001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017:
018: package org.apache.jetspeed.sso;
019:
020: import org.apache.jetspeed.security.SecurityException;
021: import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
022: import org.apache.jetspeed.security.impl.UserPrincipalImpl;
023: import org.apache.jetspeed.security.util.test.AbstractSecurityTestcase;
024: import org.apache.jetspeed.sso.SSOProvider;
025:
026: import junit.framework.Test;
027: import junit.framework.TestSuite;
028:
029: import javax.security.auth.Subject;
030:
031: import java.security.Principal;
032: import java.util.ArrayList;
033: import java.util.Arrays;
034: import java.util.HashSet;
035: import java.util.Iterator;
036: import java.util.List;
037: import java.util.Set;
038:
039: import org.apache.jetspeed.sso.SSOException;
040: import java.lang.Exception;
041:
042: /**
043: * @author David Le Strat
044: */
045: public class TestSSOComponent extends AbstractSecurityTestcase {
046: /**
047: * test url for this UnitTest
048: */
049: static private String TEST_URL = "http://localhost/jetspeed";
050:
051: static private String TEST_URL2 = "http://192.168.2.63/nagios/cgi-bin/status.cgi?hostgroup=all&style=hostdetail";
052:
053: static private String TEST_USER = "joe";
054:
055: static private String REMOTE_USER = "remoteJS";
056:
057: static private String REMOTE_USER2 = "nagiosadmin";
058:
059: static private String REMOTE_PWD_1 = "remote_1";
060:
061: static private String REMOTE_PWD_2 = "nagiosadmin";
062:
063: static private String TEST_GROUP = "engineers";
064:
065: static private String TEST_GROUP_USER = "jack";
066:
067: /** The property manager. */
068: private static SSOProvider ssoBroker = null;
069:
070: /**
071: * @see junit.framework.TestCase#setUp()
072: */
073: public void setUp() throws Exception {
074: super .setUp();
075:
076: try {
077: ssoBroker = (SSOProvider) ctx.getBean("ssoProvider");
078: } catch (Exception ex) {
079: ex.printStackTrace();
080: throw new Exception("Exception while setup SSO TEST");
081: }
082: }
083:
084: /**
085: * @see junit.framework.TestCase#tearDown()
086: */
087: public void tearDown() throws Exception {
088: clean();
089: // super.tearDown();
090: }
091:
092: public static Test suite() {
093: // All methods starting with "test" will be executed in the test suite.
094: return new TestSuite(TestSSOComponent.class);
095: }
096:
097: /**
098: * <p>
099: * Test user root.
100: * </p>
101: */
102: public void testSSOGroup() throws Exception {
103: System.out.println("*************************************\n"
104: + "Start Unit Test for SSO Group Support"
105: + "\n*************************************");
106:
107: // Create a user
108: try {
109: ums.addUser(TEST_GROUP_USER, "password");
110: } catch (SecurityException sex) {
111: // assertTrue("user already exists. exception caught: " + sex, false);
112: }
113:
114: // Create a group
115: try {
116: gms.addGroup(TEST_GROUP);
117: System.out.println("Creating Group " + TEST_GROUP
118: + " and adding User " + TEST_GROUP_USER
119: + " succeeded!.");
120: } catch (SecurityException secex) {
121: System.out
122: .println("Creating Group "
123: + TEST_GROUP
124: + " and adding User "
125: + TEST_GROUP_USER
126: + " failed. Group might already exist. Continue test...");
127: // secex.printStackTrace();
128: // throw new Exception(secex.getMessage());
129: }
130:
131: if (gms.groupExists(TEST_GROUP)) {
132: // Add user to Group
133: gms.addUserToGroup(TEST_GROUP_USER, TEST_GROUP);
134: } else {
135: assertTrue("Could not create group. Abort test.", false);
136: }
137:
138: // Initialization of Group
139: Principal principal = new GroupPrincipalImpl(TEST_GROUP);
140: Set principals = new HashSet();
141: principals.add(principal);
142: Subject subject = new Subject(true, principals, new HashSet(),
143: new HashSet());
144:
145: // Add SSO Credential for Group
146: if (ssoBroker.hasSSOCredentials(subject, TEST_URL) == false) {
147: try {
148: ssoBroker.addCredentialsForSite(subject, REMOTE_USER,
149: TEST_URL, REMOTE_PWD_1);
150: System.out.println("SSO Credential added for Group:"
151: + TEST_GROUP + " site: " + TEST_URL);
