SubjectContextUnitTestCase


1   /*
2     * JBoss, Home of Professional Open Source
3     * Copyright 2005, JBoss Inc., and individual contributors as indicated
4     * by the @authors tag. See the copyright.txt in the distribution for a
5     * full listing of individual contributors.
6     *
7     * This is free software; you can redistribute it and/or modify it
8     * under the terms of the GNU Lesser General Public License as
9     * published by the Free Software Foundation; either version 2.1 of
10    * the License, or (at your option) any later version.
11    *
12    * This software is distributed in the hope that it will be useful,
13    * but WITHOUT ANY WARRANTY; without even the implied warranty of
14    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15    * Lesser General Public License for more details.
16    *
17    * You should have received a copy of the GNU Lesser General Public
18    * License along with this software; if not, write to the Free
19    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21    */
22  
23  package org.jboss.test.security.test;
24  
25  import java.util.Properties  ;
26  import java.util.HashSet  ;
27  import java.security.Principal  ;
28  import java.net.HttpURLConnection  ;
29  import java.io.InputStream  ;
30  import java.io.ByteArrayOutputStream  ;
31  import java.io.ObjectOutputStream  ;
32  import java.io.ByteArrayInputStream  ;
33  import javax.naming.Context  ;
34  import javax.naming.InitialContext  ;
35  import javax.rmi.PortableRemoteObject  ;
36  
37  import junit.framework.Test;
38  import org.jboss.test.JBossTestCase;
39  import org.jboss.test.util.web.HttpUtils;
40  import org.jboss.test.security.interfaces.SecuredServiceRemoteHome;
41  import org.jboss.test.security.interfaces.SecuredServiceRemote;
42  import org.jboss.test.security.interfaces.CallerInfo;
43  import org.jboss.security.SecurityAssociation;
44  import org.jboss.security.SimplePrincipal;
45  import org.apache.commons.httpclient.HttpMethodBase;
46  import org.apache.commons.httpclient.HttpClient;
47  import org.apache.commons.httpclient.NameValuePair;
48  import org.apache.commons.httpclient.HttpState;
49  import org.apache.commons.httpclient.UsernamePasswordCredentials;
50  import org.apache.commons.httpclient.methods.PostMethod;
51  
52  
53  /** Tests of the JACC subject policy context handler state and consistency
54   with the container caller principal, isCallerInRole methods.
55  
56   @author Scott.Stark@jboss.org
57   @version $Revision: 40175 $
58   */
59  public class SubjectContextUnitTestCase
60     extends JBossTestCase
61  {
62     public SubjectContextUnitTestCase(String   name)
63     {
64        super(name);
65     }
66  
67     /**
68      Access an unchecked method with a valid login that calls the same method
69      on another bean using a run-as role.
70  
71      @throws Exception
72      */
73     public void testPublicMethod() throws Exception  
74     {
75        log.debug("+++ testPublicMethod()");
76        Properties   env = new Properties  ();
77        env.setProperty(Context.INITIAL_CONTEXT_FACTORY,
78           "org.jboss.security.jndi.JndiLoginInitialContextFactory");
79        env.setProperty(Context.SECURITY_PRINCIPAL, "jduke");
80        env.setProperty(Context.SECURITY_CREDENTIALS, "theduke");
81        InitialContext   ctx = new InitialContext  (env);
82        Object   obj = ctx.lookup("jacc/Secured");
83        obj = PortableRemoteObject.narrow(obj, SecuredServiceRemoteHome.class);
84        SecuredServiceRemoteHome home = (SecuredServiceRemoteHome) obj;
85        log.debug("Found SecuredServiceRemoteHome");
86        SecuredServiceRemote bean = home.create();
87        log.debug("Created SecuredServiceRemote");
88  
89        Principal   callerIdentity = new SimplePrincipal("jduke");
90        Principal   runAsIdentity = new SimplePrincipal("runAsUser");
91        HashSet   expectedCallerRoles = new HashSet  ();
92        expectedCallerRoles.add("groupMemberCaller");
