You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2020/05/06 14:07:51 UTC
[qpid-broker-j] branch master updated: QPID-8426: [Broker-J] Reuse
tcp port by SimpleKdcServer and skip kerberos-related tests from
SimpleLDAPAuthenticationManagerTest when IBM JDK is used
This is an automated email from the ASF dual-hosted git repository.
orudyy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
The following commit(s) were added to refs/heads/master by this push:
new 7bf4399 QPID-8426: [Broker-J] Reuse tcp port by SimpleKdcServer and skip kerberos-related tests from SimpleLDAPAuthenticationManagerTest when IBM JDK is used
7bf4399 is described below
commit 7bf4399ee67c571afcd10e1e48ed31c91c3d12e7
Author: Alex Rudyy <or...@apache.org>
AuthorDate: Tue May 5 19:29:05 2020 +0100
QPID-8426: [Broker-J] Reuse tcp port by SimpleKdcServer and skip kerberos-related tests from SimpleLDAPAuthenticationManagerTest when IBM JDK is used
---
.../SimpleLDAPAuthenticationManagerTest.java | 4 +
.../qpid/server/test/EmbeddedKdcResource.java | 89 ++++++++++++----------
.../apache/qpid/server/test/KerberosUtilities.java | 9 +--
3 files changed, 56 insertions(+), 46 deletions(-)
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerTest.java
index b27d601..ed33947 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerTest.java
@@ -20,9 +20,11 @@ package org.apache.qpid.server.security.auth.manager;
import static java.nio.charset.StandardCharsets.UTF_8;
import static org.apache.qpid.server.security.auth.manager.CachingAuthenticationProvider.AUTHENTICATION_CACHE_MAX_SIZE;
+import static org.hamcrest.CoreMatchers.not;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeThat;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -85,6 +87,7 @@ import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.SocketConnectionPrincipal;
import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
import org.apache.qpid.server.security.auth.sasl.SaslSettings;
+import org.apache.qpid.test.utils.JvmVendor;
import org.apache.qpid.server.test.KerberosUtilities;
import org.apache.qpid.test.utils.SystemPropertySetter;
import org.apache.qpid.test.utils.TestFileUtils;
@@ -361,6 +364,7 @@ public class SimpleLDAPAuthenticationManagerTest extends UnitTestBase
private void setUpKerberosAndJaas() throws Exception
{
+ assumeThat(getJvmVendor(), not(JvmVendor.IBM));
if (KERBEROS_SETUP.compareAndSet(false, true))
{
setUpKerberos();
diff --git a/broker-core/src/test/java/org/apache/qpid/server/test/EmbeddedKdcResource.java b/broker-core/src/test/java/org/apache/qpid/server/test/EmbeddedKdcResource.java
index 10865c2..9351a6c 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/test/EmbeddedKdcResource.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/test/EmbeddedKdcResource.java
@@ -22,13 +22,12 @@ package org.apache.qpid.server.test;
import java.io.File;
import java.io.IOException;
import java.nio.file.FileAlreadyExistsException;
-import java.nio.file.FileVisitResult;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
-import java.nio.file.SimpleFileVisitor;
-import java.nio.file.attribute.BasicFileAttributes;
+import java.nio.file.StandardCopyOption;
import java.util.ArrayList;
+import java.util.Comparator;
import java.util.List;
import java.util.concurrent.atomic.AtomicInteger;
@@ -39,50 +38,68 @@ import org.junit.rules.ExternalResource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.apache.qpid.server.util.FileUtils;