152: } catch (SSOException ssoex) {
153: System.out
154: .println("SSO Credential add FAILED for Group:"
155: + TEST_GROUP + " site: " + TEST_URL);
156: ssoex.printStackTrace();
157: throw new Exception(ssoex.getMessage());
158: }
159: } else {
160: System.out.println("Group:" + TEST_GROUP + " site: "
161: + TEST_URL + " has already a remote credential");
162: }
163:
164: // Create Principal for User
165: principal = new UserPrincipalImpl(TEST_GROUP_USER);
166: principals = new HashSet();
167: principals.add(principal);
168: subject = new Subject(true, principals, new HashSet(),
169: new HashSet());
170:
171: // User should have credential for site
172: if (ssoBroker.hasSSOCredentials(subject, TEST_URL) == false) {
173: // Group expansion failed. User not recognized
174: System.out.println("No SSO Credential for user:"
175: + TEST_GROUP_USER + " site: " + TEST_URL);
176:
177: // Test failure
178: try {
179: ums.removeUser(TEST_GROUP_USER);
180: gms.removeGroup(TEST_GROUP);
181: } catch (SecurityException sex) {
182: assertTrue(
183: "could not remove user and group. exception caught: "
184: + sex, false);
185: }
186:
187: throw new Exception(
188: "SSO Unit test for Group support failed");
189: } else {
190: // Group lookup succesful
191: System.out.println("SSO Test for Group support successful"
192: + "\nSSO Credential for user:" + TEST_GROUP_USER
193: + " site: " + TEST_URL
194: + " found. User is member of Group " + TEST_GROUP);
195: }
196:
197: // Cleanup test.
198:
199: /*
200: * For hypersonic the cascading deletes are not generated by Torque and the remove credentials fails with a
201: * constraint error. Comment test out for M1 release but the problem needs to be addressed for the upcoming
202: * releases
203: */
204: try {
205: // Remove credential for Site
206: ssoBroker.removeCredentialsForSite("/group/" + TEST_GROUP,
207: TEST_URL);
208: System.out.println("SSO Credential removed for Group:"
209: + TEST_GROUP + " site: " + TEST_URL);
210: } catch (SSOException ssoex) {
211: System.out
212: .println("SSO Credential remove FAILED for Group:"
213: + TEST_GROUP + " site: " + TEST_URL);
214: throw new Exception(ssoex.getMessage());
215: }
216:
217: try {
218: ums.removeUser(TEST_GROUP_USER);
219: gms.removeGroup(TEST_GROUP);
220: } catch (SecurityException sex) {
221: assertTrue(
222: "could not remove user and group. exception caught: "
223: + sex, false);
224: }
225:
226: }
227:
228: public void testSSO() throws Exception {
229: System.out
230: .println("***************************\nStart Unit Test for SSO API\n***************************");
231:
232: // Create a user
233: try {
234: ums.addUser(TEST_USER, "password");
235: } catch (SecurityException sex) {
236: // assertTrue("user already exists. exception caught: " + sex, false);
237: }
238:
239: // Initialization
240: Principal principal = new UserPrincipalImpl(TEST_USER);
241: Set principals = new HashSet();
242: principals.add(principal);
243: Subject subject = new Subject(true, principals, new HashSet(),
244: new HashSet());
245:
246: if (ssoBroker.hasSSOCredentials(subject, TEST_URL) == false) {
247: System.out.println("No SSO Credential for user:"
248: + TEST_USER + " site: " + TEST_URL);
249:
250: // Add credential
251: try {
252: ssoBroker.addCredentialsForSite(subject, REMOTE_USER,
253: TEST_URL, REMOTE_PWD_1);
254: System.out.println("SSO Credential added for user:"
255: + TEST_USER + " site: " + TEST_URL);
256: } catch (SSOException ssoex) {
257: System.out
258: .println("SSO Credential add FAILED for user:"
259: + TEST_USER + " site: " + TEST_URL);
260: ssoex.printStackTrace();
261: throw new Exception(ssoex.getMessage());
262: }
263: } else {
264: System.out.println("SSO Credential found for user:"
265: + TEST_USER + " site: " + TEST_URL);
266: }
267:
268: // Add another remote principal for the same user
269: if (ssoBroker.hasSSOCredentials(subject, TEST_URL2) == false) {
270: System.out.println("No SSO Credential for user:"
271: + TEST_USER + " site: " + TEST_URL2);
272:
273: // Add credential
274: try {
275: ssoBroker.addCredentialsForSite(subject, REMOTE_USER2,
