You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ro...@apache.org on 2012/08/24 17:33:05 UTC
svn commit: r1376968 [7/7] - in /qpid/trunk/qpid/java:
broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/config/
broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/
broker-plugins...
Modified: qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerRegistryTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerRegistryTest.java?rev=1376968&r1=1376967&r2=1376968&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerRegistryTest.java (original)
+++ qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/AuthenticationManagerRegistryTest.java Fri Aug 24 15:33:00 2012
@@ -35,6 +35,8 @@ import org.apache.qpid.server.configurat
import org.apache.qpid.server.plugins.Plugin;
import org.apache.qpid.server.plugins.PluginManager;
import org.apache.qpid.server.security.SecurityManager.SecurityConfiguration;
+import org.apache.qpid.server.security.SubjectCreator;
+import org.apache.qpid.server.security.group.GroupPrincipalAccessor;
import org.mockito.Mockito;
import junit.framework.TestCase;
@@ -49,6 +51,8 @@ public class AuthenticationManagerRegist
private List<AuthenticationManager> _allCreatedAuthManagers = new ArrayList<AuthenticationManager>();
+ private GroupPrincipalAccessor _groupPrincipalAccessor = mock(GroupPrincipalAccessor.class);;
+
@Override
protected void setUp() throws Exception
{
@@ -76,7 +80,7 @@ public class AuthenticationManagerRegist
when(_pluginManager.getAuthenticationManagerPlugins()).thenReturn(EMPTY_PLUGINMAP);
try
{
- new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager);
+ new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager, _groupPrincipalAccessor);
fail("Exception not thrown");
}
catch (ConfigurationException ce)
@@ -97,7 +101,7 @@ public class AuthenticationManagerRegist
try
{
- new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager);
+ new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager, _groupPrincipalAccessor);
fail("Exception not thrown");
}
catch (ConfigurationException ce)
@@ -120,7 +124,7 @@ public class AuthenticationManagerRegist
try
{
- new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager);
+ new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager, _groupPrincipalAccessor);
fail("Exception not thrown");
}
catch (ConfigurationException ce)
@@ -145,7 +149,7 @@ public class AuthenticationManagerRegist
try
{
- new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager);
+ new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager, _groupPrincipalAccessor);
fail("Exception not thrown");
}
catch (ConfigurationException ce)
@@ -170,7 +174,7 @@ public class AuthenticationManagerRegist
try
{
- new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager);
+ new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager, _groupPrincipalAccessor);
fail("Exception not thrown");
}
catch (ConfigurationException ce)
@@ -187,10 +191,10 @@ public class AuthenticationManagerRegist
when(_pluginManager.getAuthenticationManagerPlugins()).thenReturn(pluginMap);
- AuthenticationManagerRegistry registry = new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager);
+ AuthenticationManagerRegistry registry = new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager, _groupPrincipalAccessor);
- AuthenticationManager authenticationManager = registry.getAuthenticationManager(new InetSocketAddress(1234));
- assertEquals("TestAuthenticationManager1", authenticationManager.getMechanisms());
+ SubjectCreator subjectCreator = registry.getSubjectCreator(new InetSocketAddress(1234));
+ assertEquals("TestAuthenticationManager1", subjectCreator.getMechanisms());
registry.close();
}
@@ -202,10 +206,10 @@ public class AuthenticationManagerRegist
when(_pluginManager.getAuthenticationManagerPlugins()).thenReturn(pluginMap);
- AuthenticationManagerRegistry registry = new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager);
+ AuthenticationManagerRegistry registry = new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager, _groupPrincipalAccessor);
- AuthenticationManager authenticationManager = registry.getAuthenticationManager(mock(SocketAddress.class));
- assertEquals("TestAuthenticationManager1", authenticationManager.getMechanisms());
+ SubjectCreator subjectCreator = registry.getSubjectCreator(mock(SocketAddress.class));
+ assertEquals("TestAuthenticationManager1", subjectCreator.getMechanisms());
registry.close();
}
@@ -225,13 +229,13 @@ public class AuthenticationManagerRegist
when(_serverConfiguration.getDefaultAuthenticationManager()).thenReturn(defaultAuthManger);
when(_serverConfiguration.getPortAuthenticationMappings()).thenReturn(Collections.singletonMap(mappedPortNumber, mappedAuthManager));
- AuthenticationManagerRegistry registry = new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager);
+ AuthenticationManagerRegistry registry = new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager, _groupPrincipalAccessor);
- AuthenticationManager authenticationManager1 = registry.getAuthenticationManager(new InetSocketAddress(unmappedPortNumber));
- assertEquals("TestAuthenticationManager1", authenticationManager1.getMechanisms());
+ SubjectCreator subjectCreator = registry.getSubjectCreator(new InetSocketAddress(unmappedPortNumber));
+ assertEquals("TestAuthenticationManager1", subjectCreator.getMechanisms());
- AuthenticationManager authenticationManager2 = registry.getAuthenticationManager(new InetSocketAddress(mappedPortNumber));
- assertEquals("TestAuthenticationManager2", authenticationManager2.getMechanisms());
+ SubjectCreator subjectCreator2 = registry.getSubjectCreator(new InetSocketAddress(mappedPortNumber));
+ assertEquals("TestAuthenticationManager2", subjectCreator2.getMechanisms());
registry.close();
}
@@ -246,7 +250,7 @@ public class AuthenticationManagerRegist
when(_pluginManager.getAuthenticationManagerPlugins()).thenReturn(pluginMap);
when(_serverConfiguration.getDefaultAuthenticationManager()).thenReturn(defaultAuthManger);
- AuthenticationManagerRegistry registry = new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager);
+ AuthenticationManagerRegistry registry = new AuthenticationManagerRegistry(_serverConfiguration, _pluginManager, _groupPrincipalAccessor);
registry.close();
}
Modified: qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java?rev=1376968&r1=1376967&r2=1376968&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java (original)
+++ qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java Fri Aug 24 15:33:00 2012
@@ -18,6 +18,8 @@
*/
package org.apache.qpid.server.security.auth.manager;
+import static org.apache.qpid.server.security.auth.AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped;
+
import javax.security.auth.x500.X500Principal;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
@@ -25,6 +27,7 @@ import org.apache.commons.configuration.