+
public class EmbeddedKdcResource extends ExternalResource
{
private static final Logger LOGGER = LoggerFactory.getLogger(EmbeddedKdcResource.class);
private static final AtomicInteger COUNTER = new AtomicInteger();
+ private static final AtomicInteger PORT = new AtomicInteger();
private static final boolean CLEAN_UP = Boolean.parseBoolean(System.getProperty("qpid.test.cleanUpKdcArtifacts", "true"));
private final SimpleKdcServer _simpleKdcServer;
private final String _realm;
private final List<File> _createdFiles = new ArrayList<>();
- private volatile Path _kdcDirectory;
+ private final Path _kdcDirectory;
+ private final int _port;
public EmbeddedKdcResource(final String host, final int port, final String serviceName, final String realm)
{
+ _port = port;
_realm = realm;
+ _kdcDirectory = Paths.get("target", "simple-kdc-" + COUNTER.incrementAndGet());
try
{
+ createWorkDirectory(_kdcDirectory);
_simpleKdcServer = new SimpleKdcServer();
- _simpleKdcServer.setKdcHost(host);
- if (port > 0)
- {
- _simpleKdcServer.setKdcTcpPort(port);
- }
- _simpleKdcServer.setAllowUdp(false);
- _simpleKdcServer.setKdcRealm(realm);
- _simpleKdcServer.getKdcConfig().setString(KdcConfigKey.KDC_SERVICE_NAME, serviceName);
}
- catch (KrbException e)
+ catch (KrbException | IOException e)
{
throw new AssertionError(String.format("Unable to create SimpleKdcServer': %s", e.getMessage()), e);
}
+
+ _simpleKdcServer.setKdcHost(host);
+
+ // re-use port from previous start-up if any
+ // IBM JDK caches port somehow causing test failures
+ int p = port == 0 ? PORT.get() : port;
+ if (p > 0)
+ {
+ _simpleKdcServer.setKdcTcpPort(p);
+ }
+ _simpleKdcServer.setAllowUdp(false);
+ _simpleKdcServer.setKdcRealm(realm);
+ _simpleKdcServer.getKdcConfig().setString(KdcConfigKey.KDC_SERVICE_NAME, serviceName);
+ _simpleKdcServer.setWorkDir(_kdcDirectory.toFile());
}
@Override
public void before() throws Exception
{
- final Path kdcDir = Paths.get("target", "simple-kdc-" + COUNTER.incrementAndGet());
- createWorkDirectory(kdcDir);
- _kdcDirectory = kdcDir;
- _simpleKdcServer.setWorkDir(_kdcDirectory.toFile());
_simpleKdcServer.init();
+ if (_port == 0)
+ {
+ PORT.compareAndSet(0, _simpleKdcServer.getKdcSetting().checkGetKdcTcpPort());
+ }
_simpleKdcServer.start();
- LOGGER.info("SimpleKdcServer started on port {}, realm '{}' with work dir '{}'", getPort(), getRealm(), _kdcDirectory);
+ LOGGER.debug("SimpleKdcServer started on port {}, realm '{}' with work dir '{}'", getPort(), getRealm(), _kdcDirectory);
+
+ final String config = FileUtils.readFileAsString(new File(System.getProperty("java.security.krb5.conf")));
+ LOGGER.debug("java.security.krb5.conf='{}'", System.getProperty("java.security.krb5.conf"));
+ final Path krb5Conf = Paths.get(_kdcDirectory.toString(), "krb5.conf");
+ LOGGER.debug("JAAS config:" + config);
if (!CLEAN_UP)
{
- Files.copy(Paths.get(kdcDir.toString(), "krb5.conf"), Paths.get(kdcDir.toString(), "krb5.conf.copy"));
+ Files.copy(krb5Conf, Paths.get(_kdcDirectory.toString(), "krb5.conf.copy"), StandardCopyOption.REPLACE_EXISTING);
}
}
@@ -112,38 +129,28 @@ public class EmbeddedKdcResource extends ExternalResource
return _realm;
}
- private void delete(Path f) throws IOException
+ private void delete(Path path) throws IOException
{
- Files.walkFileTree(f,
- new SimpleFileVisitor<Path>()
- {
- @Override
- public FileVisitResult visitFile(final Path file, final BasicFileAttributes attrs)
