001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.test.security.test;
023:
024: import java.net.HttpURLConnection;
025: import java.util.HashMap;
026:
027: import javax.rmi.PortableRemoteObject;
028: import javax.security.auth.login.AppConfigurationEntry;
029: import javax.security.auth.login.Configuration;
030: import javax.security.auth.login.LoginContext;
031:
032: import junit.extensions.TestSetup;
033: import junit.framework.Test;
034: import junit.framework.TestSuite;
035:
036: import org.apache.commons.httpclient.Cookie;
037: import org.apache.commons.httpclient.Header;
038: import org.apache.commons.httpclient.HttpClient;
039: import org.apache.commons.httpclient.HttpState;
040: import org.apache.commons.httpclient.methods.GetMethod;
041: import org.apache.commons.httpclient.methods.PostMethod;
042: import org.jboss.security.auth.login.XMLLoginConfigImpl;
043: import org.jboss.test.JBossTestCase;
044: import org.jboss.test.JBossTestSetup;
045: import org.jboss.test.security.ejb.CustomPrincipalImpl;
046: import org.jboss.test.security.interfaces.CustomPrincipal;
047: import org.jboss.test.security.interfaces.CustomPrincipalHome;
048: import org.jboss.test.util.AppCallbackHandler;
049:
050: //$Id: CustomPrincipalPropagationUnitTestCase.java 63277 2007-05-31 16:06:01Z scott.stark@jboss.org $
051:
052: /**
053: * Test propagation of Custom Principal
054: * @author <a href="mailto:Anil.Saldhana@jboss.org">Anil Saldhana</a>
055: * @since Sep 22, 2006
056: * @version $Revision: 63277 $
057: */
058: public class CustomPrincipalPropagationUnitTestCase extends
059: JBossTestCase {
060: static String username = "jduke";
061: static char[] password = "theduke".toCharArray();
062:
063: LoginContext lc;
064: boolean loggedIn;
065:
066: public CustomPrincipalPropagationUnitTestCase(String name) {
067: super (name);
068: }
069:
070: /**
071: * Custom Principal from outside the Application Server VM
072: * @throws Exception
073: */
074: public void testCustomPrincipalTransmission() throws Exception {
075: Configuration.setConfiguration(new MyConfig());
076: login();
077: Object obj = getInitialContext().lookup(
078: "jaas.CustomPrincipalHome");
079: obj = PortableRemoteObject.narrow(obj,
080: CustomPrincipalHome.class);
081: CustomPrincipalHome home = (CustomPrincipalHome) obj;
082: log.debug("Found CustomPrincipalHome");
083: CustomPrincipal bean = home.create();
084: log.debug("Created CustomPrincipal");
085:
086: boolean isCustomType = bean
087: .validateCallerPrincipal(CustomPrincipalImpl.class);
088: bean.remove();
089: logout();
090: assertTrue("CustomPrincipalImpl was seen", isCustomType);
091: }
092:
093: /**
094: * A web-app has a welcome jsp (called as index.jsp). Inside this jsp,
095: * there is a call made out to an ejb
096: *
097: * @throws Exception
098: */
099: public void testCustomPrincipalTransmissionInVM() throws Exception {
100: String baseURLNoAuth = "http://" + getServerHost() + ":"
101: + Integer.getInteger("web.port", 8080) + "/";
102: HttpClient httpConn = new HttpClient();
103: GetMethod indexGet = new GetMethod(baseURLNoAuth
104: + "custom-principal/");
105: int responseCode = httpConn.executeMethod(indexGet);
106: String body = indexGet.getResponseBodyAsString();
107: assertTrue("Get OK(" + responseCode + ")",
108: responseCode == HttpURLConnection.HTTP_OK);
109: assertTrue("Redirected to login page", body
110: .indexOf("j_security_check") > 0);
111: HttpState state = httpConn.getState();
112: Cookie[] cookies = state.getCookies();
113: String sessionID = null;
114: for (int c = 0; c < cookies.length; c++) {
115: Cookie k = cookies[c];
116: if (k.getName().equalsIgnoreCase("JSESSIONID"))
117: sessionID = k.getValue();
118: }
119: getLog().debug("Saw JSESSIONID=" + sessionID);
120: // Submit the login form
121: PostMethod formPost = new PostMethod(baseURLNoAuth
122: + "custom-principal/j_security_check");
123: formPost.addRequestHeader("Referer", baseURLNoAuth
