1 7 package org.jboss.test; 8 9 import java.lang.reflect.Constructor ; 10 import java.security.AccessControlContext ; 11 import java.security.AccessControlException ; 12 import java.security.AccessController ; 13 import java.security.CodeSource ; 14 import java.security.Policy ; 15 import java.security.Principal ; 16 import java.security.PrivilegedAction ; 17 import java.security.ProtectionDomain ; 18 import java.util.Set ; 19 import javax.security.auth.Subject ; 20 import javax.security.jacc.EJBMethodPermission ; 21 import javax.security.jacc.PolicyConfiguration ; 22 import javax.security.jacc.PolicyConfigurationFactory ; 23 import javax.security.jacc.PolicyContext ; 24 25 import junit.extensions.TestSetup; 26 import junit.framework.Test; 27 import junit.framework.TestCase; 28 import junit.framework.TestSuite; 29 import org.apache.log4j.Logger; 30 import org.jboss.security.SimplePrincipal; 31 import org.jboss.security.jacc.DelegatingPolicy; 32 import org.jboss.security.jacc.SubjectPolicyContextHandler; 33 34 public class DelegatingPolicyTestCase extends TestCase 35 { 36 private static Logger log = Logger.getLogger(DelegatingPolicyTestCase.class); 37 private static Policy oldPolicy; 38 private static Policy jaccPolicy; 39 40 public DelegatingPolicyTestCase(String name) 41 { 42 super(name); 43 } 44 45 static void setUpPolicy() throws Exception 46 { 47 oldPolicy = Policy.getPolicy(); 49 50 String provider = "org.jboss.security.jacc.DelegatingPolicy"; 51 ClassLoader loader = Thread.currentThread().getContextClassLoader(); 52 Class providerClass = loader.loadClass(provider); 53 try 54 { 55 Class [] ctorSig = {Policy .class}; 57 Constructor ctor = providerClass.getConstructor(ctorSig); 58 Object [] ctorArgs = {oldPolicy}; 59 jaccPolicy = (Policy ) ctor.newInstance(ctorArgs); 60 } 61 catch(NoSuchMethodException e) 62 { 63 log.debug("Provider does not support ctor(Policy)"); 64 jaccPolicy = (Policy ) providerClass.newInstance(); 65 } 66 67 Policy.setPolicy(jaccPolicy); 69 70 jaccPolicy.refresh(); 72 73 SubjectPolicyContextHandler handler = new SubjectPolicyContextHandler(); 75 PolicyContext.registerHandler(SubjectPolicyContextHandler.SUBJECT_CONTEXT_KEY, 76 handler, false); 77 } 78 79 85 public void testPolicyConfiguration() throws Exception 86 { 87 PolicyConfigurationFactory pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory(); 88 PolicyConfiguration pc = pcf.getPolicyConfiguration("context-a", false); 89 EJBMethodPermission someEJB = new EJBMethodPermission ("someEJB", null); 90 pc.addToExcludedPolicy(someEJB); 91 pc.commit(); 92 93 Policy sysPolicy = Policy.getPolicy(); 94 assertTrue("Policy isa DelegatingPolicy", sysPolicy instanceof DelegatingPolicy); 95 sysPolicy.refresh(); 96 97 PolicyContext.setContextID("context-a"); 99 EJBMethodPermission methodX = new EJBMethodPermission ("someEJB", "methodX,,int"); 100 assertTrue("methodX denied", sysPolicy.implies(null, methodX) == false); 101 102 pc = pcf.getPolicyConfiguration("context-a", true); 103 pc.addToUncheckedPolicy(someEJB); 104 pc.commit(); 105 sysPolicy.refresh(); 106 assertTrue("methodX allowed", sysPolicy.implies(null, methodX) == true); 107 108 pc.delete(); 109 pc = pcf.getPolicyConfiguration("context-a", false); 110 pc.addToRole("callerX", someEJB); 111 pc.commit(); 112 sysPolicy.refresh(); 113 SimplePrincipal[] callers = {new SimplePrincipal("callerX")}; 114 ProtectionDomain pd = new ProtectionDomain (null, null, null, callers); 115 assertTrue("methodX allowed", sysPolicy.implies(pd, methodX) == true); 116 117 callers = new SimplePrincipal[]{new SimplePrincipal("callerY")}; 118 pd = new ProtectionDomain (null, null, null, callers); 119 assertTrue("methodX denied", sysPolicy.implies(pd, methodX) == false); 120 121 } 122 123 129 public void testOpenConfigurations() throws Exception 130 { 131 PolicyConfigurationFactory pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory(); 132 PolicyConfiguration pc = pcf.getPolicyConfiguration("context-a", false); 133 EJBMethodPermission someEJB = new EJBMethodPermission ("someEJB", null); 134 pc.addToRole("callerX", someEJB); 135 Policy sysPolicy = Policy.getPolicy(); 136 137 pc = pcf.getPolicyConfiguration("context-a", true); 138 pc.addToUncheckedPolicy(someEJB); 139 sysPolicy.refresh(); 140 EJBMethodPermission methodX = new EJBMethodPermission ("someEJB", "methodX,,int"); 141 boolean implied = sysPolicy.implies(null, methodX); 143 assertFalse("methodX allowed",implied == true); 144 145 pc.commit(); 146 sysPolicy.refresh(); 147 implied = sysPolicy.implies(null, methodX); 149 assertTrue("methodX allowed", implied == true); 150 } 151 152 public void testSubjectDoAs() throws Exception 153 { 154 PolicyConfigurationFactory pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory(); 155 PolicyConfiguration pc = pcf.getPolicyConfiguration("context-a", true); 156 EJBMethodPermission someEJB = new EJBMethodPermission ("someEJB", null); 157 pc.addToRole("callerX", someEJB); 158 pc.commit(); 159 160 log.debug("EJBMethodPermission.CS: "+EJBMethodPermission .class.getProtectionDomain()); 161 final EJBMethodPermission methodX = new EJBMethodPermission ("someEJB", "methodX"); 162 final Subject caller = new Subject (); 163 caller.getPrincipals().add(new SimplePrincipal("callerX")); 164 Set principalsSet = caller.getPrincipals(); 165 Principal [] principals = new Principal [principalsSet.size()]; 166 principalsSet.toArray(principals); 167 CodeSource cs = getClass().getProtectionDomain().getCodeSource(); 168 final ProtectionDomain [] pds = {new ProtectionDomain (cs, null, null, principals)}; 169 AccessControlContext acc = new AccessControlContext (pds); 170 174 175 Boolean allowed = (Boolean ) Subject.doAsPrivileged(caller, new PrivilegedAction () 176 { 177 public Object run() 178 { 179 AccessControlContext acc = AccessController.getContext(); 180 Boolean ok = Boolean.FALSE; 181 try 182 { 183 acc.checkPermission(methodX); 184 ok = Boolean.TRUE; 185 } 186 catch(AccessControlException e) 187 { 188 189 } 190 return ok; 191 } 192 }, acc 193 ); 194 assertTrue("methodX allowed", allowed == Boolean.TRUE ); 195 196 } 197 198 public static Test suite() 199 { 200 TestSuite suite = new TestSuite(DelegatingPolicyTestCase.class); 201 202 TestSetup wrapper = new TestSetup(suite) 204 { 205 protected void setUp() throws Exception 206 { 207 setUpPolicy(); 208 } 209 protected void tearDown() throws Exception 210 { 211 } 212 }; 213 return wrapper; 214 } 215 } 216 | Popular Tags |