1 17 18 package org.apache.geronimo.security.jaas; 19 20 import java.io.File ; 21 import java.util.Properties ; 22 import java.util.Set ; 23 import java.util.Map ; 24 import java.util.HashMap ; 25 import javax.management.ObjectName ; 26 import javax.management.MalformedObjectNameException ; 27 import javax.security.auth.Subject ; 28 import javax.security.auth.login.LoginContext ; 29 30 import org.apache.geronimo.testsupport.TestSupport; 31 32 import org.apache.geronimo.gbean.GBeanData; 33 import org.apache.geronimo.gbean.GBeanInfo; 34 import org.apache.geronimo.gbean.AbstractName; 35 import org.apache.geronimo.gbean.AbstractNameQuery; 36 import org.apache.geronimo.kernel.Kernel; 37 import org.apache.geronimo.kernel.KernelFactory; 38 import org.apache.geronimo.kernel.repository.Artifact; 39 import org.apache.geronimo.security.AbstractTest; 40 import org.apache.geronimo.security.ContextManager; 41 import org.apache.geronimo.security.IdentificationPrincipal; 42 import org.apache.geronimo.security.RealmPrincipal; 43 import org.apache.geronimo.security.jaas.server.JaasLoginService; 44 import org.apache.geronimo.security.realm.GenericSecurityRealm; 45 import org.apache.geronimo.security.realm.SecurityRealm; 46 import org.apache.geronimo.security.remoting.jmx.JaasLoginServiceRemotingServer; 47 import org.apache.geronimo.system.serverinfo.BasicServerInfo; 48 import org.apache.geronimo.system.serverinfo.ServerInfo; 49 50 51 54 public class ConfigurationEntryTest extends TestSupport { 55 56 protected Kernel kernel; 57 protected AbstractName serverInfo; 58 protected AbstractName loginConfiguration; 59 protected AbstractName loginService; 60 protected AbstractName clientCE; 61 protected AbstractName testUPCred; 62 protected AbstractName testCE; protected AbstractName testProperties; protected AbstractName testRealm; 65 protected AbstractName serverStub; 66 67 public void test() throws Exception { 68 File auditlog = new File (BASEDIR, "target/login-audit.log"); 69 70 if (auditlog.exists()) { 71 auditlog.delete(); 72 } 73 74 assertEquals("Audit file wasn't cleared", 0, auditlog.length()); 75 76 LoginContext context = new LoginContext ("properties-client", new AbstractTest.UsernamePasswordCallback("alan", "starcraft")); 78 79 context.login(); 80 Subject subject = context.getSubject(); 81 Subject clientSubject = subject; 82 assertTrue("expected non-null client subject", subject != null); 83 Set set = subject.getPrincipals(IdentificationPrincipal.class); 84 assertEquals("client subject should have one ID principal", set.size(), 1); 85 IdentificationPrincipal idp = (IdentificationPrincipal) set.iterator().next(); 86 assertEquals(idp.getId(), idp.getId()); 87 subject = ContextManager.getRegisteredSubject(idp.getId()); 88 89 assertTrue("expected non-null server subject", subject != null); 90 assertTrue("server subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1); 91 IdentificationPrincipal remote = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next(); 92 assertTrue("server subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null); 93 assertTrue("server subject should have two realm principals (" + subject.getPrincipals(RealmPrincipal.class).size() + ")", subject.getPrincipals(RealmPrincipal.class).size() == 2); 94 assertTrue("server subject should have seven principals (" + subject.getPrincipals().size() + ")", subject.getPrincipals().size() == 7); 95 assertTrue("server subject should have one private credential (" + subject.getPrivateCredentials().size() + ")", subject.getPrivateCredentials().size() == 1); 96 97 context.logout(); 98 99 assertNull(ContextManager.getRegisteredSubject(idp.getId())); 100 assertNull(ContextManager.getServerSideSubject(clientSubject)); 101 102 assertTrue("id of subject should be null", ContextManager.getSubjectId(subject) == null); 103 104 context = new LoginContext ("properties-realm", new AbstractTest.UsernamePasswordCallback("alan", "starcraft")); 106 107 context.login(); 108 subject = context.getSubject(); 109 assertTrue("expected non-null client subject", subject != null); 110 set = subject.getPrincipals(IdentificationPrincipal.class); 