KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > test > DelegatingPolicyTestCase


1 /*
2 * JBoss, the OpenSource J2EE webOS
3 *
4 * Distributable under LGPL license.
5 * See terms of license at gnu.org.
6 */

7 package org.jboss.test;
8
9 import java.lang.reflect.Constructor JavaDoc;
10 import java.security.AccessControlContext JavaDoc;
11 import java.security.AccessControlException JavaDoc;
12 import java.security.AccessController JavaDoc;
13 import java.security.CodeSource JavaDoc;
14 import java.security.Policy JavaDoc;
15 import java.security.Principal JavaDoc;
16 import java.security.PrivilegedAction JavaDoc;
17 import java.security.ProtectionDomain JavaDoc;
18 import java.util.Set JavaDoc;
19 import javax.security.auth.Subject JavaDoc;
20 import javax.security.jacc.EJBMethodPermission JavaDoc;
21 import javax.security.jacc.PolicyConfiguration JavaDoc;
22 import javax.security.jacc.PolicyConfigurationFactory JavaDoc;
23 import javax.security.jacc.PolicyContext JavaDoc;
24
25 import junit.extensions.TestSetup;
26 import junit.framework.Test;
27 import junit.framework.TestCase;
28 import junit.framework.TestSuite;
29 import org.apache.log4j.Logger;
30 import org.jboss.security.SimplePrincipal;
31 import org.jboss.security.jacc.DelegatingPolicy;
32 import org.jboss.security.jacc.SubjectPolicyContextHandler;
33
34 public class DelegatingPolicyTestCase extends TestCase
35 {
36    private static Logger log = Logger.getLogger(DelegatingPolicyTestCase.class);
37    private static Policy JavaDoc oldPolicy;
38    private static Policy JavaDoc jaccPolicy;
39
40    public DelegatingPolicyTestCase(String JavaDoc name)
41    {
42       super(name);
43    }
44
45    static void setUpPolicy() throws Exception JavaDoc
46    {
47       // Get the current Policy impl
48
oldPolicy = Policy.getPolicy();
49
50       String JavaDoc provider = "org.jboss.security.jacc.DelegatingPolicy";
51       ClassLoader JavaDoc loader = Thread.currentThread().getContextClassLoader();
52       Class JavaDoc providerClass = loader.loadClass(provider);
53       try
54       {
55          // Look for a ctor(Policy) signature
56
Class JavaDoc[] ctorSig = {Policy JavaDoc.class};
57          Constructor JavaDoc ctor = providerClass.getConstructor(ctorSig);
58          Object JavaDoc[] ctorArgs = {oldPolicy};
59          jaccPolicy = (Policy JavaDoc) ctor.newInstance(ctorArgs);
60       }
61       catch(NoSuchMethodException JavaDoc e)
62       {
63          log.debug("Provider does not support ctor(Policy)");
64          jaccPolicy = (Policy JavaDoc) providerClass.newInstance();
65       }
66
67       // Install the JACC policy provider
68
Policy.setPolicy(jaccPolicy);
69
70       // Have the policy load/update itself
71
jaccPolicy.refresh();
72
73       // Register the default active Subject PolicyContextHandler
74
SubjectPolicyContextHandler handler = new SubjectPolicyContextHandler();
75       PolicyContext.registerHandler(SubjectPolicyContextHandler.SUBJECT_CONTEXT_KEY,
76          handler, false);
77    }
78
79    /**
80     * Basic test that a PolicyConfiguration is included in the Policy and its
81     * permissions are implied through the Policy.
82     *
83     * @throws Exception
84     */

85    public void testPolicyConfiguration() throws Exception JavaDoc
86    {
87       PolicyConfigurationFactory JavaDoc pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory();
88       PolicyConfiguration JavaDoc pc = pcf.getPolicyConfiguration("context-a", false);
89       EJBMethodPermission JavaDoc someEJB = new EJBMethodPermission JavaDoc("someEJB", null);
90       pc.addToExcludedPolicy(someEJB);
91       pc.commit();
92
93       Policy JavaDoc sysPolicy = Policy.getPolicy();
94       assertTrue("Policy isa DelegatingPolicy", sysPolicy instanceof DelegatingPolicy);
95       sysPolicy.refresh();
96
97       // Act like the ejb container and check a permission
98
PolicyContext.setContextID("context-a");
99       EJBMethodPermission JavaDoc methodX = new EJBMethodPermission JavaDoc("someEJB", "methodX,,int");
100       assertTrue("methodX denied", sysPolicy.implies(null, methodX) == false);
101
102       pc = pcf.getPolicyConfiguration("context-a", true);
103       pc.addToUncheckedPolicy(someEJB);
104       pc.commit();
105       sysPolicy.refresh();
106       assertTrue("methodX allowed", sysPolicy.implies(null, methodX) == true);
107
108       pc.delete();
109       pc = pcf.getPolicyConfiguration("context-a", false);
110       pc.addToRole("callerX", someEJB);
111       pc.commit();
112       sysPolicy.refresh();
113       SimplePrincipal[] callers = {new SimplePrincipal("callerX")};
114       ProtectionDomain JavaDoc pd = new ProtectionDomain JavaDoc(null, null, null, callers);
115       assertTrue("methodX allowed", sysPolicy.implies(pd, methodX) == true);
116
117       callers = new SimplePrincipal[]{new SimplePrincipal("callerY")};
118       pd = new ProtectionDomain JavaDoc(null, null, null, callers);
119       assertTrue("methodX denied", sysPolicy.implies(pd, methodX) == false);
120
121    }
122
123    /**
124     * Test that uncommitted configurations in the Open state are not seen in
125     * the current Policy permission set.
126     *
127     * @throws Exception
128     */

