KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > geronimo > tomcat > JACCSecurityTest


1 /**
2  * Licensed to the Apache Software Foundation (ASF) under one or more
3  * contributor license agreements. See the NOTICE file distributed with
4  * this work for additional information regarding copyright ownership.
5  * The ASF licenses this file to You under the Apache License, Version 2.0
6  * (the "License"); you may not use this file except in compliance with
7  * the License. You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17 package org.apache.geronimo.tomcat;
18
19 import java.io.BufferedReader JavaDoc;
20 import java.io.IOException JavaDoc;
21 import java.io.InputStreamReader JavaDoc;
22 import java.net.HttpURLConnection JavaDoc;
23 import java.net.URL JavaDoc;
24 import java.security.PermissionCollection JavaDoc;
25 import java.security.Permissions JavaDoc;
26 import java.util.HashMap JavaDoc;
27 import java.util.HashSet JavaDoc;
28 import java.util.Iterator JavaDoc;
29 import java.util.Map JavaDoc;
30 import java.util.Set JavaDoc;
31
32 import javax.management.ObjectName JavaDoc;
33 import javax.security.jacc.WebResourcePermission JavaDoc;
34 import javax.security.jacc.WebUserDataPermission JavaDoc;
35
36 import org.apache.geronimo.security.deploy.DefaultPrincipal;
37 import org.apache.geronimo.security.deploy.PrincipalInfo;
38 import org.apache.geronimo.security.deploy.Role;
39 import org.apache.geronimo.security.deploy.Security;
40 import org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl;
41 import org.apache.geronimo.security.jacc.ComponentPermissions;
42 import org.apache.geronimo.tomcat.util.SecurityHolder;
43
44
45 /**
46  * Tests the JACC security for Tomcat
47  *
48  * @version $Revision: 476049 $ $Date: 2006-11-16 23:35:17 -0500 (Thu, 16 Nov 2006) $
49  */
50 public class JACCSecurityTest extends AbstractWebModuleTest {
51
52     ObjectName JavaDoc appName = null;
53
54     /**
55      * Test the explicit map feature. Only Alan should be able to log in.
56      *
57      * @throws Exception thrown if an error in the test occurs
58      */
59     public void testExplicitMapping() throws Exception JavaDoc {
60
61         Security securityConfig = new Security();
62         securityConfig.setUseContextHandler(false);
63
64         DefaultPrincipal defaultPrincipal = new DefaultPrincipal();
65         PrincipalInfo principalInfo = new PrincipalInfo("org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal", "izumi", false);
66         defaultPrincipal.setPrincipal(principalInfo);
67
68         securityConfig.setDefaultPrincipal(defaultPrincipal);
69
70         Role role = new Role();
71         role.setRoleName("content-administrator");
72         principalInfo = new PrincipalInfo("org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal", "it", false);
73         role.getPrincipals().add(principalInfo);
74
75         securityConfig.getRoleMappings().put(role.getRoleName(), role);
76
77         Map JavaDoc roleDesignates = new HashMap JavaDoc();
78         Map JavaDoc principalRoleMap = new HashMap JavaDoc();
79         buildPrincipalRoleMap(securityConfig, roleDesignates, principalRoleMap);
80
81         PermissionCollection JavaDoc uncheckedPermissions = new Permissions JavaDoc();
82
83         PermissionCollection JavaDoc excludedPermissions = new Permissions JavaDoc();
84         excludedPermissions.add(new WebResourcePermission JavaDoc("/auth/login.html", ""));
85         excludedPermissions.add(new WebUserDataPermission JavaDoc("/auth/login.html", ""));
86
87         Map JavaDoc rolePermissions = new HashMap JavaDoc();
88         PermissionCollection JavaDoc permissions = new Permissions JavaDoc();
89         permissions.add(new WebUserDataPermission JavaDoc("/protected/*", ""));
90         permissions.add(new WebResourcePermission JavaDoc("/protected/*", ""));
91         rolePermissions.put("content-administrator", permissions);
92         rolePermissions.put("auto-administrator", permissions);
93
94         ComponentPermissions componentPermissions = new ComponentPermissions(excludedPermissions, uncheckedPermissions, rolePermissions);
95
96         startWebApp(roleDesignates, principalRoleMap, componentPermissions,
97                 defaultPrincipal, permissions);
98
99         //Begin the test
100 HttpURLConnection JavaDoc connection = (HttpURLConnection JavaDoc) new URL JavaDoc("http://localhost:8181/test/protected/hello.txt").openConnection();
101         connection.setInstanceFollowRedirects(false);
102         assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
103
104         //Be sure we have been given the login page
105 BufferedReader JavaDoc reader = new BufferedReader JavaDoc(new InputStreamReader JavaDoc(connection.getInputStream()));
106         assertEquals("<!-- Login Page -->", reader.readLine());
107         reader.close();
108
109         String JavaDoc cookie = connection.getHeaderField("Set-Cookie");
110         cookie = cookie.substring(0, cookie.lastIndexOf(';'));
111         String JavaDoc location = "http://localhost:8181/test/protected/j_security_check?j_username=alan&j_password=starcraft";
112
113         connection = (HttpURLConnection JavaDoc) new URL JavaDoc(location).openConnection();
114         connection.setRequestMethod("POST");
115         connection.setRequestProperty("Referer", "http://localhost:8181/test/auth/logon.html?param=test");
116         connection.setRequestProperty("Cookie", cookie);
