harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stepan Mishura" <stepan.mish...@gmail.com>
Subject Re: [classlib][auth]LoginContext should always invoke the LoginModules?
Date Mon, 02 Oct 2006 02:58:27 GMT
On 9/30/06, Paulex Yang wrote:
>
> Paulex Yang wrote:
> > Hi, all
> >
> > I'm not a security expert, so please correct me if I miss something. I
> > found some different behavior of Harmony and RI on
> > javax.security.auth.login.LoginContext, the testcase[1] shows the
> > difference.
> >
> > Actually I tried to create the event sequence like below:
> > 1. create LoginContext with some Subject
> > 2. LoginContext.login() and return successfully
> > 3. Modify Subject's content to make it invalid(one Principal's name
> > here, maybe passwd/username/servername in more general case)
> > 4. LoginContext.login() again
> >
> > In RI, the second login() invocation really tried to invoke the
> > relative LoginModule.login() and then failed to login with the
> > modified Subject, but in Harmony, both invocations succeed. I consider
> > RI's behavior is more reasonable.
> >
> > After a rough look of LoginContext implementation, I found the cause
> > may be the Ln. 275
> >
> >    private void loginImpl() throws LoginException {
> >        if (loggedIn) {
> >            return;
> >        }
> >    ....
> >    }
> >
> > Seems Harmony won't invoke the LoginModule.login() again only if the
> > login ever succeeds. If I comment out these lines, the test below
> > passes happily. Any ideas on this issue?
> I've removed these lines at revision r451557 with regression test,
> please shout if anyone thinks the update harmful for some reason.



I'll look into to verify if the update is harmless.

Thanks,
Stepan.

>
> >
> > [1]
> > public class LoginContextTest extends TestCase {
> >    private static final String VALID_NAME = "name1";
> >    private static final String INVALID_NAME = "name2";
> >
> >    public void testLogin() throws Exception{
> >        MyPrincipal pri = new MyPrincipal();
> >        HashSet set = new HashSet();
> >        set.add(pri);
> >        Subject sub = new Subject(false, set, new HashSet(), new
> > HashSet());
> >        Configuration.setConfiguration(new MyConfig());
> >        LoginContext context = new LoginContext("moduleName", sub);
> >        context.login();
> >        pri.name = INVALID_NAME;
> >        try{
> >            context.login();
> >            fail("Should throw LoginException");
> >        }catch(LoginException e){
> >                  }
> >    }      static class MyConfig extends Configuration{
> >        AppConfigurationEntry[] entries = new
> > AppConfigurationEntry[]{new
> > AppConfigurationEntry(MyModule.class.getName(),
> > LoginModuleControlFlag.REQUIRED, new HashMap())};
> >        public AppConfigurationEntry[] getAppConfigurationEntry(String
> > name) {
> >            return entries;
> >        }
> >        public void refresh() {
> >        }
> >    }
> >    public static class MyModule implements LoginModule{
> >        Subject sub;
> >        public void MyModule(){
> >        }
> >        public boolean abort() throws LoginException {
> >            return false;
> >        }
> >        public boolean commit() throws LoginException {
> >            return true;
> >        }
> >        public void initialize(Subject arg0, CallbackHandler arg1,
> > Map<String, ?> arg2, Map<String, ?> arg3) {
> >            sub = arg0;
> >        }
> >        public boolean login() throws LoginException {
> >            Principal[] pris = sub.getPrincipals().toArray(new
> > Principal[0]);
> >            return VALID_NAME.equals(pris[0].getName());
> >        }
> >        public boolean logout() throws LoginException {
> >            return false;
> >        }
> >    }
> >    public static class MyPrincipal implements Principal{
> >        public String name = VALID_NAME;
> >        public String getName() {
> >            return name;
> >        }
> >        public String toString(){
> >            return name;
> >        }
> >    };
> > }
> >
> >
> >
>
>
> --
> Paulex Yang
> China Software Development Lab
> IBM
>
>
>
------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message