geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vamsic...@apache.org
Subject svn commit: r597752 - in /geronimo/server: branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/ branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/ trunk/framework/modules/geronimo-...
Date Fri, 23 Nov 2007 22:52:39 GMT
Author: vamsic007
Date: Fri Nov 23 14:52:38 2007
New Revision: 597752

URL: http://svn.apache.org/viewvc?rev=597752&view=rev
Log:
GERONIMO-3626 Review NamedUPCredentialLoginModule
o logout() should remove credentials from the subject.  Added a test for the same.
o logout() should destroy credentials when the subject is read-only.
o Changes to bring NamedUPCredentialLoginModule in line with http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASLMDevGuide.html

Added:
    geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginNamedUPCredentialTest.java
  (with props)
    geronimo/server/trunk/framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginNamedUPCredentialTest.java
  (with props)
Modified:
    geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/NamedUPCredentialLoginModule.java
    geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/NamedUPCredentialLoginModule.java

Modified: geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/NamedUPCredentialLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/NamedUPCredentialLoginModule.java?rev=597752&r1=597751&r2=597752&view=diff
==============================================================================
--- geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/NamedUPCredentialLoginModule.java
(original)
+++ geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/NamedUPCredentialLoginModule.java
Fri Nov 23 14:52:38 2007
@@ -104,11 +104,10 @@
 
         if (nupCredential == null) return false;
 
-        Set pvtCreds = subject.getPrivateCredentials(NamedUsernamePasswordCredential.class);
-        if (pvtCreds.contains(nupCredential)) {
-            pvtCreds.remove(nupCredential);
+        if(!subject.isReadOnly()) {
+            subject.getPrivateCredentials().remove(nupCredential);
         }
-
+        
         try {
             nupCredential.destroy();
         } catch (DestroyFailedException e) {

