[jboss-svn-commits] JBL Code SVN: r21189 - in labs/jbossesb/workspace/dbevenius/security/product: rosetta/src/org/jboss/soa/esb/listeners and 9 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Wed Jul 23 08:23:52 EDT 2008
Author: beve
Date: 2008-07-23 08:23:52 -0400 (Wed, 23 Jul 2008)
New Revision: 21189
Added:
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/principals/
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/principals/Group.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/principals/Role.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/principals/
labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/principals/GroupUnitTest.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/principals/RoleUnitTest.java
Modified:
labs/jbossesb/workspace/dbevenius/security/product/etc/schemas/xml/jbossesb-1.0.1.xsd
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerTagNames.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/config/ESBAwareGenerator.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/JaasSecurityContext.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/JaasSecurityService.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigInfo.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigUtil.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/listeners/config/mappers/SecurityMapperUnitTest.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/listeners/config/mappers/jbossesb_config_security.xml
labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/JaasSecurityServiceUnitTest.java
labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityConfigUtilUnitTest.java
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/helloworld_secured/jboss-esb.xml
labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/helloworld_secured/src/org/jboss/soa/esb/samples/quickstart/helloworldsecured/MyJMSListenerAction.java
Log:
Added role support.
Modified: labs/jbossesb/workspace/dbevenius/security/product/etc/schemas/xml/jbossesb-1.0.1.xsd
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/etc/schemas/xml/jbossesb-1.0.1.xsd 2008-07-23 12:14:50 UTC (rev 21188)
+++ labs/jbossesb/workspace/dbevenius/security/product/etc/schemas/xml/jbossesb-1.0.1.xsd 2008-07-23 12:23:52 UTC (rev 21189)
@@ -414,6 +414,13 @@
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
+ <xsd:attribute name="logout" type="xsd:boolean" use="optional">
+ <xsd:annotation>
+ <xsd:documentation xml:lang="en">
+ Is used to indicate that a logout should be performed after this service has completed.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
</xsd:complexType>
</xsd:element>
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerTagNames.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerTagNames.java 2008-07-23 12:14:50 UTC (rev 21188)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerTagNames.java 2008-07-23 12:23:52 UTC (rev 21189)
@@ -79,6 +79,7 @@
public static final String CONFIG_POLICY_FILE_TAG = "file";
public static final String RUN_AS_TAG = "runAs";
public static final String USE_CALLERS_IDENTIDY_TAG = "useCallersIdentity";
+ public static final String LOGOUT_TAG = "logout";
public static final String MODULE_NAME_TAG = "moduleName";
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/config/ESBAwareGenerator.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/config/ESBAwareGenerator.java 2008-07-23 12:14:50 UTC (rev 21188)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/config/ESBAwareGenerator.java 2008-07-23 12:23:52 UTC (rev 21189)
@@ -118,7 +118,6 @@
YADOMUtil.removeEmptyAttributes(eprNode);
ActionMapper.map(listenerNode, service, model);
- SecurityMapper.map(listenerNode, service);
}
/**
@@ -161,6 +160,5 @@
// Map the actions and notiications...
ActionMapper.map(listenerConfigTree, listenerService, model);
NotificationMapper.map(listenerConfigTree, listenerService, model);
- SecurityMapper.map(listenerConfigTree, listenerService);
}
}
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java 2008-07-23 12:14:50 UTC (rev 21188)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java 2008-07-23 12:23:52 UTC (rev 21189)
@@ -50,6 +50,7 @@
import org.jboss.soa.esb.services.security.SecurityConfigInfo;
import org.jboss.soa.esb.services.security.SecurityConfigUtil;
import org.jboss.soa.esb.services.security.SecurityContext;
+import org.jboss.soa.esb.services.security.SecurityService;
import org.jboss.soa.esb.services.security.SecurityServiceFactory;
import org.jboss.soa.esb.util.ClassUtil;
@@ -258,7 +259,7 @@
{
securityConf = SecurityConfigUtil.createSecurityConfigInfo(securityConfigs[0]);
LOGGER.info(securityConf);
- if ( securityConf != null )
+ if (securityConf != null && securityConf.needsAuthentiation())
{
SecurityServiceFactory.getSecurityService().configure();
}
@@ -350,21 +351,38 @@
final Call callDetails = new Call() ;
callDetails.copy(message.getHeader().getCall()) ;
- SecurityContext securityContext = null;
+
// if the gateway or another service passed a subject use that subject for authentication.