93        expectedCallerRoles.add("userCaller");
94        expectedCallerRoles.add("allAuthCaller");
95        expectedCallerRoles.add("webUser");
96        HashSet   expectedRunAsRoles = new HashSet  ();
97        expectedRunAsRoles.add("identitySubstitutionCaller");
98        expectedRunAsRoles.add("extraRunAsRole");
99        CallerInfo info = new CallerInfo(callerIdentity, runAsIdentity,
100          expectedCallerRoles, expectedRunAsRoles);
101       bean.publicMethod(info);
102       bean.remove();
103    }
104    public void testAllAuthMethod() throws Exception  
105    {
106       log.debug("+++ testAllAuthMethod()");
107       Properties   env = new Properties  ();
108       env.setProperty(Context.INITIAL_CONTEXT_FACTORY,
109          "org.jboss.security.jndi.JndiLoginInitialContextFactory");
110       env.setProperty(Context.SECURITY_PRINCIPAL, "jduke");
111       env.setProperty(Context.SECURITY_CREDENTIALS, "theduke");
112       InitialContext   ctx = new InitialContext  (env);
113       Object   obj = ctx.lookup("jacc/Secured");
114       obj = PortableRemoteObject.narrow(obj, SecuredServiceRemoteHome.class);
115       SecuredServiceRemoteHome home = (SecuredServiceRemoteHome) obj;
116       log.debug("Found SecuredServiceRemoteHome");
117       SecuredServiceRemote bean = home.create();
118       log.debug("Created SecuredServiceRemote");
119 
120       Principal   callerIdentity = new SimplePrincipal("jduke");
121       Principal   runAsIdentity = new SimplePrincipal("runAsUser");
122       HashSet   expectedCallerRoles = new HashSet  ();
123       expectedCallerRoles.add("groupMemberCaller");
124       expectedCallerRoles.add("userCaller");
125       expectedCallerRoles.add("allAuthCaller");
126       expectedCallerRoles.add("webUser");
127       HashSet   expectedRunAsRoles = new HashSet  ();
128       expectedRunAsRoles.add("identitySubstitutionCaller");
129       expectedRunAsRoles.add("extraRunAsRole");
130       CallerInfo info = new CallerInfo(callerIdentity, runAsIdentity,
131          expectedCallerRoles, expectedRunAsRoles);
132       bean.allAuthMethod(info);
133       bean.remove();
134    }
135    public void testUserMethod() throws Exception  
136    {
137       log.debug("+++ testUserMethod()");
138       Properties   env = new Properties  ();
139       env.setProperty(Context.INITIAL_CONTEXT_FACTORY,
140          "org.jboss.security.jndi.JndiLoginInitialContextFactory");
141       env.setProperty(Context.SECURITY_PRINCIPAL, "jduke");
142       env.setProperty(Context.SECURITY_CREDENTIALS, "theduke");
143       InitialContext   ctx = new InitialContext  (env);
144       Object   obj = ctx.lookup("jacc/Secured");
145       obj = PortableRemoteObject.narrow(obj, SecuredServiceRemoteHome.class);
146       SecuredServiceRemoteHome home = (SecuredServiceRemoteHome) obj;
147       log.debug("Found SecuredServiceRemoteHome");
148       SecuredServiceRemote bean = home.create();
149       log.debug("Created SecuredServiceRemote");
150 
151       Principal   callerIdentity = new SimplePrincipal("jduke");
152       Principal   runAsIdentity = new SimplePrincipal("runAsUser");
153       HashSet   expectedCallerRoles = new HashSet  ();
154       expectedCallerRoles.add("groupMemberCaller");
155       expectedCallerRoles.add("userCaller");
156       expectedCallerRoles.add("allAuthCaller");
157       expectedCallerRoles.add("webUser");
158       HashSet   expectedRunAsRoles = new HashSet  ();
159       expectedRunAsRoles.add("identitySubstitutionCaller");
160       expectedRunAsRoles.add("extraRunAsRole");
161       CallerInfo info = new CallerInfo(callerIdentity, runAsIdentity,
162          expectedCallerRoles, expectedRunAsRoles);
163       bean.userMethod(info);
164       bean.remove();
165    }
166    public void testGroupMemberMethod() throws Exception  
167    {
168       log.debug("+++ testGroupMemberMethod()");
169       Properties   env = new Properties  ();
170       env.setProperty(Context.INITIAL_CONTEXT_FACTORY,
171          "org.jboss.security.jndi.JndiLoginInitialContextFactory");