Added: geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginNamedUPCredentialTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginNamedUPCredentialTest.java?rev=597752&view=auto
==============================================================================
--- geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginNamedUPCredentialTest.java
(added)
+++ geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginNamedUPCredentialTest.java
Fri Nov 23 14:52:38 2007
@@ -0,0 +1,127 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.geronimo.security.jaas;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.management.MalformedObjectNameException;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+
+import org.apache.geronimo.gbean.GBeanData;
+import org.apache.geronimo.security.ContextManager;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class LoginNamedUPCredentialTest extends AbstractLoginModuleTest {
+    private String credname = "credname";
+    private String username = "john";
+    private String password = "smith";
+
+    protected GBeanData setupTestLoginModule() throws MalformedObjectNameException {
+        GBeanData gbean;
+        gbean = buildGBeanData("name", "NamedUPCredentialLoginModule", LoginModuleGBean.getGBeanInfo());
+        gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.jaas.NamedUPCredentialLoginModule");
+        Map<String, Object> props = new HashMap<String, Object>();
+        props.put(NamedUPCredentialLoginModule.CREDENTIAL_NAME, credname);
+        gbean.setAttribute("options", props);
+        gbean.setAttribute("loginDomainName", "NamedUPCredentialLoginModule");
+        gbean.setAttribute("wrapPrincipals", Boolean.FALSE);
+        return gbean;
+    }
+
+    public void testLogin() throws Exception {
+        LoginContext context = new LoginContext(COMPLEX_REALM, new UsernamePasswordCallback(username,
password));
+
+        context.login();
+        Subject subject = context.getSubject();
+
+        assertTrue("expected non-null subject", subject != null);
+        assertEquals("subject should have 0 principals upon login", 0, subject.getPrincipals().size());
+        assertEquals("subject should have 1 private credential upon login", 1, subject.getPrivateCredentials().size());
+        assertEquals("subject should have 1 NamedUsernamePasswordCredential private credential
upon login", 1, subject.getPrivateCredentials(NamedUsernamePasswordCredential.class).size());
+        assertEquals("subject should have 0 public credentials upon login", 0, subject.getPublicCredentials().size());
+        NamedUsernamePasswordCredential namedupc = (NamedUsernamePasswordCredential) subject.getPrivateCredentials().toArray()[0];
+        assertEquals("Credential name", credname, namedupc.getName());
+        assertEquals("Username", username, namedupc.getUsername());
+        assertEquals("Password", password, new String(namedupc.getPassword()));
+
+        context.logout();
+
+        assertEquals("subject should have no private credentials upon logout", 0, subject.getPrivateCredentials().size());
+        assertTrue("id of server subject should be null", ContextManager.getSubjectId(subject)
== null);
+    }
+
+    public void testNullUserLogin() throws Exception {
+        LoginContext context = new LoginContext(COMPLEX_REALM, new UsernamePasswordCallback(null,
password));
+
+        context.login();
+        Subject subject = context.getSubject();
+
+        assertTrue("expected non-null subject", subject != null);
+        assertEquals("subject should have 0 principals upon login", 0, subject.getPrincipals().size());
+        assertEquals("subject should have 0 private credential upon login", 0, subject.getPrivateCredentials().size());
+        assertEquals("subject should have 0 public credentials upon login", 0, subject.getPublicCredentials().size());
+
+        context.logout();
+    }
+
+    public void testBadUserLogin() throws Exception {
+        //not relevant
+    }
+
+    public void testNullPasswordLogin() throws Exception {
+        LoginContext context = new LoginContext(COMPLEX_REALM, new UsernamePasswordCallback(username,
null));
+
+        context.login();
+        Subject subject = context.getSubject();
+
+        assertTrue("expected non-null subject", subject != null);
+        assertEquals("subject should have 0 principals upon login", 0, subject.getPrincipals().size());
+        assertEquals("subject should have 0 private credential upon login", 0, subject.getPrivateCredentials().size());
+        assertEquals("subject should have 0 public credentials upon login", 0, subject.getPublicCredentials().size());
+
+        context.logout();
+    }
+
+    public void testBadPasswordLogin() throws Exception {
+        //not relevant
+    }
+
+    public void testNoPrincipalsAddedOnFailure() throws Exception {
+        //not relevant
+    }
+
+    public void testLogoutWithReadOnlySubject() throws Exception {
+        LoginContext context = new LoginContext(COMPLEX_REALM, new UsernamePasswordCallback(username,
password));
+
+        context.login();
+        Subject subject = context.getSubject();
+
+        assertTrue("expected non-null subject", subject != null);
+
+        subject.setReadOnly();
+        
+        context.logout();
+
+        NamedUsernamePasswordCredential namedupc = (NamedUsernamePasswordCredential) subject.getPrivateCredentials().toArray()[0];
+        assertTrue("credential should have been destroyed ", namedupc.isDestroyed());
+    }
+}

Propchange: geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginNamedUPCredentialTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginNamedUPCredentialTest.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginNamedUPCredentialTest.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/NamedUPCredentialLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/NamedUPCredentialLoginModule.java?rev=597752&r1=597751&r2=597752&view=diff
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/NamedUPCredentialLoginModule.java
(original)
+++ geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/jaas/NamedUPCredentialLoginModule.java
Fri Nov 23 14:52:38 2007
@@ -104,11 +104,10 @@
 
         if (nupCredential == null) return false;
 
-        Set pvtCreds = subject.getPrivateCredentials(NamedUsernamePasswordCredential.class);
-        if (pvtCreds.contains(nupCredential)) {
-            pvtCreds.remove(nupCredential);
+        if(!subject.isReadOnly()) {
+            subject.getPrivateCredentials().remove(nupCredential);
         }
-
+        
         try {
             nupCredential.destroy();
         } catch (DestroyFailedException e) {