124: + "custom-principal/login.jsp");
125: formPost.addParameter("j_username", this .username);
126: formPost.addParameter("j_password", new String(password));
127: responseCode = httpConn.executeMethod(formPost
128: .getHostConfiguration(), formPost, state);
129: String loginResult = formPost.getResponseBodyAsString();
130: if (loginResult.indexOf("Encountered a login error") > 0)
131: fail("Login Failed");
132:
133: String response = formPost.getStatusText();
134: log.debug("responseCode=" + responseCode + ", response="
135: + response);
136: assertEquals("Saw HTTP_MOVED_TEMP",
137: HttpURLConnection.HTTP_MOVED_TEMP, responseCode);
138:
139: // Follow the redirect to the index.jsp
140: Header location = formPost.getResponseHeader("Location");
141: String indexURI = location.getValue();
142: GetMethod war1Index = new GetMethod(indexURI);
143: responseCode = httpConn.executeMethod(war1Index
144: .getHostConfiguration(), war1Index, state);
145: response = war1Index.getStatusText();
146: log.debug("responseCode=" + responseCode + ", response="
147: + response);
148: assertEquals("Get OK", HttpURLConnection.HTTP_OK, responseCode);
149: body = war1Index.getResponseBodyAsString();
150: log.debug("Final result obtained:" + body);
151: if (body.indexOf("j_security_check") > 0)
152: fail("get of " + indexURI + " redirected to login page");
153: if (body.indexOf("Propagation Success") < 0)
154: fail("Propagation of custom principal within VM failed");
155: }
156:
157: /** Login as user scott using the conf.name login config or
158: 'jaas-test' if conf.name is not defined.
159: */
160: private void login() throws Exception {
161: login(username, password);
162: }
163:
164: private void login(String username, char[] password)
165: throws Exception {
166: if (loggedIn)
167: return;
168:
169: lc = null;
170: String confName = System.getProperty("conf.name", "jaas-test");
171: AppCallbackHandler handler = new AppCallbackHandler(username,
172: password);
173: log.debug("Creating LoginContext(" + confName + ")");
174: lc = new LoginContext(confName, handler);
175: lc.login();
176: log.debug("Created LoginContext, subject=" + lc.getSubject());
177: loggedIn = true;
178: }
179:
180: private void logout() throws Exception {
181: if (loggedIn) {
182: loggedIn = false;
183: lc.logout();
184: }
185: }
186:
187: /**
188: * Setup the test suite.
189: */
190: public static Test suite() throws Exception {
191: TestSuite suite = new TestSuite();
192: suite.addTest(new TestSuite(
193: CustomPrincipalPropagationUnitTestCase.class));
194:
195: // Create an initializer for the test suite
196: TestSetup wrapper = new JBossTestSetup(suite) {
197: protected void setUp() throws Exception {
198: super .setUp();
199: Configuration
200: .setConfiguration(new XMLLoginConfigImpl());
201: deploy("security-jaas.ear");
202: flushAuthCache("jaas-test");
203: flushAuthCache("jaas-testpropagation");
204: }
205:
206: protected void tearDown() throws Exception {
207: undeploy("security-jaas.ear");
208: super .tearDown();
209:
210: }
211: };
212: return wrapper;
213: }
214:
215: static class MyConfig extends Configuration {
216: AppConfigurationEntry[] entry;
217:
218: MyConfig() {
219: entry = new AppConfigurationEntry[2];
220: HashMap opt0 = new HashMap();
221: opt0.put("principal", new CustomPrincipalImpl(username));
222: opt0.put("credential", password);
223: opt0.put("password-stacking", "useFirstPass");
224: entry[0] = new AppConfigurationEntry(
225: "org.jboss.test.security.ejb.CustomPrincipalLoginModule",
226: AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
227: opt0);
228: entry[1] = new AppConfigurationEntry(
229: "org.jboss.security.ClientLoginModule",
230: AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
231: opt0);
232: }
233:
234: public AppConfigurationEntry[] getAppConfigurationEntry(
235: String appName) {
236: return entry;
237: }
238:
239: public void refresh() {
240: }
241: }
242:
243: }
|