001: /**
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */package org.apache.geronimo.jetty6;
017:
018: import java.io.BufferedReader;
019: import java.io.IOException;
020: import java.io.InputStreamReader;
021: import java.net.HttpURLConnection;
022: import java.net.URL;
023: import java.security.PermissionCollection;
024: import java.security.Permissions;
025: import java.util.HashMap;
026: import java.util.HashSet;
027: import java.util.Iterator;
028: import java.util.Map;
029: import java.util.Set;
030: import javax.security.jacc.WebResourcePermission;
031: import javax.security.jacc.WebUserDataPermission;
032:
033: import org.apache.geronimo.security.deploy.PrincipalInfo;
034: import org.apache.geronimo.security.deploy.Role;
035: import org.apache.geronimo.security.deploy.Security;
036: import org.apache.geronimo.security.deploy.SubjectInfo;
037: import org.apache.geronimo.security.deployment.GeronimoSecurityBuilderImpl;
038: import org.apache.geronimo.security.jacc.ComponentPermissions;
039:
040: /**
041: * Tests the JAAC security for Jetty by using both explicit and auto role mapping
042: *
043: * @version $Rev: 545781 $ $Date: 2007-06-09 10:44:02 -0700 (Sat, 09 Jun 2007) $
044: */
045: public class SecurityTest extends AbstractWebModuleTest {
046:
047: /**
048: * Test the explicit map feature. Only Alan should be able to log in.
049: *
050: * @throws Exception thrown if an error in the test occurs
051: */
052: public void testExplicitMapping() throws Exception {
053: Security securityConfig = new Security();
054: securityConfig.setUseContextHandler(false);
055:
056: String securityRealmName = "demo-properties-realm";
057: String defaultPrincipalId = "izumi";
058: SubjectInfo defaultSubjectInfo = new SubjectInfo(
059: securityRealmName, defaultPrincipalId);
060: securityConfig.setDefaultSubjectInfo(defaultSubjectInfo);
061:
062: Role role = new Role();
063: role.setRoleName("content-administrator");
064: PrincipalInfo principalInfo = new PrincipalInfo(
065: "org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal",
066: "it");
067: role.getPrincipals().add(principalInfo);
068:
069: securityConfig.getRoleMappings().put(role.getRoleName(), role);
070:
071: Map roleDesignates = new HashMap();
072: Map principalRoleMap = new HashMap();
073: buildPrincipalRoleMap(securityConfig, roleDesignates,
074: principalRoleMap);
075:
076: PermissionCollection uncheckedPermissions = new Permissions();
077: uncheckedPermissions.add(new WebUserDataPermission(
078: "/protected/*", ""));
079:
080: PermissionCollection excludedPermissions = new Permissions();
081: uncheckedPermissions.add(new WebResourcePermission(
082: "/auth/logon.html", ""));
083: uncheckedPermissions.add(new WebUserDataPermission(
084: "/auth/logon.html", ""));
085:
086: Map rolePermissions = new HashMap();
087: PermissionCollection permissions = new Permissions();
088: permissions.add(new WebResourcePermission("/protected/*", ""));
089: rolePermissions.put("content-administrator", permissions);
090: rolePermissions.put("auto-administrator", permissions);
091:
092: Set securityRoles = new HashSet();
093: securityRoles.add("content-administrator");
094: securityRoles.add("auto-administrator");
095:
096: ComponentPermissions componentPermissions = new ComponentPermissions(
097: excludedPermissions, uncheckedPermissions,
098: rolePermissions);
099:
100: startWebApp(roleDesignates, principalRoleMap,
101: componentPermissions, defaultSubjectInfo, permissions,
102: securityRoles);
103:
104: HttpURLConnection connection = (HttpURLConnection) new URL(
105: "http://localhost:5678/test/protected/hello.txt")
106: .openConnection();
107: connection.setInstanceFollowRedirects(false);
108: assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection
109: .getResponseCode());
110:
111: String cookie = connection.getHeaderField("Set-Cookie");
112: cookie = cookie == null ? "" : cookie.substring(0, cookie
113: .lastIndexOf(';'));
114: String location = connection.getHeaderField("Location");
115:
116: connection = (HttpURLConnection) new URL(location)
117: .openConnection();
118: connection.setInstanceFollowRedirects(false);
119: assertEquals(HttpURLConnection.HTTP_OK, connection
120: .getResponseCode());
121:
122: location = location.substring(0, location.lastIndexOf('/'))
123: + "/j_security_check?j_username=alan&j_password=starcraft";
124:
125: connection = (HttpURLConnection) new URL(location)
126: .openConnection();
127: connection.setRequestMethod("POST");
128: connection.setRequestProperty("Cookie", cookie);
129: connection.setInstanceFollowRedirects(false);
130: assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection
131: .getResponseCode());
132:
133: connection = (HttpURLConnection) new URL(
134: "http://localhost:5678/test/protected/hello.txt")
135: .openConnection();
136: connection.setRequestProperty("Cookie", cookie);
137: connection.setInstanceFollowRedirects(false);
138: BufferedReader reader = new BufferedReader(
139: new InputStreamReader(connection.getInputStream()));
140:
141: assertEquals(HttpURLConnection.HTTP_OK, connection
142: .getResponseCode());
143: assertEquals("Hello World", reader.readLine());
144: connection.disconnect();
145:
146: connection = (HttpURLConnection) new URL(
147: "http://localhost:5678/test/protected/hello.txt")
148: .openConnection();
149: connection.setInstanceFollowRedirects(false);
150: assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection
151: .getResponseCode());
152:
153: cookie = connection.getHeaderField("Set-Cookie");
154: cookie = cookie.substring(0, cookie.lastIndexOf(';'));
155: location = connection.getHeaderField("Location");
156:
157: connection = (HttpURLConnection) new URL(location)
158: .openConnection();
159: connection.setInstanceFollowRedirects(false);
160: assertEquals(HttpURLConnection.HTTP_OK, connection
161: .getResponseCode());
162:
163: location = location.substring(0, location.lastIndexOf('/'))
164: + "/j_security_check?j_username=izumi&j_password=violin";
165:
166: connection = (HttpURLConnection) new URL(location)
167: .openConnection();
168: connection.setRequestMethod("POST");
169: connection.setRequestProperty("Cookie", cookie);
170: connection.setInstanceFollowRedirects(false);
171: assertEquals(HttpURLConnection.HTTP_MOVED_TEMP, connection
172: .getResponseCode());
173:
174: try {
175: connection = (HttpURLConnection) new URL(
176: "http://localhost:5678/test/protected/hello.txt")
177: .openConnection();
178: connection.setRequestProperty("Cookie", cookie);
179: connection.setInstanceFollowRedirects(false);
180: reader = new BufferedReader(new InputStreamReader(
181: connection.getInputStream()));
182:
183: fail("Should throw an IOException for HTTP 403 response");
184: } catch (IOException e) {
185: }
186:
187: assertEquals(HttpURLConnection.HTTP_FORBIDDEN, connection
188: .getResponseCode());
189: connection.disconnect();
190:
191: stopWebApp();
192: }
193:
194: protected void startWebApp(Map roleDesignates,
195: Map principalRoleMap,
196: ComponentPermissions componentPermissions,
197: SubjectInfo defaultSubjectInfo,
198: PermissionCollection checked, Set securityRoles)
199: throws Exception {
200: JettyWebAppContext app = setUpSecureAppContext(
201: securityRealmName, roleDesignates, principalRoleMap,
202: componentPermissions, defaultSubjectInfo, checked,
203: securityRoles);
204: setUpStaticContentServlet(app);
205: // start(appName, app);
206: }
207:
208: protected void stopWebApp() throws Exception {
209: // stop(appName);
210: }
211:
212: protected void setUp() throws Exception {
213: super .setUp();
214: setUpSecurity();
215: }
216:
217: protected void tearDown() throws Exception {
218: tearDownSecurity();
219: super .tearDown();
220: }
221:
222: //copied from SecurityBuilder
223: public void buildPrincipalRoleMap(Security security,
224: Map roleDesignates, Map principalRoleMap) {
225: Map roleToPrincipalMap = new HashMap();
226: GeronimoSecurityBuilderImpl.buildRolePrincipalMap(security,
227: roleToPrincipalMap, getClass().getClassLoader());
228: invertMap(roleToPrincipalMap, principalRoleMap);
229: }
230:
231: private static Map invertMap(Map roleToPrincipalMap,
232: Map principalRoleMapping) {
233: for (Iterator roles = roleToPrincipalMap.entrySet().iterator(); roles
234: .hasNext();) {
235: Map.Entry entry = (Map.Entry) roles.next();
236: String role = (String) entry.getKey();
237: Set principals = (Set) entry.getValue();
238: for (Iterator iter = principals.iterator(); iter.hasNext();) {
239: java.security.Principal principal = (java.security.Principal) iter
240: .next();
241:
242: HashSet roleSet = (HashSet) principalRoleMapping
243: .get(principal);
244: if (roleSet == null) {
245: roleSet = new HashSet();
246: principalRoleMapping.put(principal, roleSet);
247: }
248: roleSet.add(role);
249: }
250: }
251: return principalRoleMapping;
252: }
253: }
|