You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2004/01/11 09:27:03 UTC
cvs commit: incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/bridge AbstractUserPasswordBridgeTest.java CallerIdentityUserPasswordBridgeTest.java ConfiguredIdentityUserPasswordBridgeTest.java MappingUserPasswordBridgeTest.java TestLoginModule.java TestPrincipal.java TestRealm.java
djencks 2004/01/11 00:27:03
Added: modules/core/src/java/org/apache/geronimo/security/bridge
AbstractPrincipalMappingUserPasswordRealmBridge.java
AbstractRealmBridge.java
CallerIdentityUserPasswordRealmBridge.java
ConfiguredIdentityUserPasswordRealmBridge.java
PropertiesFilePrincipalMappingUserPasswordRealmBridge.java
RealmBridge.java
modules/core/src/java/org/apache/geronimo/security/providers
GeronimoPasswordCredential.java
GeronimoPasswordCredentialLoginModule.java
modules/core/src/test/org/apache/geronimo/security/bridge
AbstractUserPasswordBridgeTest.java
CallerIdentityUserPasswordBridgeTest.java
ConfiguredIdentityUserPasswordBridgeTest.java
MappingUserPasswordBridgeTest.java
TestLoginModule.java TestPrincipal.java
TestRealm.java
Log:
Implement realm bridge concept, with some examples and tests.
Revision Changes Path
1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/bridge/AbstractPrincipalMappingUserPasswordRealmBridge.java
Index: AbstractPrincipalMappingUserPasswordRealmBridge.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Geronimo" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Geronimo", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
package org.apache.geronimo.security.bridge;
import java.io.IOException;
import java.security.Principal;
import java.util.Map;
import java.util.Set;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.geronimo.kernel.service.GeronimoMBeanInfo;
import org.apache.geronimo.kernel.service.GeronimoAttributeInfo;
/**
*
*
* @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:02 $
*
* */
public abstract class AbstractPrincipalMappingUserPasswordRealmBridge extends AbstractRealmBridge {
protected final Map principalMap = new HashMap();
private Class principalSourceType;
private String principalTargetCallbackName;
protected final Map userNameMap = new HashMap();
private Class userNameSourceType;
private String userNameTargetCallbackName;
protected final Map passwordMap = new HashMap();
private Class passwordSourceType;
public static GeronimoMBeanInfo getGeronimoMBeanInfo() {
GeronimoMBeanInfo mbeanInfo = AbstractRealmBridge.getGeronimoMBeanInfo();
//set target class in concrete subclass
mbeanInfo.addAttributeInfo(new GeronimoAttributeInfo("PrincipalSourceType", true, true, "Class of principal to use as source for target principal map key"));
mbeanInfo.addAttributeInfo(new GeronimoAttributeInfo("PrincipalTargetCallbackName", true, true, "Pronpt of NameCallback used to query for target principal"));
mbeanInfo.addAttributeInfo(new GeronimoAttributeInfo("UserNameSourceType", true, true, "Class of principal to use as source for target user name map key"));
mbeanInfo.addAttributeInfo(new GeronimoAttributeInfo("UserNameTargetCallbackName", true, true, "Pronpt of NameCallback used to query for target user name"));
mbeanInfo.addAttributeInfo(new GeronimoAttributeInfo("PasswordSourceType", true, true, "Class of principal to use as source for target password map key"));
return mbeanInfo;
}
public Class getPrincipalSourceType() {
return principalSourceType;
}
public void setPrincipalSourceType(Class principalSourceType) {
this.principalSourceType = principalSourceType;
}
public String getPrincipalTargetCallbackName() {
return principalTargetCallbackName;
}
public void setPrincipalTargetCallbackName(String principalTargetCallbackName) {
this.principalTargetCallbackName = principalTargetCallbackName;
}
public Class getUserNameSourceType() {
return userNameSourceType;
}
public void setUserNameSourceType(Class userNameSourceType) {
this.userNameSourceType = userNameSourceType;
}
public String getUserNameTargetCallbackName() {
return userNameTargetCallbackName;
}
public void setUserNameTargetCallbackName(String userNameTargetCallbackName) {
this.userNameTargetCallbackName = userNameTargetCallbackName;
}
public Class getPasswordSourceType() {
return passwordSourceType;
}
public void setPasswordSourceType(Class passwordSourceType) {
this.passwordSourceType = passwordSourceType;
}
protected CallbackHandler getCallbackHandler(final Subject sourceSubject) {
return new CallbackHandler() {
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {
Principal principalSourcePrincipal = findPrincipalOfType(sourceSubject, principalSourceType);
Principal userNameSourcePrincipal;
if (userNameSourceType == principalSourceType) {
userNameSourcePrincipal = principalSourcePrincipal;
} else {
userNameSourcePrincipal = findPrincipalOfType(sourceSubject, userNameSourceType);
}
Principal passwordSourcePrincipal;
if (passwordSourceType == principalSourceType) {
passwordSourcePrincipal = principalSourcePrincipal;
} else {
passwordSourcePrincipal = findPrincipalOfType(sourceSubject, passwordSourceType);
}
for (int i = 0; i < callbacks.length; i++) {
Callback callback = callbacks[i];
if (callback instanceof NameCallback) {
NameCallback nameCallback = (NameCallback)callback;
if (nameCallback.getPrompt().equals(principalTargetCallbackName)) {
nameCallback.setName((String)principalMap.get(principalSourcePrincipal.getName()));
} else if (nameCallback.getPrompt().equals(userNameTargetCallbackName)) {
nameCallback.setName((String)userNameMap.get(userNameSourcePrincipal.getName()));
} else {
throw new UnsupportedCallbackException(callback, "Only name callbacks with prompts " + principalTargetCallbackName + " or " + userNameTargetCallbackName + " are supported");
}
} else if (callback instanceof PasswordCallback) {
((PasswordCallback)callback).setPassword((char[])passwordMap.get(passwordSourcePrincipal.getName()));
} else {
throw new UnsupportedCallbackException(callback, "Only name and password callbacks supported");
}
}
}
private Principal findPrincipalOfType(final Subject sourceSubject, Class principalClass) throws UnsupportedCallbackException {
Set principalPrincipals = sourceSubject.getPrincipals(principalClass);
if (principalPrincipals == null || principalPrincipals.size() != 1) {
throw new UnsupportedCallbackException(null, "No principals of type " + principalClass + " to read");
}
Principal principal = (Principal)principalPrincipals.iterator().next();
return principal;
}
};
}
}
1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/bridge/AbstractRealmBridge.java
Index: AbstractRealmBridge.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Geronimo" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Geronimo", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
package org.apache.geronimo.security.bridge;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.callback.CallbackHandler;
import org.apache.geronimo.kernel.service.GeronimoMBeanInfo;
import org.apache.geronimo.kernel.service.GeronimoAttributeInfo;
import org.apache.geronimo.kernel.service.GeronimoOperationInfo;
import org.apache.geronimo.kernel.service.GeronimoParameterInfo;
/**
*
*
* @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:02 $
*
* */
public abstract class AbstractRealmBridge implements RealmBridge {
private String targetRealm;
public static GeronimoMBeanInfo getGeronimoMBeanInfo() {
GeronimoMBeanInfo mbeanInfo = new GeronimoMBeanInfo();
//set target class in concrete subclass
mbeanInfo.addAttributeInfo(new GeronimoAttributeInfo("TargetRealm", true, true, "Name of realm to log in to"));
mbeanInfo.addOperationInfo(new GeronimoOperationInfo("getSubject",
new GeronimoParameterInfo[]{new GeronimoParameterInfo("sourceSubject", Subject.class, "Subject to be translated")},
GeronimoOperationInfo.ACTION,
"Log into the target realm using information gleaned from the supplied Subject"));
return mbeanInfo;
}
public Subject mapSubject(Subject sourceSubject) throws LoginException {
Subject targetSubject = new Subject();
LoginContext loginContext = new LoginContext(targetRealm, targetSubject, getCallbackHandler(sourceSubject));
loginContext.login();
return targetSubject;
}
protected abstract CallbackHandler getCallbackHandler(Subject sourceSubject);
public String getTargetRealm() {
return targetRealm;
}
public void setTargetRealm(String targetRealm) {
this.targetRealm = targetRealm;
}
}
1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/bridge/CallerIdentityUserPasswordRealmBridge.java
Index: CallerIdentityUserPasswordRealmBridge.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Geronimo" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Geronimo", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
package org.apache.geronimo.security.bridge;
import java.io.IOException;
import java.util.Set;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.Subject;
import org.apache.geronimo.security.providers.GeronimoPasswordCredential;
import org.apache.geronimo.security.bridge.AbstractRealmBridge;
import org.apache.geronimo.kernel.service.GeronimoMBeanInfo;
/**
*
*
* @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:02 $
*
* */
public class CallerIdentityUserPasswordRealmBridge extends AbstractRealmBridge {
public static GeronimoMBeanInfo getGeronimoMBeanInfo() {
GeronimoMBeanInfo mbeanInfo = AbstractRealmBridge.getGeronimoMBeanInfo();
mbeanInfo.setTargetClass(CallerIdentityUserPasswordRealmBridge.class);
return mbeanInfo;
}
protected CallbackHandler getCallbackHandler(final Subject sourceSubject) {
return new CallbackHandler() {
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {
Set credentials = sourceSubject.getPrivateCredentials(GeronimoPasswordCredential.class);
if (credentials == null || credentials.size() != 1) {
throw new UnsupportedCallbackException(null, "No GeronimoPasswordCredential to read");
}
GeronimoPasswordCredential geronimoPasswordCredential = (GeronimoPasswordCredential)credentials.iterator().next();
for (int i = 0; i < callbacks.length; i++) {
Callback callback = callbacks[i];
if (callback instanceof NameCallback) {
((NameCallback)callback).setName(geronimoPasswordCredential.getUserName());
} else if (callback instanceof PasswordCallback) {
((PasswordCallback)callback).setPassword(geronimoPasswordCredential.getPassword());
} else {
throw new UnsupportedCallbackException(callback, "Only name and password callbacks supported");
}
}
}
};
}
}
1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/bridge/ConfiguredIdentityUserPasswordRealmBridge.java
Index: ConfiguredIdentityUserPasswordRealmBridge.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Geronimo" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Geronimo", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
package org.apache.geronimo.security.bridge;
import java.io.IOException;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.Subject;
import org.apache.geronimo.kernel.service.GeronimoMBeanInfo;
import org.apache.geronimo.kernel.service.GeronimoAttributeInfo;
import org.apache.geronimo.security.bridge.AbstractRealmBridge;
/**
* ConfiguredIdentityRealmBridge supplies a constant mapping between realms:
* it always returns the configured user and password, no matter what the
* source realm or source subject.
*
* @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:02 $
*
* */
public class ConfiguredIdentityUserPasswordRealmBridge extends AbstractRealmBridge {
private String configuredUser;
private char[] configuredPassword;
public static GeronimoMBeanInfo getGeronimoMBeanInfo() {
GeronimoMBeanInfo mbeanInfo = AbstractRealmBridge.getGeronimoMBeanInfo();
mbeanInfo.setTargetClass(ConfiguredIdentityUserPasswordRealmBridge.class);
mbeanInfo.addAttributeInfo(new GeronimoAttributeInfo("ConfiguredUser", true, true, "Name of user to log in as"));
mbeanInfo.addAttributeInfo(new GeronimoAttributeInfo("ConfiguredPassword", true, true, "Password of user to log in as"));
return mbeanInfo;
}
public String getConfiguredUser() {
return configuredUser;
}
public void setConfiguredUser(String configuredUser) {
this.configuredUser = configuredUser;
}
public String getConfiguredPassword() {
return new String(configuredPassword);
}
public void setConfiguredPassword(String configuredPassword) {
this.configuredPassword = configuredPassword == null? null: configuredPassword.toCharArray();
}
protected CallbackHandler getCallbackHandler(Subject sourceSubject) {
return new CallbackHandler() {
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
Callback callback = callbacks[i];
if (callback instanceof NameCallback) {
((NameCallback)callback).setName(configuredUser);
} else if (callback instanceof PasswordCallback) {
((PasswordCallback)callback).setPassword(configuredPassword);
} else {
throw new UnsupportedCallbackException(callback);
}
}
}
};
}
}
1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/bridge/PropertiesFilePrincipalMappingUserPasswordRealmBridge.java
Index: PropertiesFilePrincipalMappingUserPasswordRealmBridge.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Geronimo" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Geronimo", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
package org.apache.geronimo.security.bridge;
import java.net.URL;
import java.util.Properties;
import java.util.Map;
import java.util.Iterator;
import java.util.StringTokenizer;
import java.io.IOException;
import org.apache.geronimo.kernel.service.GeronimoMBeanInfo;
import org.apache.geronimo.kernel.service.GeronimoAttributeInfo;
import org.apache.geronimo.security.bridge.AbstractPrincipalMappingUserPasswordRealmBridge;
/**
*
*
* @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:02 $
*
* */
public class PropertiesFilePrincipalMappingUserPasswordRealmBridge extends AbstractPrincipalMappingUserPasswordRealmBridge{
private URL propertyFileURL;
public URL getPropertyFileURL() {
return propertyFileURL;
}
public static GeronimoMBeanInfo getGeronimoMBeanInfo() {
GeronimoMBeanInfo mbeanInfo = AbstractPrincipalMappingUserPasswordRealmBridge.getGeronimoMBeanInfo();
mbeanInfo.setTargetClass(PropertiesFilePrincipalMappingUserPasswordRealmBridge.class);
mbeanInfo.addAttributeInfo(new GeronimoAttributeInfo("PropertyFileURL", true, true, "URL to read the mapping from in sourcePrincipal=targetPrincipal:targetUserName:targetPassword format0"));
return mbeanInfo;
}
public void setPropertyFileURL(URL propertyFileURL) throws IOException {
this.propertyFileURL = propertyFileURL;
principalMap.clear();
userNameMap.clear();
passwordMap.clear();
Properties properties = new Properties();
properties.load(propertyFileURL.openStream());
setMaps(properties, principalMap, userNameMap, passwordMap);
}
void setMaps(Properties properties, Map principalMap, Map userNameMap, Map passwordMap) {
for (Iterator iterator = properties.entrySet().iterator(); iterator.hasNext();) {
Map.Entry entry = (Map.Entry) iterator.next();
String key = (String) entry.getKey();
String values = (String)entry.getValue();
StringTokenizer tokenizer = new StringTokenizer(values, ":");
String targetPrincipal = tokenizer.nextToken();
String targetUserName = tokenizer.nextToken();
char[] targetPassword = tokenizer.nextToken().toCharArray();
principalMap.put(key, targetPrincipal);
userNameMap.put(key, targetUserName);
passwordMap.put(key, targetPassword);
}
}
}
1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/bridge/RealmBridge.java
Index: RealmBridge.java
===================================================================
package org.apache.geronimo.security.bridge;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
/**
* Interface for bridging between realms. Subject from a source realm is supplied, and
* the RealmBridge logs into a target realm using identity and credential information from
* source realm, mapped as appropriate.
*
* @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:02 $
*
* */
public interface RealmBridge {
Subject mapSubject(Subject sourceSubject) throws LoginException;
}
1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/providers/GeronimoPasswordCredential.java
Index: GeronimoPasswordCredential.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Geronimo" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Geronimo", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
package org.apache.geronimo.security.providers;
/**
*
*
* @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:02 $
*
* */
public class GeronimoPasswordCredential {
private String userName;
private char[] password;
public GeronimoPasswordCredential(String userName, char[] password) {
this.userName = userName;
this.password = password;
}
public String getUserName() {
return userName;
}
public char[] getPassword() {
return password;
}
}
1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/providers/GeronimoPasswordCredentialLoginModule.java
Index: GeronimoPasswordCredentialLoginModule.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Geronimo" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Geronimo", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
package org.apache.geronimo.security.providers;
import java.util.Map;
import javax.security.auth.spi.LoginModule;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
/**
*
*
* @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:02 $
*
* */
public class GeronimoPasswordCredentialLoginModule implements LoginModule{
private Subject subject;
private CallbackHandler callbackHandler;
private GeronimoPasswordCredential geronimoPasswordCredential;
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
}
public boolean login() throws LoginException {
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("");
callbacks[1] = new PasswordCallback("", false);
try {
callbackHandler.handle(callbacks);
} catch (java.io.IOException e) {
} catch (UnsupportedCallbackException e) {
throw (LoginException)new LoginException("Unlikely UnsupportedCallbackException").initCause(e);
}
geronimoPasswordCredential = new GeronimoPasswordCredential(
((NameCallback)callbacks[0]).getName(),
((PasswordCallback)callbacks[1]).getPassword());
return true;
}
public boolean commit() throws LoginException {
subject.getPrivateCredentials().add(geronimoPasswordCredential);
return true;
}
public boolean abort() throws LoginException {
geronimoPasswordCredential = null;
return true;
}
public boolean logout() throws LoginException {
geronimoPasswordCredential = null;
return true;
}
}
1.1 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/bridge/AbstractUserPasswordBridgeTest.java
Index: AbstractUserPasswordBridgeTest.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Geronimo" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Geronimo", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
package org.apache.geronimo.security.bridge;
import java.util.Collections;
import javax.security.auth.Subject;
import junit.framework.TestCase;
import org.apache.geronimo.security.SecurityService;
import org.apache.geronimo.security.providers.GeronimoPasswordCredential;
/**
*
*
* @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:03 $
*
* */
public abstract class AbstractUserPasswordBridgeTest extends TestCase {
private SecurityService securityService;
protected final static String USER = "testuser";
protected final static String PASSWORD = "testpassword";
protected void setUp() {
securityService = new SecurityService();
securityService.setRealms(Collections.singleton(new TestRealm()));
}
protected void checkValidSubject(Subject targetSubject) {
assertEquals("Expected one TestPrincipal", 1, targetSubject.getPrincipals(TestPrincipal.class).size());
Object p = targetSubject.getPrincipals(TestPrincipal.class).iterator().next();
assertSame("Expected ResourcePrincipal", TestPrincipal.class, p.getClass());
assertEquals("Expected name of TestPrincipal to be " + ConfiguredIdentityUserPasswordBridgeTest.USER, ConfiguredIdentityUserPasswordBridgeTest.USER, ((TestPrincipal) p).getName());
assertEquals("Expected no public credential", 0, targetSubject.getPublicCredentials().size());
assertEquals("Expected one private credential", 1, targetSubject.getPrivateCredentials().size());
Object cred = targetSubject.getPrivateCredentials().iterator().next();
assertSame("Expected GeronimoPasswordCredential", GeronimoPasswordCredential.class, cred.getClass());
assertEquals("Expected user", ConfiguredIdentityUserPasswordBridgeTest.USER, ((GeronimoPasswordCredential) cred).getUserName());
assertEquals("Expected password", ConfiguredIdentityUserPasswordBridgeTest.PASSWORD, new String(((GeronimoPasswordCredential) cred).getPassword()));
}
}
1.1 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/bridge/CallerIdentityUserPasswordBridgeTest.java
Index: CallerIdentityUserPasswordBridgeTest.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Geronimo" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Geronimo", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
package org.apache.geronimo.security.bridge;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.apache.geronimo.security.providers.GeronimoPasswordCredential;
/**
*
*
* @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:03 $
*
* */
public class CallerIdentityUserPasswordBridgeTest extends AbstractUserPasswordBridgeTest{
private CallerIdentityUserPasswordRealmBridge bridge;
protected void setUp() {
super.setUp();
bridge = new CallerIdentityUserPasswordRealmBridge();
bridge.setTargetRealm(TestRealm.REALM_NAME);
}
public void testCallerIdentityBridge() throws Exception {
Subject sourceSubject = new Subject();
sourceSubject.getPrivateCredentials().add(new GeronimoPasswordCredential(AbstractUserPasswordBridgeTest.USER, AbstractUserPasswordBridgeTest.PASSWORD.toCharArray()));
Subject targetSubject = bridge.mapSubject(sourceSubject);
checkValidSubject(targetSubject);
}
public void testNoCredentials() throws Exception {
Subject sourceSubject = new Subject();
try {
bridge.mapSubject(sourceSubject);
fail();
} catch (LoginException e) {
}
}
}
1.1 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/bridge/ConfiguredIdentityUserPasswordBridgeTest.java
Index: ConfiguredIdentityUserPasswordBridgeTest.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Geronimo" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Geronimo", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
package org.apache.geronimo.security.bridge;
import javax.security.auth.Subject;
/**
*
*
* @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:03 $
*
* */
public class ConfiguredIdentityUserPasswordBridgeTest extends AbstractUserPasswordBridgeTest {
private ConfiguredIdentityUserPasswordRealmBridge bridge;
protected void setUp() {
super.setUp();
bridge = new ConfiguredIdentityUserPasswordRealmBridge();
bridge.setTargetRealm(TestRealm.REALM_NAME);
bridge.setConfiguredUser(AbstractUserPasswordBridgeTest.USER);
bridge.setConfiguredPassword(AbstractUserPasswordBridgeTest.PASSWORD);
}
public void testConfiguredIdentityBridge() throws Exception {
Subject sourceSubject = new Subject();
Subject targetSubject = bridge.mapSubject(sourceSubject);
checkValidSubject(targetSubject);
}
}
1.1 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/bridge/MappingUserPasswordBridgeTest.java
Index: MappingUserPasswordBridgeTest.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Geronimo" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Geronimo", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
package org.apache.geronimo.security.bridge;
import java.util.Map;
import java.util.HashMap;
import java.security.Principal;
import javax.security.auth.Subject;
/**
*
*
* @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:03 $
*
* */
public class MappingUserPasswordBridgeTest extends AbstractUserPasswordBridgeTest {
private static final String SOURCE_USER_1 = "sourceUser1";
private static final String SOURCE_USER_2 = "sourceUser2";
private static final String SOURCE_PRINCIPAL_1 = "sourcePrincipal1";
private static final String SOURCE_PRINCIPAL_2 = "sourcePrincipal2";
private static final String SOURCE_PASSWORD_1 = "sourcePassword1";
private static final String SOURCE_PASSWORD_2 = "sourcePassword2";
private TestMappingBridge bridge;
protected void setUp() {
super.setUp();
bridge = new TestMappingBridge();
bridge.setTargetRealm(TestRealm.REALM_NAME);
bridge.setPrincipalSourceType(TestPrincipalPrincipal.class);
bridge.setPrincipalTargetCallbackName("Resource Principal");
Map principalMap = new HashMap();
principalMap.put(SOURCE_PRINCIPAL_1, AbstractUserPasswordBridgeTest.USER);
principalMap.put(SOURCE_PRINCIPAL_2, "no-one");
bridge.setPrincipalMap(principalMap);
bridge.setUserNameSourceType(TestUserNamePrincipal.class);
bridge.setUserNameTargetCallbackName("User Name");
Map userNameMap = new HashMap();
userNameMap.put(SOURCE_USER_1, AbstractUserPasswordBridgeTest.USER);
userNameMap.put(SOURCE_USER_2, "no-one");
bridge.setUserNameMap(userNameMap);
bridge.setPasswordSourceType(TestPasswordPrincipal.class);
Map passwordMap = new HashMap();
passwordMap.put(SOURCE_PASSWORD_1, AbstractUserPasswordBridgeTest.PASSWORD.toCharArray());
passwordMap.put(SOURCE_PASSWORD_2, "no-password".toCharArray());
bridge.setPasswordMap(passwordMap);
}
public void testMapping() throws Exception {
Subject subject = new Subject();
subject.getPrincipals().add(new TestPrincipalPrincipal(SOURCE_PRINCIPAL_1));
subject.getPrincipals().add(new TestUserNamePrincipal(SOURCE_USER_1));
subject.getPrincipals().add(new TestPasswordPrincipal(SOURCE_PASSWORD_1));
Subject targetSubject = bridge.mapSubject(subject);
checkValidSubject(targetSubject);
}
public void testInsufficientSourcePrincipals() throws Exception {
Subject subject = new Subject();
subject.getPrincipals().add(new TestPrincipalPrincipal(SOURCE_PRINCIPAL_1));
subject.getPrincipals().add(new TestPasswordPrincipal(SOURCE_PASSWORD_1));
try {
bridge.mapSubject(subject);
fail();
} catch (Exception e) {
}
}
public void testNotInMap() throws Exception {
Subject subject = new Subject();
subject.getPrincipals().add(new TestPrincipalPrincipal(SOURCE_PRINCIPAL_1 + "xxx"));
subject.getPrincipals().add(new TestUserNamePrincipal(SOURCE_USER_1));
subject.getPrincipals().add(new TestPasswordPrincipal(SOURCE_PASSWORD_1));
try {
bridge.mapSubject(subject);
fail();
} catch (Exception e) {
}
}
public static class TestPrincipalPrincipal implements Principal {
private String name;
public TestPrincipalPrincipal(String name) {
this.name = name;
}
public String getName() {
return name;
}
}
public static class TestUserNamePrincipal implements Principal {
private String name;
public TestUserNamePrincipal(String name) {
this.name = name;
}
public String getName() {
return name;
}
}
public static class TestPasswordPrincipal implements Principal {
private String name;
public TestPasswordPrincipal(String name) {
this.name = name;
}
public String getName() {
return name;
}
}
public static class TestMappingBridge extends AbstractPrincipalMappingUserPasswordRealmBridge {
public void setPrincipalMap(Map principalMap) {
this.principalMap.clear();
this.principalMap.putAll(principalMap);
}
public void setUserNameMap(Map userNameMap) {
this.userNameMap.clear();
this.userNameMap.putAll(userNameMap);
}
public void setPasswordMap(Map passwordMap) {
this.passwordMap.clear();
this.passwordMap.putAll(passwordMap);
}
}
}
1.1 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/bridge/TestLoginModule.java
Index: TestLoginModule.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Geronimo" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Geronimo", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
package org.apache.geronimo.security.bridge;
import java.io.IOException;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.geronimo.security.providers.GeronimoPasswordCredential;
/**
*
*
* @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:03 $
*
* */
public class TestLoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private String resourcePrincipalName;
private String userName;
private char[] password;
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
}
public boolean login() throws LoginException {
Callback[] callbacks = new Callback[3];
callbacks[0] = new NameCallback("Resource Principal");
callbacks[1] = new NameCallback("User Name");
callbacks[2] = new PasswordCallback("Password", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException ioe) {
throw (LoginException) new LoginException().initCause(ioe);
} catch (UnsupportedCallbackException uce) {
throw (LoginException) new LoginException().initCause(uce);
}
resourcePrincipalName = ((NameCallback) callbacks[0]).getName();
userName = ((NameCallback) callbacks[1]).getName();
password = ((PasswordCallback) callbacks[2]).getPassword();
return resourcePrincipalName != null && userName != null && password != null;
}
public boolean commit() throws LoginException {
subject.getPrincipals().add(new TestPrincipal(resourcePrincipalName));
GeronimoPasswordCredential passwordCredential = new GeronimoPasswordCredential(userName, password);
subject.getPrivateCredentials().add(passwordCredential);
return true;
}
public boolean abort() throws LoginException {
return false;
}
public boolean logout() throws LoginException {
return false;
}
}
1.1 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/bridge/TestPrincipal.java
Index: TestPrincipal.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Geronimo" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Geronimo", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
package org.apache.geronimo.security.bridge;
import java.security.Principal;
/**
*
*
* @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:03 $
*
* */
public class TestPrincipal implements Principal {
private String name;
public TestPrincipal(String name) {
this.name = name;
}
public String getName() {
return name;
}
}
1.1 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/bridge/TestRealm.java
Index: TestRealm.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Geronimo" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Geronimo", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
package org.apache.geronimo.security.bridge;
import java.util.Set;
import java.util.HashMap;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.LoginContext;
import javax.security.auth.spi.LoginModule;
import org.apache.geronimo.security.SecurityRealm;
import org.apache.geronimo.security.GeronimoSecurityException;
import org.apache.regexp.RE;
/**
*
*
* @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:03 $
*
* */
public class TestRealm implements SecurityRealm {
public final static String REALM_NAME = "testrealm";
public String getRealmName() {
return REALM_NAME;
}
public Set getGroupPrincipals() throws GeronimoSecurityException {
return null;
}
public Set getGroupPrincipals(RE regexExpression) throws GeronimoSecurityException {
return null;
}
public Set getUserPrincipals() throws GeronimoSecurityException {
return null;
}
public Set getUserPrincipals(RE regexExpression) throws GeronimoSecurityException {
return null;
}
public void refresh() throws GeronimoSecurityException {
}
public AppConfigurationEntry[] getAppConfigurationEntry() {
return new AppConfigurationEntry[] {
new AppConfigurationEntry(TestLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUISITE, new HashMap()
)
};
}
}