129    public void testOpenConfigurations() throws Exception JavaDoc
130    {
131       PolicyConfigurationFactory JavaDoc pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory();
132       PolicyConfiguration JavaDoc pc = pcf.getPolicyConfiguration("context-a", false);
133       EJBMethodPermission JavaDoc someEJB = new EJBMethodPermission JavaDoc("someEJB", null);
134       pc.addToRole("callerX", someEJB);
135       Policy JavaDoc sysPolicy = Policy.getPolicy();
136
137       pc = pcf.getPolicyConfiguration("context-a", true);
138       pc.addToUncheckedPolicy(someEJB);
139       sysPolicy.refresh();
140       EJBMethodPermission JavaDoc methodX = new EJBMethodPermission JavaDoc("someEJB", "methodX,,int");
141       // This perm should be denied since the policy config has not been comitted
142
boolean implied = sysPolicy.implies(null, methodX);
143       assertFalse("methodX allowed",implied == true);
144
145       pc.commit();
146       sysPolicy.refresh();
147       // Now it should be allowed since the policy config has been comitted
148
implied = sysPolicy.implies(null, methodX);
149       assertTrue("methodX allowed", implied == true);
150    }
151
152    public void testSubjectDoAs() throws Exception JavaDoc
153    {
154       PolicyConfigurationFactory JavaDoc pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory();
155       PolicyConfiguration JavaDoc pc = pcf.getPolicyConfiguration("context-a", true);
156       EJBMethodPermission JavaDoc someEJB = new EJBMethodPermission JavaDoc("someEJB", null);
157       pc.addToRole("callerX", someEJB);
158       pc.commit();
159
160       log.debug("EJBMethodPermission.CS: "+EJBMethodPermission JavaDoc.class.getProtectionDomain());
161       final EJBMethodPermission JavaDoc methodX = new EJBMethodPermission JavaDoc("someEJB", "methodX");
162       final Subject JavaDoc caller = new Subject JavaDoc();
163       caller.getPrincipals().add(new SimplePrincipal("callerX"));
164       Set JavaDoc principalsSet = caller.getPrincipals();
165       Principal JavaDoc[] principals = new Principal JavaDoc[principalsSet.size()];
166       principalsSet.toArray(principals);
167       CodeSource JavaDoc cs = getClass().getProtectionDomain().getCodeSource();
168       final ProtectionDomain JavaDoc[] pds = {new ProtectionDomain JavaDoc (cs, null, null, principals)};
169       AccessControlContext JavaDoc acc = new AccessControlContext JavaDoc(pds);
170       /*
171       AccessControlContext acc = new AccessControlContext(new AccessControlContext(pds),
172                new SubjectDomainCombiner(caller));
173       */

174
175       Boolean JavaDoc allowed = (Boolean JavaDoc) Subject.doAsPrivileged(caller, new PrivilegedAction JavaDoc()
176          {
177             public Object JavaDoc run()
178             {
179                AccessControlContext JavaDoc acc = AccessController.getContext();
180                Boolean JavaDoc ok = Boolean.FALSE;
181                try
182                {
183                   acc.checkPermission(methodX);
184                   ok = Boolean.TRUE;
185                }
186                catch(AccessControlException JavaDoc e)
187                {
188                   
189                }
190                return ok;
191             }
192          }, acc
193       );
194       assertTrue("methodX allowed", allowed == Boolean.TRUE );
195       
196    }
197
198    public static Test suite()
199    {
200       TestSuite suite = new TestSuite(DelegatingPolicyTestCase.class);
201
202       // Create an initializer for the test suite
203
TestSetup wrapper = new TestSetup(suite)
204       {
205          protected void setUp() throws Exception JavaDoc
206          {
207             setUpPolicy();
208          }
209          protected void tearDown() throws Exception JavaDoc
210          {
211          }
212       };
213       return wrapper;
214    }
215 }
216
Popular Tags