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.XMLConfiguration;
import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
+
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase;
import org.apache.qpid.server.util.InternalBrokerBaseCase;
@@ -103,12 +106,12 @@ public class ExternalAuthenticationManag
assertEquals("Expected authentication to be successful",
AuthenticationResult.AuthenticationStatus.SUCCESS,
result.getStatus());
- assertEquals("Expected principal to be unchanged",
- principal,
- result.getSubject().getPrincipals().iterator().next());
+
+ assertOnlyContainsWrapped(principal, result.getPrincipals());
saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", null);
result = _manager.authenticate(saslServer, new byte[0]);
+
assertNotNull(result);
assertEquals("Expected authentication to be unsuccessful",
AuthenticationResult.AuthenticationStatus.ERROR,
Modified: qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java?rev=1376968&r1=1376967&r2=1376968&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java (original)
+++ qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java Fri Aug 24 15:33:00 2012
@@ -20,6 +20,8 @@
*/
package org.apache.qpid.server.security.auth.manager;
+import static org.apache.qpid.server.security.auth.AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped;
+
import org.apache.commons.configuration.CompositeConfiguration;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.XMLConfiguration;
@@ -28,10 +30,9 @@ import org.apache.qpid.server.configurat
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
import org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase;
-import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal;
+import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.util.InternalBrokerBaseCase;
-import javax.security.auth.Subject;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import java.io.BufferedWriter;
@@ -48,6 +49,7 @@ import java.security.Security;
*/
public class PrincipalDatabaseAuthenticationManagerTest extends InternalBrokerBaseCase
{
+ private static final UsernamePrincipal PRINCIPAL = new UsernamePrincipal("guest");
private AuthenticationManager _manager = null; // Class under test
private String TEST_USERNAME = "guest";
private String TEST_PASSWORD = "guest";
@@ -72,7 +74,7 @@ public class PrincipalDatabaseAuthentica
public void setUp() throws Exception
{
super.setUp();
-
+
final String passwdFilename = createPasswordFile().getCanonicalPath();
final ConfigurationPlugin config = getConfig(PlainPasswordFilePrincipalDatabase.class.getName(),
"passwordFile", passwdFilename);
@@ -121,7 +123,7 @@ public class PrincipalDatabaseAuthentica
{
try
{
- _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(getConfig(PlainPasswordFilePrincipalDatabase.class.getName(), "noMethod", "test"));
+ _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(getConfig(PlainPasswordFilePrincipalDatabase.class.getName(), "noMethod", "test"));
fail("Exception not thrown");
}
catch (ConfigurationException ce)
@@ -137,7 +139,7 @@ public class PrincipalDatabaseAuthentica
{
try
{
- _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(getConfig(PlainPasswordFilePrincipalDatabase.class.getName(), "passwordFile", "/not/found"));
+ _manager = PrincipalDatabaseAuthenticationManager.FACTORY.newInstance(getConfig(PlainPasswordFilePrincipalDatabase.class.getName(), "passwordFile", "/not/found"));
fail("Exception not thrown");
}
catch (ConfigurationException ce)
@@ -157,7 +159,7 @@ public class PrincipalDatabaseAuthentica
// relies on those mechanisms attached to PropertiesPrincipalDatabaseManager
assertEquals("AMQPLAIN PLAIN CRAM-MD5", _manager.getMechanisms());
- Provider qpidProvider = Security.getProvider(PrincipalDatabaseAuthenticationManager.PROVIDER_NAME);
+ Provider qpidProvider = Security.getProvider(AuthenticationManager.PROVIDER_NAME);
assertNotNull(qpidProvider);
}
@@ -172,49 +174,51 @@ public class PrincipalDatabaseAuthentica
// Merely tests the creation of the mechanism. Mechanisms themselves are tested
// by their own tests.
}
-
+
/**
* Tests that the authenticate method correctly interprets an
* authentication success.
- *
+ *
*/
public void testSaslAuthenticationSuccess() throws Exception
{
+
SaslServer testServer = createTestSaslServer(true, false);
-
+
AuthenticationResult result = _manager.authenticate(testServer, "12345".getBytes());
- final Subject subject = result.getSubject();
- assertTrue(subject.getPrincipals().contains(new UsernamePrincipal("guest")));
+
+ assertOnlyContainsWrapped(PRINCIPAL, result.getPrincipals());
assertEquals(AuthenticationStatus.SUCCESS, result.getStatus());
}
/**
- *
+ *
* Tests that the authenticate method correctly interprets an
* authentication not complete.
- *
+ *
*/
public void testSaslAuthenticationNotCompleted() throws Exception
{
SaslServer testServer = createTestSaslServer(false, false);
-
+
AuthenticationResult result = _manager.authenticate(testServer, "12345".getBytes());
- assertNull(result.getSubject());
+ assertEquals("Principals was not expected size", 0, result.getPrincipals().size());
+
assertEquals(AuthenticationStatus.CONTINUE, result.getStatus());
}
/**
- *
+ *
* Tests that the authenticate method correctly interprets an
* authentication error.
- *
+ *
*/
public void testSaslAuthenticationError() throws Exception
{
SaslServer testServer = createTestSaslServer(false, true);
-
+
AuthenticationResult result = _manager.authenticate(testServer, "12345".getBytes());
- assertNull(result.getSubject());
+ assertEquals("Principals was not expected size", 0, result.getPrincipals().size());
assertEquals(AuthenticationStatus.ERROR, result.getStatus());
}
@@ -226,9 +230,7 @@ public class PrincipalDatabaseAuthentica
public void testNonSaslAuthenticationSuccess() throws Exception
{
AuthenticationResult result = _manager.authenticate("guest", "guest");
- final Subject subject = result.getSubject();
- assertFalse("Subject should not be set read-only", subject.isReadOnly());
- assertTrue(subject.getPrincipals().contains(new UsernamePrincipal("guest")));
+ assertOnlyContainsWrapped(PRINCIPAL, result.getPrincipals());
assertEquals(AuthenticationStatus.SUCCESS, result.getStatus());
}
@@ -240,23 +242,23 @@ public class PrincipalDatabaseAuthentica
public void testNonSaslAuthenticationNotCompleted() throws Exception
{
AuthenticationResult result = _manager.authenticate("guest", "wrongpassword");
- assertNull(result.getSubject());
+ assertEquals("Principals was not expected size", 0, result.getPrincipals().size());
assertEquals(AuthenticationStatus.CONTINUE, result.getStatus());
}
-
+
/**
* Tests the ability to de-register the provider.
*/
public void testClose() throws Exception
{
assertEquals("AMQPLAIN PLAIN CRAM-MD5", _manager.getMechanisms());
- assertNotNull(Security.getProvider(PrincipalDatabaseAuthenticationManager.PROVIDER_NAME));
+ assertNotNull(Security.getProvider(AuthenticationManager.PROVIDER_NAME));
_manager.close();
// Check provider has been removed.
assertNull(_manager.getMechanisms());
- assertNull(Security.getProvider(PrincipalDatabaseAuthenticationManager.PROVIDER_NAME));
+ assertNull(Security.getProvider(AuthenticationManager.PROVIDER_NAME));
_manager = null;
}
@@ -343,7 +345,7 @@ public class PrincipalDatabaseAuthentica
writer = new BufferedWriter(new FileWriter(testFile));
writer.write(TEST_USERNAME + ":" + TEST_PASSWORD);
writer.newLine();
-
+
return testFile;
}
Modified: qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java?rev=1376968&r1=1376967&r2=1376968&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java (original)
+++ qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java Fri Aug 24 15:33:00 2012
@@ -20,20 +20,21 @@
*/
package org.apache.qpid.server.security.auth.rmi;
+import static org.mockito.Matchers.anyString;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.net.InetSocketAddress;
import java.security.Principal;
+
+import javax.security.auth.Subject;
+
import junit.framework.TestCase;
-import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
+import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
-import org.apache.qpid.server.security.auth.manager.AuthenticationManager;
-
-import javax.management.remote.JMXPrincipal;
-import javax.security.auth.Subject;
-import javax.security.sasl.SaslException;
-import javax.security.sasl.SaslServer;
-import java.net.InetSocketAddress;
-import java.util.Collections;
+import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
/**
* Tests the RMIPasswordAuthenticator and its collaboration with the AuthenticationManager.
