jaas/src/test/java/org/apache/felix/jaas/integration/ITJaasWithConfigBasedLoginModule.java - felix - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 package org.apache.felix.jaas.integration;

 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Dictionary;
 import java.util.Hashtable;
 import java.util.List;
 import java.util.Properties;

 import javax.inject.Inject;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.AppConfigurationEntry;
 import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;

 import org.apache.felix.jaas.LoginContextFactory;
 import org.apache.felix.jaas.integration.common.SimpleCallbackHandler;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.TestName;
 import org.junit.runner.RunWith;
 import org.ops4j.pax.exam.Option;
 import org.ops4j.pax.exam.junit.PaxExam;
 import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy;
 import org.ops4j.pax.exam.spi.reactors.PerClass;

 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.fail;
 import static org.ops4j.pax.exam.CoreOptions.composite;
 import static org.ops4j.pax.exam.CoreOptions.streamBundle;

 @RunWith(PaxExam.class)
 @ExamReactorStrategy(PerClass.class)
 public class ITJaasWithConfigBasedLoginModule extends JaasTestBase
 {

     @Inject
     private LoginContextFactory loginContextFactory;

     @Rule
     public TestName name= new TestName();

     static
     {
         // uncomment to enable debugging of this test class
 //                paxRunnerVmOption = DEBUG_VM_OPTION;

     }

     @Override
     protected Option addExtraOptions()
     {
         return composite(streamBundle(createConfigBasedBundle()));
     }

     @Test
     public void testJaasWithTCCL() throws Exception {
         String realmName = name.getMethodName();
         createLoginModuleConfig(realmName);
         delay();

         CallbackHandler handler = new SimpleCallbackHandler("foo","foo");
         Configuration config = Configuration.getInstance("JavaLoginConfig",null,"FelixJaasProvider");

         Subject s = new Subject();
         final ClassLoader cl = Thread.currentThread().getContextClassLoader();
         try
         {
             Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
             LoginContext lc = new LoginContext(realmName,s,handler,config);
             lc.login();
         }
         finally
         {
             Thread.currentThread().setContextClassLoader(cl);
         }

         assertFalse(s.getPrincipals().isEmpty());
     }

     @Test
     public void testJaasWithFactory() throws Exception
     {
         String realmName = name.getMethodName();
         createLoginModuleConfig(realmName);
         delay();

         CallbackHandler handler = new SimpleCallbackHandler("foo", "foo");

         Subject s = new Subject();

         //Using LoginFactory we can avoid providing Configuration and switching TCCL
         LoginContext lc = loginContextFactory.createLoginContext(realmName, s, handler);
         lc.login();

         assertFalse(s.getPrincipals().isEmpty());

         //Negative case. Login fails with incorrect password
         try
         {
             LoginContext lc2 = loginContextFactory.createLoginContext(realmName, s,
                     new SimpleCallbackHandler("foo", "bar"));
             lc2.login();
             fail("Login should have failed");
         }catch(LoginException e){

         }
     }

     /**
      * Validates that OSGi config do gets passed as part of options to the LoginModule
      */
     @Test
     public void testJaasConfigPassing() throws Exception {
         String realmName = name.getMethodName();

         //1. Create sample config
         org.osgi.service.cm.Configuration config =
                 ca.createFactoryConfiguration("org.apache.felix.jaas.Configuration.factory",null);
         Dictionary<String,Object> p = new Hashtable<String, Object>();
         p.put("jaas.classname","org.apache.felix.jaas.integration.sample1.ConfigLoginModule");
         p.put("jaas.realmName", realmName);

         //Following passed config gets validated in
         //org.apache.felix.jaas.integration.sample1.ConfigLoginModule.validateConfig()
         p.put("validateConfig", Boolean.TRUE);
         p.put("key0", "val0");
         p.put("key1", "val1");
         p.put("key2", "val2");

         //Override the value directly passed in config via options value explicitly
         p.put("jaas.options", new String[]{"key3=val3", "key4=val4", "key0=valNew"});
         config.update(p);

         delay();

         //2. Validate the login passes with this config. LoginModule would validate
         //the config also
         CallbackHandler handler = new SimpleCallbackHandler("foo","foo");
         Configuration jaasConfig = Configuration.getInstance("JavaLoginConfig",null,"FelixJaasProvider");

         Subject s = new Subject();
         final ClassLoader cl = Thread.currentThread().getContextClassLoader();
         try
         {
             Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
             LoginContext lc = new LoginContext(realmName,s,handler,jaasConfig);
             lc.login();
         }
         finally
         {
             Thread.currentThread().setContextClassLoader(cl);
         }

         assertFalse(s.getPrincipals().isEmpty());
     }


     @Test
     public void testJaasConfigOrderedViaRanking() throws Exception {
         String realmName = name.getMethodName();
         List<Integer> ranks = Arrays.asList(1,2,3,4,5,6);
         Collections.shuffle(ranks);

         //1. Create LoginModule config with random rankings
         for(Integer i : ranks)
         {
             org.osgi.service.cm.Configuration config =
                     ca.createFactoryConfiguration("org.apache.felix.jaas.Configuration.factory",null);
             Dictionary<String,Object> p = new Hashtable<String, Object>();
             p.put("jaas.classname","org.apache.felix.jaas.integration.sample1.ConfigLoginModule");
             p.put("jaas.realmName", realmName);
             p.put("jaas.ranking", i);
             p.put("order", i);

             config.update(p);
         }

         delay();

         Configuration jaasConfig = Configuration.getInstance("JavaLoginConfig",null,"FelixJaasProvider");
         AppConfigurationEntry[] entries = jaasConfig.getAppConfigurationEntry(realmName);

         assertEquals("No of entries does not match the no of created",ranks.size(),entries.length);

         //Entries would be sorted via ranking. Higher ranking comes first
         int ranking = 6;
         for(AppConfigurationEntry e : entries){
             Integer order = (Integer) e.getOptions().get("order");
             assertEquals(ranking--,order.intValue());
         }

     }

     @Test
     public void testJaasConfigWithEmptyRealm() throws Exception {
         String realmName = name.getMethodName();

         //Scenario 1 - Create a config with no realm name set. So its default name would
         //be set to the defaultRealmName setting of ConfigurationSpi. Which defaults to 'other'
         org.osgi.service.cm.Configuration config =
                 ca.createFactoryConfiguration("org.apache.felix.jaas.Configuration.factory",null);
         Dictionary<String,Object> dict = new Hashtable<String, Object>();
         dict.put("jaas.classname", "org.apache.felix.jaas.integration.sample1.ConfigLoginModule");

         config.update(dict);
         delay();

         CallbackHandler handler = new SimpleCallbackHandler("foo","foo");

         Subject s = new Subject();
         LoginContext lc = loginContextFactory.createLoginContext(realmName, s, handler);
         lc.login();

         assertFalse(s.getPrincipals().isEmpty());


         //Scenario 2 - Now we change the default realm name to 'default' and we do not have any login module which
         //is bound to 'other' as they get part of 'default'. In this case login should fail
         org.osgi.service.cm.Configuration config2 = ca.getConfiguration("org.apache.felix.jaas.ConfigurationSpi",null);
         Properties p2 = new Properties();
         p2.setProperty("jaas.defaultRealmName","default");
         config2.update(p2);
         delay();

         try{
             Subject s2 = new Subject();
             LoginContext lc2 = loginContextFactory.createLoginContext(realmName, s2, handler);
             lc2.login();
             fail("Should have failed as no LoginModule bound with 'other'");
         }catch(LoginException e){

