You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2017/02/28 18:26:52 UTC
svn commit: r1784790 - in
/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication:
AbstractLoginModuleTest.java GuestLoginModuleTest.java
ThrowingCallbackHandler.java
Author: angela
Date: Tue Feb 28 18:26:52 2017
New Revision: 1784790
URL: http://svn.apache.org/viewvc?rev=1784790&view=rev
Log:
OAK-5793 : Improve coverage for security code in oak-core (wip)
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/ThrowingCallbackHandler.java
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModuleTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModuleTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModuleTest.java?rev=1784790&r1=1784789&r2=1784790&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModuleTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModuleTest.java Tue Feb 28 18:26:52 2017
@@ -16,8 +16,10 @@
*/
package org.apache.jackrabbit.oak.spi.security.authentication;
+import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
+import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
@@ -26,33 +28,95 @@ import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.Query;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.CredentialsCallback;
+import org.apache.jackrabbit.oak.spi.security.authentication.callback.PrincipalProviderCallback;
+import org.apache.jackrabbit.oak.spi.security.authentication.callback.UserManagerCallback;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.TestPrincipalProvider;
import org.junit.Test;
import static junit.framework.Assert.assertEquals;
import static junit.framework.Assert.assertNull;
import static junit.framework.Assert.assertTrue;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertSame;
/**
* AbstractLoginModuleTest...
*/
public class AbstractLoginModuleTest {
- private AbstractLoginModule initLoginModule(Class supportedCredentials, Map sharedState) {
+ private static AbstractLoginModule initLoginModule(Class supportedCredentials, Map sharedState) {
AbstractLoginModule lm = new TestLoginModule(supportedCredentials);
lm.initialize(new Subject(), null, sharedState, null);
return lm;
}
- private AbstractLoginModule initLoginModule(Class supportedCredentials, CallbackHandler cbh) {
+ private static AbstractLoginModule initLoginModule(Class supportedCredentials, CallbackHandler cbh) {
AbstractLoginModule lm = new TestLoginModule(supportedCredentials);
lm.initialize(new Subject(), cbh, Collections.<String, Object>emptyMap(), null);
return lm;
}
@Test
+ public void testLogout() throws LoginException {
+ AbstractLoginModule loginModule = initLoginModule(TestCredentials.class, ImmutableMap.of());
+
+ assertFalse(loginModule.logout());
+ }
+
+ @Test
+ public void testLogoutSuccess() throws LoginException {
+ Subject subject = new Subject(false, ImmutableSet.<Principal>of(new PrincipalImpl("pName")), ImmutableSet.of(new TestCredentials()), ImmutableSet.of());
+
+ AbstractLoginModule loginModule = new TestLoginModule(TestCredentials.class);
+ loginModule.initialize(subject, null, ImmutableMap.<String, Object>of(), null);
+
+ assertTrue(loginModule.logout());
+
+ assertTrue(subject.getPublicCredentials().isEmpty());
+ assertTrue(subject.getPrincipals().isEmpty());
+ }
+
+ @Test
+ public void testLogoutSuccess2() throws LoginException {
+ Subject subject = new Subject(true, ImmutableSet.<Principal>of(new PrincipalImpl("pName")), ImmutableSet.of(new TestCredentials()), ImmutableSet.of());
+
+ AbstractLoginModule loginModule = new TestLoginModule(TestCredentials.class);
+ loginModule.initialize(subject, null, ImmutableMap.<String, Object>of(), null);
+
+ assertTrue(loginModule.logout());
+
+ assertFalse(subject.getPublicCredentials().isEmpty());
+ assertFalse(subject.getPrincipals().isEmpty());
+ }
+
+ @Test
+ public void testAbort() throws LoginException {
+ AbstractLoginModule loginModule = initLoginModule(TestCredentials.class, ImmutableMap.of());
+
+ assertTrue(loginModule.abort());
+
+ loginModule.login();
+ assertTrue(loginModule.abort());
+ }
+
+ @Test
public void testGetSharedLoginName() {
Map<String, String> sharedState = new HashMap<String, String>();
@@ -112,6 +176,30 @@ public class AbstractLoginModuleTest {
}
@Test
+ public void testGetCredentialsFromSubject() {
+ Subject subject = new Subject();
+
+
+ subject.getPublicCredentials().add(new TestCredentials());
+
+ AbstractLoginModule lm = new TestLoginModule(TestCredentials.class);
+ lm.initialize(subject, null, ImmutableMap.<String, Object>of(), null);
+
+ assertTrue(lm.getCredentials() instanceof TestCredentials);
+ }
+
+ @Test
+ public void testGetCredentialsFromSubjectWrongClass() {
+ Subject subject = new Subject();
+ subject.getPublicCredentials().add(new SimpleCredentials("userid", new char[0]));
+
+ AbstractLoginModule lm = new TestLoginModule(TestCredentials.class);
+ lm.initialize(subject, null, ImmutableMap.<String, Object>of(), null);
+
+ assertNull(lm.getCredentials());
+ }
+
