jspwiki-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ajaqu...@apache.org
Subject svn commit: r736542 - in /incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH: ./ src/com/ecyrd/jspwiki/ src/com/ecyrd/jspwiki/auth/ src/com/ecyrd/jspwiki/auth/login/ tests/com/ecyrd/jspwiki/auth/ tests/com/ecyrd/jspwiki/auth/login/
Date Thu, 22 Jan 2009 03:20:04 GMT
Author: ajaquith
Date: Wed Jan 21 19:20:03 2009
New Revision: 736542

URL: http://svn.apache.org/viewvc?rev=736542&view=rev
Log:
[JSPWIKI-473] Fixed bug that was causing role checks using custom Authorizers to fail. AuthenticationManager was not calling Authorizer.isInRole(WikiSession, Principal), as it should have. In addition to fixing the bug, we also now include a special test case to verify that custom Authorizers work properly. Thanks to Steve Dahl for reporting this issue.

Modified:
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/AuthenticationManager.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/AuthorizationManager.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/Authorizer.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/login/WebContainerCallbackHandler.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/login/WebContainerLoginModule.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/AuthenticationManagerTest.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/AnonymousLoginModuleTest.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/CookieAssertionLoginModuleTest.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/UserDatabaseLoginModuleTest.java
    incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/WebContainerLoginModuleTest.java

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog?rev=736542&r1=736541&r2=736542&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/ChangeLog Wed Jan 21 19:20:03 2009
@@ -1,3 +1,14 @@
+2009-01-21  Andrew Jaquith <ajaquith AT apache DOT org>
+
+        * 2.8.2-svn-5
+
+        * [JSPWIKI-473] Fixed bug that was causing role checks using custom
+        Authorizers to fail. AuthenticationManager was not calling
+        Authorizer.isInRole(WikiSession, Principal), as it should have.
+        In addition to fixing the bug, we also now include a special test case
+        to verify that custom Authorizers work properly. Thanks to Steve
+        Dahl for reporting this issue.
+
 2008-12-19 Harry Metske <metskem@apache.org>
 
         * 2.8.2-svn-4

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java?rev=736542&r1=736541&r2=736542&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/Release.java Wed Jan 21 19:20:03 2009
@@ -77,7 +77,7 @@
      *  <p>
      *  If the build identifier is empty, it is not added.
      */
-    public static final String     BUILD         = "4";
+    public static final String     BUILD         = "5";
     
     /**
      *  This is the generic version string you should use

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/AuthenticationManager.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/AuthenticationManager.java?rev=736542&r1=736541&r2=736542&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/AuthenticationManager.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/AuthenticationManager.java Wed Jan 21 19:20:03 2009
@@ -40,6 +40,7 @@
 import com.ecyrd.jspwiki.WikiException;
 import com.ecyrd.jspwiki.WikiSession;
 import com.ecyrd.jspwiki.auth.authorize.Role;
+import com.ecyrd.jspwiki.auth.authorize.WebAuthorizer;
 import com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer;
 import com.ecyrd.jspwiki.auth.login.*;
 import com.ecyrd.jspwiki.event.WikiEventListener;
@@ -278,15 +279,7 @@
         if ( !session.isAuthenticated() )
         {
             // Create a callback handler
-            try
-            {
-                handler = new WebContainerCallbackHandler( m_engine, request, authorizationMgr.getAuthorizer() );
-            }
-            catch ( WikiSecurityException e )
-            {
-                e.printStackTrace();
-                throw new WikiSecurityException( e.getMessage() );
-            }
+            handler = new WebContainerCallbackHandler( m_engine, request );
             
             // Execute the container login module, then (if that fails) the cookie auth module
             Set<Principal> principals = authenticationMgr.doJAASLogin( WebContainerLoginModule.class, handler, options );
@@ -303,6 +296,9 @@
                 {
                     fireEvent( WikiSecurityEvent.PRINCIPAL_ADD, principal, session );
                 }
+                
+                // Add all appropriate Authorizer roles
+                injectAuthorizerRoles( session, authorizationMgr.getAuthorizer(), request );
             }
         }
 
@@ -379,6 +375,10 @@
             {
                 fireEvent( WikiSecurityEvent.PRINCIPAL_ADD, principal, session );
             }
+            
+            // Add all appropriate Authorizer roles
+            injectAuthorizerRoles( session, m_engine.getAuthorizationManager().getAuthorizer(), null );
+            
             return true;
         }
         return false;
@@ -710,5 +710,48 @@
             }
         }
     }
+    
+    /**
+     * After successful login, this method is called to inject authorized role Principals into the WikiSession.
+     * To determine which roles should be injected, the configured Authorizer
+     * is queried for the roles it knows about by calling  {@link com.ecyrd.jspwiki.auth.Authorizer#getRoles()}.
+     * Then, each role returned by the authorizer is tested by calling {@link com.ecyrd.jspwiki.auth.Authorizer#isUserInRole(WikiSession, Principal)}.
+     * If this check fails, and the Authorizer is of type WebAuthorizer, the role is checked again by calling
+     * {@link com.ecyrd.jspwiki.auth.authorize.WebAuthorizer#isUserInRole(javax.servlet.http.HttpServletRequest, Principal)}).
+     * Any roles that pass the test are injected into the Subject by firing appropriate authentication events.
+     * @param session the user's current WikiSession
+     * @param authorizer the WikiEngine's configured Authorizer
+     * @param request the user's HTTP session, which may be <code>null</code>
+     */
+    private final void injectAuthorizerRoles( WikiSession session, Authorizer authorizer, HttpServletRequest request )
+    {
+        // Test each role the authorizer knows about
+        for ( Principal role : authorizer.getRoles() )
+        {
+            // Test the Authorizer
+            if ( authorizer.isUserInRole( session, role ) )
+            {
+                fireEvent( WikiSecurityEvent.PRINCIPAL_ADD, role, session );
+                if ( log.isDebugEnabled() )
+                {
+                    log.debug("Added authorizer role " + role.getName() + "." );
+                }
+            }
+            
+            // If web authorizer, test the request.isInRole() method also
+            else if ( request != null && authorizer instanceof WebAuthorizer )
+            {
+                WebAuthorizer wa = (WebAuthorizer)authorizer;
+                if ( wa.isUserInRole( request, role ) )
+                {
+                    fireEvent( WikiSecurityEvent.PRINCIPAL_ADD, role, session );
+                    if ( log.isDebugEnabled() )
+                    {
+                        log.debug("Added container role " + role.getName() + "." );
+                    }
+                }
+            }
+        }
+    }
 
 }

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/AuthorizationManager.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/AuthorizationManager.java?rev=736542&r1=736541&r2=736542&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/AuthorizationManager.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/AuthorizationManager.java Wed Jan 21 19:20:03 2009
@@ -383,7 +383,7 @@
     /**
      * Initializes AuthorizationManager with an engine and set of properties.
      * Expects to find property 'jspwiki.authorizer' with a valid Authorizer
-     * implementation name to take care of group lookup operations.
+     * implementation name to take care of role lookup operations.
      * @param engine the wiki engine
      * @param properties the set of properties used to initialize the wiki engine
      * @throws WikiException if the AuthorizationManager cannot be initialized

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/Authorizer.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/Authorizer.java?rev=736542&r1=736541&r2=736542&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/Authorizer.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/Authorizer.java Wed Jan 21 19:20:03 2009
@@ -27,7 +27,22 @@
 import com.ecyrd.jspwiki.WikiSession;
 
 /**
- * Interface for service providers of authorization information.
+ * Interface for service providers of authorization information. After a user
+ * successfully logs in, the
+ * {@link com.ecyrd.jspwiki.auth.AuthenticationManager} consults the configured
+ * Authorizer to determine which additional
+ * {@link com.ecyrd.jspwiki.auth.authorize.Role} principals should be added to
+ * the user's WikiSession. To determine which roles should be injected, the
+ * Authorizer is queried for the roles it knows about by calling
+ * {@link com.ecyrd.jspwiki.auth.Authorizer#getRoles()}. Then, each role
+ * returned by the Authorizer is tested by calling
+ * {@link com.ecyrd.jspwiki.auth.Authorizer#isUserInRole(WikiSession, Principal)}.
+ * If this check fails, and the Authorizer is of type WebAuthorizer,
+ * AuthenticationManager checks the role again by calling
+ * {@link com.ecyrd.jspwiki.auth.authorize.WebAuthorizer#isUserInRole(javax.servlet.http.HttpServletRequest, Principal)}).
+ * Any roles that pass the test are injected into the Subject by firing
+ * appropriate authentication events.
+ * 
  * @author Andrew Jaquith
  * @since 2.3
  */
@@ -35,19 +50,21 @@
 {
 
     /**
-     * Returns an array of role Principals this Authorizer knows about.
-     * This method will always return an array; an implementing class may
-     * choose to return an zero-length array if it has no ability to identify
-     * the roles under its control.
+     * Returns an array of role Principals this Authorizer knows about. This
+     * method will always return an array; an implementing class may choose to
+     * return an zero-length array if it has no ability to identify the roles
+     * under its control.
+     * 
      * @return an array of Principals representing the roles
      */
     public Principal[] getRoles();
 
     /**
-     * Looks up and returns a role Principal matching a given String.
-     * If a matching role cannot be found, this method returns <code>null</code>.
-     * Note that it may not always be feasible for an Authorizer
-     * implementation to return a role Principal.
+     * Looks up and returns a role Principal matching a given String. If a
+     * matching role cannot be found, this method returns <code>null</code>.
+     * Note that it may not always be feasible for an Authorizer implementation
+     * to return a role Principal.
+     * 
      * @param role the name of the role to retrieve
      * @return the role Principal
      */
@@ -55,6 +72,7 @@
 
     /**
      * Initializes the authorizer.
+     * 
      * @param engine the current wiki engine
      * @param props the wiki engine initialization properties
      * @throws WikiSecurityException if the Authorizer could not be initialized
@@ -67,10 +85,11 @@
      * containing the subject and the desired role ( which may be a Role or a
      * Group). If either parameter is <code>null</code>, this method must
      * return <code>false</code>.
+     * 
      * @param session the current WikiSession
      * @param role the role to check
      * @return <code>true</code> if the user is considered to be in the role,
-     * <code>false</code> otherwise
+     *         <code>false</code> otherwise
      */
     public boolean isUserInRole( WikiSession session, Principal role );
 

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/login/WebContainerCallbackHandler.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/login/WebContainerCallbackHandler.java?rev=736542&r1=736541&r2=736542&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/login/WebContainerCallbackHandler.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/login/WebContainerCallbackHandler.java Wed Jan 21 19:20:03 2009
@@ -28,7 +28,6 @@
 import javax.servlet.http.HttpServletRequest;
 
 import com.ecyrd.jspwiki.WikiEngine;
-import com.ecyrd.jspwiki.auth.Authorizer;
 
