LoginKerberosNonGeronimoTest


1   /**
2    *  Licensed to the Apache Software Foundation (ASF) under one or more
3    *  contributor license agreements.  See the NOTICE file distributed with
4    *  this work for additional information regarding copyright ownership.
5    *  The ASF licenses this file to You under the Apache License, Version 2.0
6    *  (the "License"); you may not use this file except in compliance with
7    *  the License.  You may obtain a copy of the License at
8    *
9    *     http://www.apache.org/licenses/LICENSE-2.0
10   *
11   *  Unless required by applicable law or agreed to in writing, software
12   *  distributed under the License is distributed on an "AS IS" BASIS,
13   *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   *  See the License for the specific language governing permissions and
15   *  limitations under the License.
16   */
17  
18  package org.apache.geronimo.security.jaas;
19  
20  import org.apache.geronimo.gbean.AbstractName;
21  import org.apache.geronimo.gbean.GBeanData;
22  import org.apache.geronimo.gbean.AbstractNameQuery;
23  import org.apache.geronimo.security.AbstractTest;
24  import org.apache.geronimo.security.ContextManager;
25  import org.apache.geronimo.security.RealmPrincipal;
26  
27  import javax.security.auth.Subject  ;
28  import javax.security.auth.login.LoginContext  ;
29  import javax.security.auth.login.LoginException  ;
30  import java.util.Properties  ;
31  
32  
33  /**
34   * An example of how to setup non-Geronimo login modules when the
35   * <code>GeronimoLoginConfiguration</code> has been installed in the JVM.
36   *
37   * @version $Rev: 476049 $ $Date: 2006-11-16 23:35:17 -0500 (Thu, 16 Nov 2006) $
38   * @see org.apache.geronimo.security.jaas.GeronimoLoginConfiguration
39   * @see javax.security.auth.login.Configuration
40   */
41  public class LoginKerberosNonGeronimoTest extends AbstractTest {
42  
43      protected AbstractName kerberosCE;
44      protected AbstractName kerberosLM;
45  
46      /**
47       * Install the <code>GeronimoLoginConfiguration</code> but setup a non-Geronimo
48       * JAAS configuration entry named kerberos-foobar.  This entry does a simple
49       * Kerberos login using the ticket cache.
50       *
51       * @throws Exception
52       */
53      public void setUp() throws Exception   {
54          needLoginConfiguration = true;
55          super.setUp();
56  
57          GBeanData gbean;
58  
59          gbean = buildGBeanData("name", "KerberosLoginModule", LoginModuleGBean.getGBeanInfo());
60          kerberosLM = gbean.getAbstractName();
61          gbean.setAttribute("loginModuleClass", "com.sun.security.auth.module.Krb5LoginModule");
62          gbean.setAttribute("serverSide", Boolean.TRUE); // normally not, but in this case, it's treated as server-side
63          Properties   props = new Properties  ();
64          props.put("debug", "true");
65          props.put("useTicketCache", "true");
66          props.put("doNotPrompt", "true");
67          gbean.setAttribute("options", props);
68          kernel.loadGBean(gbean, LoginModuleGBean.class.getClassLoader());
69  
70          gbean = buildGBeanData("name", "kerberosConfigurationEntry", DirectConfigurationEntry.getGBeanInfo());
71          kerberosCE = gbean.getAbstractName();
72          gbean.setAttribute("applicationConfigName", "kerberos-foobar");
73          gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED);
74          gbean.setReferencePattern("Module", kerberosLM);
75          kernel.loadGBean(gbean, DirectConfigurationEntry.class.getClassLoader());
76  
77          kernel.startGBean(loginConfiguration);
78          kernel.startGBean(kerberosLM);
79          kernel.startGBean(kerberosCE);
80      }
81  
82      /**
83       * Stop and unload the configuration entry.  Restpore the JAAS configuration
84       * back to <code>ConfigFile</code>.
85       *
86       * @throws Exception
87       */
88      public void tearDown() throws Exception   {
89          kernel.stopGBean(kerberosCE);
90          kernel.stopGBean(kerberosLM);
91          kernel.stopGBean(loginConfiguration);
92  
93          kernel.unloadGBean(kerberosCE);
94          kernel.unloadGBean(kerberosLM);
95          kernel.unloadGBean(loginConfiguration);
96  
97          super.tearDown();
98      }
99  
100     /**
101      * Perform a vanilla Kerberos login that has nothing to do w/ a Geronimo
102      * security realm.  The subject that has been created should not have any
103      * realm principals.
104      *
105      * @throws Exception
106      */
107     public void testLogin() throws Exception   {
108 
109         try {
110             LoginContext   context = new LoginContext  ("kerberos-foobar");
111 
112             context.login();
113             Subject   subject = context.getSubject();
114 
115             assertTrue("expected non-null subject", subject != null);
116             assertTrue("id of subject should be null", ContextManager.getSubjectId(subject) == null);
117             assertEquals("subject should have one principal", 1, subject.getPrincipals().size());
118             assertEquals("subject should have no realm principal", 0, subject.getPrincipals(RealmPrincipal.class).size());
119 
120             context.logout();
121         } catch (LoginException   e) {
122             e.printStackTrace();
123             // May not have kerberos
124         }
125     }
126 }
127
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags