harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stepan Mishura" <stepan.mish...@gmail.com>
Subject Re: [classlib][auth]LoginContext should always invoke the LoginModules?
Date Mon, 16 Oct 2006 06:08:41 GMT
On 10/14/06, Tim Ellison wrote:
>
> Stepan Mishura wrote:
> > So we have following suggestions:
> >
> > 1) leave the check and document the difference with RI
> > 2) follow RI and put a warning
>
> What warning did you have in mind?  And don't say j.u.logging 'cos I can
> find out where you live you know :-)



I meant adding a warning to javadoc for login() method.

Thanks,
Stepan.

Regards,
> Tim
>
> > 3) do LogingContext.logout() before the second login()
> > 4) introduce a system property to follow RI
> >
> > Should we vote?
> >
> > Thanks,
> > Stepan.
> >
> >
> > On 9/29/06, Paulex Yang wrote:
> >>
> >> Hi, all
> >>
> >> I'm not a security expert, so please correct me if I miss something. I
> >> found some different behavior of Harmony and RI on
> >> javax.security.auth.login.LoginContext, the testcase[1] shows the
> >> difference.
> >>
> >> Actually I tried to create the event sequence like below:
> >> 1. create LoginContext with some Subject
> >> 2. LoginContext.login() and return successfully
> >> 3. Modify Subject's content to make it invalid(one Principal's name
> >> here, maybe passwd/username/servername in more general case)
> >> 4. LoginContext.login() again
> >>
> >> In RI, the second login() invocation really tried to invoke the
> relative
> >> LoginModule.login() and then failed to login with the modified Subject,
> >> but in Harmony, both invocations succeed. I consider RI's behavior is
> >> more reasonable.
> >>
> >> After a rough look of LoginContext implementation, I found the cause
> may
> >> be the Ln. 275
> >>
> >>    private void loginImpl() throws LoginException {
> >>        if (loggedIn) {
> >>            return;
> >>        }
> >>    ....
> >>    }
> >>
> >> Seems Harmony won't invoke the LoginModule.login() again only if the
> >> login ever succeeds. If I comment out these lines, the test below
> passes
> >> happily. Any ideas on this issue?
> >>
> >>
> >> [1]
> >> public class LoginContextTest extends TestCase {
> >>    private static final String VALID_NAME = "name1";
> >>    private static final String INVALID_NAME = "name2";
> >>
> >>    public void testLogin() throws Exception{
> >>        MyPrincipal pri = new MyPrincipal();
> >>        HashSet set = new HashSet();
> >>        set.add(pri);
> >>        Subject sub = new Subject(false, set, new HashSet(), new
> >> HashSet());
> >>        Configuration.setConfiguration(new MyConfig());
> >>        LoginContext context = new LoginContext("moduleName", sub);
> >>        context.login();
> >>        pri.name = INVALID_NAME;
> >>        try{
> >>            context.login();
> >>            fail("Should throw LoginException");
> >>        }catch(LoginException e){
> >>
> >>        }
> >>    }
> >>    static class MyConfig extends Configuration{
> >>        AppConfigurationEntry[] entries = new
> >> AppConfigurationEntry[]{new
> >> AppConfigurationEntry(MyModule.class.getName(),
> >> LoginModuleControlFlag.REQUIRED, new HashMap())};
> >>        public AppConfigurationEntry[] getAppConfigurationEntry(String
> >> name) {
> >>            return entries;
> >>        }
> >>        public void refresh() {
> >>        }
> >>    }
> >>    public static class MyModule implements LoginModule{
> >>        Subject sub;
> >>        public void MyModule(){
> >>        }
> >>        public boolean abort() throws LoginException {
> >>            return false;
> >>        }
> >>        public boolean commit() throws LoginException {
> >>            return true;
> >>        }
> >>        public void initialize(Subject arg0, CallbackHandler arg1,
> >> Map<String, ?> arg2, Map<String, ?> arg3) {
> >>            sub = arg0;
> >>        }
> >>        public boolean login() throws LoginException {
> >>            Principal[] pris = sub.getPrincipals().toArray(new
> >> Principal[0]);
> >>            return VALID_NAME.equals(pris[0].getName());
> >>        }
> >>        public boolean logout() throws LoginException {
> >>            return false;
> >>        }
> >>    }
> >>    public static class MyPrincipal implements Principal{
> >>        public String name = VALID_NAME;
> >>        public String getName() {
> >>            return name;
> >>        }
> >>        public String toString(){
> >>            return name;
> >>        }
> >>    };
> >> }
> >>
> >>
> >>
> >> --
> >> Paulex Yang
> >> China Software Development Lab
> >> IBM
> >>
>
> --
>
> Tim Ellison (t.p.ellison@gmail.com)
> IBM Java technology centre, UK.
>
>
>

-- 
Stepan Mishura
Intel Middleware Products Division

------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message