 /**
  * Handles logins made from within JSPWiki.
@@ -40,8 +39,6 @@
 {
     private final HttpServletRequest m_request;
 
-    private final Authorizer         m_authorizer;
-
     private final WikiEngine         m_engine;
 
     /**
@@ -49,13 +46,11 @@
      *  
      *  @param engine The WikiEngine
      *  @param request The request to look into
-     *  @param authorizer The authorizer which does all these things.
      */
-    public WebContainerCallbackHandler( WikiEngine engine, HttpServletRequest request, Authorizer authorizer )
+    public WebContainerCallbackHandler( WikiEngine engine, HttpServletRequest request )
     {
         m_engine  = engine;
         m_request = request;
-        m_authorizer = authorizer;
     }
 
     /**
@@ -72,10 +67,6 @@
             {
                 ( (HttpRequestCallback) callback ).setRequest( m_request );
             }
-            else if ( callback instanceof AuthorizerCallback )
-            {
-                ( (AuthorizerCallback) callback ).setAuthorizer( m_authorizer );
-            }
             else if( callback instanceof WikiEngineCallback )
             {
                 ( (WikiEngineCallback) callback ).setEngine( m_engine );

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/login/WebContainerLoginModule.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/login/WebContainerLoginModule.java?rev=736542&r1=736541&r2=736542&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/login/WebContainerLoginModule.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/src/com/ecyrd/jspwiki/auth/login/WebContainerLoginModule.java Wed Jan 21 19:20:03 2009
@@ -22,8 +22,6 @@
 
 import java.io.IOException;
 import java.security.Principal;
-import java.util.HashSet;
-import java.util.Set;
 
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.UnsupportedCallbackException;
@@ -34,10 +32,7 @@
 
 import org.apache.log4j.Logger;
 
-import com.ecyrd.jspwiki.auth.Authorizer;
 import com.ecyrd.jspwiki.auth.WikiPrincipal;
-import com.ecyrd.jspwiki.auth.authorize.Role;
-import com.ecyrd.jspwiki.auth.authorize.WebAuthorizer;
 
 /**
  * <p>
@@ -82,9 +77,7 @@
     public boolean login() throws LoginException
     {
         HttpRequestCallback rcb = new HttpRequestCallback();
-        AuthorizerCallback acb = new AuthorizerCallback();
-        Callback[] callbacks = new Callback[]
-        { rcb, acb };
+        Callback[] callbacks = new Callback[] { rcb };
         String userId = null;
 
         try
@@ -124,9 +117,6 @@
             }
             m_principals.add( principal );
 
-            // Add any container roles
-            injectWebAuthorizerRoles( acb.getAuthorizer(), request );
-
             return true;
         }
         catch( IOException e )
@@ -140,39 +130,4 @@
             return false;
         }
     }
-
-    /**
-     * If the current Authorizer is a
-     * {@link com.ecyrd.jwpwiki.auth.authorize.WebAuthorizer},
-     * this method iterates through each role returned by the
-     * authorizer (via
-     * {@link com.ecyrd.jwpwiki.auth.authorize.WebAuthorizer#isUserInRole( HttpServletRequest, Role)})
-     * and injects the appropriate ones into the Subject.
-     * @param acb the authorizer callback
-     * @param rcb the HTTP request
-     */
-    private final void injectWebAuthorizerRoles( Authorizer authorizer, HttpServletRequest request )
-    {
-        Principal[] roles = authorizer.getRoles();
-        Set<Principal> foundRoles = new HashSet<Principal>();
-        if ( authorizer instanceof WebAuthorizer )
-        {
-            WebAuthorizer wa = (WebAuthorizer)authorizer;
-            for ( int i = 0; i < roles.length; i++ )
-            {
-                if ( wa.isUserInRole( request, roles[i] ) )
-                {
-                    foundRoles.add( roles[i] );
-                    if ( log.isDebugEnabled() )
-                    {
-                        log.debug("Added container role " + roles[i].getName() + "." );
-                    }
-                }
-            }
-        }
-
-        // Add these container roles if login succeeds
-        m_principals.addAll( foundRoles );
-    }
-
 }

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/AuthenticationManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/AuthenticationManagerTest.java?rev=736542&r1=736541&r2=736542&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/AuthenticationManagerTest.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/AuthenticationManagerTest.java Wed Jan 21 19:20:03 2009
@@ -24,6 +24,8 @@
 import java.util.Map;
 import java.util.Properties;
 
+import javax.servlet.http.HttpServletRequest;
+
 import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
@@ -35,22 +37,68 @@
 import com.ecyrd.jspwiki.auth.authorize.Group;
 import com.ecyrd.jspwiki.auth.authorize.GroupManager;
 import com.ecyrd.jspwiki.auth.authorize.Role;
+import com.ecyrd.jspwiki.auth.authorize.WebAuthorizer;
 import com.ecyrd.jspwiki.auth.login.CookieAssertionLoginModule;
 