Added: geronimo/server/trunk/framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginNamedUPCredentialTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginNamedUPCredentialTest.java?rev=597752&view=auto
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginNamedUPCredentialTest.java
(added)
+++ geronimo/server/trunk/framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginNamedUPCredentialTest.java
Fri Nov 23 14:52:38 2007
@@ -0,0 +1,127 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.geronimo.security.jaas;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.management.MalformedObjectNameException;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+
+import org.apache.geronimo.gbean.GBeanData;
+import org.apache.geronimo.security.ContextManager;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class LoginNamedUPCredentialTest extends AbstractLoginModuleTest {
+    private String credname = "credname";
+    private String username = "john";
+    private String password = "smith";
+
+    protected GBeanData setupTestLoginModule() throws MalformedObjectNameException {
+        GBeanData gbean;
+        gbean = buildGBeanData("name", "NamedUPCredentialLoginModule", LoginModuleGBean.getGBeanInfo());
+        gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.jaas.NamedUPCredentialLoginModule");
+        Map<String, Object> props = new HashMap<String, Object>();
+        props.put(NamedUPCredentialLoginModule.CREDENTIAL_NAME, credname);
+        gbean.setAttribute("options", props);
+        gbean.setAttribute("loginDomainName", "NamedUPCredentialLoginModule");
+        gbean.setAttribute("wrapPrincipals", Boolean.FALSE);
+        return gbean;
+    }
+
+    public void testLogin() throws Exception {
+        LoginContext context = new LoginContext(COMPLEX_REALM, new UsernamePasswordCallback(username,
password));
+
+        context.login();
+        Subject subject = context.getSubject();
+
+        assertTrue("expected non-null subject", subject != null);
+        assertEquals("subject should have 0 principals upon login", 0, subject.getPrincipals().size());
+        assertEquals("subject should have 1 private credential upon login", 1, subject.getPrivateCredentials().size());
+        assertEquals("subject should have 1 NamedUsernamePasswordCredential private credential
upon login", 1, subject.getPrivateCredentials(NamedUsernamePasswordCredential.class).size());
+        assertEquals("subject should have 0 public credentials upon login", 0, subject.getPublicCredentials().size());
+        NamedUsernamePasswordCredential namedupc = (NamedUsernamePasswordCredential) subject.getPrivateCredentials().toArray()[0];
+        assertEquals("Credential name", credname, namedupc.getName());
+        assertEquals("Username", username, namedupc.getUsername());
+        assertEquals("Password", password, new String(namedupc.getPassword()));
+
+        context.logout();
+
+        assertEquals("subject should have no private credentials upon logout", 0, subject.getPrivateCredentials().size());
+        assertTrue("id of server subject should be null", ContextManager.getSubjectId(subject)
== null);
+    }
+
+    public void testNullUserLogin() throws Exception {
+        LoginContext context = new LoginContext(COMPLEX_REALM, new UsernamePasswordCallback(null,
password));
+
+        context.login();
+        Subject subject = context.getSubject();
+
+        assertTrue("expected non-null subject", subject != null);
+        assertEquals("subject should have 0 principals upon login", 0, subject.getPrincipals().size());
+        assertEquals("subject should have 0 private credential upon login", 0, subject.getPrivateCredentials().size());
+        assertEquals("subject should have 0 public credentials upon login", 0, subject.getPublicCredentials().size());
+
+        context.logout();
+    }
+
+    public void testBadUserLogin() throws Exception {
+        //not relevant
+    }
+
+    public void testNullPasswordLogin() throws Exception {
+        LoginContext context = new LoginContext(COMPLEX_REALM, new UsernamePasswordCallback(username,
null));
+
+        context.login();
+        Subject subject = context.getSubject();
+
+        assertTrue("expected non-null subject", subject != null);
+        assertEquals("subject should have 0 principals upon login", 0, subject.getPrincipals().size());
+        assertEquals("subject should have 0 private credential upon login", 0, subject.getPrivateCredentials().size());
+        assertEquals("subject should have 0 public credentials upon login", 0, subject.getPublicCredentials().size());
+
+        context.logout();
+    }
+
+    public void testBadPasswordLogin() throws Exception {
+        //not relevant
+    }
+
+    public void testNoPrincipalsAddedOnFailure() throws Exception {
+        //not relevant
+    }
+
+    public void testLogoutWithReadOnlySubject() throws Exception {
+        LoginContext context = new LoginContext(COMPLEX_REALM, new UsernamePasswordCallback(username,
password));
+
+        context.login();
+        Subject subject = context.getSubject();
+
+        assertTrue("expected non-null subject", subject != null);
+
+        subject.setReadOnly();
+        
+        context.logout();
+
+        NamedUsernamePasswordCredential namedupc = (NamedUsernamePasswordCredential) subject.getPrivateCredentials().toArray()[0];
+        assertTrue("credential should have been destroyed ", namedupc.isDestroyed());
+    }
+}

Propchange: geronimo/server/trunk/framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginNamedUPCredentialTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginNamedUPCredentialTest.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginNamedUPCredentialTest.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain



Mime
View raw message