+ @Test
public void testGetCredentialsFromCallbackHandler() {
CallbackHandler cbh = new CallbackHandler() {
@Override
@@ -131,11 +219,153 @@ public class AbstractLoginModuleTest {
assertNull(lm.getCredentials());
}
+ @Test
+ public void testGetCredentialsIOException() {
+ AbstractLoginModule lm = initLoginModule(TestCredentials.class, new ThrowingCallbackHandler(true));
+ assertNull(lm.getCredentials());
+ }
+
+ @Test
+ public void testGetCredentialsUnsupportedCallbackException() {
+ AbstractLoginModule lm = initLoginModule(TestCredentials.class, new ThrowingCallbackHandler(false));
+ assertNull(lm.getCredentials());
+ }
+
+ @Test
+ public void testGetSharedPreAuthLoginEmptySharedState() {
+ AbstractLoginModule loginModule = initLoginModule(TestCredentials.class, ImmutableMap.of());
+ assertNull(loginModule.getSharedPreAuthLogin());
+ }
+
+ @Test
+ public void testGetSharedPreAuthLogin() {
+ Map<String, PreAuthenticatedLogin> sharedState = new HashMap();
+ AbstractLoginModule loginModule = initLoginModule(TestCredentials.class, sharedState);
+
+ PreAuthenticatedLogin preAuthenticatedLogin = new PreAuthenticatedLogin("userId");
+ sharedState.put(AbstractLoginModule.SHARED_KEY_PRE_AUTH_LOGIN, preAuthenticatedLogin);
+
+ assertSame(preAuthenticatedLogin, loginModule.getSharedPreAuthLogin());
+ }
+
+ @Test
+ public void testGetSharedPreAuthLoginWrongEntry() {
+ Map sharedState = new HashMap();
+ AbstractLoginModule loginModule = initLoginModule(TestCredentials.class, sharedState);
+
+ sharedState.put(AbstractLoginModule.SHARED_KEY_PRE_AUTH_LOGIN, "wrongType");
+
+ assertNull(loginModule.getSharedPreAuthLogin());
+ }
+
+ @Test
+ public void testGetUserManagerFromCallback() {
+ AbstractLoginModule loginModule = initLoginModule(TestCredentials.class, new TestCallbackHandler(new TestUserManager()));
+
+ assertNotNull(loginModule.getUserManager());
+ }
+
+ @Test
+ public void testGetUserManagerFromIncompleteCallback() {
+ AbstractLoginModule loginModule = initLoginModule(TestCredentials.class, new TestCallbackHandler());
+
+ assertNull(loginModule.getUserManager());
+ }
+
+ @Test
+ public void testGetUserManagerIOException() {
+ AbstractLoginModule loginModule = initLoginModule(TestCredentials.class, new ThrowingCallbackHandler(true));
+
+ assertNull(loginModule.getUserManager());
+ }
+
+ @Test
+ public void testGetUserManagerUnsupportedCallbackException() {
+ AbstractLoginModule loginModule = initLoginModule(TestCredentials.class, new ThrowingCallbackHandler(false));
+
+ assertNull(loginModule.getUserManager());
+ }
+
+ @Test
+ public void testGetPrincipalProviderFromCallback() {
+ AbstractLoginModule loginModule = initLoginModule(TestCredentials.class, new TestCallbackHandler(new TestPrincipalProvider()));
+
+ assertNotNull(loginModule.getPrincipalProvider());
+ }
+
+ @Test
+ public void testGetPrincipalProviderFromIncompleteCallback() {
+ AbstractLoginModule loginModule = initLoginModule(TestCredentials.class, new TestCallbackHandler());
+
+ assertNull(loginModule.getPrincipalProvider());
+ }
+
+ @Test
+ public void testGetPrincipalProviderIOException() {
+ AbstractLoginModule loginModule = initLoginModule(TestCredentials.class, new ThrowingCallbackHandler(true));
+
+ assertNull(loginModule.getPrincipalProvider());
+ }
+
+ @Test
+ public void testGetPrincipalProviderUnsupportedCallbackException() {
+ AbstractLoginModule loginModule = initLoginModule(TestCredentials.class, new ThrowingCallbackHandler(false));
+
+ assertNull(loginModule.getPrincipalProvider());
+ }
+
+ @Test
+ public void testGetPrincipals() {
+ PrincipalProvider principalProvider = new TestPrincipalProvider();
+
+ AbstractLoginModule loginModule = initLoginModule(TestCredentials.class, new TestCallbackHandler(principalProvider));
+
+ Principal principal = principalProvider.findPrincipals(PrincipalManager.SEARCH_TYPE_NOT_GROUP).next();
+ String userId = TestPrincipalProvider.getIDFromPrincipal(principal);
+ Set<? extends Principal> principals = loginModule.getPrincipals(userId);
+
+ assertFalse(principals.isEmpty());
+ assertEquals(principalProvider.getPrincipals(userId), principals);
+ }
+
+
+ @Test
+ public void testGetPrincipalsMissingProvider() {
+ AbstractLoginModule loginModule = initLoginModule(TestCredentials.class, new TestCallbackHandler());
+
+ Set<? extends Principal> principals = loginModule.getPrincipals("userId");
+ assertTrue(principals.isEmpty());
+ }
+
+ @Test
+ public void testSetAuthInfo() {
+ Subject subject = new Subject();
+ AuthInfo authInfo = new AuthInfoImpl("userid", null, null);
+
+ AbstractLoginModule.setAuthInfo(authInfo, subject);
+ Set<AuthInfo> fromSubject = subject.getPublicCredentials(AuthInfo.class);
+ assertEquals(1, fromSubject.size());
+ assertSame(authInfo, fromSubject.iterator().next());
+ }
+
+ @Test
+ public void testSetAuthInfoPreExisting() {
+ Subject subject = new Subject();
+ subject.getPublicCredentials().add(new AuthInfoImpl(null, null, null));
+
+ AuthInfo authInfo = new AuthInfoImpl("userid", null, null);
+
+ AbstractLoginModule.setAuthInfo(authInfo, subject);
+ Set<AuthInfo> fromSubject = subject.getPublicCredentials(AuthInfo.class);
+ assertEquals(1, fromSubject.size());
+ assertSame(authInfo, fromSubject.iterator().next());
+ }
+
//--------------------------------------------------------------------------
private final class TestCredentials implements Credentials {}
- private final class TestLoginModule extends AbstractLoginModule {
+ private static final class TestLoginModule extends AbstractLoginModule {
private Class supportedCredentialsClass;
@@ -159,4 +389,119 @@ public class AbstractLoginModuleTest {
return true;
}
}
+
+ private final class TestCallbackHandler implements CallbackHandler {
+
+ private UserManager userManager = null;
+ private PrincipalProvider principalProvider = null;
+
+ private TestCallbackHandler() {
+ }
+
+ private TestCallbackHandler(@Nonnull UserManager userManager) {
+ this.userManager = userManager;
+ }
+
+ private TestCallbackHandler(@Nonnull PrincipalProvider principalProvider) {
+ this.principalProvider = principalProvider;
+ }
+
+ @Override
+ public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
+ for (Callback cb : callbacks) {
+ if (cb instanceof PrincipalProviderCallback) {
+ ((PrincipalProviderCallback) cb).setPrincipalProvider(principalProvider);
+ } else if (cb instanceof UserManagerCallback) {
+ ((UserManagerCallback) cb).setUserManager(userManager);
+ } else {
+ throw new UnsupportedCallbackException(cb);
+ }
+ }
+
+ }
+
+ }
+
+ private final class TestUserManager implements UserManager {
+ @Override
+ public Authorizable getAuthorizable(String s) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public <T extends Authorizable> T getAuthorizable(String s, Class<T> aClass) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Authorizable getAuthorizable(Principal principal) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Authorizable getAuthorizableByPath(String s) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Iterator<Authorizable> findAuthorizables(String s, String s1) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Iterator<Authorizable> findAuthorizables(String s, String s1, int i) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Iterator<Authorizable> findAuthorizables(Query query) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public User createUser(String s, String s1) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public User createUser(String s, String s1, Principal principal, String s2) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public User createSystemUser(String s, String s1) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Group createGroup(String s) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Group createGroup(Principal principal) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Group createGroup(Principal principal, String s) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Group createGroup(String s, Principal principal, String s1) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public boolean isAutoSave() {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public void autoSave(boolean b) {
+ throw new UnsupportedOperationException();
+
+ }
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModuleTest.java?rev=1784790&r1=1784789&r2=1784790&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModuleTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModuleTest.java Tue Feb 28 18:26:52 2017
@@ -161,21 +161,4 @@ public class GuestLoginModuleTest {
}
}
- private class ThrowingCallbackHandler implements CallbackHandler {
-
- private boolean throwIOException;
-
- private ThrowingCallbackHandler(boolean throwIOException) {
- this.throwIOException = throwIOException;
- }
-
- @Override
- public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
- if (throwIOException) {
- throw new IOException();
- } else {
- throw new UnsupportedCallbackException(new Callback() {});
- }
- }
- }
}
\ No newline at end of file
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/ThrowingCallbackHandler.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/ThrowingCallbackHandler.java?rev=1784790&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/ThrowingCallbackHandler.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/ThrowingCallbackHandler.java Tue Feb 28 18:26:52 2017
@@ -0,0 +1,28 @@
+package org.apache.jackrabbit.oak.spi.security.authentication;
+
+import java.io.IOException;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+/**
+ * Created by angela on 28/02/17.
+ */
+class ThrowingCallbackHandler implements CallbackHandler {
+
+ private boolean throwIOException;
+
+ ThrowingCallbackHandler(boolean throwIOException) {
+ this.throwIOException = throwIOException;
+ }
+
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ if (throwIOException) {
+ throw new IOException();
+ } else {
+ throw new UnsupportedCallbackException(new Callback() {
+ });
+ }
+ }
+}