harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paulex Yang <paulex.y...@gmail.com>
Subject Re: [classlib][auth]LoginContext should always invoke the LoginModules?
Date Sat, 30 Sep 2006 07:18:10 GMT
Paulex Yang wrote:
> Hi, all
>
> I'm not a security expert, so please correct me if I miss something. I 
> found some different behavior of Harmony and RI on 
> javax.security.auth.login.LoginContext, the testcase[1] shows the 
> difference.
>
> Actually I tried to create the event sequence like below:
> 1. create LoginContext with some Subject
> 2. LoginContext.login() and return successfully
> 3. Modify Subject's content to make it invalid(one Principal's name 
> here, maybe passwd/username/servername in more general case)
> 4. LoginContext.login() again
>
> In RI, the second login() invocation really tried to invoke the 
> relative LoginModule.login() and then failed to login with the 
> modified Subject, but in Harmony, both invocations succeed. I consider 
> RI's behavior is more reasonable.
>
> After a rough look of LoginContext implementation, I found the cause 
> may be the Ln. 275
>
>    private void loginImpl() throws LoginException {
>        if (loggedIn) {
>            return;
>        }
>    ....
>    }
>
> Seems Harmony won't invoke the LoginModule.login() again only if the 
> login ever succeeds. If I comment out these lines, the test below 
> passes happily. Any ideas on this issue?
I've removed these lines at revision r451557 with regression test, 
please shout if anyone thinks the update harmful for some reason.
>
>
> [1]
> public class LoginContextTest extends TestCase {
>    private static final String VALID_NAME = "name1";
>    private static final String INVALID_NAME = "name2";
>
>    public void testLogin() throws Exception{
>        MyPrincipal pri = new MyPrincipal();
>        HashSet set = new HashSet();
>        set.add(pri);
>        Subject sub = new Subject(false, set, new HashSet(), new 
> HashSet());
>        Configuration.setConfiguration(new MyConfig());
>        LoginContext context = new LoginContext("moduleName", sub);
>        context.login();
>        pri.name = INVALID_NAME;
>        try{
>            context.login();
>            fail("Should throw LoginException");
>        }catch(LoginException e){
>                  }
>    }      static class MyConfig extends Configuration{
>        AppConfigurationEntry[] entries = new 
> AppConfigurationEntry[]{new 
> AppConfigurationEntry(MyModule.class.getName(), 
> LoginModuleControlFlag.REQUIRED, new HashMap())};
>        public AppConfigurationEntry[] getAppConfigurationEntry(String 
> name) {
>            return entries;
>        }
>        public void refresh() {
>        }
>    }
>    public static class MyModule implements LoginModule{
>        Subject sub;
>        public void MyModule(){
>        }
>        public boolean abort() throws LoginException {
>            return false;
>        }
>        public boolean commit() throws LoginException {
>            return true;
>        }
>        public void initialize(Subject arg0, CallbackHandler arg1, 
> Map<String, ?> arg2, Map<String, ?> arg3) {
>            sub = arg0;
>        }
>        public boolean login() throws LoginException {
>            Principal[] pris = sub.getPrincipals().toArray(new 
> Principal[0]);
>            return VALID_NAME.equals(pris[0].getName());
>        }
>        public boolean logout() throws LoginException {
>            return false;
>        }
>    }
>    public static class MyPrincipal implements Principal{
>        public String name = VALID_NAME;
>        public String getName() {
>            return name;
>        }
>        public String toString(){
>            return name;
>        }
>    };
> }
>
>
>


-- 
Paulex Yang
China Software Development Lab
IBM



---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org


Mime
View raw message