@@ -41,6 +42,7 @@ import java.util.Collections;
*/
public class RMIPasswordAuthenticatorTest extends TestCase
{
+ private static final Subject SUBJECT = new Subject();
private final String USERNAME = "guest";
private final String PASSWORD = "guest";
private RMIPasswordAuthenticator _rmipa;
@@ -54,23 +56,14 @@ public class RMIPasswordAuthenticatorTes
}
/**
- * Tests a successful authentication. Ensures that a populated read-only subject it returned.
+ * Tests a successful authentication. Ensures that the expected subject is returned.
*/
public void testAuthenticationSuccess()
{
- final Subject expectedSubject = new Subject(true,
- Collections.singleton(new JMXPrincipal(USERNAME)),
- Collections.EMPTY_SET,
- Collections.EMPTY_SET);
-
- _rmipa.setAuthenticationManager(createTestAuthenticationManager(true, null));
-
+ _rmipa.setSubjectCreator(createMockSubjectCreator(true, null));
Subject newSubject = _rmipa.authenticate(_credentials);
- assertTrue("Subject must be readonly", newSubject.isReadOnly());
- assertTrue("Returned subject does not equal expected value",
- newSubject.equals(expectedSubject));
-
+ assertSame("Subject must be unchanged", SUBJECT, newSubject);
}
/**
@@ -78,7 +71,7 @@ public class RMIPasswordAuthenticatorTes
*/
public void testUsernameOrPasswordInvalid()
{
- _rmipa.setAuthenticationManager(createTestAuthenticationManager(false, null));
+ _rmipa.setSubjectCreator(createMockSubjectCreator(false, null));
try
{
@@ -99,7 +92,7 @@ public class RMIPasswordAuthenticatorTes
public void testAuthenticationFailure()
{
final Exception mockAuthException = new Exception("Mock Auth system failure");
- _rmipa.setAuthenticationManager(createTestAuthenticationManager(false, mockAuthException));
+ _rmipa.setSubjectCreator(createMockSubjectCreator(false, mockAuthException));
try
{
@@ -118,7 +111,7 @@ public class RMIPasswordAuthenticatorTes
*/
public void testNullAuthenticationManager() throws Exception
{
- _rmipa.setAuthenticationManager(null);
+ _rmipa.setSubjectCreator(null);
try
{
_rmipa.authenticate(_credentials);
@@ -209,55 +202,30 @@ public class RMIPasswordAuthenticatorTes
}
}
- private AuthenticationManager createTestAuthenticationManager(final boolean successfulAuth, final Exception exception)
+ private SubjectCreator createMockSubjectCreator(final boolean successfulAuth, final Exception exception)
{
- return new AuthenticationManager()
+ SubjectCreator subjectCreator = mock(SubjectCreator.class);
+
+ SubjectAuthenticationResult subjectAuthenticationResult;
+
+ if (exception != null) {
+
+ subjectAuthenticationResult = new SubjectAuthenticationResult(
+ new AuthenticationResult(AuthenticationStatus.ERROR, exception));
+ }
+ else if (successfulAuth)
{
- public void configure(ConfigurationPlugin config)
- {
- throw new UnsupportedOperationException();
- }
-
- public void initialise()
- {
- throw new UnsupportedOperationException();
- }
-
- public void close()
- {
- throw new UnsupportedOperationException();
- }
-
- public String getMechanisms()
- {
- throw new UnsupportedOperationException();
- }
-
- public SaslServer createSaslServer(String mechanism, String localFQDN, Principal externalPrincipal) throws SaslException
- {
- throw new UnsupportedOperationException();
- }
-
- public AuthenticationResult authenticate(SaslServer server, byte[] response)
- {
- throw new UnsupportedOperationException();
- }
-
- public AuthenticationResult authenticate(String username, String password)
- {
- if (exception != null) {
- return new AuthenticationResult(AuthenticationStatus.ERROR, exception);
- }
- else if (successfulAuth)
- {
- return new AuthenticationResult(new Subject());
- }
- else
- {
- return new AuthenticationResult(AuthenticationStatus.CONTINUE);
- }
- }
- };
+ subjectAuthenticationResult = new SubjectAuthenticationResult(
+ new AuthenticationResult(mock(Principal.class)), SUBJECT);
+ }
+ else
+ {
+ subjectAuthenticationResult = new SubjectAuthenticationResult(new AuthenticationResult(AuthenticationStatus.CONTINUE));
+ }
+
+ when(subjectCreator.authenticate(anyString(), anyString())).thenReturn(subjectAuthenticationResult);
+
+ return subjectCreator;
}
}
Added: qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/FileGroupDatabaseTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/FileGroupDatabaseTest.java?rev=1376968&view=auto
==============================================================================
--- qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/FileGroupDatabaseTest.java (added)
+++ qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/FileGroupDatabaseTest.java Fri Aug 24 15:33:00 2012
@@ -0,0 +1,456 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.server.security.group;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.util.Properties;
+import java.util.Set;
+
+import org.apache.qpid.server.security.group.FileGroupDatabase;
+
+import junit.framework.TestCase;
+
+public class FileGroupDatabaseTest extends TestCase
+{
+ private static final String USER1 = "user1";
+ private static final String USER2 = "user2";
+ private static final String USER3 = "user3";
+
+ private static final String MY_GROUP = "myGroup";
+ private static final String MY_GROUP2 = "myGroup2";
+ private static final String MY_GROUP1 = "myGroup1";
+
+ private FileGroupDatabase _groupDatabase = new FileGroupDatabase();
+ private String _groupFile;
+
+ public void testGetAllGroups() throws Exception
+ {
+ writeAndSetGroupFile("myGroup.users", USER1);
+
+ Set<String> groups = _groupDatabase.getAllGroups();
+ assertEquals(1, groups.size());
+ assertTrue(groups.contains(MY_GROUP));
+ }
+
+ public void testGetAllGroupsWhenGroupFileEmpty() throws Exception
+ {
+ _groupDatabase.setGroupFile(_groupFile);
+
+ Set<String> groups = _groupDatabase.getAllGroups();
+ assertEquals(0, groups.size());
+ }
+
+ public void testMissingGroupFile() throws Exception
+ {
+ try
+ {
+ _groupDatabase.setGroupFile("/not/a/file");
+ fail("Exception not thrown");
+ }
+ catch (FileNotFoundException fnfe)
+ {
+ // PASS
+ }
+ }
+
+ public void testInvalidFormat() throws Exception
+ {
+ writeGroupFile("name.notvalid", USER1);
+
+ try
+ {
+ _groupDatabase.setGroupFile(_groupFile);
+ fail("Exception not thrown");
+ }
+ catch (IllegalArgumentException gde)
+ {
+ // PASS
+ }
+ }
+
+ public void testGetUsersInGroup() throws Exception
+ {
+ writeGroupFile("myGroup.users", "user1,user2,user3");
+
+ _groupDatabase.setGroupFile(_groupFile);
+
+ Set<String> users = _groupDatabase.getUsersInGroup(MY_GROUP);
+ assertNotNull(users);
+ assertEquals(3, users.size());
+ }
+
+ public void testDuplicateUsersInGroupAreConflated() throws Exception
+ {
+ writeAndSetGroupFile("myGroup.users", "user1,user1,user3,user1");
+
+ Set<String> users = _groupDatabase.getUsersInGroup(MY_GROUP);
+ assertNotNull(users);
+ assertEquals(2, users.size());
+ }
+
+ public void testGetUsersWithEmptyGroup() throws Exception
+ {
+ writeAndSetGroupFile("myGroup.users", "");
+
+ Set<String> users = _groupDatabase.getUsersInGroup(MY_GROUP);
+ assertNotNull(users);
+ assertTrue(users.isEmpty());
+ }
+
+ public void testGetUsersInNonExistentGroup() throws Exception
+ {
+ writeAndSetGroupFile("myGroup.users", "user1,user2,user3");
+
+ Set<String> users = _groupDatabase.getUsersInGroup("groupDoesntExist");
+ assertNotNull(users);
+ assertTrue(users.isEmpty());
+ }
+
+ public void testGetUsersInNullGroup() throws Exception
+ {
+ writeAndSetGroupFile();
+ assertTrue(_groupDatabase.getUsersInGroup(null).isEmpty());
+ }
+
+ public void testGetGroupPrincipalsForUserWhenUserBelongsToOneGroup() throws Exception
+ {
+ writeAndSetGroupFile("myGroup.users", "user1,user2");
+ Set<String> groups = _groupDatabase.getGroupsForUser(USER1);
+ assertEquals(1, groups.size());
+ assertTrue(groups.contains(MY_GROUP));
+ }
+
+ public void testGetGroupPrincipalsForUserWhenUserBelongsToTwoGroup() throws Exception
+ {
+ writeAndSetGroupFile("myGroup1.users", "user1,user2",
+ "myGroup2.users", "user1,user3");
+ Set<String> groups = _groupDatabase.getGroupsForUser(USER1);
+ assertEquals(2, groups.size());
+ assertTrue(groups.contains(MY_GROUP1));
+ assertTrue(groups.contains(MY_GROUP2));
+ }
+
+ public void testGetGroupPrincipalsForUserWhenUserAddedToGroup() throws Exception
+ {
+ writeAndSetGroupFile("myGroup1.users", "user1,user2",
+ "myGroup2.users", USER2);
+ Set<String> groups = _groupDatabase.getGroupsForUser(USER1);
+ assertEquals(1, groups.size());
+ assertTrue(groups.contains(MY_GROUP1));
+
+ _groupDatabase.addUserToGroup(USER1, MY_GROUP2);
+
+ groups = _groupDatabase.getGroupsForUser(USER1);
+ assertEquals(2, groups.size());
+ assertTrue(groups.contains(MY_GROUP1));
+ assertTrue(groups.contains(MY_GROUP2));
+
+ Set<String> users = _groupDatabase.getUsersInGroup(MY_GROUP2);
+ assertEquals(2, users.size());
+ assertTrue(users.contains(USER1));
+ assertTrue(users.contains(USER2));
+ }
+
+ public void testGetGroupPrincipalsForUserWhenUserRemovedFromGroup() throws Exception
+ {
+ writeAndSetGroupFile("myGroup1.users", "user1,user2",
+ "myGroup2.users", "user1,user2");
+ Set<String> groups = _groupDatabase.getGroupsForUser(USER1);
+ assertEquals(2, groups.size());
+ assertTrue(groups.contains(MY_GROUP1));
+ assertTrue(groups.contains(MY_GROUP2));
+
+ _groupDatabase.removeUserFromGroup(USER1, MY_GROUP2);
+
+ groups = _groupDatabase.getGroupsForUser(USER1);
+ assertEquals(1, groups.size());
+ assertTrue(groups.contains(MY_GROUP1));
+ }
+
+ public void testGetGroupPrincipalsForUserWhenUserAdddedToGroupTheyAreAlreadyIn() throws Exception
+ {
+ writeAndSetGroupFile("myGroup.users", USER1);
+ _groupDatabase.addUserToGroup(USER1, MY_GROUP);
+
+ Set<String> groups = _groupDatabase.getGroupsForUser(USER1);
+
+ assertEquals(1, groups.size());
+ assertTrue(groups.contains(MY_GROUP));
+
+ Set<String> users = _groupDatabase.getUsersInGroup(MY_GROUP);
+ assertEquals(1, users.size());
+ assertTrue(users.contains(USER1));
+ }
+
+ public void testGetGroupPrincipalsForUserWhenUserNotKnown() throws Exception
+ {
+ writeAndSetGroupFile("myGroup.users", "user1,user2");
+ Set<String> groups = _groupDatabase.getGroupsForUser(USER3);
+ assertEquals(0, groups.size());
+ }
+
+ public void testGetGroupPrincipalsForNullUser() throws Exception
+ {
+ writeAndSetGroupFile();
+ assertTrue(_groupDatabase.getGroupsForUser(null).isEmpty());
+ }
+
+ public void testAddUserToExistingGroup() throws Exception
+ {
+ writeAndSetGroupFile("myGroup.users", "user1,user2");
+
+ Set<String> users = _groupDatabase.getUsersInGroup(MY_GROUP);
+ assertNotNull(users);
+ assertEquals(2, users.size());
+
+ _groupDatabase.addUserToGroup(USER3, MY_GROUP);
+
+ users = _groupDatabase.getUsersInGroup(MY_GROUP);
+ assertNotNull(users);
+ assertEquals(3, users.size());
+ }
+
+ public void testAddUserToEmptyGroup() throws Exception
+ {
+ writeAndSetGroupFile("myGroup.users", "");
+
+ Set<String> users = _groupDatabase.getUsersInGroup(MY_GROUP);
+ assertNotNull(users);
+ assertEquals(0, users.size());
+
+ _groupDatabase.addUserToGroup(USER3, MY_GROUP);
+
+ users = _groupDatabase.getUsersInGroup(MY_GROUP);
+ assertNotNull(users);
+ assertEquals(1, users.size());
+ }
+
+ public void testAddUserToNonExistentGroup() throws Exception
+ {
+ writeAndSetGroupFile();
+
+ Set<String> users = _groupDatabase.getUsersInGroup(MY_GROUP);
+ assertNotNull(users);
+ assertEquals(0, users.size());
+
+ try
+ {
+ _groupDatabase.addUserToGroup(USER3, MY_GROUP);
+ fail("Expected exception not thrown");
+ }
+ catch(IllegalArgumentException e)
+ {
+ // pass
+ }
+
+ users = _groupDatabase.getUsersInGroup(MY_GROUP);
+ assertNotNull(users);
+ assertEquals(0, users.size());
+ }
+
+ public void testRemoveUserFromExistingGroup() throws Exception
+ {
+ writeAndSetGroupFile("myGroup.users", "user1,user2");
+
+ Set<String> users = _groupDatabase.getUsersInGroup(MY_GROUP);
+ assertNotNull(users);
+ assertEquals(2, users.size());
+
+ _groupDatabase.removeUserFromGroup(USER2, MY_GROUP);
+
+ users = _groupDatabase.getUsersInGroup(MY_GROUP);
+ assertNotNull(users);
+ assertEquals(1, users.size());
+ }
+
+ public void testRemoveUserFromNonexistentGroup() throws Exception
+ {
+ writeAndSetGroupFile();
+
+ try
+ {
