geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vamsic...@apache.org
Subject svn commit: r597886 - in /geronimo/server: branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/ branches/2.0/modules/geronimo-security/src/test/data/data/ branches/2.0/modules/geronimo-security/src/test/jav...
Date Sat, 24 Nov 2007 17:01:10 GMT
Author: vamsic007
Date: Sat Nov 24 09:01:09 2007
New Revision: 597886

URL: http://svn.apache.org/viewvc?rev=597886&view=rev
Log:
GERONIMO-3629 Review GeronimoPropertiesFileMappedPasswordCredentialLoginModule
o logout() should remove credentials from the subject.
o logout() should destroy credentials when the subject is read-only.
o Changes to bring GeronimoPropertiesFileMappedPasswordCredentialLoginModule in line with
http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASLMDevGuide.html

**: This commit can use a thorough review.


Added:
    geronimo/server/branches/2.0/modules/geronimo-security/src/test/data/data/credentials.properties
  (with props)
    geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginGeronimoPropertiesFileMappedPasswordCredentialTest.java
  (with props)
    geronimo/server/trunk/framework/modules/geronimo-security/src/test/data/data/credentials.properties
  (with props)
    geronimo/server/trunk/framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginGeronimoPropertiesFileMappedPasswordCredentialTest.java
  (with props)
Modified:
    geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModule.java
    geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModule.java

Modified: geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModule.java?rev=597886&r1=597885&r2=597886&view=diff
==============================================================================
--- geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModule.java
(original)
+++ geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModule.java
Sat Nov 24 09:01:09 2007
@@ -22,13 +22,17 @@
 
 import java.io.InputStream;
 import java.net.URI;
+import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Map;
 import java.util.Properties;
 import java.util.Set;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import javax.security.auth.DestroyFailedException;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
@@ -42,6 +46,7 @@
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
 import org.apache.geronimo.security.jaas.NamedUsernamePasswordCredential;
+import org.apache.geronimo.security.jaas.WrappingLoginModule;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
 
 /**
@@ -67,10 +72,12 @@
 
     private static final Log log = LogFactory.getLog(GeronimoPropertiesFileMappedPasswordCredentialLoginModule.class);
     public final static String CREDENTIALS_URI = "credentialsURI";
+    public final static List<String> supportedOptions = Collections.unmodifiableList(Arrays.asList(CREDENTIALS_URI));
     private final static Pattern pattern = Pattern.compile("([^:,=]*):([^:,=]*)=([^:,=]*)");
 
     private final Set<NamedUsernamePasswordCredential> passwordCredentials = new HashSet<NamedUsernamePasswordCredential>();
     private final Properties credentials = new Properties();
+    private String userName;
 
     private Subject subject;
     private CallbackHandler callbackHandler;
@@ -78,6 +85,12 @@
     public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState,
Map options) {
         this.subject = subject;
         this.callbackHandler = callbackHandler;
+        for(Object option: options.keySet()) {
+            if(!supportedOptions.contains(option) && !JaasLoginModuleUse.supportedOptions.contains(option)
+                    && !WrappingLoginModule.supportedOptions.contains(option)) {
+                log.warn("Ignoring option: "+option+". Not supported.");
+            }
+        }
         try {
             ServerInfo serverInfo = (ServerInfo) options.get(JaasLoginModuleUse.SERVERINFO_LM_OPTION);
             final String credentials = (String) options.get(CREDENTIALS_URI);
@@ -114,11 +127,7 @@
         } catch (UnsupportedCallbackException e) {
             throw (LoginException) new LoginException("Unlikely UnsupportedCallbackException").initCause(e);
         }
-        String userName = ((NameCallback) callbacks[0]).getName();
-        String unparsedCredentials = credentials.getProperty(userName);
-        if (unparsedCredentials != null) {
-            parseCredentials(unparsedCredentials, passwordCredentials);
-        }
+        userName = ((NameCallback) callbacks[0]).getName();
         return false;
     }
 
@@ -134,16 +143,40 @@
     }
 
     public boolean commit() throws LoginException {
+        String unparsedCredentials = credentials.getProperty(userName);
+        if (unparsedCredentials != null) {
+            parseCredentials(unparsedCredentials, passwordCredentials);
+        }
         subject.getPrivateCredentials().addAll(passwordCredentials);
+        
+        userName = null;
         return false;
     }
 
     public boolean abort() throws LoginException {
+        userName = null;
+        for(NamedUsernamePasswordCredential credential : passwordCredentials) {
+            try{
+                credential.destroy();
+            } catch (DestroyFailedException e) {
+                // do nothing
+            }
+        }
         passwordCredentials.clear();
         return false;
     }
 
     public boolean logout() throws LoginException {
+        if(!subject.isReadOnly()) {
+            subject.getPrivateCredentials().removeAll(passwordCredentials);
+        }
+        for(NamedUsernamePasswordCredential credential : passwordCredentials) {
+            try{
+                credential.destroy();
+            } catch (DestroyFailedException e) {
+                // do nothing
+            }
+        }
         passwordCredentials.clear();
         return false;
     }

Added: geronimo/server/branches/2.0/modules/geronimo-security/src/test/data/data/credentials.properties
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0/modules/geronimo-security/src/test/data/data/credentials.properties?rev=597886&view=auto
==============================================================================
--- geronimo/server/branches/2.0/modules/geronimo-security/src/test/data/data/credentials.properties
(added)
+++ geronimo/server/branches/2.0/modules/geronimo-security/src/test/data/data/credentials.properties
Sat Nov 24 09:01:09 2007
@@ -0,0 +1,21 @@
+##
+##
+##   Licensed to the Apache Software Foundation (ASF) under one or more
+##   contributor license agreements.  See the NOTICE file distributed with
+##   this work for additional information regarding copyright ownership.
+##   The ASF licenses this file to You under the Apache License, Version 2.0
+##   (the "License"); you may not use this file except in compliance with
+##   the License.  You may obtain a copy of the License at
+##
+##       http://www.apache.org/licenses/LICENSE-2.0
+##
+##   Unless required by applicable law or agreed to in writing, software
+##   distributed under the License is distributed on an "AS IS" BASIS,
+##   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+##   See the License for the specific language governing permissions and
+##   limitations under the License.
+##
+
+##  $Rev$ $Date$
+
+alan=cred1:name1=pwd1

