Return-Path: Delivered-To: apmail-geronimo-scm-archive@www.apache.org Received: (qmail 65848 invoked from network); 10 Jul 2007 15:33:31 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 10 Jul 2007 15:33:31 -0000 Received: (qmail 43484 invoked by uid 500); 10 Jul 2007 15:33:33 -0000 Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org Received: (qmail 43447 invoked by uid 500); 10 Jul 2007 15:33:33 -0000 Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list scm@geronimo.apache.org Received: (qmail 43432 invoked by uid 99); 10 Jul 2007 15:33:33 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Jul 2007 08:33:33 -0700 X-ASF-Spam-Status: No, hits=-99.5 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Jul 2007 08:33:27 -0700 Received: by eris.apache.org (Postfix, from userid 65534) id 4F3B41A981D; Tue, 10 Jul 2007 08:33:07 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r554977 [2/2] - in /geronimo/server/trunk: applications/console/geronimo-console-core/src/main/java/org/apache/geronimo/console/core/security/ applications/console/geronimo-console-standard/src/main/java/org/apache/geronimo/console/security... Date: Tue, 10 Jul 2007 15:33:01 -0000 To: scm@geronimo.apache.org From: djencks@apache.org X-Mailer: svnmailer-1.1.0 Message-Id: <20070710153307.4F3B41A981D@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Added: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java?view=auto&rev=554977 ============================================================================== --- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java (added) +++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java Tue Jul 10 08:32:56 2007 @@ -0,0 +1,96 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +package org.apache.geronimo.security.jaas; + +import java.security.Principal; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginException; +import javax.security.auth.spi.LoginModule; + +import org.apache.geronimo.security.DomainPrincipal; +import org.apache.geronimo.security.RealmPrincipal; + +/** + * @version $Revision$ $Date$ + */ +public class WrappingLoginModule implements LoginModule { + public static final String CLASS_OPTION = WrappingLoginModule.class.getName() + ".LoginModuleClass"; + public static final String DOMAIN_OPTION = WrappingLoginModule.class.getName() + ".DomainName"; + public static final String REALM_OPTION = WrappingLoginModule.class.getName() + ".RealmName"; + private String loginDomainName; + private String realmName; + private final Subject localSubject = new Subject(); + private Subject subject; + private LoginModule delegate; + + public WrappingLoginModule() { + } + + public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { + this.subject = subject; + Class lmClass = (Class) options.get(CLASS_OPTION); + try { + delegate = (LoginModule) lmClass.newInstance(); + } catch (Exception e) { + throw new RuntimeException("Could not create login module instance", e); + } + delegate.initialize(localSubject, callbackHandler, sharedState, options); + loginDomainName = (String) options.get(DOMAIN_OPTION); + realmName = (String) options.get(REALM_OPTION); + } + + public boolean login() throws LoginException { + return delegate.login(); + } + + public boolean abort() throws LoginException { + return delegate.abort(); + } + + public boolean commit() throws LoginException { + boolean result = delegate.commit(); + + Set wrapped = new HashSet(); + for (Principal principal: localSubject.getPrincipals()) { + wrapped.add(new DomainPrincipal(loginDomainName, principal)); + wrapped.add(new RealmPrincipal(realmName, loginDomainName, principal)); + } + localSubject.getPrincipals().addAll(wrapped); + subject.getPrincipals().addAll(localSubject.getPrincipals()); + subject.getPrivateCredentials().addAll(localSubject.getPrivateCredentials()); + subject.getPublicCredentials().addAll(localSubject.getPublicCredentials()); + return result; + } + + public boolean logout() throws LoginException { + boolean result = delegate.logout(); + + subject.getPrincipals().removeAll(localSubject.getPrincipals()); + localSubject.getPrincipals().clear(); + + return result; + } +} Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java ------------------------------------------------------------------------------ svn:keywords = Date Revision Propchange: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/WrappingLoginModule.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java?view=diff&rev=554977&r1=554976&r2=554977 ============================================================================== --- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java (original) +++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/GenericSecurityRealm.java Tue Jul 10 08:32:56 2007 @@ -17,25 +17,22 @@ package org.apache.geronimo.security.realm; import java.util.ArrayList; -import java.util.HashMap; +import java.util.Collections; import java.util.HashSet; import java.util.List; -import java.util.Map; import java.util.Properties; import java.util.Set; +import javax.security.auth.login.AppConfigurationEntry; + import org.apache.geronimo.gbean.GBeanInfo; import org.apache.geronimo.gbean.GBeanInfoBuilder; import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory; import org.apache.geronimo.kernel.Kernel; -import org.apache.geronimo.security.deploy.PrincipalInfo; import org.apache.geronimo.security.jaas.ConfigurationEntryFactory; -import org.apache.geronimo.security.jaas.client.JaasLoginCoordinator; -import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration; -import org.apache.geronimo.security.jaas.JaasLoginModuleUse; -import org.apache.geronimo.security.jaas.LoginModuleControlFlag; import org.apache.geronimo.security.jaas.JaasLoginModuleChain; -import org.apache.geronimo.security.jaas.server.JaasLoginServiceMBean; +import org.apache.geronimo.security.jaas.JaasLoginModuleUse; +import org.apache.geronimo.security.jaas.SubjectRegistrationLoginModule; import org.apache.geronimo.system.serverinfo.ServerInfo; @@ -61,40 +58,34 @@ */ public class GenericSecurityRealm implements SecurityRealm, ConfigurationEntryFactory { - private final JaasLoginServiceMBean loginService; private final String realmName; - private JaasLoginModuleConfiguration[] config; - private final Kernel kernel; + private AppConfigurationEntry[] config; private String[] domains; - private final boolean restrictPrincipalsToServer; private final boolean wrapPrincipals; private final JaasLoginModuleUse loginModuleUse; public GenericSecurityRealm(String realmName, - JaasLoginModuleUse loginModuleUse, - boolean restrictPrincipalsToServer, - boolean wrapPrincipals, - ServerInfo serverInfo, - ClassLoader classLoader, - Kernel kernel, - JaasLoginServiceMBean loginService) { + JaasLoginModuleUse loginModuleUse, + boolean wrapPrincipals, + ServerInfo serverInfo, + ClassLoader classLoader, + Kernel kernel + ) throws ClassNotFoundException { this.realmName = realmName; - this.kernel = kernel; - this.restrictPrincipalsToServer = restrictPrincipalsToServer; this.wrapPrincipals = wrapPrincipals; - this.loginService = loginService; this.loginModuleUse = loginModuleUse; - Set domainNames = new HashSet(); - List loginModuleConfigurations = new ArrayList(); + Set domainNames = new HashSet(); + List loginModuleConfigurations = new ArrayList(); if (loginModuleUse != null) { - loginModuleUse.configure(domainNames, loginModuleConfigurations, kernel, serverInfo, classLoader); + loginModuleUse.configure(domainNames, loginModuleConfigurations, realmName, kernel, serverInfo, classLoader); + loginModuleConfigurations.add(new AppConfigurationEntry(SubjectRegistrationLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, Collections.emptyMap())); } - domains = (String[]) domainNames.toArray(new String[domainNames.size()]); - config = (JaasLoginModuleConfiguration[]) loginModuleConfigurations.toArray(new JaasLoginModuleConfiguration[loginModuleConfigurations.size()]); + domains = domainNames.toArray(new String[domainNames.size()]); + config = loginModuleConfigurations.toArray(new AppConfigurationEntry[loginModuleConfigurations.size()]); } @@ -102,7 +93,7 @@ return realmName; } - public JaasLoginModuleConfiguration[] getAppConfigurationEntries() { + public AppConfigurationEntry[] getAppConfigurationEntries() { return config; } @@ -121,16 +112,6 @@ } /** - * A GBean property. If set to true, the login service will not return - * principals generated by this realm to clients. If set to false (the - * default), the client will get a copy of all principals (except realm - * principals generated strictly for use within Geronimo). - */ - public boolean isRestrictPrincipalsToServer() { - return restrictPrincipalsToServer; - } - - /** * If this attribute is true, then the principals will be wrapped in * realm principals. */ @@ -142,24 +123,6 @@ return realmName; } - public JaasLoginModuleConfiguration generateConfiguration() { - Map options = new HashMap(); - options.put(JaasLoginCoordinator.OPTION_REALM, realmName); - if (kernel != null) { - options.put(JaasLoginCoordinator.OPTION_KERNEL, kernel.getKernelName()); - if (loginService != null) { - options.put(JaasLoginCoordinator.OPTION_SERVICENAME, loginService.getObjectName()); - } - } else { - if (loginService != null) { - //this can be used for testing without a kernel. - options.put(JaasLoginCoordinator.OPTION_SERVICE_INSTANCE, loginService); - } - } - - return new JaasLoginModuleConfiguration(JaasLoginCoordinator.class.getName(), LoginModuleControlFlag.REQUIRED, options, true, realmName, wrapPrincipals, JaasLoginCoordinator.class.getClassLoader()); - } - public static final GBeanInfo GBEAN_INFO; static { @@ -171,23 +134,17 @@ infoFactory.addAttribute("kernel", Kernel.class, false); infoFactory.addAttribute("classLoader", ClassLoader.class, false); infoFactory.addAttribute("deploymentSupport", Properties.class, true); - infoFactory.addAttribute("restrictPrincipalsToServer", boolean.class, true); infoFactory.addAttribute("wrapPrincipals", boolean.class, true); infoFactory.addReference("LoginModuleConfiguration", JaasLoginModuleUse.class, "LoginModuleUse"); infoFactory.addReference("ServerInfo", ServerInfo.class, NameFactory.GERONIMO_SERVICE); - infoFactory.addReference("LoginService", JaasLoginServiceMBean.class, "JaasLoginService"); - - infoFactory.addOperation("getAppConfigurationEntries", new Class[0]); infoFactory.setConstructor(new String[]{"realmName", "LoginModuleConfiguration", - "restrictPrincipalsToServer", "wrapPrincipals", "ServerInfo", "classLoader", - "kernel", - "LoginService"}); + "kernel"}); GBEAN_INFO = infoFactory.getBeanInfo(); } Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/SecurityRealm.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/SecurityRealm.java?view=diff&rev=554977&r1=554976&r2=554977 ============================================================================== --- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/SecurityRealm.java (original) +++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/SecurityRealm.java Tue Jul 10 08:32:56 2007 @@ -17,7 +17,6 @@ package org.apache.geronimo.security.realm; -import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration; import org.apache.geronimo.security.jaas.JaasLoginModuleChain; @@ -25,21 +24,6 @@ * @version $Rev$ $Date$ */ public interface SecurityRealm extends org.apache.geronimo.management.geronimo.SecurityRealm { - - static final String BASE_OBJECT_NAME = "geronimo.security:type=SecurityRealm"; - - /** - * Gets the JAAS configuration for this security realm. - */ - public JaasLoginModuleConfiguration[] getAppConfigurationEntries(); - - /** - * If this attribute is true, the login service will not return - * principals generated by this realm to clients. If set to false (the - * default), the client will get a copy of all principals (except realm - * principals generated strictly for use within Geronimo). - */ - public boolean isRestrictPrincipalsToServer(); /** * If this attribute is true, then the principals will be wrapped in Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/AbstractTest.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/AbstractTest.java?view=diff&rev=554977&r1=554976&r2=554977 ============================================================================== --- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/AbstractTest.java (original) +++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/AbstractTest.java Tue Jul 10 08:32:56 2007 @@ -17,36 +17,30 @@ package org.apache.geronimo.security; -import org.apache.geronimo.testsupport.TestSupport; +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import javax.management.MalformedObjectNameException; +import javax.management.ObjectName; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.geronimo.gbean.AbstractName; +import org.apache.geronimo.gbean.AbstractNameQuery; import org.apache.geronimo.gbean.GBeanData; import org.apache.geronimo.gbean.GBeanInfo; -import org.apache.geronimo.gbean.AbstractNameQuery; import org.apache.geronimo.kernel.Kernel; import org.apache.geronimo.kernel.KernelFactory; import org.apache.geronimo.kernel.repository.Artifact; -import org.apache.geronimo.security.jaas.JaasLoginModuleUse; -import org.apache.geronimo.security.jaas.LoginModuleGBean; -import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration; import org.apache.geronimo.security.jaas.ConfigurationEntryFactory; -import org.apache.geronimo.security.jaas.server.JaasLoginService; -import org.apache.geronimo.security.realm.GenericSecurityRealm; -import org.apache.geronimo.security.realm.SecurityRealm; -import org.apache.geronimo.security.remoting.jmx.JaasLoginServiceRemotingServer; +import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration; import org.apache.geronimo.system.serverinfo.BasicServerInfo; import org.apache.geronimo.system.serverinfo.ServerInfo; - -import javax.management.MalformedObjectNameException; -import javax.management.ObjectName; -import javax.security.auth.callback.Callback; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.callback.NameCallback; -import javax.security.auth.callback.PasswordCallback; -import javax.security.auth.callback.UnsupportedCallbackException; -import java.io.IOException; -import java.util.HashMap; -import java.util.Map; +import org.apache.geronimo.testsupport.TestSupport; /** @@ -55,15 +49,13 @@ public abstract class AbstractTest extends TestSupport { protected Kernel kernel; protected AbstractName serverInfo; - protected AbstractName loginService; protected AbstractName testLoginModule; protected AbstractName testRealm; - protected AbstractName serverStub; private static final String REALM_NAME = "test-realm"; protected boolean timeoutTest = false; - protected boolean needServerInfo = false; + protected boolean needServerInfo = true; protected AbstractName loginConfiguration; - protected boolean needLoginConfiguration; + protected boolean needLoginConfiguration = true; protected void setUp() throws Exception { kernel = KernelFactory.newInstance().createKernel("test.kernel"); @@ -80,68 +72,16 @@ kernel.startGBean(serverInfo); } if (needLoginConfiguration) { - gbean = buildGBeanData("new", "LoginConfiguration", GeronimoLoginConfiguration.getGBeanInfo()); + gbean = buildGBeanData("name", "LoginConfiguration", GeronimoLoginConfiguration.getGBeanInfo()); loginConfiguration = gbean.getAbstractName(); gbean.setReferencePattern("Configurations", new AbstractNameQuery(ConfigurationEntryFactory.class.getName())); kernel.loadGBean(gbean, GeronimoLoginConfiguration.class.getClassLoader()); + kernel.startGBean(loginConfiguration); } - gbean = buildGBeanData("name", "TestLoginService", JaasLoginService.getGBeanInfo()); - loginService = gbean.getAbstractName(); - gbean.setReferencePattern("Realms", new AbstractNameQuery(SecurityRealm.class.getName())); - if (timeoutTest) { - gbean.setAttribute("expiredLoginScanIntervalMillis", new Integer(50)); - gbean.setAttribute("maxLoginDurationMillis", new Integer(5000)); - } - gbean.setAttribute("algorithm", "HmacSHA1"); - gbean.setAttribute("password", "secret"); - kernel.loadGBean(gbean, JaasLoginService.class.getClassLoader()); - - gbean = buildGBeanData("name", "TestLoginModule", LoginModuleGBean.getGBeanInfo()); - testLoginModule = gbean.getAbstractName(); - gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.bridge.TestLoginModule"); - gbean.setAttribute("serverSide", Boolean.TRUE); - gbean.setAttribute("loginDomainName", "TestLoginDomain"); - kernel.loadGBean(gbean, LoginModuleGBean.class.getClassLoader()); - - gbean = buildGBeanData("name", "TestLoginModuleUse", JaasLoginModuleUse.getGBeanInfo()); - AbstractName testUseName = gbean.getAbstractName(); - gbean.setAttribute("controlFlag", "REQUIRED"); - gbean.setReferencePattern("LoginModule", testLoginModule); - kernel.loadGBean(gbean, JaasLoginModuleUse.class.getClassLoader()); - - gbean = buildGBeanData("name", "SecurityRealm" + REALM_NAME, GenericSecurityRealm.getGBeanInfo()); - testRealm = gbean.getAbstractName(); - gbean.setAttribute("realmName", REALM_NAME); - gbean.setReferencePattern("LoginModuleConfiguration", testUseName); - gbean.setReferencePattern("LoginService", loginService); - kernel.loadGBean(gbean, GenericSecurityRealm.class.getClassLoader()); - - gbean = buildGBeanData("name", "JaasLoginServiceRemotingServer", JaasLoginServiceRemotingServer.getGBeanInfo()); - serverStub = gbean.getAbstractName(); - gbean.setAttribute("protocol", "tcp"); - gbean.setAttribute("host", "0.0.0.0"); - gbean.setAttribute("port", new Integer(4242)); - gbean.setReferencePattern("LoginService", loginService); - kernel.loadGBean(gbean, JaasLoginServiceRemotingServer.class.getClassLoader()); - - kernel.startGBean(loginService); - kernel.startGBean(testLoginModule); - kernel.startGBean(testUseName); - kernel.startGBean(testRealm); - kernel.startGBean(serverStub); } protected void tearDown() throws Exception { - kernel.stopGBean(serverStub); - kernel.stopGBean(testRealm); - kernel.stopGBean(loginService); - - kernel.unloadGBean(loginService); - kernel.unloadGBean(testRealm); - kernel.unloadGBean(testLoginModule); - kernel.unloadGBean(serverStub); - kernel.shutdown(); } Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImplTest.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImplTest.java?view=diff&rev=554977&r1=554976&r2=554977 ============================================================================== --- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImplTest.java (original) +++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/credentialstore/SimpleCredentialStoreImplTest.java Tue Jul 10 08:32:56 2007 @@ -20,26 +20,23 @@ package org.apache.geronimo.security.credentialstore; -import java.util.Properties; -import java.util.Map; -import java.util.HashMap; import java.io.File; +import java.util.HashMap; +import java.util.Map; -import javax.security.auth.callback.NameCallback; -import javax.security.auth.callback.PasswordCallback; import javax.security.auth.Subject; +import org.apache.geronimo.gbean.AbstractName; +import org.apache.geronimo.gbean.GBeanData; import org.apache.geronimo.security.AbstractTest; -import org.apache.geronimo.security.realm.GenericSecurityRealm; -import org.apache.geronimo.security.jaas.LoginModuleGBean; import org.apache.geronimo.security.jaas.DirectConfigurationEntry; -import org.apache.geronimo.security.jaas.LoginModuleControlFlag; import org.apache.geronimo.security.jaas.JaasLoginModuleUse; -import org.apache.geronimo.gbean.GBeanData; -import org.apache.geronimo.gbean.AbstractName; +import org.apache.geronimo.security.jaas.LoginModuleGBean; +import org.apache.geronimo.security.jaas.LoginModuleControlFlag; +import org.apache.geronimo.security.realm.GenericSecurityRealm; /** - * @version $Rev:$ $Date:$ + * @version $Rev$ $Date$ */ public class SimpleCredentialStoreImplTest extends AbstractTest { protected AbstractName clientLM; @@ -57,8 +54,7 @@ gbean = buildGBeanData("name", "ClientPropertiesLoginModule", LoginModuleGBean.getGBeanInfo()); clientLM = gbean.getAbstractName(); gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.jaas.client.JaasLoginCoordinator"); - gbean.setAttribute("serverSide", Boolean.TRUE); - Properties props = new Properties(); + Map props = new HashMap(); props.put("host", "localhost"); props.put("port", "4242"); props.put("realm", "properties-realm"); @@ -75,8 +71,7 @@ gbean = buildGBeanData("name", "PropertiesLoginModule", LoginModuleGBean.getGBeanInfo()); testCE = gbean.getAbstractName(); gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule"); - gbean.setAttribute("serverSide", Boolean.TRUE); - props = new Properties(); + props = new HashMap(); props.put("usersURI", new File(BASEDIR, "src/test/data/data/users.properties").toURI().toString()); props.put("groupsURI", new File(BASEDIR, "src/test/data/data/groups.properties").toURI().toString()); gbean.setAttribute("options", props); @@ -86,7 +81,7 @@ gbean = buildGBeanData("name", "PropertiesLoginModuleUse", JaasLoginModuleUse.getGBeanInfo()); AbstractName testUseName = gbean.getAbstractName(); - gbean.setAttribute("controlFlag", "REQUIRED"); + gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED); gbean.setReferencePattern("LoginModule", testCE); kernel.loadGBean(gbean, JaasLoginModuleUse.class.getClassLoader()); @@ -95,7 +90,6 @@ gbean.setAttribute("realmName", "properties-realm"); gbean.setReferencePattern("LoginModuleConfiguration", testUseName); gbean.setReferencePattern("ServerInfo", serverInfo); - gbean.setReferencePattern("LoginService", loginService); kernel.loadGBean(gbean, GenericSecurityRealm.class.getClassLoader()); kernel.startGBean(loginConfiguration); Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java?view=diff&rev=554977&r1=554976&r2=554977 ============================================================================== --- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java (original) +++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/ConfigurationEntryTest.java Tue Jul 10 08:32:56 2007 @@ -18,21 +18,19 @@ package org.apache.geronimo.security.jaas; import java.io.File; -import java.util.Properties; -import java.util.Set; -import java.util.Map; import java.util.HashMap; -import javax.management.ObjectName; +import java.util.Map; +import java.util.Set; + import javax.management.MalformedObjectNameException; +import javax.management.ObjectName; import javax.security.auth.Subject; import javax.security.auth.login.LoginContext; -import org.apache.geronimo.testsupport.TestSupport; - -import org.apache.geronimo.gbean.GBeanData; -import org.apache.geronimo.gbean.GBeanInfo; import org.apache.geronimo.gbean.AbstractName; import org.apache.geronimo.gbean.AbstractNameQuery; +import org.apache.geronimo.gbean.GBeanData; +import org.apache.geronimo.gbean.GBeanInfo; import org.apache.geronimo.kernel.Kernel; import org.apache.geronimo.kernel.KernelFactory; import org.apache.geronimo.kernel.repository.Artifact; @@ -40,12 +38,10 @@ import org.apache.geronimo.security.ContextManager; import org.apache.geronimo.security.IdentificationPrincipal; import org.apache.geronimo.security.RealmPrincipal; -import org.apache.geronimo.security.jaas.server.JaasLoginService; import org.apache.geronimo.security.realm.GenericSecurityRealm; -import org.apache.geronimo.security.realm.SecurityRealm; -import org.apache.geronimo.security.remoting.jmx.JaasLoginServiceRemotingServer; import org.apache.geronimo.system.serverinfo.BasicServerInfo; import org.apache.geronimo.system.serverinfo.ServerInfo; +import org.apache.geronimo.testsupport.TestSupport; /** @@ -56,13 +52,10 @@ protected Kernel kernel; protected AbstractName serverInfo; protected AbstractName loginConfiguration; - protected AbstractName loginService; - protected AbstractName clientCE; protected AbstractName testUPCred; protected AbstractName testCE; //audit lm protected AbstractName testProperties; //properties lm protected AbstractName testRealm; - protected AbstractName serverStub; public void test() throws Exception { File auditlog = new File(BASEDIR, "target/login-audit.log"); @@ -74,7 +67,7 @@ assertEquals("Audit file wasn't cleared", 0, auditlog.length()); // First try with explicit configuration entry - LoginContext context = new LoginContext("properties-client", new AbstractTest.UsernamePasswordCallback("alan", "starcraft")); + LoginContext context = new LoginContext("properties-realm", new AbstractTest.UsernamePasswordCallback("alan", "starcraft")); context.login(); Subject subject = context.getSubject(); @@ -148,26 +141,10 @@ gbean.setReferencePattern("Configurations", new AbstractNameQuery(ConfigurationEntryFactory.class.getName())); kernel.loadGBean(gbean, GeronimoLoginConfiguration.class.getClassLoader()); - gbean = buildGBeanData("name", "TestLoginService", JaasLoginService.getGBeanInfo()); - loginService = gbean.getAbstractName(); - gbean.setReferencePattern("Realms", new AbstractNameQuery((SecurityRealm.class.getName()))); - gbean.setAttribute("algorithm", "HmacSHA1"); - gbean.setAttribute("password", "secret"); - kernel.loadGBean(gbean, JaasLoginService.class.getClassLoader()); - - // TODO What is this? - gbean = buildGBeanData("name", "client-ConfigurationEntry", ServerRealmConfigurationEntry.getGBeanInfo()); - clientCE = gbean.getAbstractName(); - gbean.setAttribute("applicationConfigName", "properties-client"); - gbean.setAttribute("realmName", "properties-realm"); - gbean.setReferencePattern("LoginService", loginService); - kernel.loadGBean(gbean, ServerRealmConfigurationEntry.class.getClassLoader()); - gbean = buildGBeanData("name", "PropertiesLoginModule", LoginModuleGBean.getGBeanInfo()); testProperties = gbean.getAbstractName(); gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule"); - gbean.setAttribute("serverSide", new Boolean(true)); - Properties props = new Properties(); + Map props = new HashMap(); props.put("usersURI", new File(BASEDIR, "src/test/data/data/users.properties").toURI().toString()); props.put("groupsURI", new File(BASEDIR, "src/test/data/data/groups.properties").toURI().toString()); gbean.setAttribute("options", props); @@ -178,35 +155,33 @@ gbean = buildGBeanData("name", "UPCredLoginModule", LoginModuleGBean.getGBeanInfo()); testUPCred = gbean.getAbstractName(); gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.jaas.UPCredentialLoginModule"); - gbean.setAttribute("serverSide", new Boolean(true)); - gbean.setAttribute("options", new Properties()); + gbean.setAttribute("options", new HashMap()); kernel.loadGBean(gbean, LoginModuleGBean.class.getClassLoader()); gbean = buildGBeanData ("name", "AuditLoginModule", LoginModuleGBean.getGBeanInfo()); testCE = gbean.getAbstractName(); gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.FileAuditLoginModule"); - gbean.setAttribute("serverSide", new Boolean(true)); - props = new Properties(); + props = new HashMap(); props.put("file", new File(BASEDIR, "target/login-audit.log").getPath()); gbean.setAttribute("options", props); kernel.loadGBean(gbean, LoginModuleGBean.class.getClassLoader()); gbean = buildGBeanData("name", "UPCredLoginModuleUse", JaasLoginModuleUse.getGBeanInfo()); AbstractName testUseName3 = gbean.getAbstractName(); - gbean.setAttribute("controlFlag", "REQUIRED"); + gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED); gbean.setReferencePattern("LoginModule", testUPCred); kernel.loadGBean(gbean, JaasLoginModuleUse.class.getClassLoader()); gbean = buildGBeanData("name", "AuditLoginModuleUse", JaasLoginModuleUse.getGBeanInfo()); AbstractName testUseName2 = gbean.getAbstractName(); - gbean.setAttribute("controlFlag", "REQUIRED"); + gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED); gbean.setReferencePattern("LoginModule", testCE); gbean.setReferencePattern("Next", testUseName3); kernel.loadGBean(gbean, JaasLoginModuleUse.class.getClassLoader()); gbean = buildGBeanData("name", "PropertiesLoginModuleUse", JaasLoginModuleUse.getGBeanInfo()); AbstractName testUseName1 = gbean.getAbstractName(); - gbean.setAttribute("controlFlag", "REQUIRED"); + gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED); gbean.setReferencePattern("LoginModule", testProperties); gbean.setReferencePattern("Next", testUseName2); kernel.loadGBean(gbean, JaasLoginModuleUse.class.getClassLoader()); @@ -216,20 +191,9 @@ gbean.setAttribute("realmName", "properties-realm"); gbean.setReferencePattern("LoginModuleConfiguration", testUseName1); gbean.setReferencePattern("ServerInfo", serverInfo); - gbean.setReferencePattern("LoginService", loginService); kernel.loadGBean(gbean, GenericSecurityRealm.class.getClassLoader()); - gbean = buildGBeanData("name", "JaasLoginServiceRemotingServer", JaasLoginServiceRemotingServer.getGBeanInfo()); - serverStub = gbean.getAbstractName(); - gbean.setAttribute("protocol", "tcp"); - gbean.setAttribute("host", "0.0.0.0"); - gbean.setAttribute("port", new