[jboss-svn-commits] JBL Code SVN: r33454 - in labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta: src/org/jboss/soa/esb/services/security and 1 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Fri Jun 11 13:16:53 EDT 2010
Author: kevin.conner at jboss.com
Date: 2010-06-11 13:16:53 -0400 (Fri, 11 Jun 2010)
New Revision: 33454
Modified:
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java
labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipelineUnitTest.java
Log:
Add security domain to SecurityContext: JBESB-3345
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java 2010-06-11 16:40:00 UTC (rev 33453)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipeline.java 2010-06-11 17:16:53 UTC (rev 33454)
@@ -520,7 +520,8 @@
final SecurityService securityService = SecurityServiceFactory.getSecurityService();
- if (securityContext == null || !securityContext.isValid())
+ final String moduleName = securityConf.getModuleName() ;
+ if (securityContext == null || !securityContext.isValid() || ((moduleName != null) && !moduleName.equals(securityContext.getDomain())))
{
if (authRequest == null)
{
@@ -528,7 +529,7 @@
}
// No existing security context exist or it had expired. Create a new one to drive the autentication.
- securityContext = new SecurityContext(new Subject(), getSecurityContextTimeout(securityConf));
+ securityContext = new SecurityContext(new Subject(), getSecurityContextTimeout(securityConf), moduleName);
// Authenticate the caller
securityService.authenticate(securityConf, securityContext, authRequest);
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java 2010-06-11 16:40:00 UTC (rev 33453)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/src/org/jboss/soa/esb/services/security/SecurityContext.java 2010-06-11 17:16:53 UTC (rev 33454)
@@ -85,10 +85,15 @@
private final long timeout ;
/**
+ * The name of the domain.
+ */
+ private String domain ;
+
+ /**
* Time of creation.
*/
private long timeOfCreation = System.currentTimeMillis();
-
+
/**
* Creates a SecurityContext with a default Subject.
*/
@@ -106,6 +111,7 @@
{
this(subject, globalConfiguredTimeout) ;
}
+
/**
* Creates a SecurityContext associating the passed in Subject with it.
*
@@ -114,6 +120,18 @@
*/
public SecurityContext(final Subject subject, final long timeout)
{
+ this(subject, timeout, null) ;
+ }
+
+ /**
+ * Creates a SecurityContext associating the passed in Subject with it.
+ *
+ * @param subject The Subject that is to be associated with this security context.
+ * @param timeout A timeout which specifies how long this Security Context is valid for. Must be a positiv value.
+ * @param domain The domain used to validate the security context.
+ */
+ public SecurityContext(final Subject subject, final long timeout, final String domain)
+ {
AssertArgument.isNotNull(subject, "subject");
this.subject = subject;
@@ -122,6 +140,7 @@
throw new IllegalArgumentException("'timeout' for SecurityContext must not be negative other then '-1' which indicates a SecurityContext that never expires.");
}
this.timeout = timeout;
+ this.domain = domain;
}
public boolean isCallerInRole( final String roleName )
@@ -206,6 +225,16 @@
return timeout;
}
+ /**
+ * Security domain for the context.
+ *
+ * @return The security domain for the context.
