/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.felix.jaas.integration;
import java.util.Arrays;
import java.util.Collections;
import java.util.Dictionary;
import java.util.Hashtable;
import java.util.List;
import java.util.Properties;
import javax.inject.Inject;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.felix.jaas.LoginContextFactory;
import org.apache.felix.jaas.integration.common.SimpleCallbackHandler;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TestName;
import org.junit.runner.RunWith;
import org.ops4j.pax.exam.Option;
import org.ops4j.pax.exam.junit.PaxExam;
import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy;
import org.ops4j.pax.exam.spi.reactors.PerClass;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.fail;
import static org.ops4j.pax.exam.CoreOptions.composite;
import static org.ops4j.pax.exam.CoreOptions.streamBundle;
@RunWith(PaxExam.class)
@ExamReactorStrategy(PerClass.class)
public class ITJaasWithConfigBasedLoginModule extends JaasTestBase
{
@Inject
private LoginContextFactory loginContextFactory;
@Rule
public TestName name= new TestName();
static
{
// uncomment to enable debugging of this test class
// paxRunnerVmOption = DEBUG_VM_OPTION;
}
@Override
protected Option addExtraOptions()
{
return composite(streamBundle(createConfigBasedBundle()));
}
@Test
public void testJaasWithTCCL() throws Exception {
String realmName = name.getMethodName();
createLoginModuleConfig(realmName);
delay();
CallbackHandler handler = new SimpleCallbackHandler("foo","foo");
Configuration config = Configuration.getInstance("JavaLoginConfig",null,"FelixJaasProvider");
Subject s = new Subject();
final ClassLoader cl = Thread.currentThread().getContextClassLoader();
try
{
Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
LoginContext lc = new LoginContext(realmName,s,handler,config);
lc.login();
}
finally
{
Thread.currentThread().setContextClassLoader(cl);
}
assertFalse(s.getPrincipals().isEmpty());
}
@Test
public void testJaasWithFactory() throws Exception
{
String realmName = name.getMethodName();
createLoginModuleConfig(realmName);
delay();
CallbackHandler handler = new SimpleCallbackHandler("foo", "foo");
Subject s = new Subject();
//Using LoginFactory we can avoid providing Configuration and switching TCCL
LoginContext lc = loginContextFactory.createLoginContext(realmName, s, handler);
lc.login();
assertFalse(s.getPrincipals().isEmpty());
//Negative case. Login fails with incorrect password
try
{
LoginContext lc2 = loginContextFactory.createLoginContext(realmName, s,
new SimpleCallbackHandler("foo", "bar"));
lc2.login();
fail("Login should have failed");
}catch(LoginException e){
}
}
/**
* Validates that OSGi config do gets passed as part of options to the LoginModule
*/
@Test
public void testJaasConfigPassing() throws Exception {
String realmName = name.getMethodName();
//1. Create sample config
org.osgi.service.cm.Configuration config =
ca.createFactoryConfiguration("org.apache.felix.jaas.Configuration.factory",null);
Dictionary<String,Object> p = new Hashtable<String, Object>();
p.put("jaas.classname","org.apache.felix.jaas.integration.sample1.ConfigLoginModule");
p.put("jaas.realmName", realmName);
//Following passed config gets validated in
//org.apache.felix.jaas.integration.sample1.ConfigLoginModule.validateConfig()
p.put("validateConfig", Boolean.TRUE);
p.put("key0", "val0");
p.put("key1", "val1");
p.put("key2", "val2");
//Override the value directly passed in config via options value explicitly
p.put("jaas.options", new String[]{"key3=val3", "key4=val4", "key0=valNew"});
config.update(p);
delay();
//2. Validate the login passes with this config. LoginModule would validate
//the config also
CallbackHandler handler = new SimpleCallbackHandler("foo","foo");
Configuration jaasConfig = Configuration.getInstance("JavaLoginConfig",null,"FelixJaasProvider");
Subject s = new Subject();
final ClassLoader cl = Thread.currentThread().getContextClassLoader();
try
{
Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
LoginContext lc = new LoginContext(realmName,s,handler,jaasConfig);
lc.login();
}
finally
{
Thread.currentThread().setContextClassLoader(cl);
}
assertFalse(s.getPrincipals().isEmpty());
}
@Test
public void testJaasConfigOrderedViaRanking() throws Exception {
String realmName = name.getMethodName();
List<Integer> ranks = Arrays.asList(1,2,3,4,5,6);
Collections.shuffle(ranks);
//1. Create LoginModule config with random rankings
for(Integer i : ranks)
{
org.osgi.service.cm.Configuration config =
ca.createFactoryConfiguration("org.apache.felix.jaas.Configuration.factory",null);
Dictionary<String,Object> p = new Hashtable<String, Object>();
p.put("jaas.classname","org.apache.felix.jaas.integration.sample1.ConfigLoginModule");
p.put("jaas.realmName", realmName);
p.put("jaas.ranking", i);
p.put("order", i);
config.update(p);
}
delay();
Configuration jaasConfig = Configuration.getInstance("JavaLoginConfig",null,"FelixJaasProvider");
AppConfigurationEntry[] entries = jaasConfig.getAppConfigurationEntry(realmName);
assertEquals("No of entries does not match the no of created",ranks.size(),entries.length);
//Entries would be sorted via ranking. Higher ranking comes first
int ranking = 6;
for(AppConfigurationEntry e : entries){
Integer order = (Integer) e.getOptions().get("order");
assertEquals(ranking--,order.intValue());
}
}
@Test
public void testJaasConfigWithEmptyRealm() throws Exception {
String realmName = name.getMethodName();
//Scenario 1 - Create a config with no realm name set. So its default name would
//be set to the defaultRealmName setting of ConfigurationSpi. Which defaults to 'other'
org.osgi.service.cm.Configuration config =
ca.createFactoryConfiguration("org.apache.felix.jaas.Configuration.factory",null);
Dictionary<String,Object> dict = new Hashtable<String, Object>();
dict.put("jaas.classname", "org.apache.felix.jaas.integration.sample1.ConfigLoginModule");
config.update(dict);
delay();
CallbackHandler handler = new SimpleCallbackHandler("foo","foo");
Subject s = new Subject();
LoginContext lc = loginContextFactory.createLoginContext(realmName, s, handler);
lc.login();
assertFalse(s.getPrincipals().isEmpty());
//Scenario 2 - Now we change the default realm name to 'default' and we do not have any login module which
//is bound to 'other' as they get part of 'default'. In this case login should fail
org.osgi.service.cm.Configuration config2 = ca.getConfiguration("org.apache.felix.jaas.ConfigurationSpi",null);
Properties p2 = new Properties();
p2.setProperty("jaas.defaultRealmName","default");
config2.update(p2);
delay();
try{
Subject s2 = new Subject();
LoginContext lc2 = loginContextFactory.createLoginContext(realmName, s2, handler);
lc2.login();
fail("Should have failed as no LoginModule bound with 'other'");
}catch(LoginException e){
}
}
}