- final Subject subject = (Subject) message.getAttachment().get( "Subject" );
- securityContext = new JaasSecurityContext(securityConf, subject);
+ final Subject subject = (Subject) message.getProperties().getProperty( "Subject" );
- try
+ SecurityContext securityContext = new JaasSecurityContext(securityConf, subject);
+
+ if (securityContext.requiresAuthentiation())
{
- SecurityServiceFactory.getSecurityService().authenticate(securityContext);
- LOGGER.info("Subject after authentication" + securityContext.getSubject());
- }
- catch (final LoginException e)
+ LOGGER.debug("Service requires Authentication: existing subject" + subject);
+ try
+ {
+ SecurityServiceFactory.getSecurityService().authenticate(securityContext);
+ message.getProperties().setProperty( "Subject", securityContext.getSubject());
+ LOGGER.debug("Subject after authentication" + securityContext.getSubject());
+ }
+ catch (final LoginException e)
+ {
+ LOGGER.error( "Authentication exception : ", e);
+ faultTo(callDetails, Factory.createErrorMessage(Factory.UNEXPECTED_ERROR, message, e));
+ return false;
+ }
+ }
+ else if ( securityContext.hasRunAs() )
{
- LOGGER.error( "Login exception : ", e);
- faultTo(callDetails, Factory.createErrorMessage(Factory.UNEXPECTED_ERROR, message, e));
- return false;
+ LOGGER.debug("Service will run as Role [" + securityContext.getConfigInfo().getRunAs() + "]");
+ if (!SecurityServiceFactory.getSecurityService().isCallerInRole(subject, securityContext))
+ {
+ LOGGER.warn("Access was denied to the Service as the caller does not belong to the correct Role. Please check the services security configuration.");
+ final SecurityException e = new SecurityException("Caller was not in the role [" + securityContext.getConfigInfo().getRunAs() + "] which is requried by the service");
+ faultTo(callDetails, Factory.createErrorMessage(Factory.UNEXPECTED_ERROR, message, e));
+ return false;
+ }
}
PrivilegedAction<Boolean> action = new PrivilegedAction<Boolean>()
@@ -382,15 +400,18 @@
}
finally
{
- try
+ if ( securityContext.getConfigInfo().getLogout() )
{
- SecurityServiceFactory.getSecurityService().logout(securityContext);
- LOGGER.info("Subject after logout" + securityContext.getSubject());
- }
- catch (final LoginException e)
- {
- LOGGER.error( "Logout exception : ", e);
- faultTo(callDetails, Factory.createErrorMessage(Factory.UNEXPECTED_ERROR, message, e));
+ try
+ {
+ SecurityServiceFactory.getSecurityService().logout(securityContext);
+ LOGGER.info("Subject after logout" + securityContext.getSubject());
+ }
+ catch (final LoginException e)
+ {
+ LOGGER.error( "Logout exception : ", e);
+ faultTo(callDetails, Factory.createErrorMessage(Factory.UNEXPECTED_ERROR, message, e));
+ }
}
}
return processResult.booleanValue();
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/JaasSecurityContext.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/JaasSecurityContext.java 2008-07-23 12:14:50 UTC (rev 21188)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/JaasSecurityContext.java 2008-07-23 12:23:52 UTC (rev 21189)
@@ -82,4 +82,14 @@
return "SecurityContext [ configinfo=" + configInfo + ", subject=" + subject + "]";
}
+ public boolean requiresAuthentiation()
+ {
+ return configInfo.needsAuthentiation();
+ }
+
+ public boolean hasRunAs()
+ {
+ return configInfo.hasRunAs();
+ }
+
}
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/JaasSecurityService.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/JaasSecurityService.java 2008-07-23 12:14:50 UTC (rev 21188)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/JaasSecurityService.java 2008-07-23 12:23:52 UTC (rev 21189)
@@ -21,8 +21,11 @@
package org.jboss.soa.esb.services.security;