+ */
+ public String getDomain()
+ {
+ return domain;
+ }
+
public boolean isValid()
{
if ( timeout == -1 )
@@ -226,7 +255,7 @@
@Override
public String toString()
{
- return "SecurityContext [isValid " + isValid() + ", timeout :" + timeout + ", timeOfCreation : " + timeOfCreation + "]";
+ return "SecurityContext [isValid " + isValid() + ", timeout :" + timeout + ", domain " + domain + ", timeOfCreation : " + timeOfCreation + "]";
}
// package protected methods
Modified: labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipelineUnitTest.java
===================================================================
--- labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipelineUnitTest.java 2010-06-11 16:40:00 UTC (rev 33453)
+++ labs/jbossesb/branches/JBESB_4_7_CP/product/rosetta/tests/src/org/jboss/soa/esb/listeners/message/ActionProcessingPipelineUnitTest.java 2010-06-11 17:16:53 UTC (rev 33454)
@@ -52,6 +52,9 @@
public class ActionProcessingPipelineUnitTest extends TestCase
{
+ private static final String DOMAIN = "SuccessfulLogin" ;
+ private static final String DIFF_DOMAIN = "UnsuccessfulLogin" ;
+
private String jbossEsbProperties;
public void testProperty() {
@@ -450,7 +453,7 @@
public void testSecuredWithoutExistingSecurityContextOrAuthenticationRequest() throws ConfigurationException
{
final ConfigTree configTree = new ConfigTree("parent") ;
- addSecurityConfig(configTree, "adminRole", null, "SuccessfulLogin", null);
+ addSecurityConfig(configTree, "adminRole", null, DOMAIN, null);
configTree.setAttribute(ListenerTagNames.MEP_ATTRIBUTE_TAG, ListenerTagNames.MEP_ONE_WAY) ;
addAction(configTree, MockSecuredActionProcessor.class.getName(), "process", null, null) ;
@@ -469,7 +472,7 @@
{
final ConfigTree configTree = new ConfigTree("parent") ;
// Add the security configuration.
- addSecurityConfig(configTree, "adminRole", null, "SuccessfulLogin", null);
+ addSecurityConfig(configTree, "adminRole", null, DOMAIN, null);
configTree.setAttribute(ListenerTagNames.MEP_ATTRIBUTE_TAG, ListenerTagNames.MEP_ONE_WAY) ;
addAction(configTree, MockSecuredActionProcessor.class.getName(), "process", null, null) ;
@@ -503,7 +506,7 @@
public void testSecuredWithPreExistingSecurityContext() throws Exception
{
final ConfigTree configTree = new ConfigTree("parent") ;
- addSecurityConfig(configTree, "adminRole", null, "SuccessfulLogin", null);
+ addSecurityConfig(configTree, "adminRole", null, DOMAIN, null);
configTree.setAttribute(ListenerTagNames.MEP_ATTRIBUTE_TAG, ListenerTagNames.MEP_ONE_WAY) ;
addAction(configTree, MockSecuredActionProcessor.class.getName(), "process", null, null) ;
@@ -519,7 +522,7 @@
subject.getPublicCredentials().add(publicCred);
// Create and encrypt the security context. This simulates a call for a service that has already been authentcated.
- final SecurityContext securityContext = new SecurityContext(subject, SecurityContext.getConfigurationTimeout());
+ final SecurityContext securityContext = new SecurityContext(subject, SecurityContext.getConfigurationTimeout(), DOMAIN);
final SealedObject sealedObject = SecurityContext.encryptContext(securityContext);
final Message message = MessageFactory.getInstance().getMessage();
message.getContext().setContext(SecurityService.CONTEXT, sealedObject);
@@ -537,7 +540,7 @@
public void testSecuredWithExistingSecurityContextWhichHasExpired() throws Exception
{
final ConfigTree configTree = new ConfigTree("parent") ;
- addSecurityConfig(configTree, "adminRole", null, "SuccessfulLogin", null);
+ addSecurityConfig(configTree, "adminRole", null, DOMAIN, null);
configTree.setAttribute(ListenerTagNames.MEP_ATTRIBUTE_TAG, ListenerTagNames.MEP_ONE_WAY) ;
addAction(configTree, MockSecuredActionProcessor.class.getName(), "process", null, null) ;
@@ -557,7 +560,7 @@
// Create and encrypt the security context. This simulates a call for a service
// that has already been authentcated...but with a very short timeout.
