portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From roger...@apache.org
Subject cvs commit: jakarta-jetspeed-2/components/sso/src/test/org/apache/jetspeed/sso TestSSOComponent.java
Date Fri, 28 Jan 2005 22:36:21 GMT
rogerrut    2005/01/28 14:36:21

  Modified:    components/sso/src/java/org/apache/jetspeed/sso/impl
                        SSOSiteImpl.java PersistenceBrokerSSOProvider.java
               components/sso/src/test/org/apache/jetspeed/sso
                        TestSSOComponent.java
  Log:
  SSO Update
  --> Added group support. You can create an SSO entry for a group. A user will be checked
against each member of the group for a match
  --> Added new API's which makes it easier to call from the UI since at that point no
subject is available.
  --> Updated SSO Management portlets so that it handles groups
  --> Cleanup of code and removal of unused imports
  
  Revision  Changes    Path
  1.6       +5 -57     jakarta-jetspeed-2/components/sso/src/java/org/apache/jetspeed/sso/impl/SSOSiteImpl.java
  
  Index: SSOSiteImpl.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/components/sso/src/java/org/apache/jetspeed/sso/impl/SSOSiteImpl.java,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- SSOSiteImpl.java	4 Dec 2004 22:28:19 -0000	1.5
  +++ SSOSiteImpl.java	28 Jan 2005 22:36:21 -0000	1.6
  @@ -22,7 +22,6 @@
   
   import org.apache.jetspeed.sso.SSOException;
   import org.apache.jetspeed.sso.SSOSite;
  -import org.apache.jetspeed.security.om.InternalCredential;
   import org.apache.jetspeed.sso.SSOPrincipal;
   
   /**
  @@ -43,7 +42,6 @@
   	private boolean	isAllowUserSet;
   	private boolean isCertificateRequired;
   	
  -	private Collection	credentials = new Vector();
   	private Collection	principals = new Vector();
   	private Collection	remotePrincipals = new Vector();
   	
  @@ -60,18 +58,6 @@
   	 */
   	
   	/**
  -	 * @return Returns the credentials.
  -	 */
  -	public Collection getCredentials() {
  -		return this.credentials;
  -	}
  -	/**
  -	 * @param credentials The credentials to set.
  -	 */
  -	public void setCredentials(Collection credentials) {
  -		this.credentials.addAll(credentials);
  -	}
  -	/**
   	 * @return Returns the isAllowUserSet.
   	 */
   	public boolean isAllowUserSet() {
  @@ -150,49 +136,12 @@
   	 * Adds the credentail to the credentials collection
   	 *
   	 */
  -	public void addCredential(InternalCredential credential) throws SSOException
  -	{
  -		boolean bStatus = false;
  -		
  -		try
  -		{
  -			bStatus = credentials.add(credential);
  -		}
  -		catch(Exception e)
  -		{
  -			// Adding credentail to coollection failed -- notify caller with SSOException
  -			throw new SSOException(SSOException.FAILED_ADDING_CREDENTIALS_FOR_SITE + e.getMessage());

  -		}
  -		
  -		if ( bStatus == false)
  -			throw new SSOException(SSOException.FAILED_ADDING_CREDENTIALS_FOR_SITE ); 
  -	}
   	
  -	/**
  -	* removeCredential()
  -	 * removes a credentail from the credentials collection
  -	 *
  -	 */
  -	public void removeCredential(InternalCredential credential) throws SSOException
  -	{
  -		boolean bStatus = false;
  -		
  -		try
  -		{
  -			bStatus = credentials.remove(credential);
  -		}
  -		catch(Exception e)
  -		{
  -			// Adding credentail to coollection failed -- notify caller with SSOException
  -			throw new SSOException(SSOException.FAILED_REMOVING_CREDENTIALS_FOR_SITE + e.getMessage());

  -		}
  -		
  -		if ( bStatus == false)
  -			throw new SSOException(SSOException.FAILED_REMOVING_CREDENTIALS_FOR_SITE ); 
  -	}
  +	
   	
