001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.test.security.test;
023:
024: import java.util.Properties;
025: import java.util.HashSet;
026: import java.security.Principal;
027: import java.net.HttpURLConnection;
028: import java.io.InputStream;
029: import java.io.ByteArrayOutputStream;
030: import java.io.ObjectOutputStream;
031: import java.io.ByteArrayInputStream;
032: import javax.naming.Context;
033: import javax.naming.InitialContext;
034: import javax.rmi.PortableRemoteObject;
035:
036: import junit.framework.Test;
037: import org.jboss.test.JBossTestCase;
038: import org.jboss.test.util.web.HttpUtils;
039: import org.jboss.test.security.interfaces.SecuredServiceRemoteHome;
040: import org.jboss.test.security.interfaces.SecuredServiceRemote;
041: import org.jboss.test.security.interfaces.CallerInfo;
042: import org.jboss.security.SecurityAssociation;
043: import org.jboss.security.SimplePrincipal;
044: import org.apache.commons.httpclient.HttpMethodBase;
045: import org.apache.commons.httpclient.HttpClient;
046: import org.apache.commons.httpclient.NameValuePair;
047: import org.apache.commons.httpclient.HttpState;
048: import org.apache.commons.httpclient.UsernamePasswordCredentials;
049: import org.apache.commons.httpclient.methods.PostMethod;
050:
051: /** Tests of the JACC subject policy context handler state and consistency
052: with the container caller principal, isCallerInRole methods.
053:
054: @author Scott.Stark@jboss.org
055: @version $Revision: 57211 $
056: */
057: public class SubjectContextUnitTestCase extends JBossTestCase {
058: public SubjectContextUnitTestCase(String name) {
059: super (name);
060: }
061:
062: /**
063: Access an unchecked method with a valid login that calls the same method
064: on another bean using a run-as role.
065:
066: @throws Exception
067: */
068: public void testPublicMethod() throws Exception {
069: log.debug("+++ testPublicMethod()");
070: Properties env = new Properties();
071: env
072: .setProperty(Context.INITIAL_CONTEXT_FACTORY,
073: "org.jboss.security.jndi.JndiLoginInitialContextFactory");
074: env.setProperty(Context.SECURITY_PRINCIPAL, "jduke");
075: env.setProperty(Context.SECURITY_CREDENTIALS, "theduke");
076: InitialContext ctx = new InitialContext(env);
077: Object obj = ctx.lookup("jacc/Secured");
078: obj = PortableRemoteObject.narrow(obj,
079: SecuredServiceRemoteHome.class);
080: SecuredServiceRemoteHome home = (SecuredServiceRemoteHome) obj;
081: log.debug("Found SecuredServiceRemoteHome");
082: SecuredServiceRemote bean = home.create();
083: log.debug("Created SecuredServiceRemote");
084:
085: Principal callerIdentity = new SimplePrincipal("jduke");
086: Principal runAsIdentity = new SimplePrincipal("runAsUser");
087: HashSet expectedCallerRoles = new HashSet();
088: expectedCallerRoles.add("groupMemberCaller");
089: expectedCallerRoles.add("userCaller");
090: expectedCallerRoles.add("allAuthCaller");
091: expectedCallerRoles.add("webUser");
092: HashSet expectedRunAsRoles = new HashSet();
093: expectedRunAsRoles.add("identitySubstitutionCaller");
094: expectedRunAsRoles.add("extraRunAsRole");
095: CallerInfo info = new CallerInfo(callerIdentity, runAsIdentity,
096: expectedCallerRoles, expectedRunAsRoles);
097: bean.publicMethod(info);
098: bean.remove();
099: }
100:
101: public void testAllAuthMethod() throws Exception {
102: log.debug("+++ testAllAuthMethod()");
103: Properties env = new Properties();