import java.net.URL;
+import java.security.Principal;
import java.security.Security;
+import java.util.Set;
+import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
@@ -30,6 +33,8 @@
import org.jboss.soa.esb.ConfigurationException;
import org.jboss.soa.esb.common.Configuration;
import org.jboss.soa.esb.common.Environment;
+import org.jboss.soa.esb.services.security.principals.Group;
+import org.jboss.soa.esb.services.security.principals.Role;
import org.jboss.soa.esb.util.ClassUtil;
import com.sun.security.auth.login.ConfigFile;
@@ -41,7 +46,7 @@
* @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
* @Since 4.4
*/
-public class JaasSecurityService implements SecurityService
+public final class JaasSecurityService implements SecurityService
{
public static final String LOGIN_CONFIG_URL_PREFIX = "login.config.url.";
@@ -60,8 +65,24 @@
{
LoginContext loginContext = new LoginContext(context.getConfigInfo().getModuleName(), context.getSubject(), null, configuration);
loginContext.login();
+
+ addRunAs( context );
}
+ public void addRunAs( final SecurityContext context )
+ {
+ final String runAs = context.getConfigInfo().getRunAs();
+ if ( runAs != null )
+ {
+ context.getSubject().getPrincipals().add(new Role(runAs));
+ }
+ }
+
+ public boolean isCallerInRole( final Subject subject, final SecurityContext context)
+ {
+ return subject.getPrincipals().contains(new Role(context.getConfigInfo().getRunAs()));
+ }
+
public void configure() throws ConfigurationException
{
String loginConfigUrl = Configuration.getSecurityServiceConfigUrl();
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigInfo.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigInfo.java 2008-07-23 12:14:50 UTC (rev 21188)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigInfo.java 2008-07-23 12:23:52 UTC (rev 21189)
@@ -31,23 +31,35 @@
private String runAs;
private String useCallerIdentity;
private String moduleName;
+ private boolean logout;
+
private SecurityConfigInfo(
final String runAs,
final String useCallerIdentity,
- final String moduleName)
+ final String moduleName,
+ final boolean logout)
{
this.runAs = runAs;
this.useCallerIdentity = useCallerIdentity;
this.moduleName = moduleName;
+ this.logout = logout;
}
+ /**
+ *
+ * @param runAs - run as the specified role
+ * @param useCallerIdentity - use the callers identity
+ * @param moduleName - index into the jaas configuration policy file
+ * @return <code>SecurityConfigInfo</code>
+ */
public static SecurityConfigInfo createSecurityInfo(
final String runAs,
final String useCallerIdentity,
- final String moduleName)
+ final String moduleName,
+ final boolean logout)
{
- return new SecurityConfigInfo(runAs, useCallerIdentity, moduleName);
+ return new SecurityConfigInfo(runAs, useCallerIdentity, moduleName, logout);
}
public String getRunAs()
@@ -70,4 +82,20 @@
return "[SecurityConfigInfo : runAs=" + runAs + ", useCallerIdentity=" + useCallerIdentity + ", moduleName=" + moduleName + "]";
}
+ public boolean needsAuthentiation()
+ {
+ return moduleName != null;
+ }
+
+ public boolean hasRunAs()
+ {
+ return runAs != null;
+ }
+
+ public boolean getLogout()
+ {
+ return logout;
+ }
+
+
}
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigUtil.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigUtil.java 2008-07-23 12:14:50 UTC (rev 21188)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityConfigUtil.java 2008-07-23 12:23:52 UTC (rev 21189)
@@ -40,7 +40,8 @@
final String runAs = securityFragment.getAttribute(ListenerTagNames.RUN_AS_TAG);
final String useCallersIdentity = securityFragment.getAttribute(ListenerTagNames.USE_CALLERS_IDENTIDY_TAG);
final String moduleName = securityFragment.getAttribute(ListenerTagNames.MODULE_NAME_TAG);
+ final boolean logout = Boolean.valueOf(securityFragment.getAttribute(ListenerTagNames.LOGOUT_TAG, "false"));
- return SecurityConfigInfo.createSecurityInfo(runAs, useCallersIdentity, moduleName);
+ return SecurityConfigInfo.createSecurityInfo(runAs, useCallersIdentity, moduleName, logout);
}
}
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java 2008-07-23 12:14:50 UTC (rev 21188)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java 2008-07-23 12:23:52 UTC (rev 21189)
@@ -24,6 +24,10 @@
public interface SecurityContext
{
+ boolean requiresAuthentiation();
+
+ boolean hasRunAs();
+
SecurityConfigInfo getConfigInfo();
void setConfigInfo(SecurityConfigInfo configInfo);
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java 2008-07-23 12:14:50 UTC (rev 21188)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityService.java 2008-07-23 12:23:52 UTC (rev 21189)
@@ -20,6 +20,7 @@
*/
package org.jboss.soa.esb.services.security;
+import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.jboss.soa.esb.ConfigurationException;
@@ -35,5 +36,9 @@
void authenticate(final SecurityContext securityContext) throws LoginException;
+ void addRunAs(final SecurityContext securityContext);
+
+ boolean isCallerInRole(final Subject subject, final SecurityContext context);
+
void logout(final SecurityContext securityContext) throws LoginException;
}
Added: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/principals/Group.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/principals/Group.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/principals/Group.java 2008-07-23 12:23:52 UTC (rev 21189)
@@ -0,0 +1,102 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.principals;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * A Role is a collection/group of Principals.
+ * <p/>
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public class Group implements java.security.acl.Group, Serializable
+{
+ private static final long serialVersionUID = 1L;
+ private final String groupName;
+ private final Set<Principal> members = new HashSet<Principal>();
+
+ public Group(final String groupName)
+ {
+ if ( groupName == null )
+ throw new NullPointerException("groupName argument must not be null");
+
+ this.groupName = groupName;
+ }
+
+ public String getName()
+ {
+ return groupName;
+ }
+
+ public String toString()
+ {
+ return "[groupName=" + groupName + ", members=" + members + "]";
+ }
+
+ @Override
+ public boolean equals(Object obj)
+ {
+ if (this == obj)
+ return true;
+ if(!(obj instanceof Group))
+ return false;
+
+ Group other = (Group) obj;
+ return other.groupName.equals(groupName) &&
+ other.members.equals(members);
+ }
+
+ @Override
+ public int hashCode()
+ {
+ int hash = 17;
+ hash = 31 * hash + groupName == null ? 0 : groupName.hashCode();
+ return hash;
+ }
+
+ public boolean addMember(Principal user)
+ {
+ return members.add(user);
+ }
+
+ public boolean isMember(Principal user)
+ {
+ return members.contains(user);
+ }
+
+ public Enumeration<? extends Principal> members()
+ {
+ return Collections.enumeration(members);
+ }
+
+ public boolean removeMember(Principal user)
+ {
+ return members.remove(user);
+ }
+
+}
Added: labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/principals/Role.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/principals/Role.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/src/org/jboss/soa/esb/services/security/principals/Role.java 2008-07-23 12:23:52 UTC (rev 21189)
@@ -0,0 +1,76 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.principals;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+/**
+ * A Role is a collection/group of Principals.
