001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.test.aop.bean;
023:
024: import org.jboss.logging.Logger;
025: import org.jboss.security.SecurityAssociation;
026: import org.jboss.security.SimplePrincipal;
027: import org.jboss.system.ServiceMBeanSupport;
028:
029: import javax.management.MBeanRegistration;
030: import javax.management.MBeanServer;
031: import javax.management.ObjectName;
032:
033: /**
034: *
035: * @see Monitorable
036: * @author <a href="mailto:bill@jboss.org">Bill Burke</a>
037: * @version $Revision: 63639 $
038: */
039: public class SecurityTester extends ServiceMBeanSupport implements
040: SecurityTesterMBean, MBeanRegistration {
041: // Constants ----------------------------------------------------
042: // Attributes ---------------------------------------------------
043: static Logger log = Logger.getLogger(SecurityTester.class);
044: MBeanServer m_mbeanServer;
045:
046: // Static -------------------------------------------------------
047:
048: // Constructors -------------------------------------------------
049: public SecurityTester() {
050: }
051:
052: // Public -------------------------------------------------------
053:
054: // MBeanRegistration implementation -----------------------------------
055: public ObjectName preRegister(MBeanServer server, ObjectName name)
056: throws Exception {
057: m_mbeanServer = server;
058: return name;
059: }
060:
061: public void postRegister(Boolean registrationDone) {
062: }
063:
064: public void preDeregister() throws Exception {
065: }
066:
067: public void postDeregister() {
068: }
069:
070: protected void startService() throws Exception {
071: }
072:
073: protected void stopService() {
074: }
075:
076: public void testXml() {
077: try {
078: log.info("TESTING XML Security");
079:
080: char[] password = "password".toCharArray();
081: SecurityAssociation.pushSubjectContext(null,
082: new SimplePrincipal("somebody"), password);
083:
084: log.info("testing unchecked constructor");
085: SecuredPOJO pojo = new SecuredPOJO(); // unchecked construction
086: log.info("testing unchecked method");
087: pojo.unchecked();
088: log.info("testing unchecked field");
089: pojo.uncheckedField = 5;
090:
091: SecurityAssociation.popSubjectContext();
092: SecurityAssociation.pushSubjectContext(null,
093: new SimplePrincipal("authfail"), password);
094:
095: boolean securityFailure = true;
096: try {
097: log.info("testing auth failure method");
098: pojo.someMethod();
099: } catch (SecurityException ignored) {
100: log.info(ignored.getMessage());
101: securityFailure = false;
102: }
103:
104: if (securityFailure)
105: throw new RuntimeException(
106: "auth failure was not caught for method");
107:
108: securityFailure = true;
109: try {
110: log.info("testing auth failure field");
111: pojo.someField = 5;
112: } catch (SecurityException ignored) {
113: log.info(ignored.getMessage());
114: securityFailure = false;
115: }
116:
117: if (securityFailure)
118: throw new RuntimeException(
119: "auth failure was not caught for field");
120: securityFailure = true;
121: try {
122: log.info("testing auth failure constructor");
123: pojo = new SecuredPOJO(4);
124: } catch (SecurityException ignored) {
125: log.info(ignored.getMessage());
126: securityFailure = false;
127: }
128:
129: if (securityFailure)
130: throw new RuntimeException(
131: "auth failure was not caught for constructor");
132:
133: securityFailure = true;
134: SecurityAssociation.popSubjectContext();
135: SecurityAssociation.pushSubjectContext(null,
136: new SimplePrincipal("rolefail"), password);
137: try {
138: log.info("testing role failure method");
139: pojo.someMethod();
140: } catch (SecurityException ignored) {
141: log.info(ignored.getMessage());
142: securityFailure = false;
143: }
144: if (securityFailure)
145: throw new RuntimeException(
146: "role failure was not caught for method");
147:
148: securityFailure = true;
149: try {
150: log.info("testing role failure field");
151: pojo.someField = 5;
152: } catch (SecurityException ignored) {
153: log.info(ignored.getMessage());
154: securityFailure = false;
155: }
156: if (securityFailure)
157: throw new RuntimeException(
158: "role failure was not caught field");
159:
160: securityFailure = true;
161: try {
162: log.info("testing role failure constructor");
163: pojo = new SecuredPOJO(4);
164: } catch (SecurityException ignored) {
165: log.info(ignored.getMessage());
166: securityFailure = false;
167: }
168:
169: if (securityFailure)
170: throw new RuntimeException(
171: "role failure was not caught for constructor");
172:
173: SecurityAssociation.popSubjectContext();
174: SecurityAssociation.pushSubjectContext(null,
175: new SimplePrincipal("pass"), password);
176: log.info("test pass");
177: pojo.someMethod();
178: pojo.someField = 5;
179: pojo = new SecuredPOJO(5);
180:
181: log.info("test exclusion");
182: securityFailure = true;
183: try {
184: pojo.excluded();
185: } catch (SecurityException ignored) {
186: log.info(ignored.getMessage());
187: securityFailure = false;
188: }
189: if (securityFailure)