 /**
  * Tests the AuthorizationManager class.
+ * 
  * @author Janne Jalkanen
  */
 public class AuthenticationManagerTest extends TestCase
 {
+    public static class DummyAuthorizer implements WebAuthorizer
+    {
+        private static Principal[] m_roles = new Principal[] { new Role( "ContainerRole" ), new Role( "AuthorizerRole" ),
+                                                              new Role( "DummyRole" ) };
+
+        public Principal findRole( String role )
+        {
+            for( Principal principal : m_roles )
+            {
+                if( principal.getName().equals( role ) )
+                {
+                    return principal;
+                }
+            }
+            return null;
+        }
+
+        public Principal[] getRoles()
+        {
+            return m_roles;
+        }
+
+        public void initialize( WikiEngine engine, Properties props ) throws WikiSecurityException
+        {
+        }
+
+        public boolean isUserInRole( HttpServletRequest request, Principal role )
+        {
+            return request != null && "ContainerRole".equals( role.getName() );
+        }
+
+        public boolean isUserInRole( WikiSession session, Principal role )
+        {
+            return session != null && "AuthorizerRole".equals( role.getName() );
+        }
+    }
+
+    public static Test suite()
+    {
+        TestSuite suite = new TestSuite( "Authentication Manager test" );
+        suite.addTestSuite( AuthenticationManagerTest.class );
+        return suite;
+    }
+
     private AuthenticationManager m_auth;
 
-    private TestEngine            m_engine;
-    
-    private GroupManager          m_groupMgr;
- 
-    private WikiSession           m_session;
-    
+    private TestEngine m_engine;
+
+    private GroupManager m_groupMgr;
+
+    private WikiSession m_session;
+
     public AuthenticationManagerTest( String s )
     {
         super( s );
@@ -65,15 +113,43 @@
         m_groupMgr = m_engine.getGroupManager();
         m_session = WikiSessionTest.adminSession( m_engine );
     }
-    
-    public void testIsUserPrincipal()
+
+    /**
+     * Tests a dummy WebAuthorizer that is guaranteed to return true for one
+     * role for each of the two <code>isInRole</code> methods.
+     * 
+     * @throws Exception
+     */
+    public void testCustomAuthorizer() throws Exception
     {
-        assertTrue( AuthenticationManager.isUserPrincipal( new WikiPrincipal( "Foo" ) ) );
-        assertFalse( AuthenticationManager.isUserPrincipal( new GroupPrincipal( "Group1" ) ) );
-        assertFalse( AuthenticationManager.isUserPrincipal( new Role( "Role1" ) ) );
-        assertFalse( AuthenticationManager.isUserPrincipal( Role.ANONYMOUS ) );
+        Properties props = new Properties();
+        props.load( TestEngine.findTestProperties() );
+        props.put( AuthorizationManager.PROP_AUTHORIZER, "com.ecyrd.jspwiki.auth.AuthenticationManagerTest$DummyAuthorizer" );
+        m_engine = new TestEngine( props );
+
+        // Start a session without any container roles: DummyAuthorizer should ALWAYS allow AuthorizerRole
+        WikiSession session = WikiSessionTest.authenticatedSession( m_engine, Users.JANNE, Users.JANNE_PASS );
+        assertTrue( session.hasPrincipal( Role.ALL ) );
+        assertTrue( session.hasPrincipal( Role.AUTHENTICATED ) );
+        assertTrue( session.hasPrincipal( new WikiPrincipal( Users.JANNE, WikiPrincipal.LOGIN_NAME ) ) );
+        assertTrue( session.hasPrincipal( new WikiPrincipal( "JanneJalkanen", WikiPrincipal.WIKI_NAME ) ) );
+        assertTrue( session.hasPrincipal( new WikiPrincipal( "Janne Jalkanen", WikiPrincipal.FULL_NAME ) ) );
+        assertTrue( session.hasPrincipal( new Role( "AuthorizerRole") ) );
+        assertFalse( session.hasPrincipal( new Role( "ContainerRole") ) );
+        assertFalse( session.hasPrincipal( new Role( "DummyRole") ) );
+        
+        // Try again with a container-authenticated session: DummyAuthorizer should ALSO allow ContainerRole
+        session = WikiSessionTest.containerAuthenticatedSession( m_engine, Users.JANNE, new Principal[0] );
+        assertTrue( session.hasPrincipal( Role.ALL ) );
+        assertTrue( session.hasPrincipal( Role.AUTHENTICATED ) );
+        assertTrue( session.hasPrincipal( new WikiPrincipal( Users.JANNE, WikiPrincipal.LOGIN_NAME ) ) );
+        assertTrue( session.hasPrincipal( new WikiPrincipal( "JanneJalkanen", WikiPrincipal.WIKI_NAME ) ) );
+        assertTrue( session.hasPrincipal( new WikiPrincipal( "Janne Jalkanen", WikiPrincipal.FULL_NAME ) ) );
+        assertTrue( session.hasPrincipal( new Role( "AuthorizerRole") ) );
+        assertTrue( session.hasPrincipal( new Role( "ContainerRole") ) );
+        assertFalse( session.hasPrincipal( new Role( "DummyRole") ) );
     }
-    
+
     public void testCustomJAASLoginModule() throws Exception
     {
         Properties props = new Properties();
@@ -82,9 +158,10 @@
         // Supply a custom LoginModule class
         props.put( "jspwiki.loginModule.class", "com.ecyrd.jspwiki.auth.login.CookieAssertionLoginModule" );
 
-        // Init the engine and verify that we initialized with a custom auth login module
+        // Init the engine and verify that we initialized with a custom auth
+        // login module
         WikiEngine engine = new TestEngine( props );
-        AuthenticationManager authMgr= engine.getAuthenticationManager();
+        AuthenticationManager authMgr = engine.getAuthenticationManager();
         assertEquals( CookieAssertionLoginModule.class, authMgr.m_loginModuleClass );
     }
 