+ _groupDatabase.removeUserFromGroup(USER1, MY_GROUP);
+ fail("Expected exception not thrown");
+ }
+ catch(IllegalArgumentException e)
+ {
+ // pass
+ }
+
+ assertTrue(_groupDatabase.getUsersInGroup(MY_GROUP).isEmpty());
+ }
+
+ public void testRemoveUserFromGroupTwice() throws Exception
+ {
+ writeAndSetGroupFile("myGroup.users", USER1);
+ assertTrue(_groupDatabase.getUsersInGroup(MY_GROUP).contains(USER1));
+
+ _groupDatabase.removeUserFromGroup(USER1, MY_GROUP);
+ assertTrue(_groupDatabase.getUsersInGroup(MY_GROUP).isEmpty());
+
+ _groupDatabase.removeUserFromGroup(USER1, MY_GROUP);
+ assertTrue(_groupDatabase.getUsersInGroup(MY_GROUP).isEmpty());
+ }
+
+ public void testAddUserPersistedToFile() throws Exception
+ {
+ writeAndSetGroupFile("myGroup.users", "user1,user2");
+
+ Set<String> users = _groupDatabase.getUsersInGroup(MY_GROUP);
+ assertEquals(2, users.size());
+
+ _groupDatabase.addUserToGroup(USER3, MY_GROUP);
+ assertEquals(3, users.size());
+
+ FileGroupDatabase newGroupDatabase = new FileGroupDatabase();
+ newGroupDatabase.setGroupFile(_groupFile);
+
+ Set<String> newUsers = newGroupDatabase.getUsersInGroup(MY_GROUP);
+ assertEquals(users.size(), newUsers.size());
+ }
+
+ public void testRemoveUserPersistedToFile() throws Exception
+ {
+ writeAndSetGroupFile("myGroup.users", "user1,user2");
+
+ Set<String> users = _groupDatabase.getUsersInGroup(MY_GROUP);
+ assertEquals(2, users.size());
+
+ _groupDatabase.removeUserFromGroup(USER2, MY_GROUP);
+ assertEquals(1, users.size());
+
+ FileGroupDatabase newGroupDatabase = new FileGroupDatabase();
+ newGroupDatabase.setGroupFile(_groupFile);
+
+ Set<String> newUsers = newGroupDatabase.getUsersInGroup(MY_GROUP);
+ assertEquals(users.size(), newUsers.size());
+ }
+
+ public void testCreateGroupPersistedToFile() throws Exception
+ {
+ writeAndSetGroupFile();
+
+ Set<String> groups = _groupDatabase.getAllGroups();
+ assertEquals(0, groups.size());
+
+ _groupDatabase.createGroup(MY_GROUP);
+
+ groups = _groupDatabase.getAllGroups();
+ assertEquals(1, groups.size());
+ assertTrue(groups.contains(MY_GROUP));
+
+ FileGroupDatabase newGroupDatabase = new FileGroupDatabase();
+ newGroupDatabase.setGroupFile(_groupFile);
+
+ Set<String> newGroups = newGroupDatabase.getAllGroups();
+ assertEquals(1, newGroups.size());
+ assertTrue(newGroups.contains(MY_GROUP));
+ }
+
+ public void testRemoveGroupPersistedToFile() throws Exception
+ {
+ writeAndSetGroupFile("myGroup1.users", "user1,user2",
+ "myGroup2.users", "user1,user2");
+
+ Set<String> groups = _groupDatabase.getAllGroups();
+ assertEquals(2, groups.size());
+
+ Set<String> groupsForUser1 = _groupDatabase.getGroupsForUser(USER1);
+ assertEquals(2, groupsForUser1.size());
+
+ _groupDatabase.removeGroup(MY_GROUP1);
+
+ groups = _groupDatabase.getAllGroups();
+ assertEquals(1, groups.size());
+ assertTrue(groups.contains(MY_GROUP2));
+
+ groupsForUser1 = _groupDatabase.getGroupsForUser(USER1);
+ assertEquals(1, groupsForUser1.size());
+
+ FileGroupDatabase newGroupDatabase = new FileGroupDatabase();
+ newGroupDatabase.setGroupFile(_groupFile);
+
+ Set<String> newGroups = newGroupDatabase.getAllGroups();
+ assertEquals(1, newGroups.size());
+ assertTrue(newGroups.contains(MY_GROUP2));
+
+ Set<String> newGroupsForUser1 = newGroupDatabase.getGroupsForUser(USER1);
+ assertEquals(1, newGroupsForUser1.size());
+ assertTrue(newGroupsForUser1.contains(MY_GROUP2));
+}
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ _groupFile = createEmptyTestGroupFile();
+ }
+
+ private void writeAndSetGroupFile(String... groupAndUsers) throws Exception
+ {
+ writeGroupFile(groupAndUsers);
+ _groupDatabase.setGroupFile(_groupFile);
+ }
+
+ private void writeGroupFile(String... groupAndUsers) throws Exception
+ {
+ if (groupAndUsers.length % 2 != 0)
+ {
+ throw new IllegalArgumentException("Number of groupAndUsers must be even");
+ }
+
+ Properties props = new Properties();
+ for (int i = 0 ; i < groupAndUsers.length; i=i+2)
+ {
+ String group = groupAndUsers[i];
+ String users = groupAndUsers[i+1];
+ props.put(group, users);
+ }
+
+ props.store(new FileOutputStream(_groupFile), "test group file");
+ }
+
+ private String createEmptyTestGroupFile() throws IOException
+ {
+ File tmpGroupFile = File.createTempFile("groups", "grp");
+ tmpGroupFile.deleteOnExit();
+
+ return tmpGroupFile.getAbsolutePath();
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ super.tearDown();
+
+ if (_groupFile != null)
+ {
+ File groupFile = new File(_groupFile);
+ if (groupFile.exists())
+ {
+ groupFile.delete();
+ }
+ }
+ }
+
+}
Added: qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/FileGroupManagerTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/FileGroupManagerTest.java?rev=1376968&view=auto
==============================================================================
--- qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/FileGroupManagerTest.java (added)
+++ qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/FileGroupManagerTest.java Fri Aug 24 15:33:00 2012
@@ -0,0 +1,236 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.server.security.group;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.security.Principal;
+import java.util.Properties;
+import java.util.Set;
+
+import org.apache.commons.configuration.CompositeConfiguration;
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.configuration.XMLConfiguration;
+import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
+import org.apache.qpid.server.security.auth.UsernamePrincipal;
+import org.apache.qpid.server.util.InternalBrokerBaseCase;
+
+public class FileGroupManagerTest extends InternalBrokerBaseCase
+{
+ private static final String MYGROUP_USERS = "user1";
+ private static final String MY_GROUP = "myGroup.users";
+ private static final String MY_GROUP2 = "myGroup2.users";
+ private File _tmpGroupFile;
+ private FileGroupManager _manager;
+
+ @Override
+ public void tearDown() throws Exception
+ {
+ super.tearDown();
+//TODO: implement closable
+// if (_manager != null)
+// {
+// _manager.close();
+// }
+
+ if (_tmpGroupFile != null)
+ {
