001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.test.security.test;
023:
024: import java.security.acl.Group;
025: import java.util.HashMap;
026:
027: import javax.security.auth.callback.CallbackHandler;
028: import javax.security.auth.login.AppConfigurationEntry;
029: import javax.security.auth.login.Configuration;
030: import javax.security.auth.login.LoginException;
031:
032: import junit.framework.Test;
033: import junit.framework.TestCase;
034: import junit.framework.TestSuite;
035:
036: import org.jboss.logging.Logger;
037: import org.jboss.security.SimplePrincipal;
038: import org.jboss.security.auth.callback.SecurityAssociationHandler;
039: import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
040: import org.jboss.security.plugins.JaasSecurityManager;
041: import org.jboss.util.TimedCachePolicy;
042:
043: /**
044: * Tests of the JaasSecurityManager implementation.
045: *
046: * @author Scott.Stark@jboss.org
047: * @version $Revision: 57260 $
048: */
049: public class JaasSecurityManagerUnitTestCase extends TestCase {
050: static Logger log = Logger
051: .getLogger(JaasSecurityManagerUnitTestCase.class);
052:
053: public JaasSecurityManagerUnitTestCase(String name) {
054: super (name);
055: }
056:
057: public static Test suite() throws Exception {
058: // JBAS-3716, the execution order of tests in this test case is important
059: // so it must be defined explicitly when running under some JVMs
060: TestSuite suite = new TestSuite();
061: suite.addTest(new JaasSecurityManagerUnitTestCase(
062: "testStringCharArrayCredential"));
063: suite.addTest(new JaasSecurityManagerUnitTestCase(
064: "testCharArrayStringCredential"));
065:
066: return suite;
067: }
068:
069: /**
070: * Setup the JAAS configuration
071: * @throws Exception
072: */
073: protected void setUp() throws Exception {
074: super .setUp();
075: Configuration.setConfiguration(new MyConfig());
076: }
077:
078: /**
079: * Validate that using of String/char[] representing the same
080: * credential do not cause thrashing of the domain cache.
081: */
082: public void testStringCharArrayCredential() {
083: SimplePrincipal jduke = new SimplePrincipal("jduke");
084: CallbackHandler handler = new SecurityAssociationHandler(jduke,
085: "theduke".toCharArray());
086: JaasSecurityManager sm = new JaasSecurityManager(
087: "testStringCharArrayCredential", handler);
088: TimedCachePolicy cache = new TimedCachePolicy(600, true, 10);
089: cache.create();
090: cache.start();
091: sm.setCachePolicy(cache);
092:
093: // Initial validation to populate the cache
094: assertTrue(sm.isValid(jduke, "theduke"));
095: // Validate that the String credential form uses the cache
096: assertTrue(sm.isValid(jduke, "theduke"));
097: // Validate that the char[] credential form uses the cache
098: assertTrue(sm.isValid(jduke, "theduke".toCharArray()));
099: }
100:
101: /**
102: * Validate that using of char[]/String representing the same
103: * credential do not cause thrashing of the domain cache.
104: */
105: public void testCharArrayStringCredential() {
106: SimplePrincipal jduke = new SimplePrincipal("jduke");
107: CallbackHandler handler = new SecurityAssociationHandler(jduke,
108: "theduke".toCharArray());
109: JaasSecurityManager sm = new JaasSecurityManager(
110: "testStringCharArrayCredential", handler);
111: TimedCachePolicy cache = new TimedCachePolicy(600, true, 10);
112: cache.create();
113: cache.start();
114: sm.setCachePolicy(cache);
115:
116: // Reset the validation count
117: CountedLoginModule.validateCount = 0;
118: // Initial validation to populate the cache
119: assertTrue(sm.isValid(jduke, "theduke".toCharArray()));
120: // Validate that the char[] credential form uses the cache
121: assertTrue(sm.isValid(jduke, "theduke".toCharArray()));
122: // Validate that the String credential form uses the cache
123: assertTrue(sm.isValid(jduke, "theduke"));
124: }
125:
126: /**
127: * Implementation of JAAS configuration for this testcase
128: */
129: static class MyConfig extends Configuration {
130: AppConfigurationEntry[] entry;
131:
132: MyConfig() {
133: entry = new AppConfigurationEntry[1];
134: HashMap opts = new HashMap();
135: entry[0] = new AppConfigurationEntry(
136: CountedLoginModule.class.getName(),
137: AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
138: opts);
139: }
140:
141: public AppConfigurationEntry[] getAppConfigurationEntry(
142: String appName) {
143: return entry;
144: }
145:
146: public void refresh() {
147: }
148: }
149:
150: /**
151: * UsernamePasswordLoginModule extenstion that only allows a single
152: * validation attempt.
153: */
154: public static class CountedLoginModule extends
155: UsernamePasswordLoginModule {
156: static int validateCount = 0;
157:
158: protected boolean validatePassword(String inputPassword,
159: String expectedPassword) {
160: validateCount++;
161: log
162: .info("validatePassword, validateCount="
163: + validateCount);
164: if (validateCount > 1) {
165: IllegalStateException ex = new IllegalStateException(
166: "Too many validation calls: " + validateCount);
167: super .setValidateError(ex);
168: return false;
169: }
170: return super .validatePassword(inputPassword,
171: expectedPassword);
172: }
173:
174: protected String getUsersPassword() throws LoginException {
175: return "theduke";
176: }
177:
178: protected Group[] getRoleSets() throws LoginException {
179: return new Group[0];
180: }
181: }
182: }
|