+ * <p/>
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public class Role implements Principal, Serializable
+{
+ private static final long serialVersionUID = 1L;
+ private final String roleName;
+
+ public Role(final String roleName)
+ {
+ if ( roleName == null )
+ throw new NullPointerException("roleName argument must not be null");
+
+ this.roleName = roleName;
+ }
+
+ public String getName()
+ {
+ return roleName;
+ }
+
+ public String toString()
+ {
+ return "Role [roleName=" + roleName + "]";
+ }
+
+ @Override
+ public boolean equals(Object obj)
+ {
+ if (this == obj)
+ return true;
+ if(!(obj instanceof Role))
+ return false;
+
+ Role other = (Role) obj;
+ return this.roleName.equals(other.roleName);
+ }
+
+ @Override
+ public int hashCode()
+ {
+ int hash = 17;
+ hash = 31 * hash + roleName == null ? 0 : roleName.hashCode();
+ return hash;
+ }
+
+}
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/listeners/config/mappers/SecurityMapperUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/listeners/config/mappers/SecurityMapperUnitTest.java 2008-07-23 12:14:50 UTC (rev 21188)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/listeners/config/mappers/SecurityMapperUnitTest.java 2008-07-23 12:23:52 UTC (rev 21189)
@@ -83,6 +83,14 @@
assertEquals( "user1", userIdentityNode.getNodeValue());
}
+ @Test
+ public void mapLogout() throws ConfigurationException
+ {
+ Node logoutNode = securityNode.getAttributes().getNamedItem( ListenerTagNames.LOGOUT_TAG );
+ assertNotNull( logoutNode.getNodeName() );
+ assertEquals( "true", logoutNode.getNodeValue());
+ }
+
// setup methods
@Before
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/listeners/config/mappers/jbossesb_config_security.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/listeners/config/mappers/jbossesb_config_security.xml 2008-07-23 12:14:50 UTC (rev 21188)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/listeners/config/mappers/jbossesb_config_security.xml 2008-07-23 12:23:52 UTC (rev 21189)
@@ -21,7 +21,7 @@
</providers>
<services>
<service category="Test2" name="JMSJCATest" description="JMS JCA Test">
- <security runAs="MrPoon" moduleName="mod1" useCallersIdentity="user1"/>
+ <security runAs="MrPoon" moduleName="mod1" useCallersIdentity="user1" logout="true"/>
<listeners>
<jms-listener name="JMSListener" busidref="quickstartEsbChannel" maxThreads="1"/>
</listeners>
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/JaasSecurityServiceUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/JaasSecurityServiceUnitTest.java 2008-07-23 12:14:50 UTC (rev 21188)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/JaasSecurityServiceUnitTest.java 2008-07-23 12:23:52 UTC (rev 21189)
@@ -20,9 +20,12 @@
*/
package org.jboss.soa.esb.services.security;
+import static org.junit.Assert.*;
import static org.junit.Assert.assertEquals;
import java.net.URL;
+import java.security.Principal;
+import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
@@ -33,6 +36,7 @@
import org.jboss.soa.esb.ConfigurationException;
import org.jboss.soa.esb.common.Environment;
+import org.jboss.soa.esb.services.security.principals.Role;
import org.jboss.soa.esb.util.ClassUtil;
import org.junit.Before;
import org.junit.Test;
@@ -52,7 +56,7 @@
@Test
public void configure() throws ConfigurationException, LoginException
{
- SecurityConfigInfo configInfo = SecurityConfigInfo.createSecurityInfo(null, null, "SuccessfulLogin");
+ SecurityConfigInfo configInfo = SecurityConfigInfo.createSecurityInfo(null, null, "SuccessfulLogin", false);
JaasSecurityContext context = new JaasSecurityContext(configInfo, subject);
service.authenticate(context);
@@ -62,10 +66,37 @@
assertEquals( "test", principals.iterator().next().getName() );
}
+ @Test
+ public void configureWithRole() throws ConfigurationException, LoginException
+ {
+ SecurityConfigInfo configInfo = SecurityConfigInfo.createSecurityInfo("adminRole", null, "SuccessfulLogin", false);
+ JaasSecurityContext context = new JaasSecurityContext(configInfo, subject);
+
+ service.authenticate(context);
+
+ Set<Principal> principals = context.getSubject().getPrincipals( Principal.class );
+ System.out.println(principals);
+ assertEquals( 2, principals.size() );
+ Iterator<Principal> iterator = principals.iterator();
+ assertEquals( "adminRole", iterator.next().getName() );
+ assertEquals( "test", iterator.next().getName() );
+ }
+
+ @Test
+ public void isCallerInRole() throws LoginException
+ {
+ SecurityConfigInfo configInfo = SecurityConfigInfo.createSecurityInfo("adminRole", null, "SuccessfulLogin", false);
+ JaasSecurityContext context = new JaasSecurityContext(configInfo, subject);
+ service.authenticate(context);
+ Subject subject = new Subject();
+ subject.getPrincipals().add(new Role("adminRole"));
+ assertTrue( service.isCallerInRole(subject, context));
+ }
+
@Test ( expected = FailedLoginException.class )
public void loginFailure() throws LoginException, ConfigurationException
{
- SecurityConfigInfo configInfo = SecurityConfigInfo.createSecurityInfo(null, null, "FailureLogin");
+ SecurityConfigInfo configInfo = SecurityConfigInfo.createSecurityInfo(null, null, "FailureLogin", false);
JaasSecurityContext context = new JaasSecurityContext(configInfo, subject);
service.authenticate( context );
}
Modified: labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityConfigUtilUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityConfigUtilUnitTest.java 2008-07-23 12:14:50 UTC (rev 21188)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/SecurityConfigUtilUnitTest.java 2008-07-23 12:23:52 UTC (rev 21189)
@@ -21,16 +21,13 @@
package org.jboss.soa.esb.services.security;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
-
-import java.net.URL;
-
+import static org.junit.Assert.assertTrue;
import junit.framework.JUnit4TestAdapter;
import org.jboss.soa.esb.helpers.ConfigTree;
import org.jboss.soa.esb.listeners.ListenerTagNames;
-import org.jboss.soa.esb.util.ClassUtil;
-import org.junit.Before;
import org.junit.Test;
/**
@@ -46,7 +43,7 @@
@Test
public void createSecurityConfigInfoWithAuth()
{
- final ConfigTree securityFragment = createSecurityFragment(runAs, null, null);
+ final ConfigTree securityFragment = createSecurityFragment(runAs, null, null, false);
SecurityConfigInfo securityInfo = SecurityConfigUtil.createSecurityConfigInfo(securityFragment);
assertEquals(runAs, securityInfo.getRunAs());
@@ -56,7 +53,7 @@
@Test
public void createSecurityConfigInfoWithoutAuth()
{
- final ConfigTree securityFragment = createSecurityFragment(runAs, null, null);
+ final ConfigTree securityFragment = createSecurityFragment(runAs, null, null, false);
SecurityConfigInfo securityInfo = SecurityConfigUtil.createSecurityConfigInfo(securityFragment);
assertEquals(runAs, securityInfo.getRunAs());
assertNull(securityInfo.getUseCallerIdentity());
@@ -66,7 +63,7 @@
public void createSecurityConfigInfoWithUseCallersIdentity()
{
final String callersIdentity = "DrCox";
- final ConfigTree securityFragment = createSecurityFragment(runAs, callersIdentity, null);
+ final ConfigTree securityFragment = createSecurityFragment(runAs, callersIdentity, null, false);
SecurityConfigInfo securityInfo = SecurityConfigUtil.createSecurityConfigInfo(securityFragment);
assertEquals(callersIdentity, securityInfo.getUseCallerIdentity());
}
@@ -75,11 +72,36 @@
public void createSecurityConfigInfoWithModuleName()
{
final String moduleName = "testModule";
- final ConfigTree securityFragment = createSecurityFragment(runAs, null, moduleName);
+ final ConfigTree securityFragment = createSecurityFragment(runAs, null, moduleName, false);
SecurityConfigInfo securityInfo = SecurityConfigUtil.createSecurityConfigInfo(securityFragment);
assertEquals(moduleName, securityInfo.getModuleName());
}
+ @Test
