HotRodKrbAuthIT.java

package org.infinispan.server.test.client.hotrod.security;

import java.security.PrivilegedActionException;

import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

import org.infinispan.arquillian.core.InfinispanResource;
import org.infinispan.arquillian.core.RemoteInfinispanServer;
import org.infinispan.arquillian.core.RunningServer;
import org.infinispan.arquillian.core.WithRunningServer;
import org.infinispan.server.test.category.Security;
import org.infinispan.server.test.util.security.SimpleLoginHandler;
import org.infinispan.test.integration.security.utils.ApacheDsKrbLdap;
import org.jboss.arquillian.junit.Arquillian;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;

@RunWith(Arquillian.class)
@Category({ Security.class })
@WithRunningServer({ @RunningServer(name = "hotrodAuthKrb") })
public class HotRodKrbAuthIT extends HotRodSaslAuthTestBase {

   private static final String KRB_REALM = "INFINISPAN.ORG";

   private static ApacheDsKrbLdap krbLdapServer;

   @InfinispanResource("hotrodAuthKrb")
   RemoteInfinispanServer server;

   @BeforeClass
   public static void kerberosSetup() throws Exception {
      krbLdapServer = new ApacheDsKrbLdap("localhost");
      krbLdapServer.start();
   }

   @AfterClass
   public static void ldapTearDown() throws Exception {
      krbLdapServer.stop();
   }

   @Override
   public RemoteInfinispanServer getRemoteServer() {
      return server;
   }

   protected Subject getSubject(String login, String password) throws LoginException {
      boolean isIBMJDK = System.getProperty("java.vendor").contains("IBM");
      String krbLogin = isIBMJDK ? "/ibm_jaas_krb_login.conf" : "/jaas_krb_login.conf";
      System.setProperty("java.security.auth.login.config", HotRodKrbAuthIT.class.getResource(krbLogin)
            .getPath());
      System.setProperty("java.security.krb5.conf", HotRodKrbAuthIT.class.getResource("/krb5.conf").getPath());
      LoginContext lc = new LoginContext("HotRodKrbClient", new SimpleLoginHandler(login + "@" + KRB_REALM, password));
      if (isIBMJDK) {
         // workaround for IBM JDK: the first negotiation always fails, so let's do a dummy login/logout round.
         lc.login();
         lc.logout();
         lc = new LoginContext("HotRodKrbClient", new SimpleLoginHandler(login + "@" + KRB_REALM, password));
      }
      lc.login();
      return lc.getSubject();
   }

   @Override
   public String getTestedMech() {
      return "GSSAPI";
   }

   @Override
   public void initAsAdmin() throws PrivilegedActionException, LoginException {
      initialize(getSubject(ADMIN_LOGIN, ADMIN_PASSWD));
   }

   @Override
   public void initAsReader() throws PrivilegedActionException, LoginException {
      initialize(getSubject(READER_LOGIN, READER_PASSWD));
   }

   @Override
   public void initAsWriter() throws PrivilegedActionException, LoginException {
      initialize(getSubject(WRITER_LOGIN, WRITER_PASSWD));
   }

   @Override
   public void initAsSupervisor() throws PrivilegedActionException, LoginException {
      initialize(getSubject(SUPERVISOR_LOGIN, SUPERVISOR_PASSWD));
   }

}