Propchange: geronimo/server/branches/2.0/modules/geronimo-security/src/test/data/data/credentials.properties
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/branches/2.0/modules/geronimo-security/src/test/data/data/credentials.properties
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/branches/2.0/modules/geronimo-security/src/test/data/data/credentials.properties
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginGeronimoPropertiesFileMappedPasswordCredentialTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginGeronimoPropertiesFileMappedPasswordCredentialTest.java?rev=597886&view=auto
==============================================================================
--- geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginGeronimoPropertiesFileMappedPasswordCredentialTest.java
(added)
+++ geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginGeronimoPropertiesFileMappedPasswordCredentialTest.java
Sat Nov 24 09:01:09 2007
@@ -0,0 +1,109 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.geronimo.security.jaas;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.management.MalformedObjectNameException;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+
+import org.apache.geronimo.gbean.GBeanData;
+import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.jaas.LoginModuleGBean;
+import org.apache.geronimo.security.jaas.NamedUsernamePasswordCredential;
+import org.apache.geronimo.security.realm.providers.GeronimoPropertiesFileMappedPasswordCredentialLoginModule;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class LoginGeronimoPropertiesFileMappedPasswordCredentialTest extends AbstractLoginModuleTest
{
+    protected GBeanData setupTestLoginModule() throws MalformedObjectNameException {
+        GBeanData gbean;
+        gbean = buildGBeanData("name", "GeronimoPropertiesFileMappedPasswordCredentialLoginModule",
LoginModuleGBean.getGBeanInfo());
+        gbean.setAttribute("loginModuleClass", GeronimoPropertiesFileMappedPasswordCredentialLoginModule.class.getName());
+        Map<String, Object> props = new HashMap<String, Object>();
+        props.put(GeronimoPropertiesFileMappedPasswordCredentialLoginModule.CREDENTIALS_URI,
"src/test/data/data/credentials.properties");
+        gbean.setAttribute("options", props);
+        gbean.setAttribute("loginDomainName", "GeronimoPropertiesFileMappedPasswordCredential");
+        gbean.setAttribute("wrapPrincipals", Boolean.FALSE);
+        return gbean;
+    }
+
+    public void testLogin() throws Exception {
+        LoginContext context = new LoginContext(COMPLEX_REALM, new UsernamePasswordCallback("alan",
"starcraft"));
+
+        context.login();
+        Subject subject = context.getSubject();
+
+        assertTrue("expected non-null subject", subject != null);
+        assertEquals("Principals", 0, subject.getPrincipals().size());
+        assertEquals("Private credentials", 1, subject.getPrivateCredentials().size());
+        assertEquals("NamedUsernamePasswordCredential private credentials", 1, subject.getPrivateCredentials(NamedUsernamePasswordCredential.class).size());
+        assertEquals("Public credentials", 0, subject.getPublicCredentials().size());
+        NamedUsernamePasswordCredential namedupc = (NamedUsernamePasswordCredential) subject.getPrivateCredentials().toArray()[0];
+        assertEquals("Credential name", "cred1", namedupc.getName());
+        assertEquals("Username", "name1", namedupc.getUsername());
+        assertEquals("Password", "pwd1", new String(namedupc.getPassword()));
+
+        context.logout();
+
+        assertEquals("Private credentials upon logout", 0, subject.getPrivateCredentials().size());
+        assertTrue("id of server subject should be null", ContextManager.getSubjectId(subject)
== null);
+    }
+
+    public void testNullUserLogin() throws Exception {
+        //not relevant
+    }
+
+    public void testBadUserLogin() throws Exception {
+        //not relevant
+    }
+
+    public void testNullPasswordLogin() throws Exception {
+        //not relevant
+    }
+
+    public void testBadPasswordLogin() throws Exception {
+        //not relevant
+    }
+
+    public void testNoPrincipalsAddedOnFailure() throws Exception {
+        //not relevant
+    }
+
+    public void testLogoutWithReadOnlySubject() throws Exception {
+        LoginContext context = new LoginContext(COMPLEX_REALM, new UsernamePasswordCallback("alan",
"starcraft"));
+
+        context.login();
+        Subject subject = context.getSubject();
+
+        assertTrue("expected non-null subject", subject != null);
+
+        subject.setReadOnly();
+
+        try {
+            context.logout();
+        } catch(Exception e) {
+            fail("logout failed");
+        }
+        NamedUsernamePasswordCredential namedupc = (NamedUsernamePasswordCredential) subject.getPrivateCredentials().toArray()[0];
+        assertTrue("credential should have been destroyed", namedupc.isDestroyed());
+    }
+}

Propchange: geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginGeronimoPropertiesFileMappedPasswordCredentialTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginGeronimoPropertiesFileMappedPasswordCredentialTest.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginGeronimoPropertiesFileMappedPasswordCredentialTest.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModule.java?rev=597886&r1=597885&r2=597886&view=diff
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModule.java
(original)
+++ geronimo/server/trunk/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoPropertiesFileMappedPasswordCredentialLoginModule.java
Sat Nov 24 09:01:09 2007
@@ -22,13 +22,17 @@
 
 import java.io.InputStream;
 import java.net.URI;
+import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Map;
 import java.util.Properties;
 import java.util.Set;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import javax.security.auth.DestroyFailedException;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
@@ -42,6 +46,7 @@
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
 import org.apache.geronimo.security.jaas.NamedUsernamePasswordCredential;
+import org.apache.geronimo.security.jaas.WrappingLoginModule;
 import org.apache.geronimo.system.serverinfo.ServerInfo;
 
 /**
@@ -67,10 +72,12 @@
 
     private static final Log log = LogFactory.getLog(GeronimoPropertiesFileMappedPasswordCredentialLoginModule.class);
     public final static String CREDENTIALS_URI = "credentialsURI";
+    public final static List<String> supportedOptions = Collections.unmodifiableList(Arrays.asList(CREDENTIALS_URI));
     private final static Pattern pattern = Pattern.compile("([^:,=]*):([^:,=]*)=([^:,=]*)");
 
     private final Set<NamedUsernamePasswordCredential> passwordCredentials = new HashSet<NamedUsernamePasswordCredential>();
     private final Properties credentials = new Properties();
+    private String userName;
 