Integer(4242)); - gbean.setReferencePattern("LoginService", loginService); - kernel.loadGBean(gbean, JaasLoginServiceRemotingServer.class.getClassLoader()); - kernel.startGBean(loginConfiguration); - kernel.startGBean(loginService); - kernel.startGBean(clientCE); kernel.startGBean(testCE); kernel.startGBean(testProperties); kernel.startGBean(testUPCred); @@ -237,25 +201,18 @@ kernel.startGBean(testUseName2); kernel.startGBean(testUseName1); kernel.startGBean(testRealm); - kernel.startGBean(serverStub); } protected void tearDown() throws Exception { - kernel.stopGBean(serverStub); kernel.stopGBean(testRealm); kernel.stopGBean(testUPCred); kernel.stopGBean(testCE); - kernel.stopGBean(clientCE); - kernel.stopGBean(loginService); kernel.stopGBean(loginConfiguration); kernel.stopGBean(serverInfo); - kernel.unloadGBean(loginService); kernel.unloadGBean(testCE); kernel.unloadGBean(testUPCred); kernel.unloadGBean(testRealm); - kernel.unloadGBean(clientCE); - kernel.unloadGBean(serverStub); kernel.unloadGBean(loginConfiguration); kernel.unloadGBean(serverInfo); Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java?view=diff&rev=554977&r1=554976&r2=554977 ============================================================================== --- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java (original) +++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginKerberosNonGeronimoTest.java Tue Jul 10 08:32:56 2007 @@ -17,18 +17,18 @@ package org.apache.geronimo.security.jaas; +import java.util.Properties; + +import javax.security.auth.Subject; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; + import org.apache.geronimo.gbean.AbstractName; import org.apache.geronimo.gbean.GBeanData; -import org.apache.geronimo.gbean.AbstractNameQuery; import org.apache.geronimo.security.AbstractTest; import org.apache.geronimo.security.ContextManager; import org.apache.geronimo.security.RealmPrincipal; -import javax.security.auth.Subject; -import javax.security.auth.login.LoginContext; -import javax.security.auth.login.LoginException; -import java.util.Properties; - /** * An example of how to setup non-Geronimo login modules when the @@ -59,7 +59,6 @@ gbean = buildGBeanData("name", "KerberosLoginModule", LoginModuleGBean.getGBeanInfo()); kerberosLM = gbean.getAbstractName(); gbean.setAttribute("loginModuleClass", "com.sun.security.auth.module.Krb5LoginModule"); - gbean.setAttribute("serverSide", Boolean.TRUE); // normally not, but in this case, it's treated as server-side Properties props = new Properties(); props.put("debug", "true"); props.put("useTicketCache", "true"); Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginKerberosTest.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginKerberosTest.java?view=diff&rev=554977&r1=554976&r2=554977 ============================================================================== --- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginKerberosTest.java (original) +++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginKerberosTest.java Tue Jul 10 08:32:56 2007 @@ -17,6 +17,13 @@ package org.apache.geronimo.security.jaas; +import java.util.Properties; + +import javax.security.auth.Subject; +import javax.security.auth.kerberos.KerberosPrincipal; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; + import org.apache.geronimo.gbean.AbstractName; import org.apache.geronimo.gbean.GBeanData; import org.apache.geronimo.security.AbstractTest; @@ -25,12 +32,6 @@ import org.apache.geronimo.security.RealmPrincipal; import org.apache.geronimo.security.realm.GenericSecurityRealm; -import javax.security.auth.Subject; -import javax.security.auth.kerberos.KerberosPrincipal; -import javax.security.auth.login.LoginContext; -import javax.security.auth.login.LoginException; -import java.util.Properties; - /** * @version $Rev$ $Date$ @@ -46,7 +47,6 @@ GBeanData gbean = buildGBeanData("name", "KerberosLoginModule", LoginModuleGBean.getGBeanInfo()); kerberosLM = gbean.getAbstractName(); gbean.setAttribute("loginModuleClass", "com.sun.security.auth.module.Krb5LoginModule"); - gbean.setAttribute("serverSide", Boolean.TRUE); // normally not, but in this case, it's treated as server-side Properties props = new Properties(); props.put("debug", "true"); props.put("useTicketCache", "true"); @@ -56,7 +56,7 @@ gbean = buildGBeanData("name", "KerberosLoginModuleUse", JaasLoginModuleUse.getGBeanInfo()); AbstractName testUseName = gbean.getAbstractName(); - gbean.setAttribute("controlFlag", "REQUIRED"); + gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED); gbean.setReferencePattern("LoginModule", kerberosLM); kernel.loadGBean(gbean, JaasLoginModuleUse.class.getClassLoader()); @@ -81,7 +81,7 @@ public void testLogin() throws Exception { try { - LoginContext context = new LoginContext("kerberos-local"); + LoginContext context = new LoginContext("TOOLAZYDOGS.COM"); context.login(); Subject subject = context.getSubject(); Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java?view=diff&rev=554977&r1=554976&r2=554977 ============================================================================== --- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java (original) +++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginPropertiesFileTest.java Tue Jul 10 08:32:56 2007 @@ -17,6 +17,14 @@ package org.apache.geronimo.security.jaas; +import java.io.File; +import java.util.HashMap; +import java.util.Map; + +import javax.security.auth.Subject; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; + import org.apache.geronimo.gbean.AbstractName; import org.apache.geronimo.gbean.GBeanData; import org.apache.geronimo.security.AbstractTest; @@ -26,18 +34,11 @@ import org.apache.geronimo.security.RealmPrincipal; import org.apache.geronimo.security.realm.GenericSecurityRealm; -import javax.security.auth.Subject; -import javax.security.auth.login.LoginContext; -import javax.security.auth.login.LoginException; -import java.io.File; -import java.util.Properties; - /** * @version $Rev$ $Date$ */ public class LoginPropertiesFileTest extends AbstractTest { - protected AbstractName clientLM; protected AbstractName clientCE; protected AbstractName testCE; protected AbstractName testRealm; @@ -49,29 +50,10 @@ GBeanData gbean; - gbean = buildGBeanData("name", "ClientPropertiesLoginModule", LoginModuleGBean.getGBeanInfo()); - clientLM = gbean.getAbstractName(); - gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.jaas.client.JaasLoginCoordinator"); - gbean.setAttribute("serverSide", Boolean.FALSE); - Properties props = new Properties(); - props.put("host", "localhost"); - props.put("port", "4242"); - props.put("realm", "properties-realm"); - gbean.setAttribute("options", props); - kernel.loadGBean(gbean, LoginModuleGBean.class.getClassLoader()); - - gbean = buildGBeanData("name", "ClientConfigurationEntry", DirectConfigurationEntry.getGBeanInfo()); - clientCE = gbean.getAbstractName(); - gbean.setAttribute("applicationConfigName", "properties-client"); - gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED); - gbean.setReferencePattern("Module", clientLM); - kernel.loadGBean(gbean, DirectConfigurationEntry.class.getClassLoader()); - gbean = buildGBeanData("name", "PropertiesLoginModule", LoginModuleGBean.getGBeanInfo()); testCE = gbean.getAbstractName(); gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule"); - gbean.setAttribute("serverSide", Boolean.TRUE); - props = new Properties(); + Map props = new