117         connection.setInstanceFollowRedirects(false);
118         assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
119
120         connection = (HttpURLConnection JavaDoc) new URL JavaDoc("http://localhost:8181/test/protected/hello.txt").openConnection();
121         connection.setRequestProperty("Cookie", cookie);
122         connection.setInstanceFollowRedirects(false);
123         reader = new BufferedReader JavaDoc(new InputStreamReader JavaDoc(connection.getInputStream()));
124
125         assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
126         assertEquals("Hello World", reader.readLine());
127         connection.disconnect();
128
129         //Now lets try it with izumi
130 connection = (HttpURLConnection JavaDoc) new URL JavaDoc("http://localhost:8181/test/protected/hello.txt").openConnection();
131         connection.setInstanceFollowRedirects(false);
132         assertEquals(HttpURLConnection.HTTP_OK, connection.getResponseCode());
133
134         cookie = connection.getHeaderField("Set-Cookie");
135         cookie = cookie.substring(0, cookie.lastIndexOf(';'));
136
137         //Be sure we have been given the login page
138 reader = new BufferedReader JavaDoc(new InputStreamReader JavaDoc(connection.getInputStream()));
139         assertEquals("<!-- Login Page -->", reader.readLine());
140         reader.close();
141
142         location = "http://localhost:8181/test/protected/j_security_check?j_username=izumi&j_password=violin";
143
144         connection = (HttpURLConnection JavaDoc) new URL JavaDoc(location).openConnection();
145         connection.setRequestMethod("POST");
146         connection.setRequestProperty("Cookie", cookie);
147         connection.setInstanceFollowRedirects(false);
148         assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection.getResponseCode());
149
150         try {
151             connection = (HttpURLConnection JavaDoc) new URL JavaDoc("http://localhost:8181/test/protected/hello.txt").openConnection();
152             connection.setRequestProperty("Cookie", cookie);
153             connection.setInstanceFollowRedirects(false);
154             reader = new BufferedReader JavaDoc(new InputStreamReader JavaDoc(connection.getInputStream()));
155
156             fail("Should throw an IOException for HTTP 403 response");
157         } catch (IOException JavaDoc e) {
158         }
159
160         assertEquals(HttpURLConnection.HTTP_FORBIDDEN, connection.getResponseCode());
161         connection.disconnect();
162
163
164         stopWebApp();
165     }
166
167     protected TomcatWebAppContext startWebApp(
168             Map JavaDoc roleDesignates,
169             Map JavaDoc principalRoleMap,
170             ComponentPermissions componentPermissions,
171             DefaultPrincipal defaultPrincipal,
172             PermissionCollection JavaDoc checked) throws Exception JavaDoc {
173
174         SecurityHolder securityHolder = new SecurityHolder();
175         securityHolder.setSecurity(true);
176         securityHolder.setChecked(checked);
177         securityHolder.setExcluded(componentPermissions.getExcludedPermissions());
178         securityHolder.setPolicyContextID(POLICY_CONTEXT_ID);
179         securityHolder.setDefaultPrincipal(defaultPrincipal);
180         securityHolder.setSecurityRealm(securityRealmName);
181         return setUpSecureAppContext(roleDesignates,
182                 principalRoleMap,
183                 componentPermissions,
184                 null,
185                 securityHolder);
186     }
187
188     protected void stopWebApp() throws Exception JavaDoc {
189     }
190
191     public void buildPrincipalRoleMap(Security security, Map JavaDoc roleDesignates, Map JavaDoc principalRoleMap) {
192         Map JavaDoc roleToPrincipalMap = new HashMap JavaDoc();
193         GeronimoSecurityBuilderImpl.buildRolePrincipalMap(security, roleDesignates, roleToPrincipalMap, getClass().getClassLoader());
194         invertMap(roleToPrincipalMap, principalRoleMap);
195     }
196
197     private static Map JavaDoc invertMap(Map JavaDoc roleToPrincipalMap, Map JavaDoc principalRoleMapping) {
198         for (Iterator JavaDoc roles = roleToPrincipalMap.entrySet().iterator(); roles.hasNext();) {
199             Map.Entry JavaDoc entry = (Map.Entry JavaDoc) roles.next();
200             String JavaDoc role = (String JavaDoc) entry.getKey();
201             Set JavaDoc principals = (Set JavaDoc) entry.getValue();
202             for (Iterator JavaDoc iter = principals.iterator(); iter.hasNext();) {
203                 java.security.Principal JavaDoc principal = (java.security.Principal JavaDoc) iter.next();
204
205                 HashSet JavaDoc roleSet = (HashSet JavaDoc) principalRoleMapping.get(principal);
206                 if (roleSet == null) {
207                     roleSet = new HashSet JavaDoc();
208                     principalRoleMapping.put(principal, roleSet);
209                 }
210                 roleSet.add(role);
211             }
212         }
213         return principalRoleMapping;
214     }
215
216     protected void setUp() throws Exception JavaDoc {
217         super.setUp();
218         super.init("org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm");
219         setUpSecurity();
220     }
221
222     protected void tearDown() throws Exception JavaDoc {
223         tearDownSecurity();
224         super.tearDown();
225     }
226
227 }
228
Popular Tags