Java > Open Source Codes > org > objectweb > jonas > jtests > clients > security > F_RunAs


1 /*
2  * JOnAS: Java(TM) Open Application Server
3  * Copyright (C) 1999 Bull S.A.
4  * Contact: jonas-team@objectweb.org
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
19  * USA
20  *
21  * --------------------------------------------------------------------------
22  * $Id: F_RunAs.java,v 1.8 2005/05/12 14:39:55 durieuxp Exp $
23  * --------------------------------------------------------------------------
24  */
25
26 package org.objectweb.jonas.jtests.clients.security;
27
28 import javax.jms.Connection ;
29 import javax.jms.ConnectionFactory ;
30 import javax.jms.Destination ;
31 import javax.jms.JMSException ;
32 import javax.jms.MapMessage ;
33 import javax.jms.Message ;
34 import javax.jms.MessageConsumer ;
35 import javax.jms.Queue ;
36 import javax.jms.Session ;
37 import javax.jms.Topic ;
38 import javax.jms.TopicConnection ;
39 import javax.jms.TopicConnectionFactory ;
40 import javax.jms.TopicPublisher ;
41 import javax.jms.TopicSession ;
42 import javax.naming.NamingException ;
43 import javax.rmi.PortableRemoteObject ;
44 import org.objectweb.jonas.jtests.beans.secured.BaseS;
45 import org.objectweb.jonas.jtests.beans.secured.BaseSHome;
46 import org.objectweb.jonas.jtests.beans.secured.Session1;
47 import org.objectweb.jonas.jtests.beans.secured.Session1Home;
48 import org.objectweb.jonas.jtests.util.JTestCase;
49 import junit.framework.Test;
50 import junit.framework.TestSuite;
51 import org.objectweb.security.context.SecurityContext;
52 import org.objectweb.security.context.SecurityCurrent;
53
54 /**
55  * Security Management Suite with a stateless session as first bean
56  * Test the run-as element
57  *
58  * @author Florent Benoit
59  *
60  */
61
62 public class F_RunAs extends JTestCase {
63  
64
65     /**
66      * Bean RunAs
67      */
68     private static String BEAN_HOME_RUNAS = "securedBaseRunAsSLHome";
69
70     /**
71      * Bean without RunAs
72      */
73     private static String BEAN_HOME_NO_RUNAS = "securedBaseNoRunAsSLHome";
74
75
76     /**
77      * Name of the principal 1
78      */
79     protected static String PRINCIPAL1_NAME = "principal1";
80
81     /**
82      * Name of the principal 2
83      */
84     protected static String PRINCIPAL2_NAME = "principal2";
85
86     /**
87      * Name of the role 1
88      */
89     protected static String ROLE1_NAME = "role1";
90
91     /**
92      * Name of the role 2
93      */
94     protected static String ROLE2_NAME = "role2";
95
96     /**
97      * Home runAs
98      */
99     protected static BaseSHome runAsHome = null;
100
101     /**
102      * Home no runAs
103      */
104     protected static BaseSHome noRunAsHome = null;
105
106     /**
107      * Current
108      */
109     protected static SecurityCurrent current = null;
110
111     /**
112      * principal 1
113      */
114     protected static SecurityContext principal1 = null;
115
116     /**
117      * principal 2
118      */
119     protected static SecurityContext principal2 = null;
120
121
122     /**
123      * Constructor
124      */
125     public F_RunAs(String name) {
126         super(name);
127     }
128
129     /**
130      * Return the Home runAs
131      */
132     public BaseSHome getRunAsHome() {
133         if (runAsHome == null) {
134             try {
135                 runAsHome = (BaseSHome) PortableRemoteObject.narrow(ictx.lookup(BEAN_HOME_RUNAS), BaseSHome.class);
136             } catch (NamingException e) {
137                 fail("Cannot get bean home " + BEAN_HOME_RUNAS);
138             }
139         }
140         return runAsHome;
141     }
142
143     /**
144      * Return the Home no runAs
145      */
146     public BaseSHome getNoRunAsHome() {
147         if (noRunAsHome == null) {
148             try {
149                 noRunAsHome = (BaseSHome) PortableRemoteObject.narrow(ictx.lookup(BEAN_HOME_NO_RUNAS), BaseSHome.class);
150             } catch (NamingException e) {
151                 fail("Cannot get bean home " + BEAN_HOME_NO_RUNAS);
152             }
153         }
154         return noRunAsHome;
155     }
156
157     public BaseS getBaseRunAs() throws Exception {
158         return getRunAsHome().create();
159     }
160
161     public BaseS getBaseNoRunAs() throws Exception {
162         return getNoRunAsHome().create();
163     }
164
165     /**