@@ -92,23 +169,32 @@
     {
         Properties props = new Properties();
         props.load( TestEngine.findTestProperties() );
-        
+
         // Supply a custom LoginModule options
         props.put( "jspwiki.loginModule.options.key1", "value1" );
         props.put( "jspwiki.loginModule.options.key2", "value2" );
         props.put( "jspwiki.loginModule.options.key3", "value3" );
-        
-        // Init the engine and verify that we initialized with the correct options
+
+        // Init the engine and verify that we initialized with the correct
+        // options
         WikiEngine engine = new TestEngine( props );
-        AuthenticationManager authMgr= engine.getAuthenticationManager();
-        Map<String,String> options = authMgr.m_loginModuleOptions;
+        AuthenticationManager authMgr = engine.getAuthenticationManager();
+        Map<String, String> options = authMgr.m_loginModuleOptions;
         assertEquals( 3, options.size() );
         assertTrue( options.containsKey( "key1" ) );
         assertTrue( options.containsKey( "key2" ) );
         assertTrue( options.containsKey( "key3" ) );
-        assertEquals( "value1", options.get( "key1") );
-        assertEquals( "value2", options.get( "key2") );
-        assertEquals( "value3", options.get( "key3") );
+        assertEquals( "value1", options.get( "key1" ) );
+        assertEquals( "value2", options.get( "key2" ) );
+        assertEquals( "value3", options.get( "key3" ) );
+    }
+
+    public void testIsUserPrincipal()
+    {
+        assertTrue( AuthenticationManager.isUserPrincipal( new WikiPrincipal( "Foo" ) ) );
+        assertFalse( AuthenticationManager.isUserPrincipal( new GroupPrincipal( "Group1" ) ) );
+        assertFalse( AuthenticationManager.isUserPrincipal( new Role( "Role1" ) ) );
+        assertFalse( AuthenticationManager.isUserPrincipal( Role.ANONYMOUS ) );
     }
 
     public void testLoginCustom() throws Exception
@@ -118,30 +204,31 @@
         assertTrue( session.hasPrincipal( Role.AUTHENTICATED ) );
         assertTrue( session.hasPrincipal( new WikiPrincipal( Users.JANNE, WikiPrincipal.LOGIN_NAME ) ) );
         assertTrue( session.hasPrincipal( new WikiPrincipal( "JanneJalkanen", WikiPrincipal.WIKI_NAME ) ) );
-        assertTrue( session.hasPrincipal( new WikiPrincipal( "Janne Jalkanen",  WikiPrincipal.FULL_NAME ) ) );
+        assertTrue( session.hasPrincipal( new WikiPrincipal( "Janne Jalkanen", WikiPrincipal.FULL_NAME ) ) );
     }
-    
+
     public void testLoginCustomWithGroup() throws Exception
     {
-        // Flush any pre-existing groups (left over from previous failures, perhaps)
+        // Flush any pre-existing groups (left over from previous failures,
+        // perhaps)
         try
         {
             m_groupMgr.removeGroup( "Test1" );
             m_groupMgr.removeGroup( "Test2" );
         }
-        catch ( NoSuchPrincipalException e )
+        catch( NoSuchPrincipalException e )
         {
-            
+
         }
-        
+
         // Log in 'janne' and verify there are 5 principals in the subject
         // (ALL, AUTHENTICATED, login, fullname, wikiname Principals)
         WikiSession session = WikiSession.guestSession( m_engine );
         m_auth.login( session, Users.JANNE, Users.JANNE_PASS );
         assertEquals( 3, session.getPrincipals().length );
         assertEquals( 2, session.getRoles().length );
-        assertTrue( session.hasPrincipal( new WikiPrincipal( "JanneJalkanen",  WikiPrincipal.WIKI_NAME ) ) );
-        
+        assertTrue( session.hasPrincipal( new WikiPrincipal( "JanneJalkanen", WikiPrincipal.WIKI_NAME ) ) );
+
         // Listen for any manager group-add events
         GroupManager manager = m_engine.getGroupManager();
         SecurityEventTrap trap = new SecurityEventTrap();
@@ -152,43 +239,38 @@
         m_groupMgr.setGroup( m_session, groupTest1 );
         groupTest1 = m_groupMgr.getGroup( "Test1" );
         Principal principalTest1 = groupTest1.getPrincipal();
-        
+
         Group groupTest2 = m_groupMgr.parseGroup( "Test2", "Alice \n Bob \n Charlie", true );
         m_groupMgr.setGroup( m_session, groupTest2 );
         groupTest2 = m_groupMgr.getGroup( "Test2" );
         Principal principalTest2 = groupTest2.getPrincipal();
-        
+
         // We should see two security events (one for each group create)
         // We should also see a GroupPrincipal for group Test1, but not Test2
         assertEquals( 2, trap.events().length );
         assertTrue( session.hasPrincipal( principalTest1 ) );
         assertFalse( session.hasPrincipal( principalTest2 ) );
-        
+
         // If we remove Test1, the GroupPrincipal should disappear
         m_groupMgr.removeGroup( "Test1" );
         assertFalse( session.hasPrincipal( principalTest1 ) );
         assertFalse( session.hasPrincipal( principalTest2 ) );
-        
-        // Now, add 'JanneJalkanen' to Test2 group manually; we should see the GroupPrincipal
+
+        // Now, add 'JanneJalkanen' to Test2 group manually; we should see the
+        // GroupPrincipal
         groupTest2.add( new WikiPrincipal( "JanneJalkanen" ) );
         m_groupMgr.setGroup( session, groupTest2 );
         assertFalse( session.hasPrincipal( principalTest1 ) );
         assertTrue( session.hasPrincipal( principalTest2 ) );
-        
+
         // Remove 'JanneJalkenen' manually; the GroupPrincipal should disappear
         groupTest2.remove( new WikiPrincipal( "JanneJalkanen" ) );
         m_groupMgr.setGroup( session, groupTest2 );
         assertFalse( session.hasPrincipal( principalTest1 ) );
         assertFalse( session.hasPrincipal( principalTest2 ) );
-        
+
         // Clean up
         m_groupMgr.removeGroup( "Test2" );
     }
-    
-    public static Test suite()
-    {
-        TestSuite suite = new TestSuite("Authentication Manager test");
-        suite.addTestSuite( AuthenticationManagerTest.class );
-        return suite;
-    }
-}
\ No newline at end of file
+
+}

