1 22 package org.jboss.test.security.test; 23 24 import java.lang.reflect.Method ; 25 import java.io.Serializable ; 26 import java.io.IOException ; 27 import java.security.MessageDigest ; 28 import java.security.Principal ; 29 import java.security.KeyStore ; 30 import java.security.cert.X509Certificate ; 31 import java.security.acl.Group ; 32 import java.sql.Connection ; 33 import java.sql.DriverManager ; 34 import java.sql.SQLException ; 35 import java.sql.Statement ; 36 import java.util.Enumeration ; 37 import java.util.HashMap ; 38 import java.util.Iterator ; 39 import java.util.Map ; 40 import java.util.Set ; 41 import java.net.URL ; 42 import javax.naming.InitialContext ; 43 import javax.security.auth.Subject ; 44 import javax.security.auth.login.AppConfigurationEntry ; 45 import javax.security.auth.login.Configuration ; 46 import javax.security.auth.login.LoginContext ; 47 import javax.security.auth.login.LoginException ; 48 import javax.sql.DataSource ; 49 import javax.resource.spi.security.PasswordCredential ; 50 import javax.management.MBeanServerFactory ; 51 import javax.management.MBeanServer ; 52 import javax.management.ObjectName ; 53 import javax.net.ssl.KeyManagerFactory; 54 import javax.net.ssl.TrustManagerFactory; 55 56 import junit.framework.TestSuite; 57 58 import org.jboss.logging.Logger; 59 60 import org.jboss.logging.XLevel; 61 import org.jboss.security.SimpleGroup; 62 import org.jboss.security.SimplePrincipal; 63 import org.jboss.security.Util; 64 import org.jboss.security.SecurityAssociation; 65 import org.jboss.security.SecurityDomain; 66 import org.jboss.security.plugins.JaasSecurityDomain; 67 import org.jboss.security.auth.callback.UsernamePasswordHandler; 68 import org.jboss.security.auth.callback.SecurityAssociationHandler; 69 import org.jboss.security.auth.spi.UsernamePasswordLoginModule; 70 import org.jboss.test.JBossTestCase; 71 72 77 public class LoginModulesUnitTestCase extends JBossTestCase 78 { 79 80 83 static class TestConfig extends Configuration 84 { 85 public void refresh() 86 { 87 } 88 89 public AppConfigurationEntry [] getAppConfigurationEntry(String name) 90 { 91 AppConfigurationEntry [] entry = null; 92 try 93 { 94 Class [] parameterTypes = {}; 95 Method m = getClass().getDeclaredMethod(name, parameterTypes); 96 Object [] args = {}; 97 entry = (AppConfigurationEntry []) m.invoke(this, args); 98 } 99 catch(Exception e) 100 { 101 } 102 return entry; 103 } 104 105 AppConfigurationEntry [] testClientLogin() 106 { 107 String name = "org.jboss.security.ClientLoginModule"; 108 HashMap options = new HashMap (); 109 options.put("restore-login-identity", "true"); 110 AppConfigurationEntry ace = new AppConfigurationEntry (name, 111 AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); 112 AppConfigurationEntry [] entry = {ace}; 113 return entry; 114 } 115 AppConfigurationEntry [] testIdentity() 116 { 117 String name = "org.jboss.security.auth.spi.IdentityLoginModule"; 118 HashMap options = new HashMap (); 119 options.put("principal", "stark"); 120 options.put("roles", "Role3,Role4"); 121 AppConfigurationEntry ace = new AppConfigurationEntry (name, 122 AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); 123 AppConfigurationEntry [] entry = {ace}; 124 return entry; 125 } 126 AppConfigurationEntry [] testJdbc() 127 { 128 String name = "org.jboss.security.auth.spi.DatabaseServerLoginModule"; 129 HashMap options = new HashMap (); 130 options.put("dsJndiName", "testJdbc"); 131 options.put("principalsQuery", "select Password from Principals where PrincipalID=?"); 132 options.put("rolesQuery", "select Role, RoleGroup from Roles where PrincipalID=?"); 133 AppConfigurationEntry ace = new AppConfigurationEntry (name, 134 AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); 135 AppConfigurationEntry [] entry = {ace}; 136 return entry; 137 } 138 AppConfigurationEntry [] testSimple() 139 { 140 String name = "org.jboss.security.auth.spi.SimpleServerLoginModule"; 141 AppConfigurationEntry ace = new AppConfigurationEntry (name, 142 AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap ()); 143 AppConfigurationEntry [] entry = {ace}; 144 return entry; 145 } 146 AppConfigurationEntry [] testUsernamePassword() 147 { 148 return other(); 149 } 150 AppConfigurationEntry [] testUsernamePasswordHash() 151 { 152 HashMap options = new HashMap (); 153 options.put("hashAlgorithm", "MD5"); 154 options.put("hashEncoding", "base64"); 155 AppConfigurationEntry ace = new AppConfigurationEntry (HashTestLoginModule.class.getName(), 156 AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); 157 AppConfigurationEntry [] entry = {ace}; 158 return entry; 159 } 160 AppConfigurationEntry [] testUsernamePasswordHashWithDigestCallback() 161 { 162 HashMap options = new HashMap (); 163 options.put("hashAlgorithm", "MD5"); 164 options.put("hashEncoding", "base64"); 165 options.put("hashCharset", "UTF-8"); 166 options.put("digestCallback", "org.jboss.test.security.test.TestDigestCallback"); 167 options.put("digest.preSalt", "pre"); 168 options.put("digest.postSalt", "post"); 169 AppConfigurationEntry