- final SecurityContext securityContext = new SecurityContext(subject, 10);
+ final SecurityContext securityContext = new SecurityContext(subject, 10, DOMAIN);
TimeUnit.SECONDS.sleep(1);
@@ -579,7 +582,7 @@
// setup config tree
final ConfigTree configTree = new ConfigTree("parent") ;
configTree.setAttribute(ListenerTagNames.MEP_ATTRIBUTE_TAG, ListenerTagNames.MEP_ONE_WAY) ;
- final ConfigTree securityConfigTree = addSecurityConfig(configTree, "adminRole", null, "SuccessfulLogin", null, timeout);
+ final ConfigTree securityConfigTree = addSecurityConfig(configTree, "adminRole", null, DOMAIN, null, timeout);
addAction(configTree, MockSecuredActionProcessor.class.getName(), "process", null, null) ;
final ActionProcessingPipeline pipeline = new ActionProcessingPipeline(configTree) ;
@@ -597,7 +600,7 @@
{
final ConfigTree configTree = new ConfigTree("parent") ;
configTree.setAttribute(ListenerTagNames.MEP_ATTRIBUTE_TAG, ListenerTagNames.MEP_ONE_WAY) ;
- final ConfigTree securityConfigTree = addSecurityConfig(configTree, "adminRole", null, "SuccessfulLogin", null);
+ final ConfigTree securityConfigTree = addSecurityConfig(configTree, "adminRole", null, DOMAIN, null);
addAction(configTree, MockSecuredActionProcessor.class.getName(), "process", null, null) ;
final ActionProcessingPipeline pipeline = new ActionProcessingPipeline(configTree) ;
@@ -614,7 +617,7 @@
{
final ConfigTree configTree = new ConfigTree("parent") ;
configTree.setAttribute(ListenerTagNames.MEP_ATTRIBUTE_TAG, ListenerTagNames.MEP_ONE_WAY) ;
- addSecurityConfig(configTree, "adminRole", null, "SuccessfulLogin", "noRole");
+ addSecurityConfig(configTree, "adminRole", null, DOMAIN, "noRole");
addAction(configTree, MockSecuredActionProcessor.class.getName(), "process", null, null) ;
@@ -628,7 +631,7 @@
final byte[] publicCred = "publicsecret".getBytes();
subject.getPublicCredentials().add(publicCred);
- final SecurityContext securityContext = new SecurityContext(subject, SecurityContext.getConfigurationTimeout());
+ final SecurityContext securityContext = new SecurityContext(subject, SecurityContext.getConfigurationTimeout(), DOMAIN);
final SealedObject sealedObject = SecurityContext.encryptContext(securityContext);
final Message message = MessageFactory.getInstance().getMessage();
message.getContext().setContext(SecurityService.CONTEXT, sealedObject);
@@ -640,6 +643,42 @@
checkOrder(MockActionInfo.getDestroyList()) ;
}
+ public void testSecuredWithDifferentDomain() throws Exception
+ {
+ final ConfigTree configTree = new ConfigTree("parent") ;
+ addSecurityConfig(configTree, "adminRole", null, DOMAIN, null);
+ configTree.setAttribute(ListenerTagNames.MEP_ATTRIBUTE_TAG, ListenerTagNames.MEP_ONE_WAY) ;
+
+ addAction(configTree, MockSecuredActionProcessor.class.getName(), "process", null, null) ;
+
+ final ActionProcessingPipeline pipeline = new ActionProcessingPipeline(configTree) ;
+ pipeline.initialise() ;
+ checkOrder(MockActionInfo.getInitialiseList()) ;
+
+
+ Subject subject = new Subject();
+ // add principal
+ User user = new User("AustinPowerwich");
+ subject.getPrincipals().add(user);
+ // add public credentials
+ byte[] publicCred = "publicsecret".getBytes();
+ subject.getPublicCredentials().add(publicCred);
+
+ // Create and encrypt the security context. This simulates a call for a service
+ // that has already been authenticated...but with a very long timeout.
+ final SecurityContext securityContext = new SecurityContext(subject, 1000 * 60 * 60 * 24 * 7, DIFF_DOMAIN);
+
+ final SealedObject sealedObject = SecurityContext.encryptContext(securityContext);
+ final Message message = MessageFactory.getInstance().getMessage();
+ message.getContext().setContext(SecurityService.CONTEXT, sealedObject);
+
+ final boolean processingResult = pipeline.process(message);
+ assertFalse("Processing should have failed as the SecurityContext was for a different domain", processingResult);
+
+ pipeline.destroy() ;
+ checkOrder(MockActionInfo.getDestroyList()) ;
+ }
+
public static void addAction(final ConfigTree configTree, final String actionName) {
addAction(configTree, actionName, null, null, null);
}
More information about the jboss-svn-commits
mailing list