+ if (_tmpGroupFile.exists())
+ {
+ _tmpGroupFile.delete();
+ }
+ }
+ }
+
+ public void testValidGroupFile() throws Exception
+ {
+ final String groupFileName = writeGroupFile();
+ final ConfigurationPlugin config = getConfig("groupFile", groupFileName);
+
+ _manager = FileGroupManager.FACTORY.newInstance(config);
+ assertNotNull(_manager);
+ }
+
+ public void testNonExistentGroupFile() throws Exception
+ {
+ final String filePath = "/does.not.exist/";
+ final File fileFile = new File(filePath);
+
+ assertFalse("File already exists", fileFile.exists());
+ final ConfigurationPlugin config = getConfig("groupFile", filePath);
+
+ try
+ {
+ _manager = FileGroupManager.FACTORY.newInstance(config);
+ fail("expected exception was not thrown");
+ }
+ catch(ConfigurationException ce)
+ {
+ assertNotNull(ce.getCause());
+ assertTrue(ce.getCause() instanceof FileNotFoundException);
+ }
+ }
+
+ public void testGetGroupPrincipalsForUser() throws Exception
+ {
+ final String groupFileName = writeGroupFile();
+ final ConfigurationPlugin config = getConfig("groupFile", groupFileName);
+ _manager = FileGroupManager.FACTORY.newInstance(config);
+
+ Set<Principal> principals = _manager.getGroupPrincipalsForUser("user1");
+ assertEquals(1, principals.size());
+ assertTrue(principals.contains(new GroupPrincipal("myGroup")));
+ }
+
+ public void testGetUserPrincipalsForGroup() throws Exception
+ {
+ final String groupFileName = writeGroupFile();
+ final ConfigurationPlugin config = getConfig("groupFile", groupFileName);
+ _manager = FileGroupManager.FACTORY.newInstance(config);
+
+ Set<Principal> principals = _manager.getUserPrincipalsForGroup("myGroup");
+ assertEquals(1, principals.size());
+ assertTrue(principals.contains(new UsernamePrincipal("user1")));
+ }
+
+ public void testGetGroupPrincipals() throws Exception
+ {
+ final String groupFileName = writeGroupFile(MY_GROUP, MYGROUP_USERS, MY_GROUP2, MYGROUP_USERS);
+ final ConfigurationPlugin config = getConfig("groupFile", groupFileName);
+ _manager = FileGroupManager.FACTORY.newInstance(config);
+
+ Set<Principal> principals = _manager.getGroupPrincipals();
+ assertEquals(2, principals.size());
+ assertTrue(principals.contains(new GroupPrincipal("myGroup")));
+ assertTrue(principals.contains(new GroupPrincipal("myGroup2")));
+ }
+
+ public void testCreateGroup() throws Exception
+ {
+ final String groupFileName = writeGroupFile();
+ final ConfigurationPlugin config = getConfig("groupFile", groupFileName);
+ _manager = FileGroupManager.FACTORY.newInstance(config);
+
+ Set<Principal> principals = _manager.getGroupPrincipals();
+ assertEquals(1, principals.size());
+
+ _manager.createGroup("myGroup2");
+
+ principals = _manager.getGroupPrincipals();
+ assertEquals(2, principals.size());
+ assertTrue(principals.contains(new GroupPrincipal("myGroup2")));
+ }
+
+ public void testRemoveGroup() throws Exception
+ {
+ final String groupFileName = writeGroupFile(MY_GROUP, MYGROUP_USERS);
+ final ConfigurationPlugin config = getConfig("groupFile", groupFileName);
+ _manager = FileGroupManager.FACTORY.newInstance(config);
+
+ Set<Principal> principals = _manager.getGroupPrincipals();
+ assertEquals(1, principals.size());
+
+ _manager.removeGroup("myGroup");
+
+ principals = _manager.getGroupPrincipals();
+ assertEquals(0, principals.size());
+ }
+
+ public void testAddUserToGroup() throws Exception
+ {
+ final String groupFileName = writeGroupFile(MY_GROUP, MYGROUP_USERS);
+ final ConfigurationPlugin config = getConfig("groupFile", groupFileName);
+ _manager = FileGroupManager.FACTORY.newInstance(config);
+
+ Set<Principal> principals = _manager.getUserPrincipalsForGroup("myGroup");
+ assertEquals(1, principals.size());
+ assertFalse(principals.contains(new UsernamePrincipal("user2")));
+
+ _manager.addUserToGroup("user2", "myGroup");
+
+ principals = _manager.getUserPrincipalsForGroup("myGroup");
+ assertEquals(2, principals.size());
+ assertTrue(principals.contains(new UsernamePrincipal("user2")));
+ }
+
+ public void testRemoveUserInGroup() throws Exception
+ {
+ final String groupFileName = writeGroupFile(MY_GROUP, MYGROUP_USERS);
+ final ConfigurationPlugin config = getConfig("groupFile", groupFileName);
+ _manager = FileGroupManager.FACTORY.newInstance(config);
+
+ Set<Principal> principals = _manager.getUserPrincipalsForGroup("myGroup");
+ assertEquals(1, principals.size());
+ assertTrue(principals.contains(new UsernamePrincipal("user1")));
+
+ _manager.removeUserFromGroup("user1", "myGroup");
+
+ principals = _manager.getUserPrincipalsForGroup("myGroup");
+ assertEquals(0, principals.size());
+ }
+
+ private ConfigurationPlugin getConfig(final String argName, final String argValue) throws Exception
+ {
+ final ConfigurationPlugin config = new FileGroupManager.FileGroupManagerConfiguration();
+
+ XMLConfiguration xmlconfig = new XMLConfiguration();
+
+ if (argName != null)
+ {
+ xmlconfig.addProperty("file-group-manager.attributes.attribute.name", argName);
+ xmlconfig.addProperty("file-group-manager.attributes.attribute.value", argValue);
+ }
+
+ // Create a CompositeConfiguration as this is what the broker uses
+ CompositeConfiguration composite = new CompositeConfiguration();
+ composite.addConfiguration(xmlconfig);
+ config.setConfiguration("security", xmlconfig);
+ return config;
+ }
+
+ private String writeGroupFile() throws Exception
+ {
+ return writeGroupFile(MY_GROUP, MYGROUP_USERS);
+ }
+
+ private String writeGroupFile(String... groupAndUsers) throws Exception
+ {
+ if (groupAndUsers.length % 2 != 0)
+ {
+ throw new IllegalArgumentException("Number of groupAndUsers must be even");
+ }
+
+ _tmpGroupFile = File.createTempFile("groups", "grp");
+ _tmpGroupFile.deleteOnExit();
+
+ Properties props = new Properties();
+ for (int i = 0 ; i < groupAndUsers.length; i=i+2)
+ {
+ String group = groupAndUsers[i];
+ String users = groupAndUsers[i+1];
+ props.put(group, users);
+ }
+
+ props.store(new FileOutputStream(_tmpGroupFile), "test group file");
+
+ return _tmpGroupFile.getCanonicalPath();
+ }
+}
Added: qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/GroupPrincipalAccessorTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/GroupPrincipalAccessorTest.java?rev=1376968&view=auto
==============================================================================
--- qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/GroupPrincipalAccessorTest.java (added)
+++ qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/GroupPrincipalAccessorTest.java Fri Aug 24 15:33:00 2012
@@ -0,0 +1,81 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.qpid.server.security.group;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import junit.framework.TestCase;
+
+import org.apache.qpid.server.security.group.GroupManager;
+import org.apache.qpid.server.security.group.GroupPrincipalAccessor;
+
+public class GroupPrincipalAccessorTest extends TestCase
+{
+ private static final String USERNAME = "username";
+
+ private GroupManager _groupManager1 = mock(GroupManager.class);
+ private GroupManager _groupManager2 = mock(GroupManager.class);
+
+ private Principal _group1 = mock(Principal.class);
+ private Principal _group2 = mock(Principal.class);
+
+ @Override
+ public void setUp()
+ {
+ when(_groupManager1.getGroupPrincipalsForUser(USERNAME)).thenReturn(Collections.singleton(_group1));
+ when(_groupManager2.getGroupPrincipalsForUser(USERNAME)).thenReturn(Collections.singleton(_group2));
+ }
+
+ public void testGetGroupPrincipals()
+ {
+ getAndAssertGroupPrincipals(_group1, _group2);
+ }
+
+ public void testGetGroupPrincipalsWhenAGroupManagerReturnsNull()
+ {
+ when(_groupManager1.getGroupPrincipalsForUser(USERNAME)).thenReturn(null);
+
+ getAndAssertGroupPrincipals(_group2);
+ }
+
+ public void testGetGroupPrincipalsWhenAGroupManagerReturnsEmptySet()
+ {
+ when(_groupManager2.getGroupPrincipalsForUser(USERNAME)).thenReturn(new HashSet<Principal>());
+
+ getAndAssertGroupPrincipals(_group1);
+ }
+
+ private void getAndAssertGroupPrincipals(Principal... expectedGroups)
+ {
+ GroupPrincipalAccessor groupPrincipalAccessor = new GroupPrincipalAccessor(Arrays.asList(_groupManager1, _groupManager2));
+
+ Set<Principal> actualGroupPrincipals = groupPrincipalAccessor.getGroupPrincipals(USERNAME);
+
+ Set<Principal> expectedGroupPrincipals = new HashSet<Principal>(Arrays.asList(expectedGroups));
+
+ assertEquals(expectedGroupPrincipals, actualGroupPrincipals);
+ }
+}
Copied: qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/GroupPrincipalTest.java (from r1376735, qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/GroupPrincipalTest.java)
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/GroupPrincipalTest.java?p2=qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/GroupPrincipalTest.java&p1=qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/GroupPrincipalTest.java&r1=1376735&r2=1376968&rev=1376968&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/GroupPrincipalTest.java (original)
+++ qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/group/GroupPrincipalTest.java Fri Aug 24 15:33:00 2012
@@ -7,9 +7,9 @@
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@@ -18,7 +18,9 @@
* under the License.
*
*/
-package org.apache.qpid.server.security.auth.sasl;
+package org.apache.qpid.server.security.group;
+
+import org.apache.qpid.server.security.auth.UsernamePrincipal;
import junit.framework.TestCase;
@@ -34,7 +36,7 @@ public class GroupPrincipalTest extends
{
final GroupPrincipal principal = new GroupPrincipal("group");
final UsernamePrincipal user = new UsernamePrincipal("name");
-
+
try
{
principal.addMember(user);
@@ -45,7 +47,7 @@ public class GroupPrincipalTest extends
// PASS
}
}
-
+
public void testEqualitySameName()
{
final String string = "string";
@@ -80,7 +82,7 @@ public class GroupPrincipalTest extends
assertFalse(principal.equals(null));
}
-
+
}
Modified: qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java?rev=1376968&r1=1376967&r2=1376968&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java (original)
+++ qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/util/TestApplicationRegistry.java Fri Aug 24 15:33:00 2012
@@ -33,10 +33,12 @@ import org.apache.qpid.server.logging.ac
import org.apache.qpid.server.logging.actors.GenericActor;
import org.apache.qpid.server.plugins.PluginManager;
import org.apache.qpid.server.registry.ApplicationRegistry;
+import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.auth.database.PropertiesPrincipalDatabase;
import org.apache.qpid.server.security.auth.manager.AuthenticationManager;
import org.apache.qpid.server.security.auth.manager.IAuthenticationManagerRegistry;
import org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager;
+import org.apache.qpid.server.security.group.GroupPrincipalAccessor;
import java.util.Properties;
@@ -58,7 +60,7 @@ public class TestApplicationRegistry ext
@Override
protected IAuthenticationManagerRegistry createAuthenticationManagerRegistry(
- ServerConfiguration _configuration, PluginManager _pluginManager)
+ ServerConfiguration configuration, PluginManager pluginManager, final GroupPrincipalAccessor groupPrincipalAccessor)
throws ConfigurationException
{
final Properties users = new Properties();
@@ -98,10 +100,9 @@ public class TestApplicationRegistry ext
}
@Override
- public AuthenticationManager getAuthenticationManager(
- SocketAddress address)
+ public SubjectCreator getSubjectCreator(SocketAddress address)
{
- return pdam;
+ return new SubjectCreator(pdam, groupPrincipalAccessor);
}
@Override
Modified: qpid/trunk/qpid/java/systests/etc/config-systests-settings.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/config-systests-settings.xml?rev=1376968&r1=1376967&r2=1376968&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/etc/config-systests-settings.xml (original)
+++ qpid/trunk/qpid/java/systests/etc/config-systests-settings.xml Fri Aug 24 15:33:00 2012
@@ -78,12 +78,14 @@
</principal-database>
</pd-auth-manager>
- <!-- By default, all authenticated users have permissions to perform all actions -->
-
- <!-- ACL Example
- This example illustrates securing the both Management (JMX) and Messaging.