   		/**
  -		 * Adds the credentail to the credentials collection
  +		 * addPrincipal
  +		 * Adds the SSOPrincipal to the principals collection
   		 *
   		 */
   		public void addPrincipal(SSOPrincipal principal) throws SSOException {
  @@ -231,9 +180,7 @@
   				
   					try
   					{
  -						// TODO: Removing results in an OJB exception. Ignore it for the moment but it needs
to be fixed soon...
   						bStatus = principals.remove(principalObj);
  -						//bStatus = true;
   					}
   					catch(Exception e)
   					{
  @@ -259,4 +206,5 @@
       public void setRemotePrincipals(Collection remotePrincipals) {
           this.remotePrincipals = remotePrincipals;
       }
  +    
   }
  
  
  
  1.14      +209 -51   jakarta-jetspeed-2/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java
  
  Index: PersistenceBrokerSSOProvider.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- PersistenceBrokerSSOProvider.java	13 Jan 2005 22:16:59 -0000	1.13
  +++ PersistenceBrokerSSOProvider.java	28 Jan 2005 22:36:21 -0000	1.14
  @@ -15,11 +15,14 @@
    */
   package org.apache.jetspeed.sso.impl;
   
  +import java.security.Principal;
   import java.util.ArrayList;
   import java.util.Collection;
  +import java.util.HashSet;
   import java.util.Hashtable;
   import java.util.Iterator;
   import java.util.List;
  +import java.util.Set;
   import java.util.StringTokenizer;
   
   import org.apache.jetspeed.security.UserPrincipal;
  @@ -40,9 +43,13 @@
   
   import org.apache.jetspeed.security.SecurityHelper;
   import org.apache.jetspeed.security.BasePrincipal;
  +import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
  +import org.apache.jetspeed.security.impl.UserPrincipalImpl;
   import org.apache.jetspeed.security.om.InternalCredential;
  +import org.apache.jetspeed.security.om.InternalGroupPrincipal;
   import org.apache.jetspeed.security.om.InternalUserPrincipal;
   import org.apache.jetspeed.security.om.impl.InternalCredentialImpl;
  +import org.apache.jetspeed.security.om.impl.InternalGroupPrincipalImpl;
   import org.apache.jetspeed.security.om.impl.InternalUserPrincipalImpl;
   import org.apache.jetspeed.security.spi.impl.DefaultPasswordCredentialImpl;
   
  @@ -60,6 +67,10 @@
   		InitablePersistenceBrokerDaoSupport implements SSOProvider 
   {	
   	private Hashtable mapSite = new Hashtable();	
  +	
  +    private String USER_PATH = "/user/";
  +    private String GROUP_PATH = "/group/";
  +
     	/**
        * PersitenceBrokerSSOProvider()
        * @param repository Location of repository mapping file.  Must be available within
the classpath.
  @@ -80,6 +91,103 @@
           Collection c = getPersistenceBrokerTemplate().getCollectionByQuery(query);
           return c.iterator();        
       }
  +	
  +	/**
  +     * addCredentialsForSite()
  +     * @param fullPath
  +     * @param remoteUser
  +     * @param site
  +     * @param pwd
  +     * @throws SSOException
  +     */
  +    public void addCredentialsForSite(String fullPath, String remoteUser, String site,
String pwd) throws SSOException
  +    {
  +        // Create a Subject for the given path and forward it to the API addCredentialsForSite()
  +        Principal principal = null;
  +        String name = null;
  +        
  +        // Group or User
  +        if (fullPath.indexOf("/group/") > -1 )
  +        {
  +            name = fullPath.substring(GROUP_PATH.length());
  +            principal = new GroupPrincipalImpl(name);
  +        }
  +        else
  +        {
  +            name = fullPath.substring(USER_PATH.length());
  +            principal = new UserPrincipalImpl(name);
  +        }
  + 
  +        // Create Subject
  +        Set principals = new HashSet();
  +        principals.add(principal);
  +        Subject subject = new Subject(true, principals, new HashSet(), new HashSet());

  +        
  +        // Call into the API
  +        addCredentialsForSite(subject, remoteUser, site, pwd);
  +    }
  +    
  +    /**
  +     * removeCredentialsForSite()
  +     * @param fullPath
  +     * @param site
  +     * @throws SSOException
  +     */
  +    public void removeCredentialsForSite(String fullPath, String site) throws SSOException
  +    {
  +        // Create a Subject for the given path and forward it to the API addCredentialsForSite()
  +        Principal principal = null;
  +        String name = null;
  +        
  +        // Group or User
  +        if (fullPath.indexOf("/group/") > -1 )
  +        {
  +            name = fullPath.substring(GROUP_PATH.length());
  +            principal = new GroupPrincipalImpl(name);
  +        }
  +        else
  +        {
  +            name = fullPath.substring(USER_PATH.length());
  +            principal = new UserPrincipalImpl(name);
  +        }
  + 
  +        // Create Subject
  +        Set principals = new HashSet();
  +        principals.add(principal);
  +        Subject subject = new Subject(true, principals, new HashSet(), new HashSet());

  +    
  +        // Call into the API
  +        this.removeCredentialsForSite(subject,site);
  +    }
  +    
  +    
  +    /** Retrive site information
  +     * 
  +     *  getSiteURL
  +     */
  +    
  +    public String getSiteURL(String site)
  +    {
  +        // The site is the URL
  +        return site;
  +    }
  +    
  +    /**
  +     * getSiteName
  +     */
  +    public String getSiteName(String site)
  +    {
  +        SSOSite ssoSite = getSSOSiteObject(site);
  +		
  +		if ( ssoSite == null)
  +		{
  +			return ssoSite.getName();
  +		}
  +		else
  +		{
  +		    return null;
  +		}
  +    }
       
   	/* (non-Javadoc)
   	 * @see org.apache.jetspeed.sso.SSOProvider#hasSSOCredentials(javax.security.auth.Subject,
java.lang.String)
  @@ -97,9 +205,10 @@
   		BasePrincipal principal = (BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class);
   		String fullPath = principal.getFullPath();
   		
  +				
   		// Get remotePrincipals for Site and match them with the Remote Principal for the Principal
attached to site
  -		Collection principalsForSite = ssoSite.getPrincipals();
  -		Collection remoteForSite = ssoSite.getRemotePrincipals();
  +		Collection remoteForSite		= ssoSite.getRemotePrincipals();
  +		Collection principalsForSite	= ssoSite.getPrincipals();	// Users
   		
   		// If any of them don't exist just return
   		if (principalsForSite == null || remoteForSite== null )
  @@ -174,19 +283,25 @@
   		
   		if (principal == null )
   		{
  -		    principal = getSSOPrincipa(fullPath);
  +		    principal = getSSOPrincipal(fullPath);
   		    ssoSite.addPrincipal(principal);
   		}
   		else
   		{
   		    // Check if the entry the user likes to update exists already
   		    Collection remoteForSite = ssoSite.getRemotePrincipals();
  -		    if ( remoteForSite != null)
  +		    Collection principalsForSite = ssoSite.getPrincipals();
  +		    
  +		    if ( remoteForSite != null && principalsForSite != null)
   		    {
  -		        if (findRemoteMatch(principal.getRemotePrincipals(), remoteForSite) != null )
  +		        Collection remoteForPrincipals = this.getRemotePrincipalsForPrincipal(principalsForSite,
fullPath);
  +		        if ( remoteForPrincipals != null)
   		        {
  -		            // Entry exists can't to an add has to call update
  -		            throw new SSOException(SSOException.REMOTE_PRINCIPAL_EXISTS_CALL_UPDATE);
  +			        if (findRemoteMatch(remoteForPrincipals, remoteForSite) != null )
  +			        {
  +			            // Entry exists can't to an add has to call update
  +			            throw new SSOException(SSOException.REMOTE_PRINCIPAL_EXISTS_CALL_UPDATE);
  +			        }
   		        }
   		    }
   		}
  @@ -196,7 +311,16 @@
   		
   		// Create a remote principal and credentials
   		InternalUserPrincipalImpl remotePrincipal = new InternalUserPrincipalImpl(remoteUser);
  -		remotePrincipal.setFullPath("/sso/user/"+ principalName + "/" + remoteUser);
  +		
  +		/*
  +		 * The RemotePrincipal (class InternalUserPrincipal) will have a fullPath that identifies
the entry as an SSO credential.
  +		 * The entry has to be unique for a site and principal  (GROUP -or- USER ) an therefore
it needs to be encoded as following:
  +		 * The convention for the path is the following: /sso/SiteID/{user|group}/{user name
| group name}/remote user name
  +		 */
  +		if ( fullPath.indexOf("/group/") > -1)
  +		    remotePrincipal.setFullPath("/sso/" + ssoSite.getSiteId() + "/group/"+  principalName
+ "/" + remoteUser);
  +		else
  +		    remotePrincipal.setFullPath("/sso/" + ssoSite.getSiteId() + "/user/"+ principalName
+ "/" + remoteUser);
   	
   		// New credential object for remote principal
   		 InternalCredentialImpl credential = 
  @@ -271,7 +395,7 @@
   			
   			// Update assocation tables
   			ssoSite.getRemotePrincipals().remove(remotePrincipal);
  -			getRemotePrincipalsForPrincipal(principalsForSite, fullPath).remove(remotePrincipal);
  +			remoteForPrincipals.remove(remotePrincipal);
   		    
   			// delete the remote Principal from the SECURITY_PRINCIPAL table
   		    getPersistenceBrokerTemplate().delete(remotePrincipal);
  @@ -328,8 +452,8 @@
   			String principalName  = ((BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class)).getName();
   			
   			//	Get remotePrincipals for Site and match them with the Remote Principal for the Principal
attached to site
  -			Collection principalsForSite = ssoSite.getPrincipals();
  -			Collection remoteForSite = ssoSite.getRemotePrincipals();
  +			Collection principalsForSite	= ssoSite.getPrincipals();
  +			Collection remoteForSite		= ssoSite.getRemotePrincipals();
   			
   			// If any of them don't exist just return
   			if (principalsForSite == null || remoteForSite== null )
  @@ -436,7 +560,7 @@
   		Collection remoteForSite = ssoSite.getRemotePrincipals();
   		
   		// If any of them don't exist just return
  -		if (principalsForSite == null || remoteForSite== null )
  +		if ( principalsForSite == null  || remoteForSite== null )
   		    return null;	// no entry
   		
   		Collection remoteForPrincipals = getRemotePrincipalsForPrincipal(principalsForSite, fullPath);
  @@ -499,8 +623,7 @@
   		{
   			SSOPrincipal principal = (SSOPrincipal)ixPrincipals.next();
   			if (         principal != null 
  -			        && principal.getFullPath().compareToIgnoreCase(fullPath) == 0
  -			        && principal.getSiteID() == ssoSite.getSiteId())
  +			        && principal.getFullPath().compareToIgnoreCase(fullPath) == 0 )
   			{
   				// Found Principal -- extract remote principals 
   				return principal.getRemotePrincipals();
  @@ -518,16 +641,16 @@
   	private SSOPrincipal getPrincipalForSite(SSOSite ssoSite, String fullPath)
   	{
   		SSOPrincipal principal = null;
  +		Collection principalsForSite = ssoSite.getPrincipals();
   		
  -		if ( ssoSite.getPrincipals() != null)
  +		if ( principalsForSite != null)
   		{
  -			Iterator itPrincipals = ssoSite.getPrincipals().iterator();
  +			Iterator itPrincipals = principalsForSite.iterator();
   			while (itPrincipals.hasNext() && principal == null)
   			{
   				SSOPrincipal tmp  = (SSOPrincipal)itPrincipals.next();
   				if ( 		 tmp != null 
  -				       && tmp.getFullPath().compareToIgnoreCase(fullPath) == 0 
  -				       && tmp.getSiteID() == ssoSite.getSiteId())
  +				       && tmp.getFullPath().compareToIgnoreCase(fullPath) == 0 )
   					principal = tmp;	// Found existing entry
   			}
   		}
  @@ -535,7 +658,7 @@
   		return principal;
   	}
   	
  -	private SSOPrincipal getSSOPrincipa(String fullPath)
  +	private SSOPrincipal getSSOPrincipal(String fullPath)
   	{
   	    // FInd if the principal exists in the SECURITY_PRINCIPAL table
   	    SSOPrincipal principal = null;
  @@ -559,27 +682,7 @@
   		return principal;		
   	}
   	
  -	/**
  -	 * getCredentialForPrincipal
  -	 * @param site
  -	 * @param principalId
  -	 * @return InternalCredential for the principal ID
  -	 */
  -	private InternalCredential getCredentialForPrincipal(SSOSite site, long principalId)
  -	{
  -		if ( site.getCredentials() != null)
  -		{
  -			Iterator itCredentials = site.getCredentials().iterator();
  -			while(itCredentials.hasNext() )
  -			{
  -				InternalCredential tmp = (InternalCredential)itCredentials.next();
  -				if ( tmp != null && tmp.getPrincipalId() == principalId)
  -					return tmp;
  -			}
  -		}
   	
