Source Code Cross Referenced for DelegatingPolicyTestCase.java in  » EJB-Server-JBoss-4.2.1 » security » org » jboss » test » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        /*
002:         * JBoss, Home of Professional Open Source.
003:         * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004:         * as indicated by the @author tags. See the copyright.txt file in the
005:         * distribution for a full listing of individual contributors.
006:         *
007:         * This is free software; you can redistribute it and/or modify it
008:         * under the terms of the GNU Lesser General Public License as
009:         * published by the Free Software Foundation; either version 2.1 of
010:         * the License, or (at your option) any later version.
011:         *
012:         * This software is distributed in the hope that it will be useful,
013:         * but WITHOUT ANY WARRANTY; without even the implied warranty of
014:         * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015:         * Lesser General Public License for more details.
016:         *
017:         * You should have received a copy of the GNU Lesser General Public
018:         * License along with this software; if not, write to the Free
019:         * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020:         * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021:         */
022:        package org.jboss.test;
023:
024:        import java.lang.reflect.Constructor;
025:        import java.security.AccessControlContext;
026:        import java.security.AccessControlException;
027:        import java.security.AccessController;
028:        import java.security.CodeSource;
029:        import java.security.Policy;
030:        import java.security.Principal;
031:        import java.security.PrivilegedAction;
032:        import java.security.ProtectionDomain;
033:        import java.util.Set;
034:        import javax.security.auth.Subject;
035:        import javax.security.jacc.EJBMethodPermission;
036:        import javax.security.jacc.PolicyConfiguration;
037:        import javax.security.jacc.PolicyConfigurationFactory;
038:        import javax.security.jacc.PolicyContext;
039:
040:        import junit.extensions.TestSetup;
041:        import junit.framework.Test;
042:        import junit.framework.TestCase;
043:        import junit.framework.TestSuite;
044:        import org.apache.log4j.Logger;
045:        import org.jboss.security.SimplePrincipal;
046:        import org.jboss.security.jacc.DelegatingPolicy;
047:        import org.jboss.security.jacc.SubjectPolicyContextHandler;
048:
049:        public class DelegatingPolicyTestCase extends TestCase {
050:            private static Logger log = Logger
051:                    .getLogger(DelegatingPolicyTestCase.class);
052:            private static Policy oldPolicy;
053:            private static Policy jaccPolicy;
054:
055:            public DelegatingPolicyTestCase(String name) {
056:                super (name);
057:            }
058:
059:            static void setUpPolicy() throws Exception {
060:                // Get the current Policy impl
061:                oldPolicy = Policy.getPolicy();
062:
063:                String provider = "org.jboss.security.jacc.DelegatingPolicy";
064:                ClassLoader loader = Thread.currentThread()
065:                        .getContextClassLoader();
066:                Class providerClass = loader.loadClass(provider);
067:                try {
068:                    // Look for a ctor(Policy) signature
069:                    Class[] ctorSig = { Policy.class };
070:                    Constructor ctor = providerClass.getConstructor(ctorSig);
071:                    Object[] ctorArgs = { oldPolicy };
072:                    jaccPolicy = (Policy) ctor.newInstance(ctorArgs);
073:                } catch (NoSuchMethodException e) {
074:                    log.debug("Provider does not support ctor(Policy)");
075:                    jaccPolicy = (Policy) providerClass.newInstance();
076:                }
077:
078:                // Install the JACC policy provider
079:                Policy.setPolicy(jaccPolicy);
080:
081:                // Have the policy load/update itself
082:                jaccPolicy.refresh();
083:
084:                // Register the default active Subject PolicyContextHandler
085:                SubjectPolicyContextHandler handler = new SubjectPolicyContextHandler();
086:                PolicyContext.registerHandler(
087:                        SubjectPolicyContextHandler.SUBJECT_CONTEXT_KEY,
088:                        handler, false);
089:            }
090:
091:            /**
092:             * Basic test that a PolicyConfiguration is included in the Policy and its
093:             * permissions are implied through the Policy.