- <acl>${conf}/broker_example.acl</acl>
- -->
+ <file-group-manager>
+ <attributes>
+ <attribute>
+ <name>groupFile</name>
+ <value>${conf}/groups-systests</value>
+ </attribute>
+ </attributes>
+ </file-group-manager>
<msg-auth>false</msg-auth>
</security>
Added: qpid/trunk/qpid/java/systests/etc/groups-systests
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/etc/groups-systests?rev=1376968&view=auto
==============================================================================
--- qpid/trunk/qpid/java/systests/etc/groups-systests (added)
+++ qpid/trunk/qpid/java/systests/etc/groups-systests Fri Aug 24 15:33:00 2012
@@ -0,0 +1,29 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+#
+# To define a group, use the format:
+#
+# <groupname>.users=<user1>,<user2>,...,<usern>
+#
+
+messaging-users.users=guest,client,server
+administrators.users=admin
+webadmins.users=webadmin
+
Modified: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/logging/AccessControlLoggingTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/logging/AccessControlLoggingTest.java?rev=1376968&r1=1376967&r2=1376968&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/logging/AccessControlLoggingTest.java (original)
+++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/logging/AccessControlLoggingTest.java Fri Aug 24 15:33:00 2012
@@ -31,10 +31,10 @@ import java.util.List;
/**
* ACL version 2/3 file testing to verify that ACL actor logging works correctly.
- *
+ *
* This suite of tests validate that the AccessControl messages occur correctly
* and according to the following format:
- *
+ *
* <pre>
* ACL-1001 : Allowed Operation Object {PROPERTIES}
* ACL-1002 : Denied Operation Object {PROPERTIES}
@@ -83,12 +83,12 @@ public class AccessControlLoggingTest ex
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
conn.start();
((AMQSession<?, ?>) sess).createQueue(new AMQShortString("allow"), false, false, false);
-
+
List<String> matches = findMatches(ACL_LOG_PREFIX);
-
+
assertTrue("Should be no ACL log messages", matches.isEmpty());
}
-
+
/**
* Test that {@code allow-log} ACL entries log correctly.
*/
@@ -98,25 +98,25 @@ public class AccessControlLoggingTest ex
Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
conn.start();
((AMQSession<?, ?>) sess).createQueue(new AMQShortString("allow-log"), false, false, false);
-
+
List<String> matches = findMatches(ACL_LOG_PREFIX);
-
+
assertEquals("Should only be one ACL log message", 1, matches.size());
-
+
String log = getLogMessage(matches, 0);
String actor = fromActor(log);
String subject = fromSubject(log);
String message = getMessageString(fromMessage(log));
-
+
validateMessageID(ACL_LOG_PREFIX + 1001, log);
-
- assertTrue("Actor should contain the user identity", actor.contains(USER));
+
+ assertTrue("Actor " + actor + " should contain the user identity: " + USER, actor.contains(USER));
assertTrue("Subject should be empty", subject.length() == 0);
assertTrue("Message should start with 'Allowed'", message.startsWith("Allowed"));
assertTrue("Message should contain 'Create Queue'", message.contains("Create Queue"));
assertTrue("Message should have contained the queue name", message.contains("allow-log"));
}
-
+
/**
* Test that {@code deny-log} ACL entries log correctly.
*/
@@ -134,25 +134,25 @@ public class AccessControlLoggingTest ex
// Denied, so exception thrown
assertEquals("Expected ACCESS_REFUSED error code", AMQConstant.ACCESS_REFUSED, amqe.getErrorCode());
}
-
+
List<String> matches = findMatches(ACL_LOG_PREFIX);
-
+
assertEquals("Should only be one ACL log message", 1, matches.size());
-
+
String log = getLogMessage(matches, 0);
String actor = fromActor(log);
String subject = fromSubject(log);
String message = getMessageString(fromMessage(log));
-
+
validateMessageID(ACL_LOG_PREFIX + 1002, log);
-
- assertTrue("Actor should contain the user identity", actor.contains(USER));
+
+ assertTrue("Actor " + actor + " should contain the user identity: " + USER, actor.contains(USER));
assertTrue("Subject should be empty", subject.length() == 0);
assertTrue("Message should start with 'Denied'", message.startsWith("Denied"));
assertTrue("Message should contain 'Create Queue'", message.contains("Create Queue"));
assertTrue("Message should have contained the queue name", message.contains("deny-log"));
}
-
+
/**
* Test that {@code deny} ACL entries do not log anything.
*/
@@ -170,9 +170,9 @@ public class AccessControlLoggingTest ex
// Denied, so exception thrown
assertEquals("Expected ACCESS_REFUSED error code", AMQConstant.ACCESS_REFUSED, amqe.getErrorCode());
}
-
+
List<String> matches = findMatches(ACL_LOG_PREFIX);
-
+
assertTrue("Should be no ACL log messages", matches.isEmpty());
}
}
Modified: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java?rev=1376968&r1=1376967&r2=1376968&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java (original)
+++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java Fri Aug 24 15:33:00 2012
@@ -45,7 +45,7 @@ import java.util.concurrent.TimeUnit;
/**
* Abstract test case for ACLs.
*
- * This base class contains convenience methods to mange ACL files and implements a mechanism that allows each
+ * This base class contains convenience methods to manage ACL files and implements a mechanism that allows each
* test method to run its own setup code before the broker starts.
*
* TODO move the pre broker-startup setup method invocation code to {@link QpidBrokerTestCase}
Modified: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLTest.java?rev=1376968&r1=1376967&r2=1376968&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLTest.java (original)
+++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExternalACLTest.java Fri Aug 24 15:33:00 2012
@@ -319,8 +319,12 @@ public class ExternalACLTest extends Abs
public void setUpRequestResponseSuccess() throws Exception
{
- writeACLFile("test", "GROUP messaging-users client server",
- "ACL ALLOW-LOG messaging-users ACCESS VIRTUALHOST",
+ // The group "messaging-users", referenced in the ACL below, is currently defined
+ // in broker/etc/groups-systests.
+ // We tolerate a dependency from this test to that file because its
+ // contents are expected to change rarely.
+
+ writeACLFile("test", "ACL ALLOW-LOG messaging-users ACCESS VIRTUALHOST",
"# Server side",
"ACL ALLOW-LOG server CREATE QUEUE name=\"example.RequestQueue\"" ,
"ACL ALLOW-LOG server BIND EXCHANGE",
@@ -389,11 +393,12 @@ public class ExternalACLTest extends Abs
conn.start();
// create kipper
- Topic kipper = sess.createTopic("kipper");
- TopicSubscriber subscriber = sess.createDurableSubscriber(kipper, "kipper");
+ String topicName = "kipper";
+ Topic topic = sess.createTopic(topicName);
+ TopicSubscriber subscriber = sess.createDurableSubscriber(topic, topicName);
subscriber.close();
- sess.unsubscribe("kipper");
+ sess.unsubscribe(topicName);
//Do something to show connection is active.
sess.rollback();
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org