HashMap(); props.put("usersURI", new File(BASEDIR, "src/test/data/data/users.properties").toURI().toString()); props.put("groupsURI", new File(BASEDIR, "src/test/data/data/groups.properties").toURI().toString()); gbean.setAttribute("options", props); @@ -81,38 +63,32 @@ gbean = buildGBeanData("name", "PropertiesLoginModuleUse", JaasLoginModuleUse.getGBeanInfo()); AbstractName testUseName = gbean.getAbstractName(); - gbean.setAttribute("controlFlag", "REQUIRED"); + gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED); gbean.setReferencePattern("LoginModule", testCE); kernel.loadGBean(gbean, JaasLoginModuleUse.class.getClassLoader()); gbean = buildGBeanData("name", "PropertiesSecurityRealm", GenericSecurityRealm.getGBeanInfo()); testRealm = gbean.getAbstractName(); gbean.setAttribute("realmName", "properties-realm"); + gbean.setAttribute("wrapPrincipals", Boolean.TRUE); gbean.setReferencePattern("LoginModuleConfiguration", testUseName); gbean.setReferencePattern("ServerInfo", serverInfo); - gbean.setReferencePattern("LoginService", loginService); kernel.loadGBean(gbean, GenericSecurityRealm.class.getClassLoader()); kernel.startGBean(loginConfiguration); - kernel.startGBean(clientLM); - kernel.startGBean(clientCE); - kernel.startGBean(testUseName); kernel.startGBean(testCE); + kernel.startGBean(testUseName); kernel.startGBean(testRealm); } public void tearDown() throws Exception { kernel.stopGBean(testRealm); kernel.stopGBean(testCE); - kernel.stopGBean(clientCE); - kernel.stopGBean(clientLM); kernel.stopGBean(loginConfiguration); kernel.stopGBean(serverInfo); kernel.unloadGBean(testCE); kernel.unloadGBean(testRealm); - kernel.unloadGBean(clientCE); - kernel.unloadGBean(clientLM); kernel.unloadGBean(loginConfiguration); kernel.unloadGBean(serverInfo); @@ -121,14 +97,14 @@ public void testLogin() throws Exception { - LoginContext context = new LoginContext("properties-client", new AbstractTest.UsernamePasswordCallback("alan", "starcraft")); + LoginContext context = new LoginContext("properties-realm", new AbstractTest.UsernamePasswordCallback("alan", "starcraft")); context.login(); Subject subject = context.getSubject(); assertTrue("expected non-null subject", subject != null); assertTrue("subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1); - IdentificationPrincipal remote = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next(); + IdentificationPrincipal remote = subject.getPrincipals(IdentificationPrincipal.class).iterator().next(); assertTrue("subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null); assertEquals("subject should have seven principals (" + subject.getPrincipals().size() + ")", 7, subject.getPrincipals().size()); assertEquals("subject should have 2 realm principals (" + subject.getPrincipals(RealmPrincipal.class).size() + ")", 2, subject.getPrincipals(RealmPrincipal.class).size()); @@ -138,7 +114,7 @@ assertTrue("expected non-null subject", subject != null); assertTrue("subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1); - remote = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next(); + remote = subject.getPrincipals(IdentificationPrincipal.class).iterator().next(); assertTrue("subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null); assertEquals("subject should have seven principals (" + subject.getPrincipals().size() + ")", 7, subject.getPrincipals().size()); assertEquals("subject should have 2 realm principals (" + subject.getPrincipals(RealmPrincipal.class).size() + ")", 2, subject.getPrincipals(RealmPrincipal.class).size()); @@ -150,7 +126,7 @@ } public void testNullUserLogin() throws Exception { - LoginContext context = new LoginContext("properties-client", new UsernamePasswordCallback(null, "starcraft")); + LoginContext context = new LoginContext("properties-realm", new UsernamePasswordCallback(null, "starcraft")); try { context.login(); @@ -160,7 +136,7 @@ } public void testBadUserLogin() throws Exception { - LoginContext context = new LoginContext("properties-client", new UsernamePasswordCallback("bad", "starcraft")); + LoginContext context = new LoginContext("properties-realm", new UsernamePasswordCallback("bad", "starcraft")); try { context.login(); @@ -170,7 +146,7 @@ } public void testNullPasswordLogin() throws Exception { - LoginContext context = new LoginContext("properties-client", new UsernamePasswordCallback("alan", null)); + LoginContext context = new LoginContext("properties-realm", new UsernamePasswordCallback("alan", null)); try { context.login(); @@ -180,7 +156,7 @@ } public void testBadPasswordLogin() throws Exception { - LoginContext context = new LoginContext("properties-client", new UsernamePasswordCallback("alan", "bad")); + LoginContext context = new LoginContext("properties-realm", new UsernamePasswordCallback("alan", "bad")); try { context.login(); Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java?view=diff&rev=554977&r1=554976&r2=554977 ============================================================================== --- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java (original) +++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java Tue Jul 10 08:32:56 2007 @@ -17,6 +17,17 @@ package org.apache.geronimo.security.jaas; +import java.io.File; +import java.sql.Connection; +import java.sql.DriverManager; +import java.sql.SQLException; +import java.util.HashMap; +import java.util.Map; + +import javax.security.auth.Subject; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; + import org.apache.geronimo.gbean.AbstractName; import org.apache.geronimo.gbean.GBeanData; import org.apache.geronimo.security.AbstractTest; @@ -26,15 +37,6 @@ import org.apache.geronimo.security.RealmPrincipal; import org.apache.geronimo.security.realm.GenericSecurityRealm; -import javax.security.auth.Subject; -import javax.security.auth.login.LoginContext; -import javax.security.auth.login.LoginException; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.SQLException; -import java.util.Properties; -import java.io.File; - /** * @version $Rev$ $Date$ @@ -86,8 +88,7 @@ GBeanData gbean = buildGBeanData("name", "SQLLoginModule", LoginModuleGBean.getGBeanInfo()); sqlModule = gbean.getAbstractName(); gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.SQLLoginModule"); - gbean.setAttribute("serverSide", new Boolean(true)); - Properties props = new Properties(); + Map props = new HashMap(); props.put("jdbcURL", hsqldbURL); props.put("jdbcDriver", "org.hsqldb.jdbcDriver"); props.put("jdbcUser", "loginmodule"); @@ -102,7 +103,7 @@ gbean = buildGBeanData("name", "SQLLoginModuleUse", JaasLoginModuleUse.getGBeanInfo()); AbstractName testUseName = gbean.getAbstractName(); - gbean.setAttribute("controlFlag", "REQUIRED"); + gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED); gbean.setReferencePattern("LoginModule", sqlModule); kernel.loadGBean(gbean, JaasLoginModuleUse.class.getClassLoader()); kernel.startGBean(testUseName); @@ -111,7 +112,6 @@ sqlRealm = gbean.getAbstractName(); gbean.setAttribute("realmName", "sql-realm"); gbean.setReferencePattern("LoginModuleConfiguration", testUseName); - gbean.setReferencePattern("LoginService", loginService); kernel.loadGBean(gbean, GenericSecurityRealm.class.getClassLoader()); kernel.startGBean(sqlRealm); @@ -139,7 +139,7 @@ } public void testLogin() throws Exception { - LoginContext context = new LoginContext("sql", new UsernamePasswordCallback("alan", "starcraft")); + LoginContext context = new LoginContext("sql-realm", new UsernamePasswordCallback("alan", "starcraft")); context.login(); Subject subject = context.getSubject(); @@ -151,14 +151,14 @@ assertEquals("server-side subject should have two realm principals", 2, subject.getPrincipals(RealmPrincipal.class).size()); assertEquals("server-side subject should have two domain principals", 2, subject.getPrincipals(DomainPrincipal.class).size()); assertEquals("server-side subject should have one remote principal", 1, subject.getPrincipals(IdentificationPrincipal.class).size()); - IdentificationPrincipal principal = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next(); - assertTrue("id of principal should be non-zero", principal.getId().getSubjectId().longValue() != 0); + IdentificationPrincipal principal = subject.getPrincipals(IdentificationPrincipal.class).iterator().next(); + assertTrue("id of principal should be non-zero", principal.getId().getSubjectId() != 0); context.logout(); } public void testNullUserLogin() throws Exception { - LoginContext context = new LoginContext("sql", new UsernamePasswordCallback(null, "starcraft")); + LoginContext context = new LoginContext("sql-realm", new UsernamePasswordCallback(null, "starcraft")); try { context.login(); @@ -168,7 +168,7 @@ } public void testNullPasswordLogin() throws Exception { - LoginContext context = new LoginContext("sql", new UsernamePasswordCallback("alan", null)); + LoginContext context = new LoginContext("sql-realm", new UsernamePasswordCallback("alan", null)); try { context.login(); Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/NoLoginModuleReuseTest.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/NoLoginModuleReuseTest.java?view=diff&rev=554977&r1=554976&r2=554977 ============================================================================== --- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/NoLoginModuleReuseTest.java (original) +++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/NoLoginModuleReuseTest.java Tue Jul 10 08:32:56 2007 @@ -16,18 +16,23 @@ */ package org.apache.geronimo.security.jaas; +import java.io.IOException; +import java.util.Collections; import java.util.HashMap; import java.util.Map; + import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.login.Configuration; +import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; import junit.framework.TestCase; - +import org.apache.geronimo.security.realm.GenericSecurityRealm; import org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal; -import org.apache.geronimo.security.jaas.server.JaasSecuritySession; -import org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration; /** @@ -36,17 +41,35 @@ public class NoLoginModuleReuseTest extends TestCase { public void testNoLoginModuleReuse() throws Exception { - JaasLoginModuleConfiguration m1 = new JaasLoginModuleConfiguration(MockLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, new HashMap(), true, "D1", true, MockLoginModule.class.getClassLoader()); - doSecurityContextLogin(m1); - doSecurityContextLogin(m1); + doTest(true, "realm1"); + doTest(false, "realm2"); + } + + private void doTest(boolean wrapPrincipals, String realmName) throws ClassNotFoundException, LoginException { + LoginModuleGBean module = new LoginModuleGBean(MockLoginModule.class.getName(), "foo", true, new HashMap(), "domain", getClass().getClassLoader()); + JaasLoginModuleUse loginModuleUse = new JaasLoginModuleUse(module, null, LoginModuleControlFlag.REQUIRED); + GenericSecurityRealm realm = new GenericSecurityRealm(realmName, + loginModuleUse, + wrapPrincipals, + null, + getClass().getClassLoader(), + null); + GeronimoLoginConfiguration loginConfig = new GeronimoLoginConfiguration(); + loginConfig.setConfigurations(Collections.singleton(realm)); + doLogin(loginConfig, realmName); + doLogin(loginConfig, realmName); } - private void doSecurityContextLogin(JaasLoginModuleConfiguration m1) throws LoginException { - JaasSecuritySession c = new JaasSecuritySession("realm", new JaasLoginModuleConfiguration[] {m1}, new HashMap(), this.getClass().getClassLoader()); - Subject s = c.getSubject(); - c.getLoginModule(0).initialize(s, null, null, null); - c.getLoginModule(0).login(); - c.getLoginModule(0).commit(); + private void doLogin(Configuration config, String realm) throws LoginException { + LoginContext lc = new LoginContext(realm, + new Subject(), + new CallbackHandler() { + + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + } + }, + config); + lc.login(); } public static class MockLoginModule implements LoginModule { Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/TimeoutTest.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/TimeoutTest.java?view=diff&rev=554977&r1=554976&r2=554977 ============================================================================== --- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/TimeoutTest.java (original) +++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/TimeoutTest.java Tue Jul 10 08:32:56 2007 @@ -17,6 +17,14 @@ package org.apache.geronimo.security.jaas; +import java.io.File; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + +import javax.security.auth.Subject; +import javax.security.auth.login.LoginContext; + import org.apache.geronimo.gbean.AbstractName; import org.apache.geronimo.gbean.GBeanData; import org.apache.geronimo.security.AbstractTest; @@ -26,12 +34,6 @@ import org.apache.geronimo.security.RealmPrincipal; import org.apache.geronimo.security.realm.GenericSecurityRealm; -import javax.security.auth.Subject; -import javax.security.auth.login.LoginContext; -import java.io.File; -import java.util.Properties; -import java.util.Set; - /** * @version $Rev$ $Date$ @@ -56,8 +58,7 @@ gbean = buildGBeanData ("name", "PropertiesLoginModule", LoginModuleGBean.getGBeanInfo()); testCE = gbean.getAbstractName(); gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule"); - gbean.setAttribute("serverSide", Boolean.TRUE); - Properties props = new Properties(); + Map props = new HashMap(); props.put("usersURI", new File(BASEDIR, "src/test/data/data/users.properties").toURI().toString()); props.put("groupsURI", new File(BASEDIR, "src/test/data/data/groups.properties").toURI().toString()); gbean.setAttribute("options", props); @@ -67,7 +68,7 @@ gbean = buildGBeanData("name", "PropertiesLoginModuleUse", JaasLoginModuleUse.getGBeanInfo()); AbstractName testUseName = gbean.getAbstractName(); - gbean.setAttribute("controlFlag", "REQUIRED"); + gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED); gbean.setReferencePattern("LoginModule", testCE); kernel.loadGBean(gbean, JaasLoginModuleUse.class.getClassLoader()); @@ -76,30 +77,9 @@ gbean.setAttribute("realmName", "properties-realm"); gbean.setReferencePattern("LoginModuleConfiguration", testUseName); gbean.setReferencePattern("ServerInfo", serverInfo); - gbean.setReferencePattern("LoginService", loginService); kernel.loadGBean(gbean, GenericSecurityRealm.class.getClassLoader()); - gbean = buildGBeanData("name", "ClientPropertiesLoginModule", LoginModuleGBean.getGBeanInfo()); - clientLM = gbean.getAbstractName(); - gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.jaas.client.JaasLoginCoordinator"); - gbean.setAttribute("serverSide", Boolean.FALSE); - props = new Properties(); - props.put("host", "localhost"); - props.put("port", "4242"); - props.put("realm", "properties-realm"); - gbean.setAttribute("options", props); - kernel.loadGBean(gbean, LoginModuleGBean.class.getClassLoader()); - - gbean = buildGBeanData("name", "ClientConfigurationEntry", DirectConfigurationEntry.getGBeanInfo()); - clientCE = gbean.getAbstractName(); - gbean.setAttribute("applicationConfigName", "properties-client"); - gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED); - gbean.setReferencePattern("Module", clientLM); - kernel.loadGBean(gbean, DirectConfigurationEntry.class.getClassLoader()); - kernel.startGBean(loginConfiguration); - kernel.startGBean(clientLM); - kernel.startGBean(clientCE); kernel.startGBean(testCE); kernel.startGBean(testUseName); kernel.startGBean(testRealm); @@ -108,24 +88,14 @@ public void tearDown() throws Exception { kernel.stopGBean(testRealm); kernel.stopGBean(testCE); - kernel.stopGBean(clientCE); - kernel.stopGBean(clientLM); kernel.stopGBean(loginConfiguration); kernel.stopGBean(serverInfo); kernel.unloadGBean(testCE); kernel.unloadGBean(testRealm); - kernel.unloadGBean(clientCE); - kernel.unloadGBean(clientLM); kernel.unloadGBean(loginConfiguration); kernel.unloadGBean(serverInfo); - kernel.stopGBean(serverStub); - kernel.stopGBean(loginService); - - kernel.unloadGBean(loginService); - kernel.unloadGBean(serverStub); - kernel.shutdown(); } @@ -134,7 +104,7 @@ public void testTimeout() throws Exception { - LoginContext context = new LoginContext("properties-client", new AbstractTest.UsernamePasswordCallback("alan", "starcraft")); + LoginContext context = new LoginContext("properties-realm", new AbstractTest.UsernamePasswordCallback("alan", "starcraft")); context.login(); Subject subject = context.getSubject(); @@ -146,7 +116,7 @@ assertTrue("expected non-null server subject", subject != null); assertTrue("server subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1); - IdentificationPrincipal remote = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next(); + IdentificationPrincipal remote = subject.getPrincipals(IdentificationPrincipal.class).iterator().next(); assertTrue("server subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null); assertEquals("server-side subject should have seven principal", 7, subject.getPrincipals().size()); assertTrue("server subject should have two realm principal", subject.getPrincipals(RealmPrincipal.class).size() == 2); @@ -159,7 +129,7 @@ assertTrue("id of server subject should be non-null", ContextManager.getSubjectId(subject) != null); Thread.sleep(7000); // wait for timeout to kick in - - assertTrue("id of server subject should be null", ContextManager.getSubjectId(subject) == null); + //TODO figure out if we can time out logins! +// assertTrue("id of server subject should be null", ContextManager.getSubjectId(subject) == null); } } Modified: geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/AbstractWebModuleTest.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/AbstractWebModuleTest.java?view=diff&rev=554977&r1=554976&r2=554977 ============================================================================== --- geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/AbstractWebModuleTest.java (original) +++ geronimo/server/trunk/modules/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/AbstractWebModuleTest.java Tue Jul 10 08:32:56 2007 @@ -22,21 +22,19 @@ import java.util.Collections; import java.util.HashMap; import java.util.Map; -import java.util.Properties; import javax.transaction.TransactionManager; -import org.apache.geronimo.testsupport.TestSupport; - import org.apache.geronimo.connector.outbound.connectiontracking.ConnectionTrackingCoordinator; import org.apache.geronimo.connector.outbound.connectiontracking.GeronimoTransactionListener; import org.apache.geronimo.security.SecurityServiceImpl; import org.apache.geronimo.security.credentialstore.CredentialStore; import org.apache.geronimo.security.deploy.PrincipalInfo; +import org.apache.geronimo.security.jaas.ConfigurationEntryFactory; import org.apache.geronimo.security.jaas.GeronimoLoginConfiguration; import org.apache.geronimo.security.jaas.JaasLoginModuleUse; +import org.apache.geronimo.security.jaas.LoginModuleControlFlag; import org.apache.geronimo.security.jaas.LoginModuleGBean; -import org.apache.geronimo.security.jaas.server.JaasLoginService; import org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager; import org.apache.geronimo.security.jacc.ApplicationPrincipalRoleConfigurationManager; import org.apache.geronimo.security.jacc.ComponentPermissions; @@ -45,6 +43,7 @@ import org.apache.geronimo.security.realm.GenericSecurityRealm; import org.apache.geronimo.system.serverinfo.BasicServerInfo; import org.apache.geronimo.system.serverinfo.ServerInfo; +import org.apache.geronimo.testsupport.TestSupport; import org.apache.geronimo.tomcat.util.SecurityHolder; import org.apache.geronimo.transaction.manager.TransactionManagerImpl; @@ -121,25 +120,20 @@ new SecurityServiceImpl(cl, serverInfo, "org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory", "org.apache.geronimo.security.jacc.GeronimoPolicy", null, null, null, null); - Properties options = new Properties(); - options.setProperty("usersURI", new File(BASEDIR, "src/test/resources/data/users.properties").toURI().toString()); - options.setProperty("groupsURI", new File(BASEDIR, "src/test/resources/data/groups.properties").toURI().toString()); + Map options = new HashMap(); + options.put("usersURI", new File(BASEDIR, "src/test/resources/data/users.properties").toURI().toString()); + options.put("groupsURI", new File(BASEDIR, "src/test/resources/data/groups.properties").toURI().toString()); - LoginModuleGBean loginModule = new LoginModuleGBean("org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule", null, true, true, options, domainName, cl); + LoginModuleGBean loginModule = new LoginModuleGBean("org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule", null, true, options, domainName, cl); - JaasLoginModuleUse loginModuleUse = new JaasLoginModuleUse(loginModule, null, "REQUIRED", null); - - JaasLoginService loginService = new JaasLoginService("HmacSHA1", "secret", cl, null); + JaasLoginModuleUse loginModuleUse = new JaasLoginModuleUse(loginModule, null, LoginModuleControlFlag.REQUIRED); PrincipalInfo.PrincipalEditor principalEditor = new PrincipalInfo.PrincipalEditor(); principalEditor.setAsText("metro,org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"); - GenericSecurityRealm realm = new GenericSecurityRealm(domainName, loginModuleUse, true, true, serverInfo, cl, null, loginService); - - loginService.setRealms(Collections.singleton(realm)); - loginService.doStart(); + GenericSecurityRealm realm = new GenericSecurityRealm(domainName, loginModuleUse, true, serverInfo, cl, null); loginConfiguration = new GeronimoLoginConfiguration(); - loginConfiguration.setConfigurations(Collections.singleton(realm)); + loginConfiguration.setConfigurations(Collections.singleton(realm)); loginConfiguration.doStart(); }