172       env.setProperty(Context.SECURITY_PRINCIPAL, "jduke");
173       env.setProperty(Context.SECURITY_CREDENTIALS, "theduke");
174       InitialContext   ctx = new InitialContext  (env);
175       Object   obj = ctx.lookup("jacc/Secured");
176       obj = PortableRemoteObject.narrow(obj, SecuredServiceRemoteHome.class);
177       SecuredServiceRemoteHome home = (SecuredServiceRemoteHome) obj;
178       log.debug("Found SecuredServiceRemoteHome");
179       SecuredServiceRemote bean = home.create();
180       log.debug("Created SecuredServiceRemote");
181 
182       Principal   callerIdentity = new SimplePrincipal("jduke");
183       Principal   runAsIdentity = new SimplePrincipal("runAsUser");
184       HashSet   expectedCallerRoles = new HashSet  ();
185       expectedCallerRoles.add("groupMemberCaller");
186       expectedCallerRoles.add("userCaller");
187       expectedCallerRoles.add("allAuthCaller");
188       expectedCallerRoles.add("webUser");
189       HashSet   expectedRunAsRoles = new HashSet  ();
190       expectedRunAsRoles.add("identitySubstitutionCaller");
191       expectedRunAsRoles.add("extraRunAsRole");
192       CallerInfo info = new CallerInfo(callerIdentity, runAsIdentity,
193          expectedCallerRoles, expectedRunAsRoles);
194       bean.groupMemberMethod(info);
195       bean.remove();
196    }
197    public void testRunAsMethod() throws Exception  
198    {
199       log.debug("+++ testRunAsMethod()");
200       Properties   env = new Properties  ();
201       env.setProperty(Context.INITIAL_CONTEXT_FACTORY,
202          "org.jboss.security.jndi.JndiLoginInitialContextFactory");
203       env.setProperty(Context.SECURITY_PRINCIPAL, "jduke");
204       env.setProperty(Context.SECURITY_CREDENTIALS, "theduke");
205       InitialContext   ctx = new InitialContext  (env);
206       Object   obj = ctx.lookup("jacc/Secured");
207       obj = PortableRemoteObject.narrow(obj, SecuredServiceRemoteHome.class);
208       SecuredServiceRemoteHome home = (SecuredServiceRemoteHome) obj;
209       log.debug("Found SecuredServiceRemoteHome");
210       SecuredServiceRemote bean = home.create();
211       log.debug("Created SecuredServiceRemote");
212 
213       Principal   callerIdentity = new SimplePrincipal("jduke");
214       Principal   runAsIdentity = new SimplePrincipal("runAsUser");
215       HashSet   expectedCallerRoles = new HashSet  ();
216       expectedCallerRoles.add("groupMemberCaller");
217       expectedCallerRoles.add("userCaller");
218       expectedCallerRoles.add("allAuthCaller");
219       expectedCallerRoles.add("webUser");
220       HashSet   expectedRunAsRoles = new HashSet  ();
221       expectedRunAsRoles.add("identitySubstitutionCaller");
222       expectedRunAsRoles.add("extraRunAsRole");
223       CallerInfo info = new CallerInfo(callerIdentity, runAsIdentity,
224          expectedCallerRoles, expectedRunAsRoles);
225       bean.runAsMethod(info);
226       bean.remove();
227    }
228    public void testUnprotectedEjbMethod() throws Exception  
229    {
230       log.debug("+++ testUnprotectedEjbMethod()");
231       SecurityAssociation.clear();
232       InitialContext   ctx = new InitialContext  ();
233       Object   obj = ctx.lookup("jacc/Secured");
234       obj = PortableRemoteObject.narrow(obj, SecuredServiceRemoteHome.class);
235       SecuredServiceRemoteHome home = (SecuredServiceRemoteHome) obj;
236       log.debug("Found SecuredServiceRemoteHome");
237       SecuredServiceRemote bean = home.create();
238       log.debug("Created SecuredServiceRemote");
239 
240       Principal   callerIdentity = new SimplePrincipal("guest");
241       Principal   runAsIdentity = new SimplePrincipal("runAsUser");
242       HashSet   expectedCallerRoles = new HashSet  ();
243       HashSet   expectedRunAsRoles = new HashSet  ();
244       expectedRunAsRoles.add("identitySubstitutionCaller");
245       expectedRunAsRoles.add("extraRunAsRole");
246       CallerInfo info = new CallerInfo(callerIdentity, runAsIdentity,