ace = new AppConfigurationEntry (HashTestDigestCallbackLoginModule.class.getName(), 170 AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); 171 AppConfigurationEntry [] entry = {ace}; 172 return entry; 173 } 174 AppConfigurationEntry [] testAnon() 175 { 176 String name = "org.jboss.security.auth.spi.AnonLoginModule"; 177 HashMap options = new HashMap (); 178 options.put("unauthenticatedIdentity", "nobody"); 179 AppConfigurationEntry ace = new AppConfigurationEntry (name, 180 AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); 181 AppConfigurationEntry [] entry = {ace}; 182 return entry; 183 } 184 AppConfigurationEntry [] testNull() 185 { 186 String name = "org.jboss.security.auth.spi.AnonLoginModule"; 187 HashMap options = new HashMap (); 188 AppConfigurationEntry ace = new AppConfigurationEntry (name, 189 AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); 190 AppConfigurationEntry [] entry = {ace}; 191 return entry; 192 } 193 AppConfigurationEntry [] testUsersRoles() 194 { 195 String name = "org.jboss.security.auth.spi.UsersRolesLoginModule"; 196 AppConfigurationEntry ace = new AppConfigurationEntry (name, 197 AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap ()); 198 AppConfigurationEntry [] entry = {ace}; 199 return entry; 200 } 201 AppConfigurationEntry [] testUsersRolesHash() 202 { 203 String name = "org.jboss.security.auth.spi.UsersRolesLoginModule"; 204 HashMap options = new HashMap (); 205 options.put("usersProperties", "usersb64.properties"); 206 options.put("hashAlgorithm", "MD5"); 207 options.put("hashEncoding", "base64"); 208 AppConfigurationEntry ace = new AppConfigurationEntry (name, 209 AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); 210 AppConfigurationEntry [] entry = {ace}; 211 return entry; 212 } 213 AppConfigurationEntry [] testAnonUsersRoles() 214 { 215 String name = "org.jboss.security.auth.spi.UsersRolesLoginModule"; 216 HashMap options = new HashMap (); 217 options.put("unauthenticatedIdentity", "nobody"); 218 AppConfigurationEntry ace = new AppConfigurationEntry (name, 219 AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); 220 AppConfigurationEntry [] entry = {ace}; 221 return entry; 222 } 223 AppConfigurationEntry [] testControlFlags() 224 { 225 String name1 = "org.jboss.security.auth.spi.UsersRolesLoginModule"; 226 AppConfigurationEntry ace1 = new AppConfigurationEntry (name1, 227 AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, new HashMap ()); 228 229 String name2 = "org.jboss.security.auth.spi.DatabaseServerLoginModule"; 230 HashMap options = new HashMap (); 231 options.put("dsJndiName", "testJdbc"); 232 options.put("principalsQuery", "select Password from Principals where PrincipalID=?"); 233 options.put("rolesQuery", "select Role, RoleGroup from Roles where PrincipalID=?"); 234 AppConfigurationEntry ace2 = new AppConfigurationEntry (name2, 235 AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, options); 236 237 AppConfigurationEntry [] entry = {ace1, ace2}; 238 return entry; 239 } 240 AppConfigurationEntry [] testJCACallerIdentity() 241 { 242 String name = "org.jboss.resource.security.CallerIdentityLoginModule"; 243 HashMap options = new HashMap (); 244 options.put("userName", "jduke"); 245 options.put("password", "theduke"); 246 options.put("managedConnectionFactoryName", "jboss:name=fakeMCF"); 247 options.put("ignoreMissigingMCF", Boolean.TRUE); 248 AppConfigurationEntry ace = new AppConfigurationEntry (name, 249 AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); 250 AppConfigurationEntry [] entry = {ace}; 251 return entry; 252 } 253 AppConfigurationEntry [] testJaasSecurityDomainIdentityLoginModule() 254 { 255 String name = "org.jboss.resource.security.JaasSecurityDomainIdentityLoginModule"; 256 HashMap options = new HashMap (); 257 options.put("userName", "sa"); 258 options.put("password", "E5gtGMKcXPP"); 259 options.put("managedConnectionFactoryName", "jboss.jca:service=LocalTxCM,name=DefaultDS"); 260 options.put("ignoreMissigingMCF", Boolean.TRUE); 261 options.put("jaasSecurityDomain", "jboss.test:service=JaasSecurityDomain,domain=testJaasSecurityDomainIdentityLoginModule"); 262 AppConfigurationEntry ace = new AppConfigurationEntry (name, 263 AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); 264 AppConfigurationEntry [] entry = {ace}; 265 return entry; 266 } 267 AppConfigurationEntry [] testCertLogin() 268 { 269 String name = "org.jboss.security.auth.spi.BaseCertLoginModule"; 270 HashMap options = new HashMap (); 271 options.put("securityDomain", "testCertLogin"); 272 AppConfigurationEntry ace = new AppConfigurationEntry (name, 273 AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); 274 AppConfigurationEntry [] entry = {ace}; 275 return entry; 276 } 277 AppConfigurationEntry [] testCertRoles() 278 { 279 String name = "org.jboss.security.auth.spi.CertRolesLoginModule"; 280 HashMap options = new HashMap (); 281 options.put("securityDomain", "testCertRoles"); 282 AppConfigurationEntry ace = new AppConfigurationEntry (name, 283 AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); 