- throws IOException
- {
- Files.delete(file);
- return FileVisitResult.CONTINUE;
- }
-
- @Override
- public FileVisitResult postVisitDirectory(final Path dir, final IOException exc)
- throws IOException
- {
- Files.delete(dir);
- return FileVisitResult.CONTINUE;
- }
- });
+ Files.walk(path)
+ .sorted(Comparator.reverseOrder())
+ .map(Path::toFile)
+ .forEach(f -> {
+ if (!f.delete())
+ {
+ LOGGER.warn("Could not delete file at {}", f.getAbsolutePath());
+ }
+ });
}
public int getPort()
{
- return _simpleKdcServer.getKdcTcpPort();
+ return _simpleKdcServer.getKdcSetting().getKdcTcpPort();
}
public File createPrincipal(String keyTabFileName, String... principals)
throws Exception
{
- final Path ketTabPath = Paths.get("target", keyTabFileName);
+ final Path ketTabPath = Paths.get("target", keyTabFileName).toAbsolutePath().normalize();
final File ketTabFile = ketTabPath.toFile();
_createdFiles.add(ketTabFile);
createPrincipal(ketTabFile, principals);
diff --git a/broker-core/src/test/java/org/apache/qpid/server/test/KerberosUtilities.java b/broker-core/src/test/java/org/apache/qpid/server/test/KerberosUtilities.java
index 903551d..13c3acc 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/test/KerberosUtilities.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/test/KerberosUtilities.java
@@ -26,7 +26,6 @@ import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
-import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLDecoder;
import java.nio.file.Files;
@@ -72,12 +71,11 @@ public class KerberosUtilities
public static final String CLIENT_PRINCIPAL_FULL_NAME = CLIENT_PRINCIPAL_NAME + "@" + REALM;
public static final String SERVER_PROTOCOL = "AMQP";
public static final String SERVICE_PRINCIPAL_NAME = SERVER_PROTOCOL + "/" + HOST_NAME;
- private static final String SUN_ACCEPT_SCOPE = "com.sun.security.jgss.accept";
- private static final String IBM_ACCEPT_SCOPE = "com.ibm.security.jgss.krb5.accept";
- public static final String ACCEPT_SCOPE = isIBM() ? IBM_ACCEPT_SCOPE : SUN_ACCEPT_SCOPE;
+ public static final String ACCEPT_SCOPE = isIBM() ? "com.ibm.security.jgss.krb5.accept" : "com.sun.security.jgss.accept";
private static final String USE_SUBJECT_CREDS_ONLY = "javax.security.auth.useSubjectCredsOnly";
public static final String LOGIN_CONFIG = "java.security.auth.login.config";
+ private static final String INITIATE_SCOPE = isIBM() ? "com.ibm.security.jgss.krb5.initiate" : "com.sun.security.jgss.initiate";
private static final Logger LOGGER = LoggerFactory.getLogger(KerberosUtilities.class);
private static final String IBM_LOGIN_MODULE_CLASS = "com.ibm.security.auth.module.Krb5LoginModule";
private static final String SUN_LOGIN_MODULE_CLASS = "com.sun.security.auth.module.Krb5LoginModule";
@@ -109,7 +107,7 @@ public class KerberosUtilities
public byte[] buildToken(String clientPrincipalName, File clientKeyTabFile, String targetServerPrincipalName)
throws Exception
{
- final LoginContext lc = createKerberosKeyTabLoginContext("test",
+ final LoginContext lc = createKerberosKeyTabLoginContext(INITIATE_SCOPE,
clientPrincipalName,
clientKeyTabFile);
@@ -117,6 +115,7 @@ public class KerberosUtilities
String useSubjectCredsOnly = System.getProperty(USE_SUBJECT_CREDS_ONLY);
try
{
+ debug("Before login");
lc.login();
clientSubject = lc.getSubject();
debug("LoginContext subject {}", clientSubject);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org