KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > test > naming > test > SecurityUnitTestCase


1 /*
2  * JBoss, Home of Professional Open Source
3  * Copyright 2005, JBoss Inc., and individual contributors as indicated
4  * by the @authors tag. See the copyright.txt in the distribution for a
5  * full listing of individual contributors.
6  *
7  * This is free software; you can redistribute it and/or modify it
8  * under the terms of the GNU Lesser General Public License as
9  * published by the Free Software Foundation; either version 2.1 of
10  * the License, or (at your option) any later version.
11  *
12  * This software is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this software; if not, write to the Free
19  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21  */
22 package org.jboss.test.naming.test;
23
24 import java.lang.reflect.UndeclaredThrowableException JavaDoc;
25 import java.security.Principal JavaDoc;
26 import java.util.Properties JavaDoc;
27
28 import javax.naming.Context JavaDoc;
29 import javax.naming.InitialContext JavaDoc;
30 import javax.naming.NamingEnumeration JavaDoc;
31 import javax.naming.NamingException JavaDoc;
32 import javax.rmi.PortableRemoteObject JavaDoc;
33 import javax.security.auth.login.LoginContext JavaDoc;
34
35 import junit.framework.Test;
36 import junit.framework.TestSuite;
37
38 import org.jboss.security.SecurityAssociation;
39 import org.jboss.test.JBossTestCase;
40 import org.jboss.test.naming.interfaces.TestENC;
41 import org.jboss.test.naming.interfaces.TestENCHome;
42 import org.jboss.test.util.AppCallbackHandler;
43
44 /** Tests of secured access to the JNDI naming service. This testsuite will
45  * be run with the standard security resources available via the classpath.
46  *
47  * @author Scott.Stark@jboss.org
48  * @version $Revision: 56757 $
49  */
50 public class SecurityUnitTestCase extends JBossTestCase
51 {
52    public static Test suite() throws Exception JavaDoc
53    {
54       // JBAS-3606, the execution order of tests in this test case is important
55 // so it must be defined explicitly when running under some JVMs
56 TestSuite suite = new TestSuite();
57       suite.addTest(new SecurityUnitTestCase("testSecureHttpInvokerFailure"));
58       suite.addTest(new SecurityUnitTestCase("testSecureHttpInvoker"));
59       suite.addTest(new SecurityUnitTestCase("testHttpReadonlyLookup"));
60       suite.addTest(new SecurityUnitTestCase("testHttpReadonlyContextLookup"));
61       suite.addTest(new SecurityUnitTestCase("testLoginInitialContext"));
62       suite.addTest(new SecurityUnitTestCase("testSecureEJBViaLoginInitialContextFactory"));
63       suite.addTest(new SecurityUnitTestCase("testSecureEJBViaJndiLoginInitialContextFactory"));
64
65       return suite;
66    }
67    
68    /**
69     * Constructor for the SecurityUnitTestCase object
70     *
71     * @param name Test name
72     */
73    public SecurityUnitTestCase(String JavaDoc name)
74    {
75       super(name);
76    }
77
78    /** Test access to the security http InitialContext without a login
79     *
80     * @throws Exception
81     */
82    public void testSecureHttpInvokerFailure() throws Exception JavaDoc
83    {
84       getLog().debug("+++ testSecureHttpInvokerFailure");
85       Properties JavaDoc env = new Properties JavaDoc();
86       env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.HttpNamingContextFactory");
87
88       // Test the secured JNDI factory
89 env.setProperty(Context.PROVIDER_URL, "http://localhost:8080/invoker/restricted/JNDIFactory");
90       getLog().debug("Creating InitialContext with env="+env);
91
92       // Try without a login to ensure the lookup fails
93 try
94       {
95          getLog().debug("Testing without valid login");
96          InitialContext JavaDoc ctx1 = new InitialContext JavaDoc(env);
97          getLog().debug("Created InitialContext");
98          Object JavaDoc obj1 = ctx1.lookup("jmx");
99          getLog().debug("lookup(jmx) : "+obj1);
100          fail("Should not have been able to lookup(jmx)");
101       }
102       catch(Exception JavaDoc e)
103       {
104          getLog().debug("Lookup failed as expected", e);
105       }
106
107    }
108
109    /** Test access to the JNDI naming service over a restricted http URL
110     */
111    public void testSecureHttpInvoker() throws Exception JavaDoc
112    {
113       getLog().debug("+++ testSecureHttpInvoker");
114       Properties JavaDoc env = new Properties JavaDoc();
115       env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.HttpNamingContextFactory");
