You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by aj...@apache.org on 2008/04/01 05:51:23 UTC
svn commit: r643265 - in
/incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login:
AnonymousLoginModuleTest.java CookieAssertionLoginModuleTest.java
UserDatabaseLoginModuleTest.java WebContainerLoginModuleTest.java
Author: ajaquith
Date: Mon Mar 31 20:51:22 2008
New Revision: 643265
URL: http://svn.apache.org/viewvc?rev=643265&view=rev
Log:
Re-factored the authentication subsystem to remove the need for JAAS configuration files. WEB-INF/jspwiki.jaas goes away, as does the need for PolicyLoader. Also, responsibilities for web authentication move to WikiServletFilter. Authentication is now configured via jspwiki.properties -- see that file for details. WikiSession API change: getLoginContext() vanishes.
Modified:
incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/AnonymousLoginModuleTest.java
incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/CookieAssertionLoginModuleTest.java
incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/UserDatabaseLoginModuleTest.java
incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/WebContainerLoginModuleTest.java
Modified: incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/AnonymousLoginModuleTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/AnonymousLoginModuleTest.java?rev=643265&r1=643264&r2=643265&view=diff
==============================================================================
--- incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/AnonymousLoginModuleTest.java (original)
+++ incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/AnonymousLoginModuleTest.java Mon Mar 31 20:51:22 2008
@@ -1,12 +1,33 @@
+/*
+ JSPWiki - a JSP-based WikiWiki clone.
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+ */
package com.ecyrd.jspwiki.auth.login;
+import java.util.HashMap;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
import junit.framework.TestCase;
@@ -42,13 +63,15 @@
{
// Test using IP address (AnonymousLoginModule succeeds)
CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request, authorizer );
- LoginContext context = new LoginContext( "JSPWiki-container", subject, handler );
- context.login();
+ LoginModule module = new AnonymousLoginModule();
+ module.initialize(subject, handler, new HashMap(), new HashMap());
+ module.login();
+ module.commit();
Set principals = subject.getPrincipals();
- assertEquals( 3, principals.size() );
+ assertEquals( 1, principals.size() );
assertTrue( principals.contains( new WikiPrincipal( "53.33.128.9" ) ) );
- assertTrue( principals.contains( Role.ANONYMOUS ) );
- assertTrue( principals.contains( Role.ALL ) );
+ assertFalse( principals.contains( Role.ANONYMOUS ) );
+ assertFalse( principals.contains( Role.ALL ) );
}
catch( LoginException e )
{
@@ -64,14 +87,16 @@
try
{
CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request, authorizer );
- LoginContext context = new LoginContext( "JSPWiki-container", subject, handler );
- context.login();
+ LoginModule module = new AnonymousLoginModule();
+ module.initialize(subject, handler, new HashMap(), new HashMap());
+ module.login();
+ module.commit();
Set principals = subject.getPrincipals();
- assertEquals( 3, principals.size() );
+ assertEquals( 1, principals.size() );
assertTrue( principals.contains( new WikiPrincipal( "53.33.128.9" ) ) );
- assertTrue( principals.contains( Role.ANONYMOUS ) );
- assertTrue( principals.contains( Role.ALL ) );
- context.logout();
+ assertFalse( principals.contains( Role.ANONYMOUS ) );
+ assertFalse( principals.contains( Role.ALL ) );
+ module.logout();
assertEquals( 0, principals.size() );
}
catch( LoginException e )
Modified: incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/CookieAssertionLoginModuleTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/CookieAssertionLoginModuleTest.java?rev=643265&r1=643264&r2=643265&view=diff
==============================================================================
--- incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/CookieAssertionLoginModuleTest.java (original)
+++ incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/CookieAssertionLoginModuleTest.java Mon Mar 31 20:51:22 2008
@@ -1,12 +1,33 @@
+/*
+ JSPWiki - a JSP-based WikiWiki clone.
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+ */
package com.ecyrd.jspwiki.auth.login;
+import java.util.HashMap;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
import javax.servlet.http.Cookie;
import junit.framework.TestCase;
@@ -16,7 +37,6 @@
import com.ecyrd.jspwiki.TestEngine;
import com.ecyrd.jspwiki.TestHttpServletRequest;
import com.ecyrd.jspwiki.WikiEngine;
-import com.ecyrd.jspwiki.auth.AuthenticationManager;
import com.ecyrd.jspwiki.auth.Authorizer;
import com.ecyrd.jspwiki.auth.WikiPrincipal;
import com.ecyrd.jspwiki.auth.authorize.Role;
@@ -43,21 +63,22 @@
try
{
// We can use cookies right?