247          expectedCallerRoles, expectedRunAsRoles);
248       bean.unprotectedEjbMethod(info);
249       bean.remove();
250    }
251 
252    public void testUnprotectedEjbMethodViaServlet() throws Exception  
253    {
254       log.debug("+++ testUnprotectedEjbMethodViaServlet()");
255       SecurityAssociation.clear();
256 
257       Principal   callerIdentity = new SimplePrincipal("guest");
258       Principal   runAsIdentity = new SimplePrincipal("runAsUser");
259       HashSet   expectedCallerRoles = new HashSet  ();
260       HashSet   expectedRunAsRoles = new HashSet  ();
261       expectedRunAsRoles.add("identitySubstitutionCaller");
262       expectedRunAsRoles.add("extraRunAsRole");
263       CallerInfo info = new CallerInfo(callerIdentity, runAsIdentity,
264          expectedCallerRoles, expectedRunAsRoles);
265 
266       String   baseURLNoAuth = HttpUtils.getBaseURLNoAuth();
267       PostMethod formPost = new PostMethod(baseURLNoAuth+"subject-context/unrestricted/RunAsServlet");
268       ByteArrayOutputStream   baos = new ByteArrayOutputStream  ();
269       ObjectOutputStream   oos = new ObjectOutputStream  (baos);
270       oos.writeObject("unprotectedEjbMethod");
271       oos.writeObject(info);
272       oos.close();
273       log.info("post content length: "+baos.toByteArray().length);
274       ByteArrayInputStream   bais = new ByteArrayInputStream  (baos.toByteArray());
275       formPost.setRequestBody(bais);
276       HttpClient httpConn = new HttpClient();
277       int responseCode = httpConn.executeMethod(formPost);
278       assertTrue("POST OK("+responseCode+")", responseCode == HttpURLConnection.HTTP_OK);
279    }
280 
281    public void testUserMethodViaServlet() throws Exception  
282    {
283       log.debug("+++ testUserMethodViaServlet()");
284       SecurityAssociation.clear();
285 
286       Principal   callerIdentity = new SimplePrincipal("jduke");
287       Principal   runAsIdentity = new SimplePrincipal("runAsUser");
288       HashSet   expectedCallerRoles = new HashSet  ();
289       expectedCallerRoles.add("groupMemberCaller");
290       expectedCallerRoles.add("userCaller");
291       expectedCallerRoles.add("allAuthCaller");
292       expectedCallerRoles.add("webUser");
293       HashSet   expectedRunAsRoles = new HashSet  ();
294       expectedRunAsRoles.add("identitySubstitutionCaller");
295       expectedRunAsRoles.add("extraRunAsRole");
296       CallerInfo info = new CallerInfo(callerIdentity, runAsIdentity,
297          expectedCallerRoles, expectedRunAsRoles);
298 
299       String   baseURL = HttpUtils.getBaseURL("jduke", "theduke");
300       PostMethod formPost = new PostMethod(baseURL+"subject-context/restricted/RunAsServlet");
301       formPost.setDoAuthentication(true);
302       ByteArrayOutputStream   baos = new ByteArrayOutputStream  ();
303       ObjectOutputStream   oos = new ObjectOutputStream  (baos);
304       oos.writeObject("userMethod");
305       oos.writeObject(info);
306       oos.close();
307       log.info("post content length: "+baos.toByteArray().length);
308       ByteArrayInputStream   bais = new ByteArrayInputStream  (baos.toByteArray());
309       formPost.setRequestBody(bais);
310       String   host = formPost.getHostConfiguration().getHost();
311       HttpClient httpConn = new HttpClient();
312       HttpState state = httpConn.getState();
313       state.setAuthenticationPreemptive(true);
314       UsernamePasswordCredentials upc = new UsernamePasswordCredentials("jduke", "theduke");
315       state.setCredentials("JBossTest Servlets", host, upc);
316       
317       int responseCode = httpConn.executeMethod(formPost);
318       assertTrue("POST OK("+responseCode+")", responseCode == HttpURLConnection.HTTP_OK);
319    }
320 
321    public static Test suite() throws Exception  
322    {
323       return JBossTestCase.getDeploySetup(SubjectContextUnitTestCase.class, "subject-context.ear");
324    }
325 
326 }
327
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags