/**
*
* Copyright 2003-2004 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.geronimo.security.jaas;
import org.apache.geronimo.gbean.AbstractName;
import org.apache.geronimo.gbean.GBeanData;
import org.apache.geronimo.security.AbstractTest;
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.security.DomainPrincipal;
import org.apache.geronimo.security.IdentificationPrincipal;
import org.apache.geronimo.security.RealmPrincipal;
import org.apache.geronimo.security.realm.GenericSecurityRealm;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import java.io.File;
import java.util.Properties;
/**
* @version $Rev: 384406 $ $Date: 2006-03-09 03:35:05 +0100 (Thu, 09 Mar 2006) $
*/
public class LoginPropertiesFileTest extends AbstractTest {
protected AbstractName clientLM;
protected AbstractName clientCE;
protected AbstractName testCE;
protected AbstractName testRealm;
public void setUp() throws Exception {
needServerInfo = true;
needLoginConfiguration = true;
super.setUp();
GBeanData gbean;
gbean = buildGBeanData("name", "ClientPropertiesLoginModule", LoginModuleGBean.getGBeanInfo());
clientLM = gbean.getAbstractName();
gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.jaas.client.JaasLoginCoordinator");
gbean.setAttribute("serverSide", Boolean.FALSE);
Properties props = new Properties();
props.put("host", "localhost");
props.put("port", "4242");
props.put("realm", "properties-realm");
gbean.setAttribute("options", props);
kernel.loadGBean(gbean, LoginModuleGBean.class.getClassLoader());
gbean = buildGBeanData("name", "ClientConfigurationEntry", DirectConfigurationEntry.getGBeanInfo());
clientCE = gbean.getAbstractName();
gbean.setAttribute("applicationConfigName", "properties-client");
gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED);
gbean.setAttribute("wrapPrincipals", Boolean.TRUE);
gbean.setReferencePattern("Module", clientLM);
kernel.loadGBean(gbean, DirectConfigurationEntry.class.getClassLoader());
gbean = buildGBeanData("name", "PropertiesLoginModule", LoginModuleGBean.getGBeanInfo());
testCE = gbean.getAbstractName();
gbean.setAttribute("loginModuleClass", "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule");
gbean.setAttribute("serverSide", Boolean.TRUE);
props = new Properties();
props.put("usersURI", new File(new File("."), "src/test-data/data/users.properties").toURI().toString());
props.put("groupsURI", new File(new File("."), "src/test-data/data/groups.properties").toURI().toString());
gbean.setAttribute("options", props);
gbean.setAttribute("loginDomainName", "TestProperties");
gbean.setAttribute("wrapPrincipals", Boolean.TRUE);
kernel.loadGBean(gbean, LoginModuleGBean.class.getClassLoader());
gbean = buildGBeanData("name", "PropertiesLoginModuleUse", JaasLoginModuleUse.getGBeanInfo());
AbstractName testUseName = gbean.getAbstractName();
gbean.setAttribute("controlFlag", "REQUIRED");
gbean.setReferencePattern("LoginModule", testCE);
kernel.loadGBean(gbean, JaasLoginModuleUse.class.getClassLoader());
gbean = buildGBeanData("name", "PropertiesSecurityRealm", GenericSecurityRealm.getGBeanInfo());
testRealm = gbean.getAbstractName();
gbean.setAttribute("realmName", "properties-realm");
gbean.setReferencePattern("LoginModuleConfiguration", testUseName);
gbean.setReferencePattern("ServerInfo", serverInfo);
gbean.setReferencePattern("LoginService", loginService);
kernel.loadGBean(gbean, GenericSecurityRealm.class.getClassLoader());
kernel.startGBean(loginConfiguration);
kernel.startGBean(clientLM);
kernel.startGBean(clientCE);
kernel.startGBean(testUseName);
kernel.startGBean(testCE);
kernel.startGBean(testRealm);
}
public void tearDown() throws Exception {
kernel.stopGBean(testRealm);
kernel.stopGBean(testCE);
kernel.stopGBean(clientCE);
kernel.stopGBean(clientLM);
kernel.stopGBean(loginConfiguration);
kernel.stopGBean(serverInfo);
kernel.unloadGBean(testCE);
kernel.unloadGBean(testRealm);
kernel.unloadGBean(clientCE);
kernel.unloadGBean(clientLM);
kernel.unloadGBean(loginConfiguration);
kernel.unloadGBean(serverInfo);
super.tearDown();
}
public void testLogin() throws Exception {
LoginContext context = new LoginContext("properties-client", new AbstractTest.UsernamePasswordCallback("alan", "starcraft"));
context.login();
Subject subject = context.getSubject();
assertTrue("expected non-null subject", subject != null);
assertTrue("subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1);
IdentificationPrincipal remote = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
assertTrue("subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null);
assertEquals("subject should have seven principals (" + subject.getPrincipals().size() + ")", 7, subject.getPrincipals().size());
assertEquals("subject should have 2 realm principals (" + subject.getPrincipals(RealmPrincipal.class).size() + ")", 2, subject.getPrincipals(RealmPrincipal.class).size());
assertEquals("subject should have 2 domain principals (" + subject.getPrincipals(DomainPrincipal.class).size() + ")", 2, subject.getPrincipals(DomainPrincipal.class).size());
subject = ContextManager.getServerSideSubject(subject);
assertTrue("expected non-null subject", subject != null);
assertTrue("subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1);
remote = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next();
assertTrue("subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null);
assertEquals("subject should have seven principals (" + subject.getPrincipals().size() + ")", 7, subject.getPrincipals().size());
assertEquals("subject should have 2 realm principals (" + subject.getPrincipals(RealmPrincipal.class).size() + ")", 2, subject.getPrincipals(RealmPrincipal.class).size());
assertEquals("subject should have 2 domain principals (" + subject.getPrincipals(DomainPrincipal.class).size() + ")", 2, subject.getPrincipals(DomainPrincipal.class).size());
context.logout();
assertTrue("id of server subject should be null", ContextManager.getSubjectId(subject) == null);
}
public void testNullUserLogin() throws Exception {
LoginContext context = new LoginContext("properties-client", new UsernamePasswordCallback(null, "starcraft"));
try {
context.login();
fail("Should not allow this login with null username");
} catch (LoginException e) {
}
}
public void testBadUserLogin() throws Exception {
LoginContext context = new LoginContext("properties-client", new UsernamePasswordCallback("bad", "starcraft"));
try {
context.login();
fail("Should not allow this login with null username");
} catch (LoginException e) {
}
}
public void testNullPasswordLogin() throws Exception {
LoginContext context = new LoginContext("properties-client", new UsernamePasswordCallback("alan", null));
try {
context.login();
fail("Should not allow this login with null password");
} catch (LoginException e) {
}
}
public void testBadPasswordLogin() throws Exception {
LoginContext context = new LoginContext("properties-client", new UsernamePasswordCallback("alan", "bad"));
try {
context.login();
fail("Should not allow this login with null password");
} catch (LoginException e) {
}
}
}