  -		return null;
  -	}
   	
   	/**
   	 * removeRemotePrincipalForPrincipal
  @@ -597,8 +700,7 @@
   			while (itPrincipals.hasNext())
   			{
   				SSOPrincipal tmp = (SSOPrincipal)itPrincipals.next();
  -				if (tmp.getFullPath().compareToIgnoreCase(fullPath) == 0
  -				        && tmp.getSiteID() == site.getSiteId())
  +				if (tmp.getFullPath().compareToIgnoreCase(fullPath) == 0)
   				{
   					// Found -- get the remotePrincipal
   					Collection collRemotePrincipals = tmp.getRemotePrincipals() ;
  @@ -647,18 +749,64 @@
   	    return null;
   	}
   	
  +	/*
  +	 * getRemotePrincipalsForPrincipals
  +	 * Checks if the user has any remote principals. If the principal is a group expand the
group and
  +	 * check if the requesting user is a part of the group.
  +	 */
   	private Collection getRemotePrincipalsForPrincipal(Collection principalsForSite, String
fullPath)
   	{
  -	    if (principalsForSite == null )
  -	        return null;
  -	    
  -	    Iterator itPrincipalsForSite = principalsForSite.iterator();
  -	    while (itPrincipalsForSite.hasNext())
  +	    if (principalsForSite != null )
   	    {
  -	        SSOPrincipal principal = (SSOPrincipal)itPrincipalsForSite.next();
  -	        if ( principal.getFullPath().compareToIgnoreCase(fullPath) == 0)
  -	            return principal.getRemotePrincipals();
  +		    Iterator itPrincipalsForSite = principalsForSite.iterator();
  +		    while (itPrincipalsForSite.hasNext())
  +		    {
  +		        String principalFullPath = null;
  +		        SSOPrincipal principal = (SSOPrincipal)itPrincipalsForSite.next();
  +		        principalFullPath = principal.getFullPath();
  +		        
  +		        /* If the Principal is for a Group expand the Group and check if the user identified
  +		        * by the fullPath is a member of the Group. If the user is a member of the Group
  +		        * return the remote Credentials for the current Principal.
  +		        */
  +		        if ( principalFullPath.indexOf("/group/") == -1)
  +		        {
  +		            // USER
  +		            if ( principalFullPath.compareToIgnoreCase(fullPath) == 0)
  +		                return principal.getRemotePrincipals();
  +		        }
  +		        else
  +		        {
  +		            /* GROUP 
  +		             * If the full path is for a group (delete/add) just return the the list
of remotePrincipals
  +		             * For a lookup (hasCredentials) the user needs to be mapped against each
member of the group
  +		            */
  +		            if ( principalFullPath.compareToIgnoreCase(fullPath) == 0)
  +		                return principal.getRemotePrincipals();
  +		            
  +		            /* Expand the Group and find a match */
  +			        InternalGroupPrincipal  groupPrincipal = getGroupPrincipals(principalFullPath);
  +			        
  +			        // Found Group that matches the name
  +			        if (groupPrincipal != null)
  +		            {
  +			            Collection usersInGroup = groupPrincipal.getUserPrincipals();
  +			            Iterator itUsers = usersInGroup.iterator();
  +		                while (itUsers.hasNext())
  +		                {
  +		                    InternalUserPrincipal user = (InternalUserPrincipal)itUsers.next();
  +		                    if (user.getFullPath().compareToIgnoreCase(fullPath) == 0)
  +		                    {
  +		                        // User is member of the group
  +		                        return principal.getRemotePrincipals();
  +		                    }
  +		                }
  +		            }
  +		        }  
  +		    }
   	    }
  +	    
  +	    // No match found
   	    return null;
   	}
       
  @@ -754,9 +902,9 @@
           while (tokenizer.hasMoreTokens())
           {
               String token = tokenizer.nextToken();
  -            if (token.equals("user"))
  +            if (token.equals("user") || token.equals("group"))
               {
  -                if (tokenizer.hasMoreTokens())
  +                 if (tokenizer.hasMoreTokens())
                   {
                       return tokenizer.nextToken();
                   }
  @@ -765,4 +913,14 @@
           return fullPath;        
       }
       