276: TEST_URL2, REMOTE_PWD_2);
277: ssoBroker.setRealmForSite(TEST_URL2, "Nagios Access");
278:
279: System.out.println("SSO Credential added for user:"
280: + TEST_USER + " site: " + TEST_URL2);
281: } catch (SSOException ssoex) {
282: System.out
283: .println("SSO Credential add FAILED for user:"
284: + TEST_USER + " site: " + TEST_URL2);
285: ssoex.printStackTrace();
286: throw new Exception(ssoex.getMessage());
287: }
288: } else {
289: System.out.println("SSO Credential found for user:"
290: + TEST_USER + " site: " + TEST_URL2);
291: }
292:
293: // Add the credentail again -- should get an error
294: try {
295: ssoBroker.addCredentialsForSite(subject, REMOTE_USER2,
296: TEST_URL2, REMOTE_PWD_2);
297: throw new Exception(
298: "Added same credentail twice -- API should prevent users from doing that.");
299:
300: } catch (SSOException ssoex) {
301: System.out
302: .println("Adding same SSO Credential twice failed (as expected) Message :"
303: + ssoex.getMessage());
304: } catch (Exception e) {
305: throw new Exception(
306: "Adding SSO Credential twice throw an unandled exception. Error: "
307: + e.getMessage());
308: }
309:
310: // Test if the credential where persisted
311:
312: // Test credential update
313: SSOContext ssocontext = ssoBroker.getCredentials(subject,
314: TEST_URL);
315: System.out.println("SSO Credential: User:"
316: + ssocontext.getRemotePrincipalName() + " Password: "
317: + ssocontext.getRemoteCredential() + " for site: "
318: + TEST_URL);
319:
320: System.out.println("SSO Credential: User:"
321: + ssocontext.getRemotePrincipalName() + " Password: "
322: + ssocontext.getRemoteCredential() + " for site: "
323: + TEST_URL2);
324:
325: try {
326: // Update Remote credential
327: System.out.println("SSO Credential Update");
328: ssoBroker.updateCredentialsForSite(subject, REMOTE_USER,
329: TEST_URL, REMOTE_PWD_2);
330:
331: ssocontext = ssoBroker.getCredentials(subject, TEST_URL);
332: System.out.println("SSO Credential updated: User:"
333: + ssocontext.getRemotePrincipalName()
334: + " Password: " + ssocontext.getRemoteCredential());
335:
336: } catch (SSOException ssoex) {
337: System.out.println("SSO Credential update FAILED for user:"
338: + TEST_USER + " site: " + TEST_URL);
339: throw new Exception(ssoex.getMessage());
340: }
341:
342: /*
343: * For hypersonic the cascading deletes are not generated by Torque and the remove credentials fails with a
344: * constraint error. Comment test out for M1 release but the problem needs to be addressed for the upcoming
345: * releases try { // Remove credential for Site ssoBroker.removeCredentialsForSite(subject, TEST_URL);
346: * System.out.println("SSO Credential removed for user:" + TEST_USER+ " site: " + TEST_URL); }
347: * catch(SSOException ssoex) { System.out.println("SSO Credential remove FAILED for user:" + TEST_USER+ " site: " +
348: * TEST_URL); throw new Exception(ssoex.getMessage()); }
349: */
350:
351: Iterator sites = ssoBroker.getSites("");
352: while (sites.hasNext()) {
353: SSOSite site = (SSOSite) sites.next();
354: System.out.println("Site = " + site.getName());
355: }
356: // Cleanup
357: try {
358: ssoBroker.removeCredentialsForSite(subject, TEST_URL);
359: ssoBroker.removeCredentialsForSite(subject, TEST_URL2);
360: System.out.println("SSO Credential removed for user:"
361: + TEST_USER + " sites: " + TEST_URL + " "
362: + TEST_URL2);
363: } catch (SSOException ssoex) {
364: System.out.println("SSO Credential remove FAILED for user:"
365: + TEST_USER + " site: " + TEST_URL + " and "
366: + TEST_URL2);
367: throw new Exception(ssoex.getMessage());
368: }
369:
370: }
371:
372: /**
373: * <p>
374: * Clean properties.
375: * </p>
376: */
377: protected void clean() throws Exception {
378: // Cleanup any credentails added during the test
379: /*
380: * try { } catch (SSOException ex) { System.out.println("SSOException" + ex); }
381: */
382: }
383:
384: protected String[] getConfigurations() {
385: String[] confs = super .getConfigurations();
386: List confList = new ArrayList(Arrays.asList(confs));
387: confList.add("sso.xml");
388: return (String[]) confList.toArray(new String[1]);
389: }
390: }
|