     private Subject subject;
     private CallbackHandler callbackHandler;
@@ -78,6 +85,12 @@
     public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState,
Map options) {
         this.subject = subject;
         this.callbackHandler = callbackHandler;
+        for(Object option: options.keySet()) {
+            if(!supportedOptions.contains(option) && !JaasLoginModuleUse.supportedOptions.contains(option)
+                    && !WrappingLoginModule.supportedOptions.contains(option)) {
+                log.warn("Ignoring option: "+option+". Not supported.");
+            }
+        }
         try {
             ServerInfo serverInfo = (ServerInfo) options.get(JaasLoginModuleUse.SERVERINFO_LM_OPTION);
             final String credentials = (String) options.get(CREDENTIALS_URI);
@@ -114,11 +127,7 @@
         } catch (UnsupportedCallbackException e) {
             throw (LoginException) new LoginException("Unlikely UnsupportedCallbackException").initCause(e);
         }
-        String userName = ((NameCallback) callbacks[0]).getName();
-        String unparsedCredentials = credentials.getProperty(userName);
-        if (unparsedCredentials != null) {
-            parseCredentials(unparsedCredentials, passwordCredentials);
-        }
+        userName = ((NameCallback) callbacks[0]).getName();
         return false;
     }
 
@@ -134,16 +143,40 @@
     }
 
     public boolean commit() throws LoginException {
+        String unparsedCredentials = credentials.getProperty(userName);
+        if (unparsedCredentials != null) {
+            parseCredentials(unparsedCredentials, passwordCredentials);
+        }
         subject.getPrivateCredentials().addAll(passwordCredentials);
+        
+        userName = null;
         return false;
     }
 
     public boolean abort() throws LoginException {
+        userName = null;
+        for(NamedUsernamePasswordCredential credential : passwordCredentials) {
+            try{
+                credential.destroy();
+            } catch (DestroyFailedException e) {
+                // do nothing
+            }
+        }
         passwordCredentials.clear();
         return false;
     }
 
     public boolean logout() throws LoginException {
+        if(!subject.isReadOnly()) {
+            subject.getPrivateCredentials().removeAll(passwordCredentials);
+        }
+        for(NamedUsernamePasswordCredential credential : passwordCredentials) {
+            try{
+                credential.destroy();
+            } catch (DestroyFailedException e) {
+                // do nothing
+            }
+        }
         passwordCredentials.clear();
         return false;
     }

Added: geronimo/server/trunk/framework/modules/geronimo-security/src/test/data/data/credentials.properties
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-security/src/test/data/data/credentials.properties?rev=597886&view=auto
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-security/src/test/data/data/credentials.properties
(added)
+++ geronimo/server/trunk/framework/modules/geronimo-security/src/test/data/data/credentials.properties
Sat Nov 24 09:01:09 2007
@@ -0,0 +1,21 @@
+##
+##
+##   Licensed to the Apache Software Foundation (ASF) under one or more
+##   contributor license agreements.  See the NOTICE file distributed with
+##   this work for additional information regarding copyright ownership.
+##   The ASF licenses this file to You under the Apache License, Version 2.0
+##   (the "License"); you may not use this file except in compliance with
+##   the License.  You may obtain a copy of the License at
+##
+##       http://www.apache.org/licenses/LICENSE-2.0
+##
+##   Unless required by applicable law or agreed to in writing, software
+##   distributed under the License is distributed on an "AS IS" BASIS,
+##   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+##   See the License for the specific language governing permissions and
+##   limitations under the License.
+##
+
+##  $Rev$ $Date$
+
+alan=cred1:name1=pwd1