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/AnonymousLoginModuleTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/AnonymousLoginModuleTest.java?rev=736542&r1=736541&r2=736542&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/AnonymousLoginModuleTest.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/AnonymousLoginModuleTest.java Wed Jan 21 19:20:03 2009
@@ -33,9 +33,7 @@
 import junit.framework.TestCase;
 
 import com.ecyrd.jspwiki.NoRequiredPropertyException;
-import com.ecyrd.jspwiki.TestAuthorizer;
 import com.ecyrd.jspwiki.TestEngine;
-import com.ecyrd.jspwiki.auth.Authorizer;
 import com.ecyrd.jspwiki.auth.WikiPrincipal;
 import com.ecyrd.jspwiki.auth.authorize.Role;
 import com.ecyrd.jspwiki.auth.user.UserDatabase;
@@ -46,11 +44,9 @@
  */
 public class AnonymousLoginModuleTest extends TestCase
 {
-    Authorizer authorizer;
+    UserDatabase m_db;
 
-    UserDatabase db;
-
-    Subject      subject;
+    Subject      m_subject;
 
     private TestEngine m_engine;
 
@@ -60,12 +56,12 @@
         try
         {
             // Test using IP address (AnonymousLoginModule succeeds)
-            CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request, authorizer );
+            CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request );
             LoginModule module = new AnonymousLoginModule();
-            module.initialize(subject, handler, new HashMap<String, Object>(), new HashMap<String, Object>());
+            module.initialize( m_subject, handler, new HashMap<String, Object>(), new HashMap<String, Object>() );
             module.login();
             module.commit();
-            Set principals = subject.getPrincipals();
+            Set principals = m_subject.getPrincipals();
             assertEquals( 1, principals.size() );
             assertTrue( principals.contains( new WikiPrincipal( "127.0.0.1" ) ) );
             assertFalse( principals.contains( Role.ANONYMOUS ) );
@@ -83,14 +79,14 @@
         HttpServletRequest request = m_engine.newHttpRequest();
         try
         {
-            CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request, authorizer );
+            CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request );
             LoginModule module = new AnonymousLoginModule();
-            module.initialize(subject, handler, 
+            module.initialize( m_subject, handler, 
                               new HashMap<String, Object>(), 
-                              new HashMap<String, Object>());
+                              new HashMap<String, Object>() );
             module.login();
             module.commit();
-            Set principals = subject.getPrincipals();
+            Set principals = m_subject.getPrincipals();
             assertEquals( 1, principals.size() );
             assertTrue( principals.contains( new WikiPrincipal( "127.0.0.1" ) ) );
             assertFalse( principals.contains( Role.ANONYMOUS ) );
@@ -114,13 +110,11 @@
         props.load( TestEngine.findTestProperties() );
         props.put(XMLUserDatabase.PROP_USERDATABASE, "tests/etc/userdatabase.xml");
         m_engine = new TestEngine(props);
-        authorizer = new TestAuthorizer();
-        authorizer.initialize( m_engine, props );
-        db = new XMLUserDatabase();
-        subject = new Subject();
+        m_db = new XMLUserDatabase();
+        m_subject = new Subject();
         try
         {
-            db.initialize( m_engine, props );
+            m_db.initialize( m_engine, props );
         }
         catch( NoRequiredPropertyException e )
         {

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/CookieAssertionLoginModuleTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/CookieAssertionLoginModuleTest.java?rev=736542&r1=736541&r2=736542&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/CookieAssertionLoginModuleTest.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/CookieAssertionLoginModuleTest.java Wed Jan 21 19:20:03 2009
@@ -30,14 +30,11 @@
 import javax.security.auth.spi.LoginModule;
 import javax.servlet.http.Cookie;
 
-import net.sourceforge.stripes.mock.MockHttpServletRequest;
-
 import junit.framework.TestCase;
+import net.sourceforge.stripes.mock.MockHttpServletRequest;
 
 import com.ecyrd.jspwiki.NoRequiredPropertyException;
-import com.ecyrd.jspwiki.TestAuthorizer;
 import com.ecyrd.jspwiki.TestEngine;
-import com.ecyrd.jspwiki.auth.Authorizer;
 import com.ecyrd.jspwiki.auth.WikiPrincipal;
 import com.ecyrd.jspwiki.auth.authorize.Role;
 import com.ecyrd.jspwiki.auth.user.UserDatabase;
@@ -48,11 +45,9 @@
  */
 public class CookieAssertionLoginModuleTest extends TestCase
 {
-    Authorizer authorizer;
-
-    UserDatabase db;
+    UserDatabase m_db;
 
-    Subject      subject;
+    Subject      m_subject;
 
     private TestEngine m_engine;
 
@@ -67,15 +62,15 @@
             // Test using Cookie and IP address (AnonymousLoginModule succeeds)
             Cookie cookie = new Cookie( CookieAssertionLoginModule.PREFS_COOKIE_NAME, "Bullwinkle" );
             request.setCookies( new Cookie[] { cookie } );
-            subject = new Subject();
-            CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request, authorizer );
+            m_subject = new Subject();
+            CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request );
             LoginModule module = new CookieAssertionLoginModule();
-            module.initialize(subject, handler, 
+            module.initialize( m_subject, handler, 
                               new HashMap<String, Object>(), 
-                              new HashMap<String, Object>());
+                              new HashMap<String, Object>() );
             module.login();
             module.commit();
-            Set principals = subject.getPrincipals();
+            Set principals = m_subject.getPrincipals();
             assertEquals( 1, principals.size() );
             assertTrue( principals.contains( new WikiPrincipal( "Bullwinkle" ) ) );
             assertFalse( principals.contains( Role.ASSERTED ) );
@@ -95,14 +90,14 @@
         request.setCookies( new Cookie[] { cookie } );
         try
         {
-            CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request, authorizer );
+            CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request );
             LoginModule module = new CookieAssertionLoginModule();
-            module.initialize(subject, handler, 
+            module.initialize( m_subject, handler, 
                               new HashMap<String, Object>(), 
-                              new HashMap<String, Object>());
+                              new HashMap<String, Object>() );
             module.login();
             module.commit();
-            Set principals = subject.getPrincipals();
+            Set principals = m_subject.getPrincipals();
             assertEquals( 1, principals.size() );
             assertTrue( principals.contains( new WikiPrincipal( "Bullwinkle" ) ) );
             assertFalse( principals.contains( Role.ANONYMOUS ) );
@@ -126,13 +121,11 @@
         props.load( TestEngine.findTestProperties() );
         props.put(XMLUserDatabase.PROP_USERDATABASE, "tests/etc/userdatabase.xml");
         m_engine = new TestEngine(props);
-        authorizer = new TestAuthorizer();
-        authorizer.initialize( m_engine, props );
-        db = new XMLUserDatabase();
-        subject = new Subject();
+        m_db = new XMLUserDatabase();
+        m_subject = new Subject();
         try
         {
-            db.initialize( m_engine, props );
+            m_db.initialize( m_engine, props );
         }
         catch( NoRequiredPropertyException e )
         {

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/UserDatabaseLoginModuleTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/UserDatabaseLoginModuleTest.java?rev=736542&r1=736541&r2=736542&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/UserDatabaseLoginModuleTest.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/UserDatabaseLoginModuleTest.java Wed Jan 21 19:20:03 2009
@@ -44,38 +44,38 @@
  */
 public class UserDatabaseLoginModuleTest extends TestCase
 {
-    UserDatabase db;
+    UserDatabase m_db;
 
-    Subject      subject;
+    Subject      m_subject;
 
     public final void testLogin()
     {
         try
         {
             // Log in with a user that isn't in the database
-            CallbackHandler handler = new WikiCallbackHandler( db, "user", "password" );
+            CallbackHandler handler = new WikiCallbackHandler( m_db, "user", "password" );
             LoginModule module = new UserDatabaseLoginModule();
-            module.initialize(subject, handler, 
+            module.initialize( m_subject, handler, 
                               new HashMap<String, Object>(), 
-                              new HashMap<String, Object>());
+                              new HashMap<String, Object>() );
             module.login();
             module.commit();
-            Set principals = subject.getPrincipals();
+            Set principals = m_subject.getPrincipals();
             assertEquals( 1, principals.size() );
             assertTrue( principals.contains( new WikiPrincipal( "user", WikiPrincipal.LOGIN_NAME ) ) );
             assertFalse( principals.contains( Role.AUTHENTICATED ) );
             assertFalse( principals.contains( Role.ALL ) );
             
             // Login with a user that IS in the database
-            subject = new Subject();
-            handler = new WikiCallbackHandler( db, "janne", "myP@5sw0rd" );
+            m_subject = new Subject();
+            handler = new WikiCallbackHandler( m_db, "janne", "myP@5sw0rd" );
             module = new UserDatabaseLoginModule();
-            module.initialize(subject, handler, 
+            module.initialize( m_subject, handler, 
                               new HashMap<String, Object>(), 
-                              new HashMap<String, Object>());
+                              new HashMap<String, Object>() );
             module.login();
             module.commit();
-            principals = subject.getPrincipals();
+            principals = m_subject.getPrincipals();
             assertEquals( 1, principals.size() );
             assertTrue( principals.contains( new WikiPrincipal( "janne", WikiPrincipal.LOGIN_NAME ) ) );
             assertFalse( principals.contains( Role.AUTHENTICATED ) );
@@ -92,14 +92,14 @@
     {
         try
         {
-            CallbackHandler handler = new WikiCallbackHandler( db, "user", "password" );
+            CallbackHandler handler = new WikiCallbackHandler( m_db, "user", "password" );
             LoginModule module = new UserDatabaseLoginModule();
-            module.initialize(subject, handler, 
+            module.initialize( m_subject, handler, 
                               new HashMap<String, Object>(), 
-                              new HashMap<String, Object>());
+                              new HashMap<String, Object>() );
             module.login();
             module.commit();
-            Set principals = subject.getPrincipals();
+            Set principals = m_subject.getPrincipals();
             assertEquals( 1, principals.size() );
             assertTrue( principals.contains( new WikiPrincipal( "user",  WikiPrincipal.LOGIN_NAME ) ) );
             assertFalse( principals.contains( Role.AUTHENTICATED ) );
@@ -123,11 +123,11 @@
         props.load( TestEngine.findTestProperties() );
         props.put(XMLUserDatabase.PROP_USERDATABASE, "tests/etc/userdatabase.xml");
         WikiEngine m_engine  = new TestEngine(props);
-        db = new XMLUserDatabase();
-        subject = new Subject();
+        m_db = new XMLUserDatabase();
+        m_subject = new Subject();
         try
         {
-            db.initialize( m_engine, props );
+            m_db.initialize( m_engine, props );
         }
         catch( NoRequiredPropertyException e )
         {