104: env
105: .setProperty(Context.INITIAL_CONTEXT_FACTORY,
106: "org.jboss.security.jndi.JndiLoginInitialContextFactory");
107: env.setProperty(Context.SECURITY_PRINCIPAL, "jduke");
108: env.setProperty(Context.SECURITY_CREDENTIALS, "theduke");
109: InitialContext ctx = new InitialContext(env);
110: Object obj = ctx.lookup("jacc/Secured");
111: obj = PortableRemoteObject.narrow(obj,
112: SecuredServiceRemoteHome.class);
113: SecuredServiceRemoteHome home = (SecuredServiceRemoteHome) obj;
114: log.debug("Found SecuredServiceRemoteHome");
115: SecuredServiceRemote bean = home.create();
116: log.debug("Created SecuredServiceRemote");
117:
118: Principal callerIdentity = new SimplePrincipal("jduke");
119: Principal runAsIdentity = new SimplePrincipal("runAsUser");
120: HashSet expectedCallerRoles = new HashSet();
121: expectedCallerRoles.add("groupMemberCaller");
122: expectedCallerRoles.add("userCaller");
123: expectedCallerRoles.add("allAuthCaller");
124: expectedCallerRoles.add("webUser");
125: HashSet expectedRunAsRoles = new HashSet();
126: expectedRunAsRoles.add("identitySubstitutionCaller");
127: expectedRunAsRoles.add("extraRunAsRole");
128: CallerInfo info = new CallerInfo(callerIdentity, runAsIdentity,
129: expectedCallerRoles, expectedRunAsRoles);
130: bean.allAuthMethod(info);
131: bean.remove();
132: }
133:
134: public void testUserMethod() throws Exception {
135: log.debug("+++ testUserMethod()");
136: Properties env = new Properties();
137: env
138: .setProperty(Context.INITIAL_CONTEXT_FACTORY,
139: "org.jboss.security.jndi.JndiLoginInitialContextFactory");
140: env.setProperty(Context.SECURITY_PRINCIPAL, "jduke");
141: env.setProperty(Context.SECURITY_CREDENTIALS, "theduke");
142: InitialContext ctx = new InitialContext(env);
143: Object obj = ctx.lookup("jacc/Secured");
144: obj = PortableRemoteObject.narrow(obj,
145: SecuredServiceRemoteHome.class);
146: SecuredServiceRemoteHome home = (SecuredServiceRemoteHome) obj;
147: log.debug("Found SecuredServiceRemoteHome");
148: SecuredServiceRemote bean = home.create();
149: log.debug("Created SecuredServiceRemote");
150:
151: Principal callerIdentity = new SimplePrincipal("jduke");
152: Principal runAsIdentity = new SimplePrincipal("runAsUser");
153: HashSet expectedCallerRoles = new HashSet();
154: expectedCallerRoles.add("groupMemberCaller");
155: expectedCallerRoles.add("userCaller");
156: expectedCallerRoles.add("allAuthCaller");
157: expectedCallerRoles.add("webUser");
158: HashSet expectedRunAsRoles = new HashSet();
159: expectedRunAsRoles.add("identitySubstitutionCaller");
160: expectedRunAsRoles.add("extraRunAsRole");
161: CallerInfo info = new CallerInfo(callerIdentity, runAsIdentity,
162: expectedCallerRoles, expectedRunAsRoles);
163: bean.userMethod(info);
164: bean.remove();
165: }
166:
167: public void testGroupMemberMethod() throws Exception {
168: log.debug("+++ testGroupMemberMethod()");
169: Properties env = new Properties();
170: env
171: .setProperty(Context.INITIAL_CONTEXT_FACTORY,
172: "org.jboss.security.jndi.JndiLoginInitialContextFactory");
173: env.setProperty(Context.SECURITY_PRINCIPAL, "jduke");
174: env.setProperty(Context.SECURITY_CREDENTIALS, "theduke");
175: InitialContext ctx = new InitialContext(env);
176: Object obj = ctx.lookup("jacc/Secured");
177: obj = PortableRemoteObject.narrow(obj,
178: SecuredServiceRemoteHome.class);
179: SecuredServiceRemoteHome home = (SecuredServiceRemoteHome) obj;
180: log.debug("Found SecuredServiceRemoteHome");
181: SecuredServiceRemote bean = home.create();
182: log.debug("Created SecuredServiceRemote");
183:
184: Principal callerIdentity = new SimplePrincipal("jduke");
185: Principal runAsIdentity = new SimplePrincipal("runAsUser");
186: HashSet expectedCallerRoles = new HashSet();
187: expectedCallerRoles.add("groupMemberCaller");
188: expectedCallerRoles.add("userCaller");
189: expectedCallerRoles.add("allAuthCaller");
190: expectedCallerRoles.add("webUser");
191: HashSet expectedRunAsRoles = new HashSet();
192: expectedRunAsRoles.add("identitySubstitutionCaller");
193: expectedRunAsRoles.add("extraRunAsRole");
194: CallerInfo info = new CallerInfo(callerIdentity, runAsIdentity,
195: expectedCallerRoles, expectedRunAsRoles);
196: bean.groupMemberMethod(info);
197: bean.remove();
198: }
199:
200: public void testRunAsMethod() throws Exception {
201: log.debug("+++ testRunAsMethod()");
202: Properties env = new Properties();
203: env
204: .setProperty(Context.INITIAL_CONTEXT_FACTORY,
205: "org.jboss.security.jndi.JndiLoginInitialContextFactory");
206: env.setProperty(Context.SECURITY_PRINCIPAL, "jduke");
207: env.setProperty(Context.SECURITY_CREDENTIALS, "theduke");
208: InitialContext ctx = new InitialContext(env);
209: Object obj = ctx.lookup("jacc/Secured");
210: obj = PortableRemoteObject.narrow(obj,
211: SecuredServiceRemoteHome.class);
212: SecuredServiceRemoteHome home = (SecuredServiceRemoteHome) obj;
213: log.debug("Found SecuredServiceRemoteHome");
214: SecuredServiceRemote bean = home.create();
215: log.debug("Created SecuredServiceRemote");
216:
217: Principal callerIdentity = new SimplePrincipal("jduke");
218: Principal runAsIdentity = new SimplePrincipal("runAsUser");
219: HashSet expectedCallerRoles = new HashSet();
220: expectedCallerRoles.add("groupMemberCaller");
221: expectedCallerRoles.add("userCaller");
222: expectedCallerRoles.add("allAuthCaller");
223: expectedCallerRoles.add("webUser");
224: HashSet expectedRunAsRoles = new HashSet();
225: expectedRunAsRoles.add("identitySubstitutionCaller");
226: expectedRunAsRoles.add("extraRunAsRole");
227: CallerInfo info = new CallerInfo(callerIdentity, runAsIdentity,
228: expectedCallerRoles, expectedRunAsRoles);
229: bean.runAsMethod(info);
230: bean.remove();
231: }
232:
233: public void testUnprotectedEjbMethod() throws Exception {
234: log.debug("+++ testUnprotectedEjbMethod()");
235: SecurityAssociation.clear();
236: InitialContext ctx = new InitialContext();
237: Object obj = ctx.lookup("jacc/Secured");
238: obj = PortableRemoteObject.narrow(obj,
239: SecuredServiceRemoteHome.class);
240: SecuredServiceRemoteHome home = (SecuredServiceRemoteHome) obj;
241: log.debug("Found SecuredServiceRemoteHome");
242: SecuredServiceRemote bean = home.create();
243: log.debug("Created SecuredServiceRemote");
244:
245: Principal callerIdentity = new SimplePrincipal("guest");
246: Principal runAsIdentity = new SimplePrincipal("runAsUser");
247: HashSet expectedCallerRoles = new HashSet();
248: HashSet expectedRunAsRoles = new HashSet();
249: expectedRunAsRoles.add("identitySubstitutionCaller");
250: expectedRunAsRoles.add("extraRunAsRole");
251: CallerInfo info = new CallerInfo(callerIdentity, runAsIdentity,
252: expectedCallerRoles, expectedRunAsRoles);
253: bean.unprotectedEjbMethod(info);
254: bean.remove();
255: }
256:
257: public void testUnprotectedEjbMethodViaServlet() throws Exception {