166      * init environment:
167      * - load beans
168      */
169     protected void setUp() {
170         super.setUp();
171         if (current == null) {
172             current = SecurityCurrent.getCurrent();
173             String [] roles1 = new String []{ROLE1_NAME};
174             principal1 = new SecurityContext(PRINCIPAL1_NAME, roles1);
175             String [] roles2 = new String []{ROLE2_NAME};
176             principal2 = new SecurityContext(PRINCIPAL2_NAME, roles2);
177         }
178         useBeans("secured", true);
179     }
180
181
182     /**
183      * This suite is all BMP test cases
184      */
185     public static Test suite() {
186         return new TestSuite(F_RunAs.class);
187     }
188
189     public static void main (String args[]) {
190         String testtorun = null;
191         // Get args
192 for (int argn = 0; argn < args.length; argn++) {
193             String s_arg = args[argn];
194             Integer i_arg;
195             if (s_arg.equals("-n")) {
196                 testtorun = args[++argn];
197             }
198         }
199         if (testtorun == null) {
200             junit.textui.TestRunner.run(suite());
201         } else {
202             junit.textui.TestRunner.run(new F_RunAs(testtorun));
203         }
204     }
205
206
207
208     /**
209      * Test the call on a bean which call another bean without any runAs
210      * The principal must be propagated
211      */
212     public void testNoRunAsAtAll() throws Exception {
213         current.setSecurityContext(principal1);
214         BaseS sl = getBaseNoRunAs();
215         assertEquals(PRINCIPAL1_NAME, sl.getPrincipalName());
216         assertTrue(sl.isCallerInRole(ROLE1_NAME));
217         sl.callBeanNoRunAsWithRole1();
218         sl.remove();
219     }
220
221
222
223     /**
224      * Test the call on a bean which call another bean.
225      * First bean need to have a run-as access, but not the second
226      * The principal must be propagated
227      */
228     public void testRunAsAndNoRunAs() throws Exception {
229         current.setSecurityContext(principal2);
230         BaseS sl = null;
231         try {
232             sl = getBaseRunAs();
233         } catch (Exception e) {
234             fail("Create failed. Role used to access this bean must be role2");
235         }
236         assertEquals(PRINCIPAL2_NAME, sl.getPrincipalName());
237         assertTrue(sl.isCallerInRole(ROLE2_NAME));
238         boolean b = sl.callBeanNoRunAsWithRole2();
239         if (!b) {
240             fail("Cannot call another bean as role for calling the method must be role1 (run-as on the current bean) and not role2 (principal role)");
241         }
242         sl.remove();
243     }
244
245     /**
246      * Test the run-as with a Timer
247      * First bean implements TimedObject and has the run-as set.
248      * Timeout method calls another bean method protected
249      * @throws Exception Unexpected Test error
250      */
251     public void testRunAsOnTimer() throws Exception {
252         current.setSecurityContext(principal2);
253         BaseS sl = getBaseRunAs();
254         int duration = 5;
255         try {
256             int oldval = sl.getTimerCount();
257             sl.setTimer(duration, 0, 2);
258             sleep(2000);
259             assertEquals("timer expired too quickly", oldval, sl.getTimerCount());
260             sleep(4000);
261             assertEquals("timer did not expired", oldval + 1, sl.getTimerCount());
262         } finally {
263             sl.remove();
264         }
265     }
266     
267     /**
268      * Test the call on a bean which call another bean.
269      * First bean don't need to have a run-as access, but the second does
270      * The principal must be propagated
271      */
272     public void testnoRunAsAndRunAs() throws Exception {
273         current.setSecurityContext(principal1);
274         BaseS sl = null;
275         sl = getBaseNoRunAs();
276         assertEquals(PRINCIPAL1_NAME, sl.getPrincipalName());
277         assertTrue(sl.isCallerInRole(ROLE1_NAME));
278         boolean b = sl.callBeanRunAsWithRole1();
279         if (!b) {
280             fail("Current role is role1 and the bean which is called need to have role2");
281         }
282         sl.remove();
283     }
284
285
286
287     /**
288      * Test the call on a bean which call another bean.
289      * First bean need to have a run-as access and the second too
290      * First run-as is role1 ,second run-as is role3
291      * so the test works if there is an access denied in second bean
292      * The principal must be propagated
293      */
294     public void testRunAsChain() throws Exception {
295         current.setSecurityContext(principal2);
296         BaseS sl = null;
297         try {
298             sl = getBaseRunAs();
299         } catch (Exception e) {
300             fail("Create failed. Maybe role used is role1 but it must be role2 as this bean has got a run-as attribute with role2");
301         }
302         assertEquals(PRINCIPAL2_NAME, sl.getPrincipalName());
303         assertTrue(sl.isCallerInRole(ROLE2_NAME));
304         boolean b = sl.callBeanRunAsWithRole2();
305         if (!b) {
306             fail("Current role is role2 and the bean which is called has got a run as with role1. The next bean need role 2.");
307         }
308         sl.remove();
309     }
310
311
312     /**
313      * Test the call on a bean which call another bean, etc
314      * First bean need role2 and has a run-as
315      * After calling a runas bean, it call a no-run as bean
316      * First run-as is role2 ,second run-as is role3 and last call is done on a without runas
317      * The principal must be propagated
318      */
319     public void testRunAsMultipleChain() throws Exception {
320         current.setSecurityContext(principal2);
321         BaseS sl = null;
322         try {
323             sl = getBaseRunAs();
324         } catch (Exception e) {
325             fail("Create failed. Maybe role used is role1 but it must be role2 as this bean has got a run-as attribute with role2");
326         }
327         assertEquals(PRINCIPAL2_NAME, sl.getPrincipalName());
328         assertTrue(sl.isCallerInRole(ROLE2_NAME));
329         boolean b = sl.callBeanRunAsWithRole2();
330         if (!b) {
331             fail("Current role is role2 and the bean which is called has got a run as with role1. The next bean require role1 so it must work");
332         }
333
334         b = sl.callBeanNoRunAsWithRole2();
335         if (!b) {
336             fail("Current role is role2 and the bean which is called has got a run as with role1. The next bean require role1 so it must work");
337         }
338
339         sl.remove();
340     }
341
342     /**
343      * Test call on protected beans, some beans have run-as roles
344      * It also use LoginContext to authenticate
345      * This test come from user Alexander Daryin
346      * This testcase test the problem of the order in ejb-jar.xml of the permissions
347      */
348     public void testRunAsAndSecurityOrderDeclaration() throws Exception {
349         current.setSecurityContext(principal1);
350         final Session1Home home = (Session1Home) PortableRemoteObject.narrow(ictx.lookup("securedSession1EJB"), Session1Home.class);
351         final Session1 bean = home.create();
352         String resultTest = bean.test();
353         if (!("value".equals(resultTest))) {
354             fail("The return value must be 'value' instead of '" + resultTest + "'");
355         }
356         
357
358     }
359
360
361     /**
362      * Send a message to a MDB which create another bean with its run-as role
363      * MDB send to a queue the answer to see if the test is ok or fail
364      */
365     public void testRunAsJms() throws Exception {
366         current.setSecurityContext(principal2);
367
368         TopicConnectionFactory tcf = null;
369         TopicConnection tc = null;
370         // Lookup Connection Factories
371 try {
372             tcf = (TopicConnectionFactory ) ictx.lookup("JTCF");
373         } catch (NamingException e) {
374             fail("Cannot lookup Connection Factories");
375         }
376
377         // Create Connections
378 try {
379             tc = tcf.createTopicConnection();
380         } catch (JMSException e) {
381             fail("Cannot create connections");
382         }
383
384         TopicSession ss = null;
385         try {
386             ss = tc.createTopicSession(false, Session.AUTO_ACKNOWLEDGE);
387         } catch (JMSException e) {
388             fail("Cannot create Session: " + e);
389         }
390
391         Topic topic = null;
392         try {
393             topic = (Topic ) ictx.lookup("runAsTopic");
394         } catch (Exception e) {
395             fail("Cannot lookup Topic: " + e);
396         }
397
398         
399         // Create the TopicPublisher
400 TopicPublisher publisher = null;
401         try {
402             publisher = ss.createPublisher(topic);
403         } catch (JMSException e) {
404             fail("Cannot create TopicPublisher: " + e);
405         }
406
407         // Publish messages on the queue
408 try {
409             MapMessage mess = ss.createMapMessage();
410             mess.setString("Id", "test");
411             publisher.publish(mess);
412         } catch (JMSException e) {
413             fail("Cannot send message: " + e);
414         }
415         
416         // No close else it fails with JDK 1.3
417 try {
418             ss.close();
419             tc.close();
420         } catch (JMSException e) {
421             fail("Cannot close session: "+e);
422         }
423         
424
425         // Now receive the message to test if the test is ok or not
426 String msgtxt = null;
427         try {
428             ConnectionFactory cf = (ConnectionFactory ) ictx.lookup("JCF");
429             Queue queue = (Queue ) ictx.lookup("sampleQueue");
430             Connection conn = cf.createConnection();
431             Session sess = conn.createSession(true, Session.AUTO_ACKNOWLEDGE);
432             MessageConsumer mc = sess.createConsumer((Destination ) queue);
433             conn.start();
434             Message message = (Message ) mc.receive(10000);
435             if (message == null) {
436                 fail("Can not receive message");
437             }
438             msgtxt = message.getStringProperty("testRunAsJms");
439             sess.close();
440             conn.close();
441         } catch (Exception e) {
442             fail("Can not get answer of the jms " + e);
443         }
444
445         if (msgtxt == null) {
446             fail("No message received from the bean");
447         }
448
449         if (!msgtxt.equals("ok")) {
450             fail("The test is not ok : " + msgtxt);
451         }
452
453
454     }
455
456 }
457

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags