directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r491167 - in /directory/sandbox/triplesec-jacc: guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/ jaas/ jaas/src/main/java/org/safehaus/triplesec/jaas/ jaas/src/test/java/org/safehaus/triplesec/jaas/ jaas/src/test/resources/...
Date Sat, 30 Dec 2006 04:19:50 GMT
Author: djencks
Date: Fri Dec 29 20:19:49 2006
New Revision: 491167

URL: http://svn.apache.org/viewvc?view=rev&rev=491167
Log:
simple jaas integration tests.  Most of kerberos support in jaas temporarily disabled until I understand it better

Added:
    directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/ProfileIdCallback.java   (with props)
    directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java   (with props)
    directory/sandbox/triplesec-jacc/jaas/src/test/resources/
      - copied from r490648, directory/sandbox/triplesec-jacc/guardian-ldap/src/test/resources/
Modified:
    directory/sandbox/triplesec-jacc/guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java
    directory/sandbox/triplesec-jacc/jaas/pom.xml
    directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/RealmCallback.java
    directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java
    directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleTest.java
    directory/sandbox/triplesec-jacc/store/pom.xml
    directory/sandbox/triplesec-jacc/swing-admin/pom.xml

Modified: directory/sandbox/triplesec-jacc/guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java?view=diff&rev=491167&r1=491166&r2=491167
==============================================================================
--- directory/sandbox/triplesec-jacc/guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java (original)
+++ directory/sandbox/triplesec-jacc/guardian-ldap/src/test/java/org/safehaus/triplesec/guardian/ldap/LdapApplicationPolicyIntegrationTest.java Fri Dec 29 20:19:49 2006
@@ -80,7 +80,6 @@
     protected void setUp() throws Exception
     {
         super.setUp();
-//        Thread.sleep(500);
         Properties props = new Properties();
         props.setProperty( "applicationPrincipalDN", "appName=" + APP_NAME + ",ou=applications,dc=example,dc=com" );
         props.setProperty( "applicationCredentials", "testing" );

Modified: directory/sandbox/triplesec-jacc/jaas/pom.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/pom.xml?view=diff&rev=491167&r1=491166&r2=491167
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/pom.xml (original)
+++ directory/sandbox/triplesec-jacc/jaas/pom.xml Fri Dec 29 20:19:49 2006
@@ -18,42 +18,165 @@
   under the License. 
 -->
 <project>
-  <modelVersion>4.0.0</modelVersion>
-  <parent>
-    <groupId>org.apache.directory.triplesec</groupId>
-    <artifactId>build</artifactId>
-    <version>1.0-SNAPSHOT</version>
-  </parent>
-  <artifactId>triplesec-jaas</artifactId>
-  <name>Triplesec JAAS Login Module</name>
-  <packaging>jar</packaging>  
-  <description>
-    A Safehaue Triplsec JAAS LoginModule which accounts for SAM execeptions, and ties
-    in Guardian for authorization.
-  </description>
-  <dependencies>
-    <dependency>
-      <groupId>${project.groupId}</groupId>
-      <artifactId>triplesec-crypto</artifactId>
-      <version>${project.version}</version>
-    </dependency>
-    
-    <dependency>
-      <groupId>${project.groupId}</groupId>
-      <artifactId>triplesec-otp</artifactId>
-      <version>${project.version}</version>
-    </dependency>
-    
-    <dependency>
-      <groupId>${project.groupId}</groupId>
-      <artifactId>triplesec-guardian-api</artifactId>
-      <version>${project.version}</version>
-    </dependency>
-    
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>nlog4j</artifactId>
-      <scope>provided</scope>
-    </dependency>
-  </dependencies>
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.directory.triplesec</groupId>
+        <artifactId>build</artifactId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+    <artifactId>triplesec-jaas</artifactId>
+    <name>Triplesec JAAS Login Module</name>
+    <packaging>jar</packaging>
+    <description>
+        A Safehaue Triplsec JAAS LoginModule which accounts for SAM execeptions, and ties
+        in Guardian for authorization.
+    </description>
+    <dependencies>
+        <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>triplesec-crypto</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>triplesec-otp</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>triplesec-guardian-api</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>triplesec-guardian-ldap</artifactId>
+            <version>${project.version}</version>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>${pom.groupId}</groupId>
+            <artifactId>triplesec-integration</artifactId>
+            <version>${pom.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>${pom.groupId}</groupId>
+            <artifactId>triplesec-itest-data</artifactId>
+            <version>${pom.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>nlog4j</artifactId>
+            <scope>provided</scope>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <configuration>
+                    <systemProperties>
+                        <property>
+                            <name>org.safehaus.triplesec.integration.resourcesDirectory</name>
+                            <value>${basedir}/src/test/resources</value>
+                        </property>
+                    </systemProperties>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+    <profiles>
+        <profile>
+            <id>no-integration-tests</id>
+            <activation>
+                <activeByDefault>true</activeByDefault>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <artifactId>maven-surefire-plugin</artifactId>
+                        <configuration>
+                            <systemProperties>
+                                <property>
+                                    <name>org.safehaus.triplesec.integration.resourcesDirectory</name>
+                                    <value>${basedir}/src/test/resources</value>
+                                </property>
+                            </systemProperties>
+
+                            <excludes>
+                                <exclude>**/*ITest.java</exclude>
+                                <exclude>**/*IntegrationTest.java</exclude>
+                            </excludes>
+                        </configuration>
+                    </plugin>
+                    <plugin>
+                        <artifactId>maven-antrun-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <phase>validate</phase>
+                                <configuration>
+                                    <tasks>
+                                        <echo>
+                                            =================================================================
+                                            W A R N I N G
+                                            -------------
+
+                                            Integration tests have been disabled. To enable integration
+                                            tests run maven with the -Dintegration switch.
+                                            =================================================================
+                                        </echo>
+                                    </tasks>
+                                </configuration>
+                                <goals>
+                                    <goal>run</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+        <profile>
+            <id>integration</id>
+            <activation>
+                <property>
+                    <name>integration</name>
+                </property>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>dependency-maven-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>unpack-itest-data</id>
+                                <phase>compile</phase>
+                                <goals>
+                                    <goal>unpack</goal>
+                                </goals>
+                                <configuration>
+                                    <artifactItems>
+                                        <artifactItem>
+                                            <groupId>${pom.groupId}</groupId>
+                                            <artifactId>triplesec-itest-data</artifactId>
+                                            <version>${pom.version}</version>
+                                        </artifactItem>
+                                    </artifactItems>
+                                    <outputDirectory>${project.build.directory}/serverHome/conf</outputDirectory>
+                                </configuration>
+                            </execution>
+
+                        </executions>
+                    </plugin>
+
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
 </project>

Added: directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/ProfileIdCallback.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/ProfileIdCallback.java?view=auto&rev=491167
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/ProfileIdCallback.java (added)
+++ directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/ProfileIdCallback.java Fri Dec 29 20:19:49 2006
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.jaas;
+
+import javax.security.auth.callback.Callback;
+
+/**
+ * The Callback used for capturing the profileId the user wants to use.
+ * IMO this sucks, the user should have a single profile in a profileId.
+ *
+ * @version $Rev$
+ */
+public class ProfileIdCallback implements Callback
+{
+    String profileId;
+
+    public void setProfileId( String profileId )
+    {
+        this.profileId = profileId;
+    }
+
+    public String getProfileId()
+    {
+        return profileId;
+    }
+}

Propchange: directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/ProfileIdCallback.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/ProfileIdCallback.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/ProfileIdCallback.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/RealmCallback.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/RealmCallback.java?view=diff&rev=491167&r1=491166&r2=491167
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/RealmCallback.java (original)
+++ directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/RealmCallback.java Fri Dec 29 20:19:49 2006
@@ -24,7 +24,7 @@
 
 
 /**
- * The Callback used for capturing the realm associated with the user attempting 
+ * The Callback used for capturing the profileId associated with the user attempting
  * to authenticate.
  *
  * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>

Modified: directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java?view=diff&rev=491167&r1=491166&r2=491167
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java (original)
+++ directory/sandbox/triplesec-jacc/jaas/src/main/java/org/safehaus/triplesec/jaas/SafehausLoginModule.java Fri Dec 29 20:19:49 2006
@@ -20,14 +20,13 @@
 package org.safehaus.triplesec.jaas;
 
 
-import java.util.HashMap;
 import java.util.Hashtable;
-import java.util.Iterator;
 import java.util.Map;
 
 import javax.naming.Context;
 import javax.naming.NamingException;
 import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.Attributes;
 import javax.security.auth.spi.LoginModule;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.Subject;
@@ -50,344 +49,310 @@
  * @author <a href="mailto:aok123@bellsouth.net">Alex Karasulu</a>
  * @version $Rev$
  */
-public class SafehausLoginModule implements LoginModule
-{
+public class SafehausLoginModule implements LoginModule {
     public static final String ALLOW_ADMIN = SafehausLoginModule.class.getName() + ".allowAdmin";
-    private static final Logger log = LoggerFactory.getLogger( SafehausLoginModule.class );
-    
-    /** the underlying LoginModule is the Krb5LoginModule */
-    private NameCallback profileIdCallback;
+    public static final String REALM_KEY = SafehausLoginModule.class.getName() + ".profileId";
+    public static final String POLICY_KEY = SafehausLoginModule.class.getName() + ".policy";
+    private static final Logger log = LoggerFactory.getLogger(SafehausLoginModule.class);
+
+    /**
+     * the underlying LoginModule is the Krb5LoginModule
+     */
+    private NameCallback nameCallback;
+    private ProfileIdCallback profileIdCallback;
     private PasswordCallback passwordCallback;
-    private RealmCallback realmCallback;
+//    private RealmCallback realmCallback;
     private PasscodeCallback passcodeCallback;
     private Subject subject;
     private CallbackHandler callbackHandler;
     private Map sharedState;
     private Map options;
-    private PolicyCallback policyCallback;
+//    private PolicyCallback policyCallback;
     private Profile profile;
     LoginModule module;
 
 
-    public SafehausLoginModule()
-    {
-        String javaVendor = System.getProperty( "java.vendor" );
-        if ( javaVendor.equalsIgnoreCase( "IBM Corporation" ) )
-        {
+    public SafehausLoginModule() {
+        String javaVendor = System.getProperty("java.vendor");
+        if (javaVendor.equalsIgnoreCase("IBM Corporation")) {
             /// init IBM's Krb5LoginModule
-            try
-            {
-                module = ( LoginModule ) Class.forName( "com.ibm.security.auth.module.Krb5LoginModule" ).newInstance();
+            try {
+                module = (LoginModule) Class.forName("com.ibm.security.auth.module.Krb5LoginModule").newInstance();
             }
-            catch ( Exception e )
-            {
+            catch (Exception e) {
                 e.printStackTrace();
             }
         }
-        
-        if ( javaVendor.equalsIgnoreCase( "Sun Microsystems Inc." ) )
-        {
+
+        if (javaVendor.equalsIgnoreCase("Sun Microsystems Inc.") || javaVendor.equalsIgnoreCase("Apple Computer, Inc.")) {
             /// init SUN's Krb5LoginModule
-            try
-            {
-                module = ( LoginModule ) Class.forName( "com.sun.security.auth.module.Krb5LoginModule" ).newInstance();
+            try {
+                module = (LoginModule) Class.forName("com.sun.security.auth.module.Krb5LoginModule").newInstance();
             }
-            catch ( Exception e )
-            {
+            catch (Exception e) {
                 e.printStackTrace();
             }
         }
     }
 
 
-    public boolean abort() throws LoginException
-    {
-        try
-        {
+    public boolean abort() throws LoginException {
+        try {
             return module.abort();
         }
-        catch ( LoginException le )
-        {
+        catch (LoginException le) {
             // the return shuts the compiler up
 
-            return handle( le );
+            return handle(le);
         }
     }
 
 
-    public boolean commit() throws LoginException
-    {
-        try
-        {
-            if ( module.commit() )
-            {
+    public boolean commit() throws LoginException {
+//        try {
+//            if (module.commit()) {
                 //Clearing the principals means this has to be the only login module, not a reasonable assumption
 //                this.subject.getPrincipals().clear();
-                this.subject.getPrincipals().add( new SafehausPrincipal( profile ) );
+                this.subject.getPrincipals().add(new SafehausPrincipal(profile));
                 return true;
-            }
-            
-            return false;
-        }
-        catch ( LoginException le )
-        {
+//            }
+//
+//            return false;
+//        }
+//        catch (LoginException le) {
             // the return shuts the compiler up
 
-            return handle( le );
-        }
+//            return handle(le);
+//        }
     }
 
 
-    public boolean login() throws LoginException
-    {
-        Callback[] callbacks = new Callback[] {
-            profileIdCallback, passwordCallback, realmCallback, passcodeCallback
+    public boolean login() throws LoginException {
+        Callback[] callbacks = new Callback[]{
+                nameCallback, profileIdCallback, passwordCallback, passcodeCallback
         };
-        
+
         // -------------------------------------------------------------------
         // Invoke the handler populate all the parameters we need
         // -------------------------------------------------------------------
 
-        try
-        {
-            callbackHandler.handle( callbacks );
-        }
-        catch ( Exception e )
-        {
-            log.error( "Callback handler failed.", e );
-            LoginException le = new LoginException( "Callback handler failed." );
-            le.initCause( e );
+        try {
+            callbackHandler.handle(callbacks);
+        }
+        catch (Exception e) {
+            log.error("Callback handler failed.", e);
+            LoginException le = new LoginException("Callback handler failed.");
+            le.initCause(e);
             throw le;
         }
-        
+
         // -------------------------------------------------------------------
         // Collect all the parameters we need and determine what kind of auth
         // we're going to have to perform.
         // -------------------------------------------------------------------
 
-        final String profileId = profileIdCallback.getName();
-        if ( profileId == null )
-        {
+        final String name = nameCallback.getName();
+        if (name == null) {
             String msg = "Cannot login with null username field.";
-            log.error( msg );
-            throw new NullPointerException( msg );
+            log.error(msg);
+            throw new NullPointerException(msg);
+        }
+
+        final String profileId = profileIdCallback.getProfileId();
+        if (profileId == null) {
+            String msg = "Cannot login with null profileId field.";
+            log.error(msg);
+            throw new NullPointerException(msg);
         }
-        
+
         final char[] password = passwordCallback.getPassword();
-        if ( password == null )
-        {
+        if (password == null) {
             String msg = "Cannot login with null password.";
-            log.error( msg );
-            throw new NullPointerException( msg );
+            log.error(msg);
+            throw new NullPointerException(msg);
+        }
+
+        final String realm = (String) options.get(REALM_KEY);
+        if (realm == null) {
+            String msg = "Cannot login with null profileId.";
+            log.error(msg);
+            throw new NullPointerException(msg);
         }
-        
-        final String realm = realmCallback.getRealm();
-        if ( realm == null )
-        {
-            String msg = "Cannot login with null realm.";
-            log.error( msg );
-            throw new NullPointerException( msg );
-        }
-        
-        final ApplicationPolicy policy = policyCallback.getPolicy();
-        if ( policy == null )
-        {
+
+        final ApplicationPolicy policy = (ApplicationPolicy) options.get(POLICY_KEY);
+        if (policy == null) {
             String msg = "Cannot login without a non-null .";
-            log.error( msg );
-            throw new NullPointerException( msg );
+            log.error(msg);
+            throw new NullPointerException(msg);
         }
 
         // -------------------------------------------------------------------
         // Passcode is optional and may be null, check to make sure we 
-        // get a valid profile back for the profileId and report findings
+        // get a valid profile back for the name and report findings
         // -------------------------------------------------------------------
 
         final String passcode = passcodeCallback.getPasscode();
-        this.profile = policy.getProfile( profileId );
-        if ( this.profile == null )
-        {
-            log.info( "Profile " + profileId + " not found for user." );
+        this.profile = policy.getProfile(profileId);
+        if (this.profile == null) {
+            log.info("Profile " + name + " not found for user.");
             return false;
-        }
-        else if ( profileId.equals( "admin" ) )
-        {
-            if ( ! options.containsKey( ALLOW_ADMIN ) ||
-               ( options.containsKey( ALLOW_ADMIN ) && ! ( ( String ) options.get( ALLOW_ADMIN ) ).equals( "true" ) ) )
-            {
-                throw new LoginException( "Admin authentication has not been enabled." );
+        } else if (name.equals("admin")) {
+            if (! options.containsKey(ALLOW_ADMIN) ||
+                    (options.containsKey(ALLOW_ADMIN) && ! ((String) options.get(ALLOW_ADMIN)).equals("true"))) {
+                throw new LoginException("Admin authentication has not been enabled.");
             }
-            
+
             // ---------------------------------------------------------------
             // Do just LDAP auth now but with special DN for the admin user
             // ---------------------------------------------------------------
-            
-            if ( bindAs( "uid=admin,ou=system", "admin" ) )
-            {
+
+            if (bindAs("uid=admin,ou=system", password)) {
                 //add in commit(), not here
 //                this.subject.getPrincipals().add( new SafehausPrincipal( profile ) );
                 return true;
-            }
-            else
-            {
+            } else {
                 return false;
             }
+        } else {
+            log.info("Profile " + name + " found for user " + profile.getUserName());
         }
-        else
-        {
-            log.info( "Profile " + profileId + " found for user " + profile.getUserName() );
+
+        //try to connect to ldap using these credentials
+        if (!bindAs(getUserDn(profile.getUserName(), realm), password)) {
+            return false;
         }
-        
+
+
         // If the profile is disabled then throw and exceptions
-        if ( profile.isDisabled() )
-        {
-            throw new AccountDisabledException( "The profile "  + profile.getProfileId() 
-                + " associated with your account for application " 
-                + profile.getApplicationName() + " has been disabled." );
+        if (profile.isDisabled()) {
+            return false;
+//            throw new AccountDisabledException("The profile " + profile.getProfileId()
+//                    + " associated with your account for application "
+//                    + profile.getApplicationName() + " has been disabled.");
         }
-        
+
+        return true;
         // -------------------------------------------------------------------
         // Setup for standard login without a keyfob using kerberos: 1-FACTOR
         // -------------------------------------------------------------------
 
-        CallbackHandler cbHandler;
-        final StringBuffer krb5PrincipalName = new StringBuffer();
-        krb5PrincipalName.append( profile.getUserName() ).append( "@" ).append( realm.toUpperCase() );
-        if ( passcode == null || passcode.length() == 0 )  
-        {
-            cbHandler = new CallbackHandler() 
-            {
-                public void handle( Callback[] callbacks )
-                {
-                    for ( int ii = 0; ii < callbacks.length; ii++ )
-                    {
-                        if ( callbacks[ii] instanceof NameCallback )
-                        {
-                            NameCallback ncb = ( NameCallback ) callbacks[ii];
-                            ncb.setName( krb5PrincipalName.toString() );
-                        }
-
-                        else if ( callbacks[ii] instanceof PasswordCallback )
-                        {
-                            PasswordCallback pcb = ( PasswordCallback ) callbacks[ii];
-                            pcb.setPassword( password );
-                        }
-                    }
-                }
-            };
-        }
-        // -------------------------------------------------------------------
-        // Setup to login with keyfob: 2-FACTOR
-        // -------------------------------------------------------------------
-        else 
-        {
-            cbHandler = new CallbackHandler() 
-            {
-                public void handle( Callback[] callbacks )
-                {
-                    for ( int ii = 0; ii < callbacks.length; ii++ )
-                    {
-                        if ( callbacks[ii] instanceof NameCallback )
-                        {
-                            NameCallback ncb = ( NameCallback ) callbacks[ii];
-                            ncb.setName( krb5PrincipalName.toString() );
-                        }
-
-                        else if ( callbacks[ii] instanceof PasswordCallback )
-                        {
-                            PasswordCallback pcb = ( PasswordCallback ) callbacks[ii];
-                            // Notice we use the passcode instead of the password
-                            pcb.setPassword( passcode.toCharArray() );
-                        }
-                    }
-                }
-            };
-            
-            // ---------------------------------------------------------------
-            // Now we verify the static password using LDAP
-            // ---------------------------------------------------------------
-
-            bindAs( getUserDn( profile.getUserName(), realm ), profile.getUserName() );
-        }
-        
-        try
-        {
-            Map krb5ModuleOptions = new HashMap( options );
-            if ( krb5ModuleOptions.containsKey( ALLOW_ADMIN ) )
-            {
-                krb5ModuleOptions.remove( ALLOW_ADMIN );
-            }
-            
-            module.initialize( subject, cbHandler, sharedState, krb5ModuleOptions );
-            return module.login();
-        }
-        catch ( LoginException le )
-        {
-            // the return shuts the compiler up
-            return handle( le );
-        }
+//        CallbackHandler cbHandler;
+//        final StringBuffer krb5PrincipalName = new StringBuffer();
+//        krb5PrincipalName.append(profile.getUserName()).append("@").append(profileId.toUpperCase());
+//        if (passcode == null || passcode.length() == 0) {
+//            cbHandler = new CallbackHandler() {
+//                public void handle(Callback[] callbacks) {
+//                    for (int ii = 0; ii < callbacks.length; ii++) {
+//                        if (callbacks[ii] instanceof NameCallback) {
+//                            NameCallback ncb = (NameCallback) callbacks[ii];
+//                            ncb.setName(krb5PrincipalName.toString());
+//                        } else if (callbacks[ii] instanceof PasswordCallback) {
+//                            PasswordCallback pcb = (PasswordCallback) callbacks[ii];
+//                            pcb.setPassword(password);
+//                        }
+//                    }
+//                }
+//            };
+//        }
+//        // -------------------------------------------------------------------
+//        // Setup to login with keyfob: 2-FACTOR
+//        // -------------------------------------------------------------------
+//        else {
+//            cbHandler = new CallbackHandler() {
+//                public void handle(Callback[] callbacks) {
+//                    for (int ii = 0; ii < callbacks.length; ii++) {
+//                        if (callbacks[ii] instanceof NameCallback) {
+//                            NameCallback ncb = (NameCallback) callbacks[ii];
+//                            ncb.setName(krb5PrincipalName.toString());
+//                        } else if (callbacks[ii] instanceof PasswordCallback) {
+//                            PasswordCallback pcb = (PasswordCallback) callbacks[ii];
+//                            // Notice we use the passcode instead of the password
+//                            pcb.setPassword(passcode.toCharArray());
+//                        }
+//                    }
+//                }
+//            };
+//
+//            // ---------------------------------------------------------------
+//            // Now we verify the static password using LDAP
+//            // ---------------------------------------------------------------
+//
+////            bindAs(getUserDn(profile.getUserName(), profileId), password);
+//        }
+//
+//        try {
+//            Map krb5ModuleOptions = new HashMap(options);
+//            if (krb5ModuleOptions.containsKey(ALLOW_ADMIN)) {
+//                krb5ModuleOptions.remove(ALLOW_ADMIN);
+//            }
+//
+//            module.initialize(subject, cbHandler, sharedState, krb5ModuleOptions);
+//            return module.login();
+//        }
+//        catch (LoginException le) {
+//            // the return shuts the compiler up
+//            return handle(le);
+//        }
     }
 
-    
-    public boolean bindAs( String principalDn, String userName )
-    {
+
+    boolean bindAs(String principalDn, char[] password) {
         Hashtable env = new Hashtable();
-        for ( Iterator ii = options.keySet().iterator(); ii.hasNext(); /**/ ) 
-        {
-            Object key = ii.next();
-            env.put( key, options.get( key ) );
-        }
-        env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
-        
+        copy(Context.PROVIDER_URL, env);
+        copy(Context.SECURITY_AUTHENTICATION, env);
+        env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
+        env.put(Context.SECURITY_PRINCIPAL, principalDn);
+        env.put(Context.SECURITY_CREDENTIALS, password);
         InitialDirContext ctx = null;
-        try
-        {
-            ctx = new InitialDirContext( env );
-            ctx.close();
+        try {
+            ctx = new InitialDirContext(env);
+            Attributes attrs = ctx.getAttributes("", null);
             return true;
         }
-        catch ( NamingException e )
-        {
-            log.error( "Failed to bind to directory as user " + userName, e );
+        catch (NamingException e) {
+            log.error("Failed to bind to directory as principal " + principalDn, e);
             return false;
         }
-        finally
-        {
-            if ( ctx == null )
-            {
-                try
-                {
+        finally {
+            if (ctx != null) {
+                try {
                     ctx.close();
                 }
-                catch ( NamingException e )
-                {
-                    log.error( "can't close ldap context", e );
+                catch (NamingException e) {
+                    log.error("can't close ldap context", e);
                 }
             }
         }
     }
-    
-    
-    public boolean logout() throws LoginException
-    {
-        try
-        {
+
+    private void copy(String key, Hashtable env) {
+        Object value = options.get(key);
+        if (value == null || value instanceof String && ((String) value).length() == 0) {
+            return;
+        }
+        env.put(key, value);
+    }
+
+
+    public boolean logout() throws LoginException {
+        try {
             return module.logout();
         }
-        catch ( LoginException le )
-        {
+        catch (LoginException le) {
             // the return shuts the compiler up
-            return handle( le );
+            return handle(le);
         }
     }
 
 
-    public void initialize( Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options )
-    {
+    public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
         // What is the username to the application is really the profileId to us
-        profileIdCallback = new NameCallback( "Username: " ); 
-        passwordCallback = new PasswordCallback( "Password: ", false );
-        realmCallback = new RealmCallback();
+        nameCallback = new NameCallback("Username: ");
+        profileIdCallback = new ProfileIdCallback();
+        passwordCallback = new PasswordCallback("Password: ", false);
+//        realmCallback = new RealmCallback();
         passcodeCallback = new PasscodeCallback();
+//        policyCallback = new PolicyCallback();
 
         // Save these values for delayed initialization of the Krb5LoginModule
         this.subject = subject;
@@ -395,8 +360,8 @@
         this.sharedState = sharedState;
         this.options = options;
     }
-    
-    
+
+
     /**
      * Handles the LoginException by throwing a more specific HOTP exception type if it detects
      * an embedded ordinal value within the exception message, otherwise it rethrows le itself.
@@ -405,54 +370,47 @@
      * @return never returns - exceptions always thrown
      * @throws LoginException always but a more specific on if possible
      */
-    public boolean handle( LoginException le ) throws LoginException
-    {
-        if ( ! HotpErrorConstants.hasEmbeddedOrdinal( le.getMessage() ) )
-        {
+    public boolean handle(LoginException le) throws LoginException {
+        if (! HotpErrorConstants.hasEmbeddedOrdinal(le.getMessage())) {
             throw le;
         }
 