+ public void needsAuthentication()
+ {
+ final String moduleName = "testModule";
+ final ConfigTree securityFragment = createSecurityFragment(runAs, null, moduleName, false);
+ SecurityConfigInfo securityInfo = SecurityConfigUtil.createSecurityConfigInfo(securityFragment);
+ assertTrue(securityInfo.needsAuthentiation());
+ }
+
+ @Test
+ public void doesNotNeedAuthentication()
+ {
+ final ConfigTree securityFragment = createSecurityFragment(runAs, null, null, false);
+ SecurityConfigInfo securityInfo = SecurityConfigUtil.createSecurityConfigInfo(securityFragment);
+ assertFalse(securityInfo.needsAuthentiation());
+ }
+
+ @Test
+ public void hasRunAs()
+ {
+ final ConfigTree securityFragment = createSecurityFragment(runAs, null, null, false);
+ SecurityConfigInfo securityInfo = SecurityConfigUtil.createSecurityConfigInfo(securityFragment);
+ assertTrue(securityInfo.hasRunAs());
+ }
+
public static junit.framework.Test suite()
{
return new JUnit4TestAdapter(SecurityConfigUtilUnitTest.class);
@@ -88,12 +110,14 @@
private ConfigTree createSecurityFragment(
final String runAs,
final String callerIdentity,
- final String moduleName)
+ final String moduleName,
+ final boolean logout)
{
final ConfigTree securityElement = new ConfigTree(ListenerTagNames.SECURITY_TAG);
securityElement.setAttribute(ListenerTagNames.RUN_AS_TAG, runAs);
securityElement.setAttribute(ListenerTagNames.USE_CALLERS_IDENTIDY_TAG, callerIdentity);
securityElement.setAttribute(ListenerTagNames.MODULE_NAME_TAG, moduleName);
+ securityElement.setAttribute(ListenerTagNames.LOGOUT_TAG, String.valueOf(logout));
return securityElement;
}
Added: labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/principals/GroupUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/principals/GroupUnitTest.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/principals/GroupUnitTest.java 2008-07-23 12:23:52 UTC (rev 21189)
@@ -0,0 +1,69 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.principals;
+
+import static org.junit.Assert.*;
+import org.junit.Test;
+import junit.framework.JUnit4TestAdapter;
+
+/**
+ * Unit test for {@link Role}
+ * <p/>
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public class GroupUnitTest
+{
+ private Group groupOne = new Group("groupOne");
+ private Group group1 = new Group("groupOne");
+ private Group groupTwo = new Group("groupTwo");
+ private Group group2 = new Group("groupTwo");
+
+ @Test (expected = NullPointerException.class)
+ public void constuctWithNullGroupName()
+ {
+ new Group(null);
+ }
+
+ @Test
+ public void equals()
+ {
+ groupOne.addMember(new Role("role1"));
+ assertFalse(group1.equals(groupOne));
+ assertFalse(groupOne.equals(group1));
+ assertFalse(groupOne.equals(group2));
+ group1.addMember(new Role("role1"));
+ assertEquals(groupOne, group1);
+ }
+
+ @Test
+ public void hashcode()
+ {
+ assertEquals(groupOne.hashCode(), group1.hashCode());
+ assertFalse(groupOne.hashCode() == groupTwo.hashCode());
+ }
+
+ public static junit.framework.Test suite()
+ {
+ return new JUnit4TestAdapter(GroupUnitTest.class);
+ }
+}
Added: labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/principals/RoleUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/principals/RoleUnitTest.java (rev 0)
+++ labs/jbossesb/workspace/dbevenius/security/product/rosetta/tests/src/org/jboss/soa/esb/services/security/principals/RoleUnitTest.java 2008-07-23 12:23:52 UTC (rev 21189)
@@ -0,0 +1,65 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2008, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.jboss.soa.esb.services.security.principals;
+
+import static org.junit.Assert.*;
+import org.junit.Test;
+import junit.framework.JUnit4TestAdapter;
+
+/**
+ * Unit test for {@link Role}
+ * <p/>
+ *
+ * @author <a href="mailto:dbevenius at redhat.com">Daniel Bevenius</a>
+ *
+ */
+public class RoleUnitTest
+{
+ private Role roleOne = new Role("roleOne");