116
117       // Specify the login conf file location
118 String JavaDoc authConf = super.getResourceURL("security/auth.conf");
119       getLog().debug("Using auth.conf: "+authConf);
120       System.setProperty("java.security.auth.login.config", authConf);
121       AppCallbackHandler handler = new AppCallbackHandler("admin", "admin".toCharArray());
122       LoginContext JavaDoc lc = new LoginContext JavaDoc("testSecureHttpInvoker", handler);
123       lc.login();
124
125       // Test the secured JNDI factory
126 env.setProperty(Context.PROVIDER_URL, "http://localhost:8080/invoker/restricted/JNDIFactory");
127       getLog().debug("Creating InitialContext with env="+env);
128       InitialContext JavaDoc ctx = new InitialContext JavaDoc(env);
129       getLog().debug("Created InitialContext");
130       Object JavaDoc obj = ctx.lookup("jmx");
131       getLog().debug("lookup(jmx) : "+obj);
132       Context JavaDoc jmxCtx = (Context JavaDoc) obj;
133       NamingEnumeration JavaDoc list = jmxCtx.list("");
134       while( list.hasMore() )
135       {
136          Object JavaDoc entry = list.next();
137          getLog().debug(" + "+entry);
138       }
139       ctx.close();
140       lc.logout();
141
142       Principal JavaDoc p = SecurityAssociation.getPrincipal();
143       assertTrue("SecurityAssociation.getPrincipal is null", p == null);
144
145       /* This is now failing because we don't appear to have anyway to flush
146       the java.net.Authenticator cache. Need to figure out how this can
147       be done or switch a better http client library.
148       // Try without a login to ensure the lookup fails
149       testSecureHttpInvokerFailure();
150       */
151    }
152
153    /** Test access of the readonly context without a login
154     *
155     * @throws Exception
156     */
157    public void testHttpReadonlyLookup() throws Exception JavaDoc
158    {
159       getLog().debug("+++ testHttpReadonlyLookup");
160       /* Try without a login to ensure that a lookup against "readonly" works.
161        *First create the readonly context using the standard JNDI factory
162       */
163       InitialContext JavaDoc bootCtx = new InitialContext JavaDoc();
164       try
165       {
166          bootCtx.unbind("readonly");
167       }
168       catch(NamingException JavaDoc ignore)
169       {
170       }
171       Context JavaDoc readonly = bootCtx.createSubcontext("readonly");
172       readonly.bind("data", "somedata");
173
174       Properties JavaDoc env = new Properties JavaDoc();
175       env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.HttpNamingContextFactory");
176       env.setProperty(Context.PROVIDER_URL, "http://localhost:8080/invoker/ReadOnlyJNDIFactory");
177       getLog().debug("Creating InitialContext with env="+env);
178       InitialContext JavaDoc ctx = new InitialContext JavaDoc(env);
179       Object JavaDoc data = ctx.lookup("readonly/data");
180       getLog().debug("lookup(readonly/data) : "+data);
181       try
182       {
183          // Try to bind into the readonly context
184 ctx.bind("readonly/mydata", "otherdata");
185          fail("Was able to bind into the readonly context");
186       }
187       catch(UndeclaredThrowableException JavaDoc e)
188       {
189          getLog().debug("Invalid exception", e);
190          fail("UndeclaredThrowableException thrown");
191       }
192       catch(Exception JavaDoc e)
193       {
194          getLog().debug("Bind failed as expected", e);
195       }
196
197       try
198       {
199          // Try to access a context other then under readonly
200 ctx.lookup("invokers");
201          fail("Was able to lookup(invokers)");
202       }
203       catch(UndeclaredThrowableException JavaDoc e)
204       {
205          getLog().debug("Invalid exception", e);
206          fail("UndeclaredThrowableException thrown");
207       }
208       catch(Exception JavaDoc e)
209       {
210          getLog().debug("lookup(invokers) failed as expected", e);
211       }
212    }
213
214    /** Test access of the readonly context without a login
215     *
216     * @throws Exception
217     */
218    public void testHttpReadonlyContextLookup() throws Exception JavaDoc
219    {
220       getLog().debug("+++ testHttpReadonlyContextLookup");
221       /* Deploy a customized naming service with a NamingContext proxy
222       replacement interceptor
223       */
224       deploy("naming-readonly.sar");
225
226       /* Try without a login to ensure that a lookup against "readonly" works.
227       First create the readonly context using a non-readonly JNDI factory
228       */
229       Properties JavaDoc env = new Properties JavaDoc();
230       env.setProperty(Context.INITIAL_CONTEXT_FACTORY,
231          "org.jboss.test.naming.test.BootstrapNamingContextFactory");
232       env.setProperty(Context.PROVIDER_URL, "jnp://localhost:1099");
233       env.setProperty("bootstrap-binding", "naming/Naming");
234       getLog().debug("Creating bootstrap InitialContext with env="+env);
235       InitialContext JavaDoc bootCtx = new InitialContext JavaDoc(env);
236       try
237       {
238          bootCtx.unbind("readonly");
239       }
240       catch(NamingException JavaDoc ignore)
241       {
242       }
243       getLog().debug("Creating readonly context");
244       bootCtx.createSubcontext("readonly");
245       bootCtx.bind("readonly/data", "somedata");
246
247       // Test access through the readonly proxy
248 env.setProperty("bootstrap-binding", "naming/ReadOnlyNaming");
249       getLog().debug("Creating InitialContext with env="+env);
250       InitialContext JavaDoc ctx = new InitialContext JavaDoc(env);
251       Object JavaDoc data = ctx.lookup("readonly/data");
252       getLog().debug("lookup(readonly/data) : "+data);
253       // Lookup the readonly context to see that the readonly proxy is seen
254 Object JavaDoc robinding = ctx.lookup("readonly");
255       getLog().debug("Looked up readonly: "+robinding);
256       Context JavaDoc roctx = (Context JavaDoc) robinding;
257       data = roctx.lookup("data");
258       getLog().debug("Looked up data: "+data);
259       assertTrue("lookup(data) == somedata: "+data, "somedata".equals(data));
260       try
261       {
262          // Try to bind into the readonly context
263 roctx.bind("mydata", "otherdata");
264          fail("Was able to bind into the readonly context");
265       }
266       catch(UndeclaredThrowableException JavaDoc e)
267       {
268          getLog().debug("Invalid exception", e);
269          fail("UndeclaredThrowableException thrown");
270       }
271       catch(NamingException JavaDoc e)
272       {
273          getLog().debug("Bind failed as expected", e);
274       }
275
276       try
277       {
278          // Try to access a context other then under readonly
279 ctx.lookup("invokers");
280          fail("Was able to lookup(invokers)");
281       }
282       catch(UndeclaredThrowableException JavaDoc e)
283       {
284          getLog().debug("Invalid exception", e);
285          fail("UndeclaredThrowableException thrown");
286       }
287       catch(Exception JavaDoc e)
288       {
289          getLog().debug("lookup(invokers) failed as expected", e);
290       }
291       undeploy("naming-readonly.sar");
292    }
293
294    /** Test an initial context factory that does a JAAS login to validate the
295     * credentials passed in
296     */
297    public void testLoginInitialContext() throws Exception JavaDoc
298    {
299       getLog().debug("+++ testLoginInitialContext");
300       Properties JavaDoc env = new Properties JavaDoc();
301       // Try with a login that should succeed
302 env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.LoginInitialContextFactory");
303       env.setProperty(Context.PROVIDER_URL, "jnp://localhost:1099/");
304       env.setProperty(Context.SECURITY_CREDENTIALS, "theduke");
305       env.setProperty(Context.SECURITY_PRINCIPAL, "jduke");
306       env.setProperty(Context.SECURITY_PROTOCOL, "testLoginInitialContext");
307
308       // Specify the login conf file location
309 String JavaDoc authConf = super.getResourceURL("security/auth.conf");
310       System.setProperty("java.security.auth.login.config", authConf);
311
312       getLog().debug("Creating InitialContext with env="+env);
313       InitialContext JavaDoc ctx = new InitialContext JavaDoc(env);
314       getLog().debug("Created InitialContext");
315       Object JavaDoc obj = ctx.lookup("jmx");
316       getLog().debug("lookup(jmx) : "+obj);
317       Context JavaDoc jmxCtx = (Context JavaDoc) obj;
318       NamingEnumeration JavaDoc list = jmxCtx.list("");
319       while( list.hasMore() )
320       {
321          Object JavaDoc entry = list.next();
322          getLog().debug(" + "+entry);
323       }
324       ctx.close();
325
326       // Try with a login that should fail
327 env.setProperty(Context.SECURITY_CREDENTIALS, "badpass");
328       try
329       {
330          getLog().debug("Creating InitialContext with env="+env);
331          ctx = new InitialContext JavaDoc(env);
332          fail("Was able to create InitialContext with badpass");
333       }
334       catch(NamingException JavaDoc e)
335       {
336          getLog().debug("InitialContext failed as expected with exception", e);
337       }
338    }
339
340    /**
341     * Use the LoginInitialContextFactory to access a secured ejb
342     * @throws Exception
343     */
344    public void testSecureEJBViaLoginInitialContextFactory() throws Exception JavaDoc
345    {
346       getLog().debug("+++ testSecureEJBViaLoginInitialContextFactory");
347       Properties JavaDoc env = new Properties JavaDoc();
348       // Try with a login that should succeed
349 env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.LoginInitialContextFactory");
350       env.setProperty(Context.PROVIDER_URL, "jnp://localhost:1099/");
351       env.setProperty(Context.SECURITY_CREDENTIALS, "theduke");
352       env.setProperty(Context.SECURITY_PRINCIPAL, "jduke");
353       env.setProperty(Context.SECURITY_PROTOCOL, "testLoginInitialContext");
354
355       // Specify the login conf file location
356 String JavaDoc authConf = super.getResourceURL("security/auth.conf");
357       log.info("auth.conf: "+authConf);
358       System.setProperty("java.security.auth.login.config", authConf);
359
360       getLog().debug("Creating InitialContext with env="+env);
361       InitialContext JavaDoc ctx = new InitialContext JavaDoc(env);
362       getLog().debug("Created InitialContext, ctx="+ctx);
363       super.deploy("naming.jar");
364       Object JavaDoc obj = getInitialContext().lookup("ENCTests/ejbs/SecuredENCBean");
365       obj = PortableRemoteObject.narrow(obj, TestENCHome.class);
366       TestENCHome home = (TestENCHome)obj;
367
368       try
369       {
370          TestENC bean = home.create();
371          getLog().debug("Created SecuredENCBean");
372          bean.accessENC();
373          bean.remove();
374          System.setProperty("java.security.auth.login.config", "invalid");
375       }
376       finally
377       {
378          super.undeploy("naming.jar");
379       }
380    }
381
382    /**
383     * Use the LoginInitialContextFactory to access a secured ejb
384     * @throws Exception
385     */
386    public void testSecureEJBViaJndiLoginInitialContextFactory() throws Exception JavaDoc
387    {
388       getLog().debug("+++ testSecureEJBViaJndiLoginInitialContextFactory");
389       Properties JavaDoc env = new Properties JavaDoc();
390       // Try with a login that should succeed
391 env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
392       env.setProperty(Context.PROVIDER_URL, "jnp://localhost:1099/");
393       env.setProperty(Context.SECURITY_CREDENTIALS, "theduke");
394       env.setProperty(Context.SECURITY_PRINCIPAL, "jduke");
395
396       getLog().debug("Creating InitialContext with env="+env);
397       InitialContext JavaDoc ctx = new InitialContext JavaDoc(env);
398       getLog().debug("Created InitialContext, ctx="+ctx);
399       super.deploy("naming.jar");
400       Object JavaDoc obj = getInitialContext().lookup("ENCTests/ejbs/SecuredENCBean");
401       obj = PortableRemoteObject.narrow(obj, TestENCHome.class);
402       TestENCHome home = (TestENCHome)obj;
403       getLog().debug("Found SecuredENCBean");
404
405       try
406       {
407          TestENC bean = home.create();
408          getLog().debug("Created SecuredENCBean");
409          bean.accessENC();
410          bean.remove();
411       }
412       finally
413       {
414          super.undeploy("naming.jar");
415       }
416    }
417 }
418
Popular Tags