094:             * 
095:             * @throws Exception
096:             */
097:            public void testPolicyConfiguration() throws Exception {
098:                PolicyConfigurationFactory pcf = PolicyConfigurationFactory
099:                        .getPolicyConfigurationFactory();
100:                PolicyConfiguration pc = pcf.getPolicyConfiguration(
101:                        "context-a", false);
102:                EJBMethodPermission someEJB = new EJBMethodPermission(
103:                        "someEJB", null);
104:                pc.addToExcludedPolicy(someEJB);
105:                pc.commit();
106:
107:                Policy sysPolicy = Policy.getPolicy();
108:                assertTrue("Policy isa DelegatingPolicy",
109:                        sysPolicy instanceof  DelegatingPolicy);
110:                sysPolicy.refresh();
111:
112:                // Act like the ejb container and check a permission
113:                PolicyContext.setContextID("context-a");
114:                EJBMethodPermission methodX = new EJBMethodPermission(
115:                        "someEJB", "methodX,,int");
116:                assertTrue("methodX denied",
117:                        sysPolicy.implies(null, methodX) == false);
118:
119:                pc = pcf.getPolicyConfiguration("context-a", true);
120:                pc.addToUncheckedPolicy(someEJB);
121:                pc.commit();
122:                sysPolicy.refresh();
123:                assertTrue("methodX allowed",
124:                        sysPolicy.implies(null, methodX) == true);
125:
126:                pc.delete();
127:                pc = pcf.getPolicyConfiguration("context-a", false);
128:                pc.addToRole("callerX", someEJB);
129:                pc.commit();
130:                sysPolicy.refresh();
131:                SimplePrincipal[] callers = { new SimplePrincipal("callerX") };
132:                ProtectionDomain pd = new ProtectionDomain(null, null, null,
133:                        callers);
134:                assertTrue("methodX allowed",
135:                        sysPolicy.implies(pd, methodX) == true);
136:
137:                callers = new SimplePrincipal[] { new SimplePrincipal("callerY") };
138:                pd = new ProtectionDomain(null, null, null, callers);
139:                assertTrue("methodX denied",
140:                        sysPolicy.implies(pd, methodX) == false);
141:
142:            }
143:
144:            /**
145:             * Test that uncommitted configurations in the Open state are not seen in
146:             * the current Policy permission set.
147:             * 
148:             * @throws Exception
149:             */
150:            public void testOpenConfigurations() throws Exception {
151:                PolicyConfigurationFactory pcf = PolicyConfigurationFactory
152:                        .getPolicyConfigurationFactory();
153:                PolicyConfiguration pc = pcf.getPolicyConfiguration(
154:                        "context-a", false);
155:                EJBMethodPermission someEJB = new EJBMethodPermission(
156:                        "someEJB", null);
157:                pc.addToRole("callerX", someEJB);
158:                Policy sysPolicy = Policy.getPolicy();
159:
160:                pc = pcf.getPolicyConfiguration("context-a", true);
161:                pc.addToUncheckedPolicy(someEJB);
162:                sysPolicy.refresh();
163:                EJBMethodPermission methodX = new EJBMethodPermission(
164:                        "someEJB", "methodX,,int");
165:                // This perm should be denied since the policy config has not been comitted
166:                boolean implied = sysPolicy.implies(null, methodX);
167:                assertFalse("methodX allowed", implied == true);
168:
169:                pc.commit();
170:                sysPolicy.refresh();
171:                // Now it should be allowed since the policy config has been comitted
172:                implied = sysPolicy.implies(null, methodX);
173:                assertTrue("methodX allowed", implied == true);
174:            }
175:
176:            public void testSubjectDoAs() throws Exception {
177:                PolicyConfigurationFactory pcf = PolicyConfigurationFactory
178:                        .getPolicyConfigurationFactory();
179:                PolicyConfiguration pc = pcf.getPolicyConfiguration(
180:                        "context-a", true);
181:                EJBMethodPermission someEJB = new EJBMethodPermission(
182:                        "someEJB", null);
183:                pc.addToRole("callerX", someEJB);
184:                pc.commit();
185:
186:                log.debug("EJBMethodPermission.CS: "
187:                        + EJBMethodPermission.class.getProtectionDomain());
188:                final EJBMethodPermission methodX = new EJBMethodPermission(
189:                        "someEJB", "methodX");
190:                final Subject caller = new Subject();
191:                caller.getPrincipals().add(new SimplePrincipal("callerX"));
192:                Set principalsSet = caller.getPrincipals();
193:                Principal[] principals = new Principal[principalsSet.size()];
194:                principalsSet.toArray(principals);
195:                CodeSource cs = getClass().getProtectionDomain()
196:                        .getCodeSource();
197:                final ProtectionDomain[] pds = { new ProtectionDomain(cs, null,
198:                        null, principals) };
199:                AccessControlContext acc = new AccessControlContext(pds);
200:                /*
201:                AccessControlContext acc = new AccessControlContext(new AccessControlContext(pds),
202:                         new SubjectDomainCombiner(caller));
203:                 */
204:
205:                Boolean allowed = (Boolean) Subject.doAsPrivileged(caller,
206:                        new PrivilegedAction() {
207:                            public Object run() {
208:                                AccessControlContext acc = AccessController
209:                                        .getContext();
210:                                Boolean ok = Boolean.FALSE;
211:                                try {
212:                                    acc.checkPermission(methodX);
213:                                    ok = Boolean.TRUE;
214:                                } catch (AccessControlException e) {
215:
216:                                }
217:                                return ok;
218:                            }
219:                        }, acc);
220:                assertTrue("methodX allowed", allowed == Boolean.TRUE);
221:
222:            }
223:
224:            public static Test suite() {
225:                TestSuite suite = new TestSuite(DelegatingPolicyTestCase.class);
226:
227:                // Create an initializer for the test suite
228:                TestSetup wrapper = new TestSetup(suite) {
229:                    protected void setUp() throws Exception {
230:                        setUpPolicy();
231:                    }
232:
233:                    protected void tearDown() throws Exception {
234:                    }
235:                };
236:                return wrapper;
237:            }
238:        }