- assertTrue( AuthenticationManager.allowsCookieAssertions() );
+ assertTrue( m_engine.getAuthenticationManager().allowsCookieAssertions() );
// Test using Cookie and IP address (AnonymousLoginModule succeeds)
Cookie cookie = new Cookie( CookieAssertionLoginModule.PREFS_COOKIE_NAME, "Bullwinkle" );
- request.setCookies( new Cookie[]
- { cookie } );
+ request.setCookies( new Cookie[] { cookie } );
subject = new Subject();
CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request, authorizer );
- LoginContext context = new LoginContext( "JSPWiki-container", subject, handler );
- context.login();
+ LoginModule module = new CookieAssertionLoginModule();
+ module.initialize(subject, handler, new HashMap(), new HashMap());
+ module.login();
+ module.commit();
Set principals = subject.getPrincipals();
- assertEquals( 3, principals.size() );
+ assertEquals( 1, principals.size() );
assertTrue( principals.contains( new WikiPrincipal( "Bullwinkle" ) ) );
- assertTrue( principals.contains( Role.ASSERTED ) );
- assertTrue( principals.contains( Role.ALL ) );
+ assertFalse( principals.contains( Role.ASSERTED ) );
+ assertFalse( principals.contains( Role.ALL ) );
}
catch( LoginException e )
{
@@ -70,17 +91,21 @@
{
TestHttpServletRequest request = new TestHttpServletRequest();
request.setRemoteAddr( "53.33.128.9" );
+ Cookie cookie = new Cookie( CookieAssertionLoginModule.PREFS_COOKIE_NAME, "Bullwinkle" );
+ request.setCookies( new Cookie[] { cookie } );
try
{
CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request, authorizer );
- LoginContext context = new LoginContext( "JSPWiki-container", subject, handler );
- context.login();
+ LoginModule module = new CookieAssertionLoginModule();
+ module.initialize(subject, handler, new HashMap(), new HashMap());
+ module.login();
+ module.commit();
Set principals = subject.getPrincipals();
- assertEquals( 3, principals.size() );
- assertTrue( principals.contains( new WikiPrincipal( "53.33.128.9" ) ) );
- assertTrue( principals.contains( Role.ANONYMOUS ) );
- assertTrue( principals.contains( Role.ALL ) );
- context.logout();
+ assertEquals( 1, principals.size() );
+ assertTrue( principals.contains( new WikiPrincipal( "Bullwinkle" ) ) );
+ assertFalse( principals.contains( Role.ANONYMOUS ) );
+ assertFalse( principals.contains( Role.ALL ) );
+ module.logout();
assertEquals( 0, principals.size() );
}
catch( LoginException e )
Modified: incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/UserDatabaseLoginModuleTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/UserDatabaseLoginModuleTest.java?rev=643265&r1=643264&r2=643265&view=diff
==============================================================================
--- incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/UserDatabaseLoginModuleTest.java (original)
+++ incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/UserDatabaseLoginModuleTest.java Mon Mar 31 20:51:22 2008
@@ -1,12 +1,33 @@
+/*
+ JSPWiki - a JSP-based WikiWiki clone.
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+ */
package com.ecyrd.jspwiki.auth.login;
+import java.util.HashMap;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
import junit.framework.TestCase;
@@ -33,24 +54,28 @@
{
// Log in with a user that isn't in the database
CallbackHandler handler = new WikiCallbackHandler( db, "user", "password" );
- LoginContext context = new LoginContext( "JSPWiki-custom", subject, handler );
- context.login();
+ LoginModule module = new UserDatabaseLoginModule();
+ module.initialize(subject, handler, new HashMap(), new HashMap());
+ module.login();
+ module.commit();
Set principals = subject.getPrincipals();
- assertEquals( 3, principals.size() );
- assertTrue( principals.contains( new PrincipalWrapper( new WikiPrincipal( "user", WikiPrincipal.LOGIN_NAME ) ) ) );
- assertTrue( principals.contains( Role.AUTHENTICATED ) );
- assertTrue( principals.contains( Role.ALL ) );
+ assertEquals( 1, principals.size() );
+ assertTrue( principals.contains( new WikiPrincipal( "user", WikiPrincipal.LOGIN_NAME ) ) );
+ assertFalse( principals.contains( Role.AUTHENTICATED ) );
+ assertFalse( principals.contains( Role.ALL ) );
- // Login with a user that IS in the databasse
+ // Login with a user that IS in the database
subject = new Subject();
handler = new WikiCallbackHandler( db, "janne", "myP@5sw0rd" );
- context = new LoginContext( "JSPWiki-custom", subject, handler );
- context.login();
+ module = new UserDatabaseLoginModule();
+ module.initialize(subject, handler, new HashMap(), new HashMap());
+ module.login();
+ module.commit();
principals = subject.getPrincipals();
- assertEquals( 3, principals.size() );
- assertTrue( principals.contains( new PrincipalWrapper( new WikiPrincipal( "janne", WikiPrincipal.LOGIN_NAME ) ) ) );
- assertTrue( principals.contains( Role.AUTHENTICATED ) );
- assertTrue( principals.contains( Role.ALL ) );
+ assertEquals( 1, principals.size() );
+ assertTrue( principals.contains( new WikiPrincipal( "janne", WikiPrincipal.LOGIN_NAME ) ) );
+ assertFalse( principals.contains( Role.AUTHENTICATED ) );
+ assertFalse( principals.contains( Role.ALL ) );
}
catch( LoginException e )
{
@@ -64,14 +89,16 @@
try
{
CallbackHandler handler = new WikiCallbackHandler( db, "user", "password" );
- LoginContext context = new LoginContext( "JSPWiki-custom", subject, handler );
- context.login();
+ LoginModule module = new UserDatabaseLoginModule();
+ module.initialize(subject, handler, new HashMap(), new HashMap());
+ module.login();
+ module.commit();
Set principals = subject.getPrincipals();
- assertEquals( 3, principals.size() );
- assertTrue( principals.contains( new PrincipalWrapper( new WikiPrincipal( "user", WikiPrincipal.LOGIN_NAME ) ) ) );
- assertTrue( principals.contains( Role.AUTHENTICATED ) );
- assertTrue( principals.contains( Role.ALL ) );
- context.logout();
+ assertEquals( 1, principals.size() );
+ assertTrue( principals.contains( new WikiPrincipal( "user", WikiPrincipal.LOGIN_NAME ) ) );
+ assertFalse( principals.contains( Role.AUTHENTICATED ) );
+ assertFalse( principals.contains( Role.ALL ) );
+ module.logout();
assertEquals( 0, principals.size() );
}
catch( LoginException e )
Modified: incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/WebContainerLoginModuleTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/WebContainerLoginModuleTest.java?rev=643265&r1=643264&r2=643265&view=diff
==============================================================================
--- incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/WebContainerLoginModuleTest.java (original)
+++ incubator/jspwiki/trunk/tests/com/ecyrd/jspwiki/auth/login/WebContainerLoginModuleTest.java Mon Mar 31 20:51:22 2008
@@ -1,13 +1,34 @@
+/*
+ JSPWiki - a JSP-based WikiWiki clone.
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+ */
package com.ecyrd.jspwiki.auth.login;
import java.security.Principal;
+import java.util.HashMap;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
import junit.framework.TestCase;
@@ -38,52 +59,59 @@
public final void testLogin()
{
Principal principal = new WikiPrincipal( "Andrew Jaquith" );
- Principal wrapper = new PrincipalWrapper( principal );
TestHttpServletRequest request = new TestHttpServletRequest();
request.setUserPrincipal( principal );
try
{
// Test using Principal (WebContainerLoginModule succeeds)
CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request, authorizer );
- LoginContext context = new LoginContext( "JSPWiki-container", subject, handler );
- context.login();
+ LoginModule module = new WebContainerLoginModule();
+ module.initialize(subject, handler, new HashMap(), new HashMap());
+ module.login();
+ module.commit();
Set principals = subject.getPrincipals();
- assertEquals( 3, principals.size() );
- assertTrue( principals.contains( wrapper ) );
+ assertEquals( 1, principals.size() );
+ assertTrue( principals.contains( principal ) );
assertFalse( principals.contains( Role.ANONYMOUS ) );
assertFalse( principals.contains( Role.ASSERTED ) );
- assertTrue( principals.contains( Role.AUTHENTICATED ) );
- assertTrue( principals.contains( Role.ALL ) );
+ assertFalse( principals.contains( Role.AUTHENTICATED ) );
+ assertFalse( principals.contains( Role.ALL ) );
// Test using remote user (WebContainerLoginModule succeeds)
subject = new Subject();
request = new TestHttpServletRequest();
request.setRemoteUser( "Andrew Jaquith" );
handler = new WebContainerCallbackHandler( m_engine, request, authorizer );
- context = new LoginContext( "JSPWiki-container", subject, handler );
- context.login();
+ module = new WebContainerLoginModule();
+ module.initialize(subject, handler, new HashMap(), new HashMap());
+ module.login();
+ module.commit();
principals = subject.getPrincipals();
- assertEquals( 3, principals.size() );
- assertTrue( principals.contains( wrapper ) );
+ assertEquals( 1, principals.size() );
+ assertTrue( principals.contains( principal ) );
assertFalse( principals.contains( Role.ANONYMOUS ) );
assertFalse( principals.contains( Role.ASSERTED ) );
- assertTrue( principals.contains( Role.AUTHENTICATED ) );
- assertTrue( principals.contains( Role.ALL ) );
+ assertFalse( principals.contains( Role.AUTHENTICATED ) );
+ assertFalse( principals.contains( Role.ALL ) );
// Test using IP address (AnonymousLoginModule succeeds)
subject = new Subject();
request = new TestHttpServletRequest();
request.setRemoteAddr( "53.33.128.9" );
handler = new WebContainerCallbackHandler( m_engine, request, authorizer );
- context = new LoginContext( "JSPWiki-container", subject, handler );
- context.login();
+ module = new WebContainerLoginModule();
+ module.initialize(subject, handler, new HashMap(), new HashMap());
+ try
+ {
+ module.login();
+ fail("Session with IP address successfully logged in; it should not have!");
+ }
+ catch (LoginException e)
+ {
+ // Good! This is what we expect.
+ }
principals = subject.getPrincipals();
- assertEquals( 3, principals.size() );
- assertFalse( principals.contains( principal ) );
- assertTrue( principals.contains( Role.ANONYMOUS ) );
- assertFalse( principals.contains( Role.ASSERTED ) );
- assertFalse( principals.contains( Role.AUTHENTICATED ) );
- assertTrue( principals.contains( Role.ALL ) );
+ assertEquals( 0, principals.size() );
}
catch( LoginException e )
{
@@ -96,22 +124,23 @@
{
// Create user with 2 container roles; TestAuthorizer knows about these
Principal principal = new WikiPrincipal( "Andrew Jaquith" );
- Principal wrapper = new PrincipalWrapper( principal );
TestHttpServletRequest request = new TestHttpServletRequest();
request.setUserPrincipal( principal );
request.setRoles( new String[] { "IT", "Engineering" } );
// Test using Principal (WebContainerLoginModule succeeds)
CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request, authorizer );
- LoginContext context = new LoginContext( "JSPWiki-container", subject, handler );
- context.login();
+ LoginModule module = new WebContainerLoginModule();
+ module.initialize(subject, handler, new HashMap(), new HashMap());
+ module.login();
+ module.commit();
Set principals = subject.getPrincipals();
- assertEquals( 5, principals.size() );
- assertTrue( principals.contains( wrapper ) );
+ assertEquals( 3, principals.size() );
+ assertTrue( principals.contains( principal ) );
assertFalse( principals.contains( Role.ANONYMOUS ) );
assertFalse( principals.contains( Role.ASSERTED ) );
- assertTrue( principals.contains( Role.AUTHENTICATED ) );
- assertTrue( principals.contains( Role.ALL ) );
+ assertFalse( principals.contains( Role.AUTHENTICATED ) );
+ assertFalse( principals.contains( Role.ALL ) );
assertTrue( principals.contains( new Role( "IT" ) ) );
assertTrue( principals.contains( new Role( "Engineering" ) ) );
}
@@ -119,20 +148,21 @@
public final void testLogout()
{
Principal principal = new WikiPrincipal( "Andrew Jaquith" );
- Principal wrapper = new PrincipalWrapper( principal );
TestHttpServletRequest request = new TestHttpServletRequest();
request.setUserPrincipal( principal );
try
{
CallbackHandler handler = new WebContainerCallbackHandler( m_engine, request, authorizer );
- LoginContext context = new LoginContext( "JSPWiki-container", subject, handler );
- context.login();
+ LoginModule module = new WebContainerLoginModule();
+ module.initialize(subject, handler, new HashMap(), new HashMap());
+ module.login();
+ module.commit();
Set principals = subject.getPrincipals();
- assertEquals( 3, principals.size() );
- assertTrue( principals.contains( wrapper ) );
- assertTrue( principals.contains( Role.AUTHENTICATED ) );
- assertTrue( principals.contains( Role.ALL ) );
- context.logout();
+ assertEquals( 1, principals.size() );
+ assertTrue( principals.contains( principal ) );
+ assertFalse( principals.contains( Role.AUTHENTICATED ) );
+ assertFalse( principals.contains( Role.ALL ) );
+ module.logout();
assertEquals( 0, principals.size() );
}
catch( LoginException e )