+ private Role role1 = new Role("roleOne");
+ private Role roleTwo = new Role("roleTwo");
+ private Role role2 = new Role("roleTwo");
+
+ @Test (expected = NullPointerException.class)
+ public void constuctWithNullRoleName()
+ {
+ new Role(null);
+ }
+
+ @Test
+ public void equals()
+ {
+ assertEquals(roleOne, role1);
+ assertFalse(roleOne.equals(role2));
+ }
+
+ @Test
+ public void hashcode()
+ {
+ assertEquals(roleOne.hashCode(), role1.hashCode());
+ assertFalse(roleOne.hashCode() == roleTwo.hashCode());
+ }
+
+ public static junit.framework.Test suite()
+ {
+ return new JUnit4TestAdapter(RoleUnitTest.class);
+ }
+}
Modified: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/helloworld_secured/jboss-esb.xml
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/helloworld_secured/jboss-esb.xml 2008-07-23 12:14:50 UTC (rev 21188)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/helloworld_secured/jboss-esb.xml 2008-07-23 12:23:52 UTC (rev 21189)
@@ -24,7 +24,7 @@
category="FirstServiceESB"
name="SimpleListenerSecured"
description="Hello World">
- <security moduleName="SuccessfulLogin" runAs="kalle"/>
+ <security moduleName="SuccessfulLogin" runAs="adminRole"/>
<!-- uncomment to force an login exception
<security moduleName="FailureLogin" runAs="kalle"/>
@@ -42,18 +42,36 @@
/>
</listeners>
<actions mep="OneWay">
- <action name="action1"
+ <action name="action1" class="org.jboss.soa.esb.samples.quickstart.helloworldsecured.MyJMSListenerAction"
+ process="displayMessage"/>
+
+ <!-- The next action is for Continuous Integration testing -->
+ <action name="testStore" class="org.jboss.soa.esb.actions.TestMessageStore"/>
+
+ <!-- Route to the "Service 2" -->
+ <action name="routeAction" class="org.jboss.soa.esb.actions.StaticRouter">
+ <property name="destinations">
+ <route-to service-category="HelloWorld" service-name="Service2"/>
+ </property>
+ </action>
+
+ </actions>
+ </service>
+
+ <service category="HelloWorld" name="Service2" description="Service 2" invmScope="GLOBAL">
+ <security runAs="adminRole"/>
+ <actions mep="OneWay">
+ <action name="action2" class="org.jboss.soa.esb.actions.SystemPrintln">
+ <property name="printfull" value="false"/>
+ <property name="message" value="In Service2"/>
+ </action>
+ <action name="action1"
class="org.jboss.soa.esb.samples.quickstart.helloworldsecured.MyJMSListenerAction"
process="displayMessage">
- <property name="file" value="/opt/jboss/esb/security/product/samples/quickstarts/helloworld_secured/testfile"/>
</action>
- <action name="action2" class="org.jboss.soa.esb.actions.SystemPrintln">
- <property name="printfull" value="false"/>
- </action>
- <!-- The next action is for Continuous Integration testing -->
- <action name="testStore" class="org.jboss.soa.esb.actions.TestMessageStore"/>
</actions>
</service>
+
</services>
-
+
</jbossesb>
Modified: labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/helloworld_secured/src/org/jboss/soa/esb/samples/quickstart/helloworldsecured/MyJMSListenerAction.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/helloworld_secured/src/org/jboss/soa/esb/samples/quickstart/helloworldsecured/MyJMSListenerAction.java 2008-07-23 12:14:50 UTC (rev 21188)
+++ labs/jbossesb/workspace/dbevenius/security/product/samples/quickstarts/helloworld_secured/src/org/jboss/soa/esb/samples/quickstart/helloworldsecured/MyJMSListenerAction.java 2008-07-23 12:23:52 UTC (rev 21189)
@@ -41,19 +41,16 @@
{
protected ConfigTree config;
- private String fileName;
public MyJMSListenerAction(ConfigTree config) throws ConfigurationException
{
this.config = config;
- fileName = (String)config.getRequiredAttribute("file");
}
public Message displayMessage(Message message) throws Exception
{
System.out.println("Subject in MyJMSListenerAction : " + Subject.getSubject(AccessController.getContext()));
return message;
- }
-
+ }
}
More information about the jboss-svn-commits
mailing list