Modified: incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/WebContainerLoginModuleTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/WebContainerLoginModuleTest.java?rev=736542&r1=736541&r2=736542&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/WebContainerLoginModuleTest.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_8_BRANCH/tests/com/ecyrd/jspwiki/auth/login/WebContainerLoginModuleTest.java Wed Jan 21 19:20:03 2009
@@ -22,7 +22,6 @@
 
 import java.security.Principal;
 import java.util.HashMap;
-import java.util.HashSet;
 import java.util.Properties;
 import java.util.Set;
 
@@ -31,14 +30,11 @@
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
-import net.sourceforge.stripes.mock.MockHttpServletRequest;
-
 import junit.framework.TestCase;
+import net.sourceforge.stripes.mock.MockHttpServletRequest;
 
 import com.ecyrd.jspwiki.NoRequiredPropertyException;
-import com.ecyrd.jspwiki.TestAuthorizer;
 import com.ecyrd.jspwiki.TestEngine;
-import com.ecyrd.jspwiki.auth.Authorizer;
 import com.ecyrd.jspwiki.auth.WikiPrincipal;
 import com.ecyrd.jspwiki.auth.authorize.Role;
 import com.ecyrd.jspwiki.auth.user.UserDatabase;
@@ -49,11 +45,9 @@
  */
 public class WebContainerLoginModuleTest extends TestCase
 {
-    Authorizer authorizer;
+    UserDatabase m_db;
 
-    UserDatabase db;
-
-    Subject      subject;
+    Subject      m_subject;
 
     private TestEngine m_engine;
 
@@ -65,14 +59,14 @@
         try
         {
             // Test using Principal (WebContainerLoginModule succeeds)
-            CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request, authorizer );
+            CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request );
             LoginModule module = new WebContainerLoginModule();
-            module.initialize(subject, handler, 
+            module.initialize( m_subject, handler, 
                               new HashMap<String, Object>(), 
                               new HashMap<String, Object>());
             module.login();
             module.commit();
-            Set principals = subject.getPrincipals();
+            Set principals = m_subject.getPrincipals();
             assertEquals( 1, principals.size() );
             assertTrue(  principals.contains( principal ) );
             assertFalse( principals.contains( Role.ANONYMOUS ) );
@@ -87,36 +81,6 @@
         }
     }
 
-    public final void testLoginWithRoles() throws Exception
-    {
-        // Create user with 2 container roles; TestAuthorizer knows about these
-        Principal principal = new WikiPrincipal( "Andrew Jaquith" );
-        MockHttpServletRequest request = m_engine.newHttpRequest();
-        request.setUserPrincipal( principal );
-        Set<String> roles = new HashSet<String>();
-        roles.add( "IT" );
-        roles.add( "Engineering" );
-        request.setRoles( roles );
-
-        // Test using Principal (WebContainerLoginModule succeeds)
-        CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request, authorizer );
-        LoginModule module = new WebContainerLoginModule();
-        module.initialize(subject, handler, 
-                          new HashMap<String, Object>(), 
-                          new HashMap<String, Object>());
-        module.login();
-        module.commit();
-        Set principals = subject.getPrincipals();
-        assertEquals( 3, principals.size() );
-        assertTrue( principals.contains( principal ) );
-        assertFalse( principals.contains( Role.ANONYMOUS ) );
-        assertFalse( principals.contains( Role.ASSERTED ) );
-        assertFalse( principals.contains( Role.AUTHENTICATED ) );
-        assertFalse( principals.contains( Role.ALL ) );
-        assertTrue(  principals.contains( new Role( "IT" ) ) );
-        assertTrue(  principals.contains( new Role( "Engineering" ) ) );
-    }
-
     public final void testLogout()
     {
         Principal principal = new WikiPrincipal( "Andrew Jaquith" );
@@ -124,14 +88,14 @@
         request.setUserPrincipal( principal );
         try
         {
-            CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request, authorizer );
+            CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request );
             LoginModule module = new WebContainerLoginModule();
-            module.initialize(subject, handler, 
+            module.initialize( m_subject, handler, 
                               new HashMap<String, Object>(), 
                               new HashMap<String, Object>());
             module.login();
             module.commit();
-            Set principals = subject.getPrincipals();
+            Set principals = m_subject.getPrincipals();
             assertEquals( 1, principals.size() );
             assertTrue( principals.contains( principal ) );
             assertFalse( principals.contains( Role.AUTHENTICATED ) );
@@ -155,13 +119,11 @@
         props.load( TestEngine.findTestProperties() );
         props.put(XMLUserDatabase.PROP_USERDATABASE, "tests/etc/userdatabase.xml");
         m_engine = new TestEngine(props);
-        authorizer = new TestAuthorizer();
-        authorizer.initialize( m_engine, props );
-        db = new XMLUserDatabase();
-        subject = new Subject();
+        m_db = new XMLUserDatabase();
+        m_subject = new Subject();
         try
         {
-            db.initialize( m_engine, props );
+            m_db.initialize( m_engine, props );
         }
         catch( NoRequiredPropertyException e )
         {



Mime
View raw message