111 assertEquals("client subject should have one ID principal", set.size(), 1); 112 IdentificationPrincipal idp2 = (IdentificationPrincipal) set.iterator().next(); 113 assertNotSame(idp.getId(), idp2.getId()); 114 assertEquals(idp2.getId(), idp2.getId()); 115 subject = ContextManager.getServerSideSubject(subject); 116 117 assertTrue("expected non-null server subject", subject != null); 118 assertTrue("server subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1); 119 remote = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next(); 120 assertTrue("server subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null); 121 assertTrue("server subject should have two realm principals (" + subject.getPrincipals(RealmPrincipal.class).size() + ")", subject.getPrincipals(RealmPrincipal.class).size() == 2); 122 assertTrue("server subject should have seven principals (" + subject.getPrincipals().size() + ")", subject.getPrincipals().size() == 7); 123 assertTrue("server subject should have one private credential (" + subject.getPrivateCredentials().size() + ")", subject.getPrivateCredentials().size() == 1); 124 125 context.logout(); 126 127 assertTrue("id of subject should be null", ContextManager.getSubjectId(subject) == null); 128 129 assertTrue("Audit file wasn't written to", auditlog.length() > 0); 130 } 131 132 protected void setUp() throws Exception { 133 kernel = KernelFactory.newInstance().createKernel("test.kernel"); 134 kernel.boot(); 135 136 GBeanData gbean; 137 138 140 gbean = buildGBeanData("name", "ServerInfo", BasicServerInfo.GBEAN_INFO); 141 serverInfo = gbean.getAbstractName(); 142 gbean.setAttribute("baseDirectory", "."); 143 kernel.loadGBean(gbean, ServerInfo.class.getClassLoader()); 144 kernel.startGBean(serverInfo); 145 146 gbean = buildGBeanData("new", "LoginConfiguration", GeronimoLoginConfiguration.getGBeanInfo()); 147 loginConfiguration = gbean.getAbstractName(); 148 gbean.setReferencePattern("Configurations", new AbstractNameQuery(ConfigurationEntryFactory.class.getName())); 149 kernel.loadGBean(gbean, GeronimoLoginConfiguration.class.getClassLoader()); 150 151 gbean = buildGBeanData("name", "TestLoginService", JaasLoginService.getGBeanInfo()); 152 loginService = gbean.getAbstractName(); 153 gbean.setReferencePattern("Realms", new AbstractNameQuery((SecurityRealm.class.getName()))); 154 gbean.setAttribute("algorithm", "HmacSHA1"); 155 gbean.setAttribute("password", "secret"); 156 kernel.loadGBean(gbean, JaasLoginService.class.getClassLoader()); 157 158 gbean = buildGBeanData("name", "client-ConfigurationEntry", ServerRealmConfigurationEntry.getGBeanInfo()); 160 clientCE = gbean.getAbstractName(); 161 gbean.setAttribute("applicationConfigName", "properties-client"); 162 gbean.setAttribute("realmName", "properties-realm"); 163 gbean.setReferencePattern("LoginService", loginService); 164 kernel.loadGBean(gbean, ServerRealmConfigurationEntry.class.getClassLoader()); 165 166 gbean = buildGBeanData("name", "PropertiesLoginModule", LoginModuleGBean.getGBeanInfo()); 167 testProperties = gbean.getAbstractName(); 168 gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule"); 169 gbean.setAttribute("serverSide", new Boolean (true)); 170 Properties props = new Properties (); 171 props.put("usersURI", new File (BASEDIR, "src/test/data/data/users.properties").toURI().toString()); 172 props.put("groupsURI", new File (BASEDIR, "src/test/data/data/groups.properties").toURI().toString()); 173 gbean.setAttribute("options", props); 174 gbean.setAttribute("loginDomainName", "TestProperties"); 175 gbean.setAttribute("wrapPrincipals", Boolean.TRUE); 176 kernel.loadGBean(gbean, LoginModuleGBean.class.getClassLoader()); 177 178 gbean = buildGBeanData("name", "UPCredLoginModule", LoginModuleGBean.getGBeanInfo()); 179 testUPCred = gbean.getAbstractName(); 180 gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.jaas.UPCredentialLoginModule"); 181 gbean.setAttribute("serverSide", new Boolean (true)); 182 gbean.setAttribute("options", new Properties ()); 183 kernel.loadGBean(gbean, LoginModuleGBean.class.getClassLoader()); 184 185 gbean = buildGBeanData ("name", "AuditLoginModule", LoginModuleGBean.getGBeanInfo()); 186 testCE = gbean.getAbstractName(); 187 gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.FileAuditLoginModule"); 188 gbean.setAttribute("serverSide", new Boolean (true)); 189 props = new Properties (); 190 props.put("file", new File (BASEDIR, "target/login-audit.log").getPath()); 191 gbean.setAttribute("options", props); 192 kernel.loadGBean(gbean, LoginModuleGBean.class.getClassLoader()); 193 194 gbean = buildGBeanData("name", "UPCredLoginModuleUse", JaasLoginModuleUse.getGBeanInfo()); 195 AbstractName testUseName3 = gbean.getAbstractName(); 196 gbean.setAttribute("controlFlag", "REQUIRED"); 197 gbean.setReferencePattern("LoginModule", testUPCred); 198 kernel.loadGBean(gbean, JaasLoginModuleUse.class.getClassLoader()); 199 200 gbean = buildGBeanData("name", "AuditLoginModuleUse", JaasLoginModuleUse.getGBeanInfo()); 201 AbstractName testUseName2 = gbean.getAbstractName(); 202 gbean.setAttribute("controlFlag", "REQUIRED"); 203 gbean.setReferencePattern("LoginModule", testCE); 204 gbean.setReferencePattern("Next", testUseName3); 205 kernel.loadGBean(gbean, JaasLoginModuleUse.class.getClassLoader()); 206 207 gbean = buildGBeanData("name", "PropertiesLoginModuleUse", JaasLoginModuleUse.getGBeanInfo()); 208 AbstractName testUseName1 = gbean.getAbstractName(); 209 gbean.setAttribute("controlFlag", "REQUIRED"); 210 gbean.setReferencePattern("LoginModule", testProperties); 211 gbean.setReferencePattern("Next", testUseName2); 212 kernel.loadGBean(gbean, JaasLoginModuleUse.class.getClassLoader()); 213 214 gbean = buildGBeanData("name", "PropertiesSecurityRealm", GenericSecurityRealm.getGBeanInfo()); 215 testRealm = gbean.getAbstractName(); 216 gbean.setAttribute("realmName", "properties-realm"); 217 gbean.setReferencePattern("LoginModuleConfiguration", testUseName1); 218 gbean.setReferencePattern("ServerInfo", serverInfo); 219 gbean.setReferencePattern("LoginService", loginService); 220 kernel.loadGBean(gbean, GenericSecurityRealm.class.getClassLoader()); 221 222 gbean = buildGBeanData("name", "JaasLoginServiceRemotingServer", JaasLoginServiceRemotingServer.getGBeanInfo()); 223 serverStub = gbean.getAbstractName(); 224 gbean.setAttribute("protocol", "tcp"); 225 gbean.setAttribute("host", "0.0.0.0"); 226 gbean.setAttribute("port", new Integer (4242)); 227 gbean.setReferencePattern("LoginService", loginService); 228 kernel.loadGBean(gbean, JaasLoginServiceRemotingServer.class.getClassLoader()); 229 230 kernel.startGBean(loginConfiguration); 231 kernel.startGBean(loginService); 232 kernel.startGBean(clientCE); 233 kernel.startGBean(testCE); 234 kernel.startGBean(testProperties); 235 kernel.startGBean(testUPCred); 236 kernel.startGBean(testUseName3); 237 kernel.startGBean(testUseName2); 238 kernel.startGBean(testUseName1); 239 kernel.startGBean(testRealm); 240 kernel.startGBean(serverStub); 241 } 242 243 protected void tearDown() throws Exception { 244 kernel.stopGBean(serverStub); 245 kernel.stopGBean(testRealm); 246 kernel.stopGBean(testUPCred); 247 kernel.stopGBean(testCE); 248 kernel.stopGBean(clientCE); 249 kernel.stopGBean(loginService); 250 kernel.stopGBean(loginConfiguration); 251 kernel.stopGBean(serverInfo); 252 253 kernel.unloadGBean(loginService); 254 kernel.unloadGBean(testCE); 255 kernel.unloadGBean(testUPCred); 256 kernel.unloadGBean(testRealm); 257 kernel.unloadGBean(clientCE); 258 kernel.unloadGBean(serverStub); 259 kernel.unloadGBean(loginConfiguration); 260 kernel.unloadGBean(serverInfo); 261 262 kernel.shutdown(); 263 } 264 265 private GBeanData buildGBeanData(String key, String value, GBeanInfo info) throws MalformedObjectNameException { 266 AbstractName abstractName = buildAbstractName(key, value, info); 267 return new GBeanData(abstractName, info); 268 } 269 270 private AbstractName buildAbstractName(String key, String value, GBeanInfo info) throws MalformedObjectNameException { 271 Map names = new HashMap (); 272 names.put(key, value); 273 return new AbstractName(new Artifact("test", "foo", "1", "car"), names, new ObjectName ("test:" + key + "=" + value)); 274 } 275 276 } 277 | Popular Tags |