-        int ordinal = HotpErrorConstants.getEmbeddedOrdinal( le.getMessage() );
-        switch( ordinal )
-        {
-            case( HotpErrorConstants.HOTPAUTH_FAILURE_VAL ):
+        int ordinal = HotpErrorConstants.getEmbeddedOrdinal(le.getMessage());
+        switch (ordinal) {
+            case(HotpErrorConstants.HOTPAUTH_FAILURE_VAL):
                 throw new PreauthFailedException();
-            case( HotpErrorConstants.LOCKEDOUT_VAL ):
+            case(HotpErrorConstants.LOCKEDOUT_VAL):
                 throw new AccountLockedOutException();
-            case( HotpErrorConstants.DISABLED_VAL ):
+            case(HotpErrorConstants.DISABLED_VAL):
                 throw new AccountDisabledException();
-            case( HotpErrorConstants.RESYNCH_INPROGRESS_VAL ):
+            case(HotpErrorConstants.RESYNCH_INPROGRESS_VAL):
                 throw new ResynchInProgressException();
-            case( HotpErrorConstants.RESYNCH_STARTING_VAL ):
+            case(HotpErrorConstants.RESYNCH_STARTING_VAL):
                 throw new ResynchStartingException();
             default:
                 throw le;
         }
     }
-    
-    
-    public static String getUserDn( String username, String realm )
-    {
-        StringBuffer buf = new StringBuffer( realm.length() + username.length() + 5 );
-        buf.append( "uid=" ).append( username ).append( ",ou=users," );
-        if ( realm == null || realm.length() == 0  )
-        {
+
+
+    public static String getUserDn(String username, String realm) {
+        if (realm == null) {
+            realm = "";
+        }
+        StringBuffer buf = new StringBuffer(realm.length() + username.length() + 5);
+        buf.append("uid=").append(username).append(",ou=users");
+        if (realm.length() == 0) {
             return buf.toString();
         }
 
-        buf.append( "dc=" );
-        int start = 0, end = 0;
         // Replace all the '.' by ",dc=". The comma is added because
         // the string is not supposed to start with a dot, so another
         // dc=XXXX already exists in any cases.
-        // The realm is also not supposed to finish with a '.'
-        while ( ( end = realm.indexOf( '.', start ) ) != -1 )
-        {
-            buf.append( realm.substring( start, end ) ).append( ",dc=" );
-            start = end + 1;
+        // The profileId is also not supposed to finish with a '.'
+        String[] dcs = realm.split("\\.");
+        for (String dc : dcs) {
+            buf.append(",dc=").append(dc);
         }
-
-        buf.append( realm.substring( start ) );
         return buf.toString();
     }
 }

Added: directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java?view=auto&rev=491167
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java (added)
+++ directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java Fri Dec 29 20:19:49 2006
@@ -0,0 +1,137 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.safehaus.triplesec.jaas;
+
+import java.util.Properties;
+import java.util.HashMap;
+import java.util.Map;
+import java.io.IOException;
+import java.security.Principal;
+
+import javax.naming.Context;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+
+import org.safehaus.triplesec.integration.TriplesecIntegration;
+import org.safehaus.triplesec.guardian.ApplicationPolicyFactory;
+import org.safehaus.triplesec.guardian.ApplicationPolicy;
+
+/**
+ * @version $Rev:$ $Date:$
+ */
+public class SafehausLoginModuleIntegrationTest extends TriplesecIntegration {
+
+    private static final String APP_NAME = "mockApplication";
+
+    private ApplicationPolicy store;
+    private static final String BASE_URL = "dc=example,dc=com";
+    private String providerUrl;
+
+    public SafehausLoginModuleIntegrationTest() throws Exception {
+        super();
+    }
+
+    public SafehausLoginModuleIntegrationTest(String string) throws Exception {
+        super(string);
+    }
+
+    protected void setUp() throws Exception
+    {
+        super.setUp();
+        providerUrl = "ldap://localhost:" + super.getLdapPort() + "/" + BASE_URL;
+        Properties props = new Properties();
+        props.setProperty( "applicationPrincipalDN", "appName=" + APP_NAME + ",ou=applications," + BASE_URL );
+        props.setProperty( "applicationCredentials", "testing" );
+
+        Class.forName( "org.safehaus.triplesec.guardian.ldap.LdapConnectionDriver" );
+        store = ApplicationPolicyFactory.
+                newInstance( providerUrl, props );
+    }
+
+
+    protected void tearDown() throws Exception {
+        super.tearDown();
+        store.close();
+        store = null;
+    }
+
+    public void testBindAs() throws Exception {
+        Map<String, Object> options = new HashMap<String, Object>();
+        options.put(Context.PROVIDER_URL, providerUrl);
+        options.put(Context.SECURITY_AUTHENTICATION, "simple");
+        options.put(SafehausLoginModule.REALM_KEY, "example.com");
+        SafehausLoginModule module = new SafehausLoginModule();
+        Subject subject = new Subject();
+        CallbackHandler callbackHandler = new TestCallbackHandler("akarasulu", "mockProfile0", "maxwell".toCharArray());
+        Map<String, Object> sharedState = new HashMap<String, Object>();
+        module.initialize(subject, callbackHandler, sharedState, options);
+        assertTrue(module.bindAs(SafehausLoginModule.getUserDn("akarasulu", "example.com"), "maxwell".toCharArray()));
+        assertFalse(module.bindAs(SafehausLoginModule.getUserDn("akarasulu", "example.com"), "foo".toCharArray()));
+        //is in ldif, but supposedly disabled..... shouldn't login fail?
+        assertTrue(module.bindAs(SafehausLoginModule.getUserDn("lockedout", "example.com"), "asdfasdf".toCharArray()));
+    }
+
+    public void testLogin() throws Exception {
+        Map<String, Object> options = new HashMap<String, Object>();
+        options.put(Context.PROVIDER_URL, providerUrl);
+        options.put(Context.SECURITY_AUTHENTICATION, "simple");
+        options.put(SafehausLoginModule.REALM_KEY, "example.com");
+        options.put(SafehausLoginModule.POLICY_KEY, store);
+        SafehausLoginModule module = new SafehausLoginModule();
+        Subject subject = new Subject();
+        CallbackHandler callbackHandler = new TestCallbackHandler("akarasulu", "mockProfile1", "maxwell".toCharArray());
+        Map<String, Object> sharedState = new HashMap<String, Object>();
+        module.initialize(subject, callbackHandler, sharedState, options);
+        module.login();
+        module.commit();
+        assertEquals(1, subject.getPrincipals().size());
+        Principal p = subject.getPrincipals().iterator().next();
+        assertTrue(p instanceof SafehausPrincipal);
+    }
+
+    private static class TestCallbackHandler implements CallbackHandler {
+        private final String name;
+        private final String profileId;
+        private final char[] password;
+
+        public TestCallbackHandler(String name, String profileId, char[] password) {
+            this.name = name;
+            this.profileId = profileId;
+            this.password = password;
+        }
+
+        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+            for (Callback callback : callbacks) {
+                if (callback instanceof NameCallback) {
+                    ((NameCallback) callback).setName(name);
+                } else if (callback instanceof PasswordCallback) {
+                    ((PasswordCallback) callback).setPassword(password);
+                } else if (callback instanceof ProfileIdCallback) {
+                    ((ProfileIdCallback)callback).setProfileId(profileId);
+                }
+            }
+        }
+    }
+}