284 AppConfigurationEntry [] entry = {ace}; 285 return entry; 286 } 287 AppConfigurationEntry [] other() 288 { 289 AppConfigurationEntry ace = new AppConfigurationEntry (TestLoginModule.class.getName(), 290 AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap ()); 291 AppConfigurationEntry [] entry = {ace}; 292 return entry; 293 } 294 } 295 296 public static class TestLoginModule extends UsernamePasswordLoginModule 297 { 298 protected Group [] getRoleSets() 299 { 300 SimpleGroup roles = new SimpleGroup("Roles"); 301 Group [] roleSets = {roles}; 302 roles.addMember(new SimplePrincipal("TestRole")); 303 roles.addMember(new SimplePrincipal("Role2")); 304 return roleSets; 305 } 306 308 protected String getUsersPassword() 309 { 310 return "secret"; 311 } 312 } 313 public static class HashTestLoginModule extends TestLoginModule 314 { 315 317 protected String getUsersPassword() 318 { 319 MessageDigest md = null; 320 try 321 { 322 md = MessageDigest.getInstance("MD5"); 323 } 324 catch(Exception e) 325 { 326 e.printStackTrace(); 327 } 328 byte[] passwordBytes = "secret".getBytes(); 329 byte[] hash = md.digest(passwordBytes); 330 String passwordHash = Util.encodeBase64(hash); 331 return passwordHash; 332 } 333 } 334 public static class HashTestDigestCallbackLoginModule extends TestLoginModule 335 { 336 338 protected String getUsersPassword() 339 { 340 MessageDigest md = null; 341 try 342 { 343 md = MessageDigest.getInstance("MD5"); 344 } 345 catch(Exception e) 346 { 347 e.printStackTrace(); 348 } 349 byte[] passwordBytes = "secret".getBytes(); 350 md.update("pre".getBytes()); 351 md.update(passwordBytes); 352 md.update("post".getBytes()); 353 byte[] hash = md.digest(); 354 String passwordHash = Util.encodeBase64(hash); 355 return passwordHash; 356 } 357 } 358 359 362 static class TestDS implements DataSource , Serializable 363 { 364 private static final long serialVersionUID = 1; 365 public java.sql.Connection getConnection() throws java.sql.SQLException 366 { 367 return getConnection("sa", ""); 368 } 369 public java.sql.Connection getConnection(String user, String pass) throws java.sql.SQLException 370 { 371 java.sql.Connection con = null; 372 String jdbcURL = ""; 373 try 374 { 375 jdbcURL = "jdbc:hsqldb:hsql://" + System.getProperty("jbosstest.server.host", "localhost") + ":1701"; 376 con = DriverManager.getConnection(jdbcURL, user, pass); 377 } 378 catch(java.sql.SQLException sqle) 379 { 380 jdbcURL = "jdbc:hsqldb:."; con = DriverManager.getConnection(jdbcURL, user, pass); 382 } 383 return con; 384 } 385 public java.io.PrintWriter getLogWriter() throws java.sql.SQLException 386 { 387 return null; 388 } 389 public void setLogWriter(java.io.PrintWriter out) 390 throws java.sql.SQLException 391 { 392 } 393 public int getLoginTimeout() throws java.sql.SQLException 394 { 395 return 0; 396 } 397 public void setLoginTimeout(int seconds) throws java.sql.SQLException 398 { 399 } 400 } 401 402 static class TestSecurityDomain implements SecurityDomain, Serializable 403 { 404 private static final long serialVersionUID = 1; 405 406 private transient KeyStore store; 407 408 public KeyStore getKeyStore() throws SecurityException 409 { 410 return store; 411 } 412 413 public KeyManagerFactory getKeyManagerFactory() throws SecurityException 414 { 415 return null; 416 } 417 418 public KeyStore getTrustStore() throws SecurityException 419 { 420 return store; 421 } 422 423 public TrustManagerFactory getTrustManagerFactory() throws SecurityException 424 { 425 return null; 426 } 427 428 public String getSecurityDomain() 429 { 430 return null; 431 } 432 433 public Subject getActiveSubject() 434 { 435 return null; 436 } 437 438 public boolean isValid(Principal principal, Object credential, 439 Subject activeSubject) 440 { 441 return false; 442 } 443 444 public boolean isValid(Principal principal, Object credential) 445 { 446 return false; 447 } 448 449 public Principal getPrincipal(Principal principal) 450 { 451 return null; 452 } 453 454 public boolean doesUserHaveRole(Principal principal, Set roles) 455 { 456 return false; 457 } 458 459 public Set getUserRoles(Principal principal) 460 { 461 return null; 462 } 463 464 private void readObject(java.io.ObjectInputStream in) 465 throws IOException 466 { 467 try 468 { 469 store = KeyStore.getInstance("JKS"); 470 ClassLoader loader = Thread.currentThread().getContextClassLoader(); 471 URL resURL = loader.getResource("security/tst.keystore"); 472 store.load(resURL.openStream(), "unit-tests".toCharArray()); 473 } 474 catch(Exception e) 475 { 476 throw new IOException (e.toString()); 477 } 478 } 479 480 483 public Principal getTargetPrincipal(Principal anotherDomainPrincipal, Map contextMap) 484 { 485 throw new RuntimeException ("Not implemented yet"); 486 } 487 } 488 489 public LoginModulesUnitTestCase(String testName) 490 { 491 super(testName); 492 } 493 494 protected void setUp() throws Exception 495 { 496 Configuration.setConfiguration(new TestConfig()); 498 } 499 500 public void testClientLogin() throws Exception 501 { 502 getLog().info("testClientLogin"); 503 UsernamePasswordHandler