190: throw new RuntimeException(
191: "excluded failure was not caught for method");
192:
193: securityFailure = true;
194: try {
195: pojo.excludedField = "hello";
196: } catch (SecurityException ignored) {
197: log.info(ignored.getMessage());
198: securityFailure = false;
199: }
200: if (securityFailure)
201: throw new RuntimeException(
202: "excluded failure was not caught for field");
203:
204: securityFailure = true;
205: try {
206: pojo = new SecuredPOJO("hello");
207: } catch (SecurityException ignored) {
208: log.info(ignored.getMessage());
209: securityFailure = false;
210: }
211: if (securityFailure)
212: throw new RuntimeException(
213: "excluded failure was not caught for constructor");
214: } catch (Throwable ex) {
215: log.error("failed", ex);
216: throw new RuntimeException(ex.getMessage());
217: }
218: }
219:
220: public void testAnnotated() {
221: try {
222: log.info("TESTING Annotated Security");
223:
224: char[] password = "password".toCharArray();
225: SecurityAssociation.pushSubjectContext(null,
226: new SimplePrincipal("somebody"), password);
227:
228: log.info("testing unchecked constructor");
229: AnnotatedSecuredPOJO pojo = new AnnotatedSecuredPOJO(); // unchecked construction
230: log.info("testing unchecked method");
231: pojo.unchecked();
232: log.info("testing unchecked field");
233: pojo.uncheckedField = 5;
234:
235: SecurityAssociation.popSubjectContext();
236: SecurityAssociation.pushSubjectContext(null,
237: new SimplePrincipal("authfail"), password);
238:
239: boolean securityFailure = true;
240: try {
241: log.info("testing auth failure method");
242: pojo.someMethod();
243: } catch (SecurityException ignored) {
244: log.info(ignored.getMessage());
245: securityFailure = false;
246: }
247:
248: if (securityFailure)
249: throw new RuntimeException(
250: "auth failure was not caught for method");
251:
252: securityFailure = true;
253: try {
254: log.info("testing auth failure field");
255: pojo.someField = 5;
256: } catch (SecurityException ignored) {
257: log.info(ignored.getMessage());
258: securityFailure = false;
259: }
260:
261: if (securityFailure)
262: throw new RuntimeException(
263: "auth failure was not caught for field");
264: securityFailure = true;
265: try {
266: log.info("testing auth failure constructor");
267: pojo = new AnnotatedSecuredPOJO(4);
268: } catch (SecurityException ignored) {
269: log.info(ignored.getMessage());
270: securityFailure = false;
271: }
272:
273: if (securityFailure)
274: throw new RuntimeException(
275: "auth failure was not caught for constructor");
276:
277: securityFailure = true;
278: SecurityAssociation.popSubjectContext();
279: SecurityAssociation.pushSubjectContext(null,
280: new SimplePrincipal("rolefail"), password);
281: try {
282: log.info("testing role failure method");
283: pojo.someMethod();
284: } catch (SecurityException ignored) {
285: log.info(ignored.getMessage());
286: securityFailure = false;
287: }
288: if (securityFailure)
289: throw new RuntimeException(
290: "role failure was not caught for method");
291:
292: securityFailure = true;
293: try {
294: log.info("testing role failure field");
295: pojo.someField = 5;
296: } catch (SecurityException ignored) {
297: log.info(ignored.getMessage());
298: securityFailure = false;
299: }
300: if (securityFailure)
301: throw new RuntimeException(
302: "role failure was not caught field");
303:
304: securityFailure = true;
305: try {
306: log.info("testing role failure constructor");
307: pojo = new AnnotatedSecuredPOJO(4);
308: } catch (SecurityException ignored) {
309: log.info(ignored.getMessage());
310: securityFailure = false;
311: }
312:
313: if (securityFailure)
314: throw new RuntimeException(
315: "role failure was not caught for constructor");
316:
317: SecurityAssociation.popSubjectContext();
318: SecurityAssociation.pushSubjectContext(null,
319: new SimplePrincipal("pass"), password);
320:
321: log.info("test pass");
322: pojo.someMethod();
323: pojo.someField = 5;
324: pojo = new AnnotatedSecuredPOJO(5);
325:
326: log.info("test exclusion");
327: securityFailure = true;
328: try {
329: pojo.excluded();
330: } catch (SecurityException ignored) {
331: log.info(ignored.getMessage());
332: securityFailure = false;
333: }
334: if (securityFailure)
335: throw new RuntimeException(
336: "excluded failure was not caught for method");
337:
338: securityFailure = true;
339: try {
340: pojo.excludedField = "hello";
341: } catch (SecurityException ignored) {
342: log.info(ignored.getMessage());
343: securityFailure = false;
344: }
345: if (securityFailure)
346: throw new RuntimeException(
347: "excluded failure was not caught for field");
348:
349: securityFailure = true;
350: try {
351: pojo = new AnnotatedSecuredPOJO("hello");
352: } catch (SecurityException ignored) {
353: log.info(ignored.getMessage());
354: securityFailure = false;
355: }
356: if (securityFailure)
357: throw new RuntimeException(
358: "excluded failure was not caught for constructor");
359: } catch (Throwable ex) {
360: log.error("failed", ex);
361: throw new RuntimeException(ex);
362: }
363: }
364: }
|