Propchange: directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleIntegrationTest.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleTest.java?view=diff&rev=491167&r1=491166&r2=491167
==============================================================================
--- directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleTest.java (original)
+++ directory/sandbox/triplesec-jacc/jaas/src/test/java/org/safehaus/triplesec/jaas/SafehausLoginModuleTest.java Fri Dec 29 20:19:49 2006
@@ -36,5 +36,11 @@
     {
         String dn = SafehausLoginModule.getUserDn( "akarasulu", "example.com" );
         assertEquals( "uid=akarasulu,ou=users,dc=example,dc=com", dn );
+        dn = SafehausLoginModule.getUserDn( "akarasulu", null );
+        assertEquals( "uid=akarasulu,ou=users", dn );
+        dn = SafehausLoginModule.getUserDn( "akarasulu", "" );
+        assertEquals( "uid=akarasulu,ou=users", dn );
+        dn = SafehausLoginModule.getUserDn( "akarasulu", "example" );
+        assertEquals( "uid=akarasulu,ou=users,dc=example", dn );
     }
 }

Modified: directory/sandbox/triplesec-jacc/store/pom.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/store/pom.xml?view=diff&rev=491167&r1=491166&r2=491167
==============================================================================
--- directory/sandbox/triplesec-jacc/store/pom.xml (original)
+++ directory/sandbox/triplesec-jacc/store/pom.xml Fri Dec 29 20:19:49 2006
@@ -45,11 +45,11 @@
       <artifactId>triplesec-profile</artifactId>
       <version>${project.version}</version>
     </dependency>
-    <dependency>
-      <groupId>${project.groupId}</groupId>
-      <artifactId>triplesec-jaas</artifactId>
-      <version>${project.version}</version>
-    </dependency>
+    <!--<dependency>-->
+      <!--<groupId>${project.groupId}</groupId>-->
+      <!--<artifactId>triplesec-jaas</artifactId>-->
+      <!--<version>${project.version}</version>-->
+    <!--</dependency>-->
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>nlog4j</artifactId>

Modified: directory/sandbox/triplesec-jacc/swing-admin/pom.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/triplesec-jacc/swing-admin/pom.xml?view=diff&rev=491167&r1=491166&r2=491167
==============================================================================
--- directory/sandbox/triplesec-jacc/swing-admin/pom.xml (original)
+++ directory/sandbox/triplesec-jacc/swing-admin/pom.xml Fri Dec 29 20:19:49 2006
@@ -56,6 +56,12 @@
     </dependency>
 
     <dependency>
+      <groupId>${pom.groupId}</groupId>
+      <artifactId>triplesec-jaas</artifactId>
+      <version>${pom.version}</version>
+    </dependency>
+
+    <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>nlog4j</artifactId>
     </dependency>



Mime
View raw message