handler = new UsernamePasswordHandler("scott", "secret".toCharArray()); 504 LoginContext lc = new LoginContext ("testClientLogin", handler); 505 lc.login(); 506 Subject subject = lc.getSubject(); 507 Principal scott = new SimplePrincipal("scott"); 508 assertTrue("Principals contains scott", subject.getPrincipals().contains(scott)); 509 Principal saPrincipal = SecurityAssociation.getPrincipal(); 510 assertTrue("SecurityAssociation.getPrincipal == scott", saPrincipal.equals(scott)); 511 512 UsernamePasswordHandler handler2 = new UsernamePasswordHandler("scott2", "secret2".toCharArray()); 513 LoginContext lc2 = new LoginContext ("testClientLogin", handler2); 514 lc2.login(); 515 Principal scott2 = new SimplePrincipal("scott2"); 516 saPrincipal = SecurityAssociation.getPrincipal(); 517 assertTrue("SecurityAssociation.getPrincipal == scott2", saPrincipal.equals(scott2)); 518 lc2.logout(); 519 saPrincipal = SecurityAssociation.getPrincipal(); 520 assertTrue("SecurityAssociation.getPrincipal == scott", saPrincipal.equals(scott)); 521 522 lc.logout(); 523 } 524 525 public void testUsernamePassword() throws Exception 526 { 527 getLog().info("testUsernamePassword"); 528 UsernamePasswordHandler handler = new UsernamePasswordHandler("scott", "secret".toCharArray()); 529 LoginContext lc = new LoginContext ("testUsernamePassword", handler); 530 lc.login(); 531 Subject subject = lc.getSubject(); 532 Set groups = subject.getPrincipals(Group .class); 533 assertTrue("Principals contains scott", subject.getPrincipals().contains(new SimplePrincipal("scott"))); 534 assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles"))); 535 Group roles = (Group ) groups.iterator().next(); 536 assertTrue("TestRole is a role", roles.isMember(new SimplePrincipal("TestRole"))); 537 assertTrue("Role2 is a role", roles.isMember(new SimplePrincipal("Role2"))); 538 539 lc.logout(); 540 } 541 public void testUsernamePasswordHash() throws Exception 542 { 543 getLog().info("testUsernamePasswordHash"); 544 UsernamePasswordHandler handler = new UsernamePasswordHandler("scott", "secret".toCharArray()); 545 LoginContext lc = new LoginContext ("testUsernamePasswordHash", handler); 546 lc.login(); 547 Subject subject = lc.getSubject(); 548 Set groups = subject.getPrincipals(Group .class); 549 assertTrue("Principals contains scott", subject.getPrincipals().contains(new SimplePrincipal("scott"))); 550 assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles"))); 551 Group roles = (Group ) groups.iterator().next(); 552 assertTrue("TestRole is a role", roles.isMember(new SimplePrincipal("TestRole"))); 553 assertTrue("Role2 is a role", roles.isMember(new SimplePrincipal("Role2"))); 554 555 lc.logout(); 556 } 557 558 public void testUsernamePasswordHashWithDigestCallback() throws Exception 559 { 560 getLog().info("testUsernamePasswordHashWithDigestCallback"); 561 byte[] passBytes = {115, 101, 99, 114, 101, 116}; 563 String pass = new String (passBytes, "UTF-8"); 564 UsernamePasswordHandler handler = new UsernamePasswordHandler("scott", pass.toCharArray()); 565 LoginContext lc = new LoginContext ("testUsernamePasswordHashWithDigestCallback", handler); 566 lc.login(); 567 Subject subject = lc.getSubject(); 568 Set groups = subject.getPrincipals(Group .class); 569 assertTrue("Principals contains scott", subject.getPrincipals().contains(new SimplePrincipal("scott"))); 570 assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles"))); 571 Group roles = (Group ) groups.iterator().next(); 572 assertTrue("TestRole is a role", roles.isMember(new SimplePrincipal("TestRole"))); 573 assertTrue("Role2 is a role", roles.isMember(new SimplePrincipal("Role2"))); 574 575 lc.logout(); 576 } 577 578 public void testUsersRoles() throws Exception 579 { 580 getLog().info("testUsersRoles"); 581 UsernamePasswordHandler handler = new UsernamePasswordHandler("scott", "echoman".toCharArray()); 582 LoginContext lc = new LoginContext ("testUsersRoles", handler); 583 lc.login(); 584 Subject subject = lc.getSubject(); 585 Set groups = subject.getPrincipals(Group .class); 586 assertTrue("Principals contains scott", subject.getPrincipals().contains(new SimplePrincipal("scott"))); 587 assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles"))); 588 assertTrue("Principals contains CallerPrincipal", groups.contains(new SimplePrincipal("CallerPrincipal"))); 589 Group roles = (Group ) groups.iterator().next(); 590 Iterator groupsIter = groups.iterator(); 591 while( groupsIter.hasNext() ) 592 { 593 roles = (Group ) groupsIter.next(); 594 if( roles.getName().equals("Roles") ) 595 { 596 assertTrue("Echo is a role", roles.isMember(new SimplePrincipal("Echo"))); 597 assertTrue("Java is NOT a role", roles.isMember(new SimplePrincipal("Java")) == false); 598 assertTrue("Coder is NOT a role", roles.isMember(new SimplePrincipal("Coder")) == false); 599 } 600 else if( roles.getName().equals("CallerPrincipal") ) 601 { 602 getLog().info("CallerPrincipal is "+roles.members().nextElement()); 603 boolean isMember = roles.isMember(new SimplePrincipal("callerScott")); 604 assertTrue("CallerPrincipal is callerScott", isMember); 605 } 606 } 607 lc.logout(); 608 609 handler = new UsernamePasswordHandler("stark", "javaman".toCharArray()); 610 lc = new LoginContext ("testUsersRoles", handler); 611 lc.login(); 612 subject = lc.getSubject(); 613 groups = subject.getPrincipals(Group .class); 614 assertTrue("Principals contains stark", subject.getPrincipals().contains(new SimplePrincipal("stark"))); 615 assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles"))); 616 assertTrue("Principals contains CallerPrincipal", groups.contains(new SimplePrincipal("CallerPrincipal"))); 617 groupsIter = groups.iterator(); 618 while( groupsIter.hasNext() ) 619 { 620 roles = (Group ) groupsIter.next(); 621 if( roles.getName().equals("Roles") ) 622 { 623 assertTrue("Echo is NOT a role", roles.isMember(new SimplePrincipal("Echo")) == false); 624 assertTrue("Java is a role", roles.isMember(new SimplePrincipal("Java"))); 625 assertTrue("Coder is a role", roles.isMember(new SimplePrincipal("Coder"))); 626 } 627 else if( roles.getName().equals("CallerPrincipal") ) 628 { 629 getLog().info("CallerPrincipal is "+roles.members().nextElement()); 630 boolean isMember = roles.isMember(new SimplePrincipal("callerStark")); 631 assertTrue("CallerPrincipal is callerStark", isMember); 632 } 633 } 634 lc.logout(); 635 636 getLog().info("Testing similar usernames"); 638 handler = new UsernamePasswordHandler("jdukeman", "anotherduke".toCharArray()); 639 lc = new LoginContext ("testUsersRoles", handler); 640 lc.login(); 641 subject = lc.getSubject(); 642 groups = subject.getPrincipals(Group .class); 643 assertTrue("Principals contains jdukeman", subject.getPrincipals().contains(new SimplePrincipal("jdukeman"))); 644 assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles"))); 645 assertTrue("Principals contains CallerPrincipal", groups.contains(new SimplePrincipal("CallerPrincipal"))); 646 groupsIter = groups.iterator(); 647 while( groupsIter.hasNext() ) 648 { 649 roles = (Group ) groupsIter.next(); 650 if( roles.getName().equals("Roles") ) 651 { 652 assertTrue("Role1 is NOT a role", roles.isMember(new SimplePrincipal("Role1")) == false); 653 assertTrue("Role2 is a role", roles.isMember(new SimplePrincipal("Role2"))); 654 assertTrue("Role3 is a role", roles.isMember(new SimplePrincipal("Role3"))); 655 } 656 else if( roles.getName().equals("CallerPrincipal") ) 657 { 658 getLog().info("CallerPrincipal is "+roles.members().nextElement()); 659 boolean isMember = roles.isMember(new SimplePrincipal("callerJdukeman")); 660 assertTrue("CallerPrincipal is callerJdukeman", isMember); 661 } 662 } 663 lc.logout(); 664 } 665 666 public void testUsersRolesHash() throws Exception 667 { 668 getLog().info("testUsersRolesHash"); 669 UsernamePasswordHandler handler = new UsernamePasswordHandler("scott", "echoman".toCharArray()); 670 LoginContext lc = new LoginContext ("testUsersRolesHash", handler); 671 lc.login(); 672 Subject subject = lc.getSubject(); 673 Set groups = subject.getPrincipals(Group .class); 674 assertTrue("Principals contains scott", subject.getPrincipals().contains(new SimplePrincipal("scott"))); 675 assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles"))); 676 assertTrue("Principals contains CallerPrincipal", groups.contains(new SimplePrincipal("CallerPrincipal"))); 677 Group roles = (Group ) groups.iterator().next(); 678 Iterator groupsIter = groups.iterator(); 679 while( groupsIter.hasNext() ) 680 { 681 roles = (Group ) groupsIter.next(); 682 if( roles.getName().equals("Roles") ) 683 { 684 assertTrue("Echo is a role", roles.isMember(new SimplePrincipal("Echo"))); 685 assertTrue("Java is NOT a role", roles.isMember(new SimplePrincipal("Java")) == false); 686 assertTrue("Coder is NOT a role", roles.isMember(new SimplePrincipal("Coder")) == false); 687 } 688 else if( roles.getName().equals("CallerPrincipal") ) 689 { 690 getLog().info("CallerPrincipal is "+roles.members().nextElement()); 691 boolean isMember = roles.isMember(new SimplePrincipal("callerScott")); 692 assertTrue("CallerPrincipal is callerScott", isMember); 693 } 694 } 695 lc.logout(); 696 } 697 698 public void testAnonUsersRoles() throws Exception 699 { 700 getLog().info("testAnonUsersRoles"); 701 UsernamePasswordHandler handler = new UsernamePasswordHandler(null, null); 702 LoginContext lc = new LoginContext ("testAnonUsersRoles", handler); 703 lc.login(); 704 Subject subject = lc.getSubject(); 705 Set groups = subject.getPrincipals(Group .class); 706 assertTrue("Principals contains nobody", subject.getPrincipals().contains(new SimplePrincipal("nobody"))); 707 assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles"))); 708 Group roles = (Group ) groups.iterator().next(); 709 assertTrue("Roles has no members", roles.members().hasMoreElements() == false); 710 711 lc.logout(); 712 } 713 public void testAnon() throws Exception 714 { 715 getLog().info("testAnon"); 716 UsernamePasswordHandler handler = new UsernamePasswordHandler(null, null); 717 LoginContext lc = new LoginContext ("testAnon", handler); 718 lc.login(); 719 Subject subject = lc.getSubject(); 720 Set groups = subject.getPrincipals(Group .class); 721 assertTrue("Principals contains nobody", subject.getPrincipals().contains(new SimplePrincipal("nobody"))); 722 assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles"))); 723 Group roles = (Group ) groups.iterator().next(); 724 assertTrue("Roles has no members", roles.members().hasMoreElements() == false); 725 726 lc.logout(); 727 } 728 public void testNull() throws Exception 729 { 730 getLog().info("testNull"); 731 UsernamePasswordHandler handler = new UsernamePasswordHandler(null, null); 732 LoginContext lc = new LoginContext ("testNull", handler); 733 try 734 { 735 lc.login(); 736 fail("Should not be able to login as null, null"); 737 } 738 catch(LoginException e) 739 { 740 } 742 } 743 744 public void testIdentity() throws Exception 745 { 746 getLog().info("testIdentity"); 747 LoginContext lc = new LoginContext ("testIdentity"); 748 lc.login(); 749 Subject subject = lc.getSubject(); 750 Set groups = subject.getPrincipals(Group .class); 751 assertTrue("Principals contains stark", subject.getPrincipals().contains(new SimplePrincipal("stark"))); 752 assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles"))); 753 Group roles = (Group ) groups.iterator().next(); 754 assertTrue("Role2 is not a role", roles.isMember(new SimplePrincipal("Role2")) == false); 755 assertTrue("Role3 is a role", roles.isMember(new SimplePrincipal("Role3"))); 756 assertTrue("Role4 is a role", roles.isMember(new SimplePrincipal("Role4"))); 757 758 lc.logout(); 759 } 760 public void testJCACallerIdentity() throws Exception 761 { 762 log.info("testJCACallerIdentity"); 763 MBeanServer server = MBeanServerFactory.createMBeanServer("jboss"); 764 LoginContext lc = new LoginContext ("testJCACallerIdentity"); 765 lc.login(); 766 Subject subject = lc.getSubject(); 767 assertTrue("Principals contains jduke", subject.getPrincipals().contains(new SimplePrincipal("jduke"))); 768 Set creds = subject.getPrivateCredentials(PasswordCredential .class); 769 PasswordCredential pc = (PasswordCredential ) creds.iterator().next(); 770 String username = pc.getUserName(); 771 String password = new String (pc.getPassword()); 772 assertTrue("PasswordCredential.username = jduke", username.equals("jduke")); 773 assertTrue("PasswordCredential.password = theduke", password.equals("theduke")); 774 lc.logout(); 775 776 SecurityAssociation.setPrincipal(new SimplePrincipal("jduke2")); 778 SecurityAssociation.setCredential("theduke2".toCharArray()); 779 lc.login(); 780 subject = lc.getSubject(); 781 Set principals = subject.getPrincipals(); 782 assertTrue("Principals contains jduke2", principals.contains(new SimplePrincipal("jduke2"))); 783 assertTrue("Principals does not contains jduke", principals.contains(new SimplePrincipal("jduke")) == false); 784 creds = subject.getPrivateCredentials(PasswordCredential .class); 785 pc = (PasswordCredential ) creds.iterator().next(); 786 username = pc.getUserName(); 787 password = new String (pc.getPassword()); 788 assertTrue("PasswordCredential.username = jduke2", username.equals("jduke2")); 789 assertTrue("PasswordCredential.password = theduke2", password.equals("theduke2")); 790 lc.logout(); 791 MBeanServerFactory.releaseMBeanServer(server); 792 } 793 public void testJaasSecurityDomainIdentityLoginModule() throws Exception 794 { 795 log.info("testJaasSecurityDomainIdentityLoginModule"); 796 MBeanServer server = MBeanServerFactory.createMBeanServer("jboss"); 797 JaasSecurityDomain secDomain = new JaasSecurityDomain("testEncodeDecode"); 798 secDomain.setSalt("abcdefgh"); 799 secDomain.setIterationCount(13); 800 secDomain.setKeyStorePass("master"); 801 secDomain.setManagerServiceName(null); 802 secDomain.start(); 803 ObjectName name = new ObjectName ("jboss.test:service=JaasSecurityDomain,domain=testJaasSecurityDomainIdentityLoginModule"); 804 server.registerMBean(secDomain, name); 805 806 LoginContext lc = new LoginContext ("testJaasSecurityDomainIdentityLoginModule"); 807 lc.login(); 808 Subject subject = lc.getSubject(); 809 assertTrue("Principals contains sa", subject.getPrincipals().contains(new SimplePrincipal("sa"))); 810 Set creds = subject.getPrivateCredentials(PasswordCredential .class); 811 PasswordCredential pc = (PasswordCredential ) creds.iterator().next(); 812 String username = pc.getUserName(); 813 String password = new String (pc.getPassword()); 814 assertTrue("PasswordCredential.username = sa", username.equals("sa")); 815 assertTrue("PasswordCredential.password = ", password.equals("")); 816 lc.logout(); 817 server.unregisterMBean(name); 818 MBeanServerFactory.releaseMBeanServer(server); 819 } 820 821 public void testSimple() throws Exception 822 { 823 getLog().info("testSimple"); 824 UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke", "jduke".toCharArray()); 825 LoginContext lc = new LoginContext ("testSimple", handler); 826 lc.login(); 827 Subject subject = lc.getSubject(); 828 Set groups = subject.getPrincipals(Group .class); 829 assertTrue("Principals contains jduke", subject.getPrincipals().contains(new SimplePrincipal("jduke"))); 830 assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles"))); 831 Group roles = (Group ) groups.iterator().next(); 832 assertTrue("user is a role", roles.isMember(new SimplePrincipal("user"))); 833 assertTrue("guest is a role", roles.isMember(new SimplePrincipal("guest"))); 834 835 lc.logout(); 836 } 837 838 869 public void testJdbc() throws Exception 870 { 871 getLog().info("testJdbc"); 872 873 Connection conn = setupLoginTables(); 874 try 875 { 876 UsernamePasswordHandler handler = new UsernamePasswordHandler("stark", "javaman".toCharArray()); 877 LoginContext lc = new LoginContext ("testJdbc", handler); 878 lc.login(); 879 Subject subject = lc.getSubject(); 880 Set groups = subject.getPrincipals(Group .class); 881 assertTrue("Principals contains stark", subject.getPrincipals().contains(new SimplePrincipal("stark"))); 882 assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles"))); 883 Group roles = (Group ) groups.iterator().next(); 884 assertTrue("Java is a role", roles.isMember(new SimplePrincipal("Java"))); 885 assertTrue("Coder is a role", roles.isMember(new SimplePrincipal("Coder"))); 886 887 lc.logout(); 888 } 889 finally 890 { 891 conn.close(); 892 } 893 } 894 895 public void testControlFlags() throws Exception 896 { 897 getLog().info("testControlFlags"); 898 899 Connection conn = setupLoginTables(); 900 try 901 { 902 Configuration cfg = Configuration.getConfiguration(); 903 AppConfigurationEntry [] ace = cfg.getAppConfigurationEntry("testControlFlags"); 904 for(int n = 0; n < ace.length; n ++) 905 { 906 assertTrue("testControlFlags flag==SUFFICIENT", 907 ace[n].getControlFlag() == AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT); 908 getLog().info(ace[n].getControlFlag()); 909 } 910 911 915 UsernamePasswordHandler handler = new UsernamePasswordHandler("jduke", "theduke".toCharArray()); 916 LoginContext lc = new LoginContext ("testControlFlags", handler); 917 lc.login(); 918 Subject subject = lc.getSubject(); 919 Set groups = subject.getPrincipals(Group .class); 920 assertTrue("Principals contains jduke", subject.getPrincipals().contains(new SimplePrincipal("jduke"))); 921 assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles"))); 922 Group roles = (Group ) groups.iterator().next(); 923 assertTrue("Role1 is a role", roles.isMember(new SimplePrincipal("Role1"))); 925 assertTrue("Role2 is a role", roles.isMember(new SimplePrincipal("Role2"))); 926 assertTrue("Role3 is NOT a role", !roles.isMember(new SimplePrincipal("Role3"))); 927 assertTrue("Role4 is NOT a role", !roles.isMember(new SimplePrincipal("Role4"))); 928 lc.logout(); 929 930 934 handler = new UsernamePasswordHandler("jduke", "jduke".toCharArray()); 935 lc = new LoginContext ("testControlFlags", handler); 936 lc.login(); 937 subject = lc.getSubject(); 938 groups = subject.getPrincipals(Group .class); 939 assertTrue("Principals contains jduke", subject.getPrincipals().contains(new SimplePrincipal("jduke"))); 940 assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles"))); 941 roles = (Group ) groups.iterator().next(); 942 Enumeration iter = roles.members(); 943 while( iter.hasMoreElements() ) 944 getLog().debug(iter.nextElement()); 945 assertTrue("Role1 is NOT a role", !roles.isMember(new SimplePrincipal("Role1"))); 947 assertTrue("Role2 is NOT a role", !roles.isMember(new SimplePrincipal("Role2"))); 948 assertTrue("Role3 is a role", roles.isMember(new SimplePrincipal("Role3"))); 949 assertTrue("Role4 is a role", roles.isMember(new SimplePrincipal("Role4"))); 950 lc.logout(); 951 } 952 finally 953 { 954 conn.close(); 955 } 956 } 957 958 public void testCertLogin() throws Exception 959 { 960 getLog().info("testCertLogin"); 961 InitialContext ctx = new InitialContext (); 962 ctx.rebind("testCertLogin", new TestSecurityDomain()); 963 964 KeyStore store = KeyStore.getInstance("JKS"); 965 ClassLoader loader = Thread.currentThread().getContextClassLoader(); 966 URL resURL = loader.getResource("security/tst.keystore"); 967 store.load(resURL.openStream(), "unit-tests".toCharArray()); 968 X509Certificate cert = (X509Certificate ) store.getCertificate("unit-tests"); 969 SimplePrincipal x509 = new SimplePrincipal("unit-tests"); 970 SecurityAssociationHandler handler = new SecurityAssociationHandler(x509, cert); 971 LoginContext lc = new LoginContext ("testCertLogin", handler); 972 lc.login(); 973 Subject subject = lc.getSubject(); 974 assertTrue("Principals contains unit-tests", subject.getPrincipals().contains(new SimplePrincipal("unit-tests"))); 975 assertTrue("Principals contains x509cert", 976 subject.getPublicCredentials().contains(cert)); 977 } 978 979 public void testCertRoles() throws Exception 980 { 981 getLog().info("testCertRoles"); 982 InitialContext ctx = new InitialContext (); 983 ctx.rebind("testCertRoles", new TestSecurityDomain()); 984 985 KeyStore store = KeyStore.getInstance("JKS"); 986 ClassLoader loader = Thread.currentThread().getContextClassLoader(); 987 URL resURL = loader.getResource("security/tst.keystore"); 988 store.load(resURL.openStream(), "unit-tests".toCharArray()); 989 X509Certificate cert = (X509Certificate ) store.getCertificate("unit-tests"); 990 SimplePrincipal x509 = new SimplePrincipal("unit-tests"); 991 SecurityAssociationHandler handler = new SecurityAssociationHandler(x509, cert); 992 LoginContext lc = new LoginContext ("testCertRoles", handler); 993 lc.login(); 994 Subject subject = lc.getSubject(); 995 Set groups = subject.getPrincipals(Group .class); 996 assertTrue("Principals contains unit-tests", subject.getPrincipals().contains(new SimplePrincipal("unit-tests"))); 997 assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles"))); 998 assertTrue("Principals contains x509cert", 999 subject.getPublicCredentials().contains(cert)); 1000 Group roles = (Group ) groups.iterator().next(); 1001 Iterator groupsIter = groups.iterator(); 1002 while( groupsIter.hasNext() ) 1003 { 1004 roles = (Group ) groupsIter.next(); 1005 if( roles.getName().equals("Roles") ) 1006 { 1007 assertTrue("CertUser is a role", roles.isMember(new SimplePrincipal("CertUser"))); 1008 assertTrue("Java is NOT a role", roles.isMember(new SimplePrincipal("Java")) == false); 1009 assertTrue("Coder is NOT a role", roles.isMember(new SimplePrincipal("Coder")) == false); 1010 } 1011 else if( roles.getName().equals("CallerPrincipal") ) 1012 { 1013 getLog().info("CallerPrincipal is "+roles.members().nextElement()); 1014 boolean isMember = roles.isMember(new SimplePrincipal("callerX509")); 1015 assertTrue("CallerPrincipal is callerX509", isMember); 1016 } 1017 } 1018 lc.logout(); 1019 1020 } 1021 1022 private Connection setupLoginTables() throws Exception 1023 { 1024 Class.forName("org.hsqldb.jdbcDriver"); 1025 TestDS ds = new TestDS(); 1027 InitialContext ctx = new InitialContext (); 1028 ctx.rebind("testJdbc", ds); 1029 1030 Connection conn = ds.getConnection("sa", ""); 1032 Statement statement = conn.createStatement(); 1033 createPrincipalsTable(statement); 1034 createRolesTable(statement); 1035 statement.close(); 1036 1037 return conn; 1040 } 1041 1042 private void createPrincipalsTable(Statement statement) throws SQLException 1043 { 1044 try 1045 { 1046 statement.execute("DROP TABLE Principals"); 1047 } 1048 catch(SQLException e) 1049 { 1050 } 1052 boolean result = statement.execute("CREATE TABLE Principals (" 1053 + "PrincipalID VARCHAR(64) PRIMARY KEY," 1054 + "Password VARCHAR(64) )" 1055 ); 1056 getLog().info("Created Principals table, result="+result); 1057 result = statement.execute("INSERT INTO Principals VALUES ('scott', 'echoman')"); 1058 getLog().info("INSERT INTO Principals VALUES ('scott', 'echoman'), result="+result); 1059 result = statement.execute("INSERT INTO Principals VALUES ('stark', 'javaman')"); 1060 getLog().info("INSERT INTO Principals VALUES ('stark', 'javaman'), result="+result); 1061 result = statement.execute("INSERT INTO Principals VALUES ('jduke', 'jduke')"); 1063 getLog().info("INSERT INTO Principals VALUES ('jduke', 'jduke'), result="+result); 1064 } 1065 1066 private void createRolesTable(Statement statement) throws SQLException 1067 { 1068 try 1069 { 1070 statement.execute("DROP TABLE Roles"); 1071 } 1072 catch(SQLException e) 1073 { 1074 } 1076 boolean result = statement.execute("CREATE TABLE Roles (" 1077 + "PrincipalID VARCHAR(64)," 1078 + "Role VARCHAR(64)," 1079 + "RoleGroup VARCHAR(64) )" 1080 ); 1081 getLog().info("Created Roles table, result="+result); 1082 result = statement.execute("INSERT INTO Roles VALUES ('scott', 'Echo', 'Roles')"); 1083 getLog().info("INSERT INTO Roles VALUES ('scott', 'Echo', 'Roles'), result="+result); 1084 result = statement.execute("INSERT INTO Roles VALUES ('scott', 'callerScott', 'CallerPrincipal')"); 1085 getLog().info("INSERT INTO Roles VALUES ('scott', 'callerScott', 'CallerPrincipal'), result="+result); 1086 result = statement.execute("INSERT INTO Roles VALUES ('stark', 'Java', 'Roles')"); 1087 getLog().info("INSERT INTO Roles VALUES ('stark', 'Java', 'Roles'), result="+result); 1088 result = statement.execute("INSERT INTO Roles VALUES ('stark', 'Coder', 'Roles')"); 1089 getLog().info("INSERT INTO Roles VALUES ('stark', 'Coder', 'Roles'), result="+result); 1090 result = statement.execute("INSERT INTO Roles VALUES ('stark', 'callerStark', 'CallerPrincipal')"); 1091 getLog().info("INSERT INTO Roles VALUES ('stark', 'callerStark', 'CallerPrincipal'), result="+result); 1092 result = statement.execute("INSERT INTO Roles VALUES ('jduke', 'Role3', 'Roles')"); 1093 getLog().info("INSERT INTO Roles VALUES ('jduke', 'Role3', 'Roles'), result="+result); 1094 result = statement.execute("INSERT INTO Roles VALUES ('jduke', 'Role4', 'Roles')"); 1095 getLog().info("INSERT INTO Roles VALUES ('jduke', 'Role4', 'Roles'), result="+result); 1096 } 1097 1098 public static void main(java.lang.String [] args) 1099 { 1100 java.net.URL users = LoginModulesUnitTestCase.class.getResource("/users.properties"); 1102 System.out.println("users.properties is here: "+users); 1103 TestSuite suite = new TestSuite(LoginModulesUnitTestCase.class); 1104 junit.textui.TestRunner.run(suite); 1105 } 1106 1107} 1108 | Popular Tags |