258: log.debug("+++ testUnprotectedEjbMethodViaServlet()");
259: SecurityAssociation.clear();
260:
261: Principal callerIdentity = new SimplePrincipal("guest");
262: Principal runAsIdentity = new SimplePrincipal("runAsUser");
263: HashSet expectedCallerRoles = new HashSet();
264: HashSet expectedRunAsRoles = new HashSet();
265: expectedRunAsRoles.add("identitySubstitutionCaller");
266: expectedRunAsRoles.add("extraRunAsRole");
267: CallerInfo info = new CallerInfo(callerIdentity, runAsIdentity,
268: expectedCallerRoles, expectedRunAsRoles);
269:
270: String baseURLNoAuth = HttpUtils.getBaseURLNoAuth();
271: PostMethod formPost = new PostMethod(baseURLNoAuth
272: + "subject-context/unrestricted/RunAsServlet");
273: ByteArrayOutputStream baos = new ByteArrayOutputStream();
274: ObjectOutputStream oos = new ObjectOutputStream(baos);
275: oos.writeObject("unprotectedEjbMethod");
276: oos.writeObject(info);
277: oos.close();
278: log.info("post content length: " + baos.toByteArray().length);
279: ByteArrayInputStream bais = new ByteArrayInputStream(baos
280: .toByteArray());
281: formPost.setRequestBody(bais);
282: HttpClient httpConn = new HttpClient();
283: int responseCode = httpConn.executeMethod(formPost);
284: assertTrue("POST OK(" + responseCode + ")",
285: responseCode == HttpURLConnection.HTTP_OK);
286: }
287:
288: public void testUserMethodViaServlet() throws Exception {
289: log.debug("+++ testUserMethodViaServlet()");
290: SecurityAssociation.clear();
291:
292: Principal callerIdentity = new SimplePrincipal("jduke");
293: Principal runAsIdentity = new SimplePrincipal("runAsUser");
294: HashSet expectedCallerRoles = new HashSet();
295: expectedCallerRoles.add("groupMemberCaller");
296: expectedCallerRoles.add("userCaller");
297: expectedCallerRoles.add("allAuthCaller");
298: expectedCallerRoles.add("webUser");
299: HashSet expectedRunAsRoles = new HashSet();
300: expectedRunAsRoles.add("identitySubstitutionCaller");
301: expectedRunAsRoles.add("extraRunAsRole");
302: CallerInfo info = new CallerInfo(callerIdentity, runAsIdentity,
303: expectedCallerRoles, expectedRunAsRoles);
304:
305: String baseURL = HttpUtils.getBaseURL("jduke", "theduke");
306: PostMethod formPost = new PostMethod(baseURL
307: + "subject-context/restricted/RunAsServlet");
308: formPost.setDoAuthentication(true);
309: ByteArrayOutputStream baos = new ByteArrayOutputStream();
310: ObjectOutputStream oos = new ObjectOutputStream(baos);
311: oos.writeObject("userMethod");
312: oos.writeObject(info);
313: oos.close();
314: log.info("post content length: " + baos.toByteArray().length);
315: ByteArrayInputStream bais = new ByteArrayInputStream(baos
316: .toByteArray());
317: formPost.setRequestBody(bais);
318: String host = formPost.getHostConfiguration().getHost();
319: HttpClient httpConn = new HttpClient();
320: HttpState state = httpConn.getState();
321: state.setAuthenticationPreemptive(true);
322: UsernamePasswordCredentials upc = new UsernamePasswordCredentials(
323: "jduke", "theduke");
324: state.setCredentials("JBossTest Servlets", host, upc);
325:
326: int responseCode = httpConn.executeMethod(formPost);
327: assertTrue("POST OK(" + responseCode + ")",
328: responseCode == HttpURLConnection.HTTP_OK);
329: }
330:
331: public static Test suite() throws Exception {
332: return JBossTestCase
333: .getDeploySetup(SubjectContextUnitTestCase.class,
334: "subject-context.ear");
335: }
336:
337: }
|