  +    private InternalGroupPrincipal  getGroupPrincipals(String principalFullPath)
  +    {
  +        // Get to the backend to return the group that matches the full path
  +        Criteria filter = new Criteria();
  +        filter.addEqualTo("fullPath", principalFullPath);
  +        Query query = QueryFactory.newQuery(InternalGroupPrincipalImpl.class, filter);
  +        InternalGroupPrincipal group = (InternalGroupPrincipal) getPersistenceBrokerTemplate().getObjectByQuery(query);
  +        return group;       
  +    }
  +    
   }
  
  
  
  1.11      +150 -1    jakarta-jetspeed-2/components/sso/src/test/org/apache/jetspeed/sso/TestSSOComponent.java
  
  Index: TestSSOComponent.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed-2/components/sso/src/test/org/apache/jetspeed/sso/TestSSOComponent.java,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- TestSSOComponent.java	4 Jan 2005 23:17:45 -0000	1.10
  +++ TestSSOComponent.java	28 Jan 2005 22:36:21 -0000	1.11
  @@ -15,8 +15,10 @@
   
   package org.apache.jetspeed.sso;
   
  +import org.apache.jetspeed.security.GroupManager;
   import org.apache.jetspeed.security.SecurityException;
   import org.apache.jetspeed.security.UserManager;
  +import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
   import org.apache.jetspeed.security.impl.UserPrincipalImpl;
   import org.apache.jetspeed.sso.SSOProvider;
   
  @@ -57,11 +59,15 @@
   	static private String REMOTE_PWD_1 = "remote_1";
   	static private String REMOTE_PWD_2 = "remote_2";
   	
  +	static private String TEST_GROUP= "engineers";
  +	static private String TEST_GROUP_USER= "jack";
  +	
   		
       /** The property manager. */
       private static SSOProvider ssoBroker = null;
       /** The user manager. */
       protected UserManager ums;
  +    protected GroupManager gms;		// Group Manager
   
       /**
        * @see junit.framework.TestCase#setUp()
  @@ -74,6 +80,7 @@
           {
               ssoBroker = (SSOProvider) ctx.getBean("ssoProvider");
               ums = (UserManager) ctx.getBean("org.apache.jetspeed.security.UserManager");
  +            gms = (GroupManager) ctx.getBean("org.apache.jetspeed.security.GroupManager");
           }
           catch (Exception ex)
           {
  @@ -107,8 +114,134 @@
           // TODO: FIXME: test fails on HSQL Oracle
       }
       */
  +    public void testSSOGroup() throws Exception
  +    {
  +        System.out.println("*************************************\nStart Unit Test for
SSO Group Support\n*************************************");
  +        
  +        // Create a user
  +        try
  +	    {
  +	        ums.addUser(TEST_GROUP_USER, "password");
  +	    }
  +	    catch (SecurityException sex)
  +	    {
  +	        //assertTrue("user already exists. exception caught: " + sex, false);
  +	    }
  +        
  +        // Create a group
  +        try
  +        {
  +            gms.addGroup(TEST_GROUP);
  +            // Add user to Group
  +            gms.addUserToGroup(TEST_GROUP_USER,TEST_GROUP);
  +            
  +            System.out.println("Creating Group " + TEST_GROUP + " and adding User " + TEST_GROUP_USER
+ " succeeded!.");
  +        }
  +        catch (SecurityException secex)
  +        {
  +            System.out.println("Creating Group " + TEST_GROUP + " and adding User " + TEST_GROUP_USER
+ " failed. Group might already exist. Continue test...");
  +            //secex.printStackTrace();
  +    		//throw new Exception(secex.getMessage()); 
  +        }
  +        
  +        
  +        
  +         //  Initialization of Group
  +    	Principal principal = new GroupPrincipalImpl(TEST_GROUP);
  +        Set principals = new HashSet();
  +        principals.add(principal);
  +        Subject subject = new Subject(true, principals, new HashSet(), new HashSet());

