER_URL, NAMING_PROVIDER_URL);
-      env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
-      env.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
-
-      //hnelson - regular user
-      Configuration.setConfiguration(new Krb5LoginConfiguration("hnelson",
-            new File(JBOSS_SERVER_HOME, "hnelson.keytab"), false));
-      InitialContext ctx = new InitialContext(env);
-      SimpleSession session = (SimpleSession) ctx.lookup("SimpleStatelessSessionBean/remote");
-      Principal principal = session.invokeRegularMethod();
+      // Use our custom configuration to avoid reliance on external config
+      Configuration.setConfiguration(new Krb5LoginConfiguration("hnelson at JBOSS.ORG", null, false));
+      LoginContext lc = new LoginContext(getClass().getName(), new UsernamePasswordHandler("hnelson", "secret"));
+      lc.login();
+      Principal principal = Subject.doAs(lc.getSubject(), new InvokeProtectedEjb(false));
       assertEquals("User's principal name doesn't match.", "hnelson at JBOSS.ORG", principal.getName());
-      ctx.close();
+      lc.logout();
 
-      //TODO call invokeAdministrativeMethod() - should fail (but for now it hangs-up and test fails on timeout)
+      //TODO try to call invokeAdministrativeMethod() - should fail (but for now it hangs-up and test fails on timeout)
 
-      //jduke - administrator
-      Configuration.setConfiguration(new Krb5LoginConfiguration("jduke", new File(JBOSS_SERVER_HOME, "jduke.keytab"),
-            false));
-      ctx = new InitialContext(env);
-      session = (SimpleSession) ctx.lookup("SimpleStatelessSessionBean/remote");
-      principal = session.invokeAdministrativeMethod();
+      Configuration.setConfiguration(new Krb5LoginConfiguration("jduke at JBOSS.ORG", null, false));
+      lc = new LoginContext(getClass().getName(), new UsernamePasswordHandler("jduke", "theduke"));
+      lc.login();
+      principal = Subject.doAs(lc.getSubject(), new InvokeProtectedEjb(true));
       assertEquals("User's principal name doesn't match.", "jduke at JBOSS.ORG", principal.getName());
-      ctx.close();
-
+      lc.logout();
+       } catch(Exception e){
+           e.printStackTrace();
+       }
    }
 
+
+   private static class InvokeProtectedEjb implements PrivilegedExceptionAction<Principal>
+   {
+      boolean administrative;
+
+      public InvokeProtectedEjb(boolean administrative)
+      {
+         this.administrative = administrative;
+      }
+
+      public Principal run() throws Exception
+      {
+         final Properties env = new Properties();
+         env.put(Context.PROVIDER_URL, NAMING_PROVIDER_URL);
+         env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
+         env.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
+
+         InitialContext ctx = new InitialContext(env);
+         SimpleSession session = (SimpleSession) ctx.lookup("SimpleStatelessSessionBean/remote");
+
+         Principal principal = administrative ? session.invokeAdministrativeMethod() : session.invokeRegularMethod();
+         ctx.close();
+         return principal;
+      }
+   };
+   
    // Private methods -------------------------------------------------------
 
    /**

More information about the jboss-cvs-commits mailing list