Propchange: geronimo/server/trunk/framework/modules/geronimo-security/src/test/data/data/credentials.properties
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/framework/modules/geronimo-security/src/test/data/data/credentials.properties
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/framework/modules/geronimo-security/src/test/data/data/credentials.properties
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginGeronimoPropertiesFileMappedPasswordCredentialTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginGeronimoPropertiesFileMappedPasswordCredentialTest.java?rev=597886&view=auto
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginGeronimoPropertiesFileMappedPasswordCredentialTest.java
(added)
+++ geronimo/server/trunk/framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginGeronimoPropertiesFileMappedPasswordCredentialTest.java
Sat Nov 24 09:01:09 2007
@@ -0,0 +1,109 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.geronimo.security.jaas;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.management.MalformedObjectNameException;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+
+import org.apache.geronimo.gbean.GBeanData;
+import org.apache.geronimo.security.ContextManager;
+import org.apache.geronimo.security.jaas.LoginModuleGBean;
+import org.apache.geronimo.security.jaas.NamedUsernamePasswordCredential;
+import org.apache.geronimo.security.realm.providers.GeronimoPropertiesFileMappedPasswordCredentialLoginModule;
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class LoginGeronimoPropertiesFileMappedPasswordCredentialTest extends AbstractLoginModuleTest
{
+    protected GBeanData setupTestLoginModule() throws MalformedObjectNameException {
+        GBeanData gbean;
+        gbean = buildGBeanData("name", "GeronimoPropertiesFileMappedPasswordCredentialLoginModule",
LoginModuleGBean.getGBeanInfo());
+        gbean.setAttribute("loginModuleClass", GeronimoPropertiesFileMappedPasswordCredentialLoginModule.class.getName());
+        Map<String, Object> props = new HashMap<String, Object>();
+        props.put(GeronimoPropertiesFileMappedPasswordCredentialLoginModule.CREDENTIALS_URI,
"src/test/data/data/credentials.properties");
+        gbean.setAttribute("options", props);
+        gbean.setAttribute("loginDomainName", "GeronimoPropertiesFileMappedPasswordCredential");
+        gbean.setAttribute("wrapPrincipals", Boolean.FALSE);
+        return gbean;
+    }
+
+    public void testLogin() throws Exception {
+        LoginContext context = new LoginContext(COMPLEX_REALM, new UsernamePasswordCallback("alan",
"starcraft"));
+
+        context.login();
+        Subject subject = context.getSubject();
+
+        assertTrue("expected non-null subject", subject != null);
+        assertEquals("Principals", 0, subject.getPrincipals().size());
+        assertEquals("Private credentials", 1, subject.getPrivateCredentials().size());
+        assertEquals("NamedUsernamePasswordCredential private credentials", 1, subject.getPrivateCredentials(NamedUsernamePasswordCredential.class).size());
+        assertEquals("Public credentials", 0, subject.getPublicCredentials().size());
+        NamedUsernamePasswordCredential namedupc = (NamedUsernamePasswordCredential) subject.getPrivateCredentials().toArray()[0];
+        assertEquals("Credential name", "cred1", namedupc.getName());
+        assertEquals("Username", "name1", namedupc.getUsername());
+        assertEquals("Password", "pwd1", new String(namedupc.getPassword()));
+
+        context.logout();
+
+        assertEquals("Private credentials upon logout", 0, subject.getPrivateCredentials().size());
+        assertTrue("id of server subject should be null", ContextManager.getSubjectId(subject)
== null);
+    }
+
+    public void testNullUserLogin() throws Exception {
+        //not relevant
+    }
+
+    public void testBadUserLogin() throws Exception {
+        //not relevant
+    }
+
+    public void testNullPasswordLogin() throws Exception {
+        //not relevant
+    }
+
+    public void testBadPasswordLogin() throws Exception {
+        //not relevant
+    }
+
+    public void testNoPrincipalsAddedOnFailure() throws Exception {
+        //not relevant
+    }
+
+    public void testLogoutWithReadOnlySubject() throws Exception {
+        LoginContext context = new LoginContext(COMPLEX_REALM, new UsernamePasswordCallback("alan",
"starcraft"));
+
+        context.login();
+        Subject subject = context.getSubject();
+
+        assertTrue("expected non-null subject", subject != null);
+
+        subject.setReadOnly();
+
+        try {
+            context.logout();
+        } catch(Exception e) {
+            fail("logout failed");
+        }
+        NamedUsernamePasswordCredential namedupc = (NamedUsernamePasswordCredential) subject.getPrivateCredentials().toArray()[0];
+        assertTrue("credential should have been destroyed", namedupc.isDestroyed());
+    }
+}

Propchange: geronimo/server/trunk/framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginGeronimoPropertiesFileMappedPasswordCredentialTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginGeronimoPropertiesFileMappedPasswordCredentialTest.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/framework/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginGeronimoPropertiesFileMappedPasswordCredentialTest.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain



Mime
View raw message