  +        
  +        // Add SSO Credentail for Group
  +        if ( ssoBroker.hasSSOCredentials(subject, TEST_URL) == false)
  +        {
  +	        try
  +			{
  +				ssoBroker.addCredentialsForSite(subject, REMOTE_USER, TEST_URL,REMOTE_PWD_1);
  +				System.out.println("SSO Credential added for Group:" + TEST_GROUP+ " site: " + TEST_URL);
  +			}
  +			catch(SSOException ssoex)
  +			{
  +	    		System.out.println("SSO Credential add FAILED for Group:" + TEST_GROUP+ " site:
" + TEST_URL);
  +	    		ssoex.printStackTrace();
  +	    		throw new Exception(ssoex.getMessage());
  +			}
  +        }
  +        else
  +        {
  +            System.out.println("Group:" + TEST_GROUP+ " site: " + TEST_URL + " has already
a remote credential");
  +        }
  +
  +        // Create Principal for User
  +		principal = new UserPrincipalImpl(TEST_GROUP_USER);
  +        principals = new HashSet();
  +        principals.add(principal);
  +        subject = new Subject(true, principals, new HashSet(), new HashSet());	
  +        
  +        // User should have credential for site    
  +        if ( ssoBroker.hasSSOCredentials(subject, TEST_URL) == false)
  +    	{
  +            // Group expansion failed. User not recognized
  +    		System.out.println("No SSO Credential for user:" + TEST_GROUP_USER+ " site: " + TEST_URL);
  +    		
  +    		// Test failure
  +    		try
  +            {
  +                ums.removeUser(TEST_GROUP_USER);
  +                gms.removeGroup(TEST_GROUP);
  +            }
  +            catch (SecurityException sex)
  +            {
  +                assertTrue("could not remove user and group. exception caught: " + sex,
false);
  +            }
  +            
  +            throw new Exception("SSO Unit test for Group support failed");
  +    	}
  +        else
  +        {
  +            // Group lookup succesful
  +    		System.out.println("SSO Test for Group support successful\nSSO Credential for user:"
+ TEST_GROUP_USER + " site: " + TEST_URL + " found. User is member of Group " + TEST_GROUP);
  +        }
  +        
  +        // Cleanup test.
  +        
  +        /*
  +    	 * For hypersonic the cascading deletes are not generated by Torque and the remove
credentials
  +    	 * fails with a constraint error.
  +    	 * Comment test out for M1 release but the problem needs to be addressed for the upcoming
releases
  +    	*/
  +        /*
  +     	try
  +		{
  +	    	// Remove credential for Site
  +	    	ssoBroker.removeCredentialsForSite("/group/"+TEST_GROUP, TEST_URL);
  +	    	System.out.println("SSO Credential removed for Group:" + TEST_GROUP+ " site: " +
TEST_URL);
  +		}
  +    	catch(SSOException ssoex)
  +		{
  +    		System.out.println("SSO Credential remove FAILED for Group:" + TEST_GROUP+ " site:
" + TEST_URL);
  +    		throw new Exception(ssoex.getMessage());
  +		}
  +    	*/
  +        
  +        try
  +        {
  +            ums.removeUser(TEST_GROUP_USER);
  +            gms.removeGroup(TEST_GROUP);
  +        }
  +        catch (SecurityException sex)
  +        {
  +            assertTrue("could not remove user and group. exception caught: " + sex, false);
  +        }
  +        
  +        
  +		
  +    }
  +    
       public void testSSO() throws Exception
       {
  +        System.out.println("***************************\nStart Unit Test for SSO API\n***************************");
  +        
   		// Create a user
   		 try
   		    {
  @@ -164,12 +297,28 @@
   	    		ssoex.printStackTrace();
   	    		throw new Exception(ssoex.getMessage());
   			}
  -    	}
  +		}
       	else
       	{
       		System.out.println("SSO Credential found for user:" + TEST_USER+ " site: " + TEST_URL2);
       	}
       	
  +    	// Add the credentail again -- should get an error
  +		try
  +		{
  +			ssoBroker.addCredentialsForSite(subject, REMOTE_USER2, TEST_URL2,REMOTE_PWD_1);
  +			throw new Exception("Added same credentail twice -- API should prevent users from doing
that.");
  +			
  +		}
  +		catch(SSOException ssoex)
  +		{
  +    		System.out.println("Adding same SSO Credentialtwice failed (as expected) Message
:" + ssoex.getMessage());
  +		}
  +		catch( Exception e)
  +		{
  +		    throw new Exception("Adding SSO Credential twice throw an unandled exception. Error:
" + e.getMessage());
  +		}
  +    	
       	// Test if the credential where persisted
       	
       	// Test credential update
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message