         }
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	package org.apache.felix.jaas.integration;

	import java.util.Arrays;
	import java.util.Collections;
	import java.util.Dictionary;
	import java.util.Hashtable;
	import java.util.List;
	import java.util.Properties;

	import javax.inject.Inject;
	import javax.security.auth.Subject;
	import javax.security.auth.callback.CallbackHandler;
	import javax.security.auth.login.AppConfigurationEntry;
	import javax.security.auth.login.Configuration;
	import javax.security.auth.login.LoginContext;
	import javax.security.auth.login.LoginException;

	import org.apache.felix.jaas.LoginContextFactory;
	import org.apache.felix.jaas.integration.common.SimpleCallbackHandler;
	import org.junit.Rule;
	import org.junit.Test;
	import org.junit.rules.TestName;
	import org.junit.runner.RunWith;
	import org.ops4j.pax.exam.Option;
	import org.ops4j.pax.exam.junit.PaxExam;
	import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy;
	import org.ops4j.pax.exam.spi.reactors.PerClass;

	import static org.junit.Assert.assertEquals;
	import static org.junit.Assert.assertFalse;
	import static org.junit.Assert.fail;
	import static org.ops4j.pax.exam.CoreOptions.composite;
	import static org.ops4j.pax.exam.CoreOptions.streamBundle;

	@RunWith(PaxExam.class)
	@ExamReactorStrategy(PerClass.class)
	public class ITJaasWithConfigBasedLoginModule extends JaasTestBase
	{

	@Inject
	private LoginContextFactory loginContextFactory;

	@Rule
	public TestName name= new TestName();

	static
	{
	// uncomment to enable debugging of this test class
	// paxRunnerVmOption = DEBUG_VM_OPTION;

	}

	@Override
	protected Option addExtraOptions()
	{
	return composite(streamBundle(createConfigBasedBundle()));
	}

	@Test
	public void testJaasWithTCCL() throws Exception {
	String realmName = name.getMethodName();
	createLoginModuleConfig(realmName);
	delay();

	CallbackHandler handler = new SimpleCallbackHandler("foo","foo");
	Configuration config = Configuration.getInstance("JavaLoginConfig",null,"FelixJaasProvider");

	Subject s = new Subject();
	final ClassLoader cl = Thread.currentThread().getContextClassLoader();
	try
	{
	Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
	LoginContext lc = new LoginContext(realmName,s,handler,config);
	lc.login();
	}
	finally
	{
	Thread.currentThread().setContextClassLoader(cl);
	}

	assertFalse(s.getPrincipals().isEmpty());
	}

	@Test
	public void testJaasWithFactory() throws Exception
	{
	String realmName = name.getMethodName();
	createLoginModuleConfig(realmName);
	delay();

	CallbackHandler handler = new SimpleCallbackHandler("foo", "foo");

	Subject s = new Subject();

	//Using LoginFactory we can avoid providing Configuration and switching TCCL
	LoginContext lc = loginContextFactory.createLoginContext(realmName, s, handler);
	lc.login();

	assertFalse(s.getPrincipals().isEmpty());

	//Negative case. Login fails with incorrect password
	try
	{
	LoginContext lc2 = loginContextFactory.createLoginContext(realmName, s,
	new SimpleCallbackHandler("foo", "bar"));
	lc2.login();
	fail("Login should have failed");
	}catch(LoginException e){

	}
	}

	/**
	* Validates that OSGi config do gets passed as part of options to the LoginModule
	*/
	@Test
	public void testJaasConfigPassing() throws Exception {
	String realmName = name.getMethodName();

	//1. Create sample config
	org.osgi.service.cm.Configuration config =
	ca.createFactoryConfiguration("org.apache.felix.jaas.Configuration.factory",null);
	Dictionary<String,Object> p = new Hashtable<String, Object>();
	p.put("jaas.classname","org.apache.felix.jaas.integration.sample1.ConfigLoginModule");
	p.put("jaas.realmName", realmName);

	//Following passed config gets validated in
	//org.apache.felix.jaas.integration.sample1.ConfigLoginModule.validateConfig()
	p.put("validateConfig", Boolean.TRUE);
	p.put("key0", "val0");
	p.put("key1", "val1");
	p.put("key2", "val2");

	//Override the value directly passed in config via options value explicitly
	p.put("jaas.options", new String[]{"key3=val3", "key4=val4", "key0=valNew"});
	config.update(p);

	delay();

	//2. Validate the login passes with this config. LoginModule would validate
	//the config also
	CallbackHandler handler = new SimpleCallbackHandler("foo","foo");
	Configuration jaasConfig = Configuration.getInstance("JavaLoginConfig",null,"FelixJaasProvider");

	Subject s = new Subject();
	final ClassLoader cl = Thread.currentThread().getContextClassLoader();
	try
	{
	Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
	LoginContext lc = new LoginContext(realmName,s,handler,jaasConfig);
	lc.login();
	}
	finally
	{
	Thread.currentThread().setContextClassLoader(cl);
	}

	assertFalse(s.getPrincipals().isEmpty());
	}


	@Test
	public void testJaasConfigOrderedViaRanking() throws Exception {
	String realmName = name.getMethodName();
	List<Integer> ranks = Arrays.asList(1,2,3,4,5,6);
	Collections.shuffle(ranks);

	//1. Create LoginModule config with random rankings
	for(Integer i : ranks)
	{
	org.osgi.service.cm.Configuration config =
	ca.createFactoryConfiguration("org.apache.felix.jaas.Configuration.factory",null);
	Dictionary<String,Object> p = new Hashtable<String, Object>();
	p.put("jaas.classname","org.apache.felix.jaas.integration.sample1.ConfigLoginModule");
	p.put("jaas.realmName", realmName);
	p.put("jaas.ranking", i);
	p.put("order", i);

	config.update(p);
	}

	delay();

	Configuration jaasConfig = Configuration.getInstance("JavaLoginConfig",null,"FelixJaasProvider");
	AppConfigurationEntry[] entries = jaasConfig.getAppConfigurationEntry(realmName);

	assertEquals("No of entries does not match the no of created",ranks.size(),entries.length);

	//Entries would be sorted via ranking. Higher ranking comes first
	int ranking = 6;
	for(AppConfigurationEntry e : entries){
	Integer order = (Integer) e.getOptions().get("order");
	assertEquals(ranking--,order.intValue());
	}

	}

	@Test
	public void testJaasConfigWithEmptyRealm() throws Exception {
	String realmName = name.getMethodName();

	//Scenario 1 - Create a config with no realm name set. So its default name would
	//be set to the defaultRealmName setting of ConfigurationSpi. Which defaults to 'other'
	org.osgi.service.cm.Configuration config =
	ca.createFactoryConfiguration("org.apache.felix.jaas.Configuration.factory",null);
	Dictionary<String,Object> dict = new Hashtable<String, Object>();
	dict.put("jaas.classname", "org.apache.felix.jaas.integration.sample1.ConfigLoginModule");

	config.update(dict);
	delay();

	CallbackHandler handler = new SimpleCallbackHandler("foo","foo");

	Subject s = new Subject();
	LoginContext lc = loginContextFactory.createLoginContext(realmName, s, handler);
	lc.login();

	assertFalse(s.getPrincipals().isEmpty());


	//Scenario 2 - Now we change the default realm name to 'default' and we do not have any login module which
	//is bound to 'other' as they get part of 'default'. In this case login should fail
	org.osgi.service.cm.Configuration config2 = ca.getConfiguration("org.apache.felix.jaas.ConfigurationSpi",null);
	Properties p2 = new Properties();
	p2.setProperty("jaas.defaultRealmName","default");
	config2.update(p2);
	delay();

	try{
	Subject s2 = new Subject();
	LoginContext lc2 = loginContextFactory.createLoginContext(realmName, s2, handler);
	lc2.login();
	fail("Should have failed as no LoginModule bound with 'other'");
	}catch(LoginException e){

	}
	}

	}