[jboss-svn-commits] JBL Code SVN: r29270 - in labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta: tests/src/org/jboss/soa/esb/services/security/auth/login and 1 other directory.

[jboss-svn-commits at lists.jboss.org]

Author: beve
Date: 2009-09-09 04:35:23 -0400 (Wed, 09 Sep 2009)
New Revision: 29270

Modified:
   labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java
   labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModuleUnitTest.java
Log:
More tests and clean up.


Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java	2009-09-09 06:54:29 UTC (rev 29269)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModule.java	2009-09-09 08:35:23 UTC (rev 29270)
@@ -23,7 +23,6 @@
 import java.io.IOException;
 import java.security.Principal;
 import java.util.Map;
-import java.util.Set;
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
@@ -47,6 +46,8 @@
 
 /**
  * JAAS LoginModule for JBoss SecurityTokenService (STS).
+ * This LoginModule only performs validation of existing SAML
+ * Assertions and does not issue and such Assertions.
  * 
  * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
  */
@@ -57,13 +58,12 @@
     /**
      * Options for this login module
      */
-    private Map<String, ?> options;
-    public static String SERVICE_NAME_OPTION = "serviceName";
-    public static String PORT_NAME_OPTION = "portName";
-    public static String ENDPOINT_ADDRESS_OPTION = "endpointAddress";
-    public static String USERNAME_OPTION = "username";
-    public static String PASSWORD_OPTION = "password";
-    public static String SAML_TOKEN_TYPE_OPTION = "samlTokenType";
+    public static final String SERVICE_NAME_OPTION = "serviceName";
+    public static final String PORT_NAME_OPTION = "portName";
+    public static final String ENDPOINT_ADDRESS_OPTION = "endpointAddress";
+    public static final String USERNAME_OPTION = "username";
+    public static final String PASSWORD_OPTION = "password";
+    public static final String SAML_TOKEN_TYPE_OPTION = "samlTokenType";
 
     /**
      * The subject to be populated.
@@ -86,12 +86,6 @@
     private WSTrustClient wsTrustClient;
 
     /**
-     * The type of SAML Token that this LoginModule can handle. This is set
-     * through the options configuration.
-     */
-    private String samlTokenType;
-
-    /**
      * The outcome of the authentication process.
      */
     private boolean success;
@@ -115,8 +109,6 @@
     public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options)
     {
         this.subject = subject;
-        this.callbackHandler = callbackHandler;
-        this.options = options;
 
         final String stsServiceName = getRequiredOption(options, SERVICE_NAME_OPTION);
         final String stsPortName = getRequiredOption(options, PORT_NAME_OPTION);
@@ -124,7 +116,12 @@
 
         final String stsUserName = getRequiredOption(options, USERNAME_OPTION);
         final String stsPassword = getRequiredOption(options, PASSWORD_OPTION);
-        samlTokenType = getRequiredOption(options, SAML_TOKEN_TYPE_OPTION);
+        
+        if (callbackHandler == null)
+        {
+            throw new IllegalArgumentException("CallbackHandler must not be null");
+        }
+        this.callbackHandler = callbackHandler;
 
         if (wsTrustClient == null)
         {
@@ -142,12 +139,12 @@
     private String getRequiredOption(final Map<String, ?> options, final String optionName)
     {
         final String option = (String) options.get(optionName);
-        if (option != null)
+        if (option == null)
         {
-            return option;
+	        throw new IllegalArgumentException("Required option '" + optionName + "' was missing from the login modules configuration");
         }
 
-        throw new IllegalArgumentException("Required option '" + optionName + "' was missing from the login modules configuration");
+        return option;
     }
 
     void setWSTrustClient(final WSTrustClient wsTrustClient)
@@ -169,8 +166,6 @@
             samlToken = getSamlTokenFromCaller();
             if (samlToken == null)
             {
-                // Retrieve the Saml Token from the authentiation request.
-                samlToken = wsTrustClient.issueToken(samlTokenType);
             }
 
             // Verify that the Saml Token is still valid.

Modified: labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModuleUnitTest.java
===================================================================
--- labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModuleUnitTest.java	2009-09-09 06:54:29 UTC (rev 29269)
+++ labs/jbossesb/workspace/dbevenius/saml_support/product/rosetta/tests/src/org/jboss/soa/esb/services/security/auth/login/JBossSTSLoginModuleUnitTest.java	2009-09-09 08:35:23 UTC (rev 29270)
@@ -25,7 +25,6 @@
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -104,7 +103,56 @@
         boolean login = loginModule.login();
         assertTrue(login);
     }
-
+    
+    @Test (expected = IllegalArgumentException.class)
+    public void missingCallbackHanlder()
+    {
+        Map<String, String> allOptions = allOptions();
+        allOptions.remove(JBossSTSLoginModule.SERVICE_NAME_OPTION);
+        final JBossSTSLoginModule loginModule = new JBossSTSLoginModule();
+        loginModule.setWSTrustClient(mock(WSTrustClient.class));
+        loginModule.initialize(new Subject(), null, null, allOptions());
+    }
+    
+    @Test (expected = IllegalArgumentException.class)
+    public void missingServerNameOption()
+    {
+        assertMissingOption(JBossSTSLoginModule.SERVICE_NAME_OPTION);
+    }
+    
+    @Test (expected = IllegalArgumentException.class)
+    public void missingPortNameOption()
+    {
+        assertMissingOption(JBossSTSLoginModule.PORT_NAME_OPTION);
+    }
+    
+    @Test (expected = IllegalArgumentException.class)
+    public void missingEndpointAddressOption()
+    {
+        assertMissingOption(JBossSTSLoginModule.ENDPOINT_ADDRESS_OPTION);
+    }
+    
+    @Test (expected = IllegalArgumentException.class)
+    public void missingUsernameOption()
+    {
+        assertMissingOption(JBossSTSLoginModule.USERNAME_OPTION);
+    }
+    
+    @Test (expected = IllegalArgumentException.class)
+    public void missingPasswordOption()
+    {
+        assertMissingOption(JBossSTSLoginModule.PASSWORD_OPTION);
+    }
+    
+    private void assertMissingOption(final String optionName)
+    {
+	    final Map<String, String> allOptions = allOptions();
+        allOptions.remove(optionName);
+        final JBossSTSLoginModule loginModule = new JBossSTSLoginModule();
+        loginModule.setWSTrustClient(mock(WSTrustClient.class));
+        loginModule.initialize(new Subject(), new JBossSTSCallbackHandler(), null, allOptions);
+    }
+    
     private Element createSamlToken() throws Exception
     {
         AssertionType assertionType = new AssertionType();