LoginModuleTest.java example

Explorer
jackrabbit-master
- jackrabbit-trunk
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.jackrabbit.core.security.authentication;

import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;

import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

import org.apache.jackrabbit.core.security.TestPrincipal;
import org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider;
import org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl;
import org.apache.jackrabbit.test.AbstractJCRTest;

/**
 * <code>LoginModuleTest</code> checks if multiple login modules are properly
 * handled. More specifically, this test case sets up a configuration with
 * two login modules:
 * <ul>
 * <li>module 1: required. This module will always authenticate successfully</li>
 * <li>module 2: sufficient. This module will always indicate that it should be ignored.</li>
 * </ul>
 * See also JCR-2671.
 */
public class LoginModuleTest extends AbstractJCRTest {

    private static final String APP_NAME = LoginModuleTest.class.getName();

    public void testMultipleModules() throws Exception {

        CallbackHandler ch = new CallbackHandlerImpl(new SimpleCredentials("user", "pass".toCharArray()), 
                superuser, new ProviderRegistryImpl(new FallbackPrincipalProvider()),
                "admin", "anonymous");
        LoginContext context = new LoginContext(
                APP_NAME, new Subject(), ch, new TestConfiguration());
        context.login();
        assertFalse("no principal set", context.getSubject().getPrincipals().isEmpty());
    }

    static class TestConfiguration extends Configuration {

        @Override
        public void refresh() {
        }

        @Override
        public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
            return new AppConfigurationEntry[] {
                    new TestAppConfigurationEntry(AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, false),
                    new TestAppConfigurationEntry(AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, true)
            };
        }
    }

    static class TestAppConfigurationEntry extends AppConfigurationEntry {

        private static final Map<String, Object> IGNORE = new HashMap<String, Object>();

        private static final Map<String, Object> EMPTY = Collections.emptyMap();

        static {
            IGNORE.put("ignore", "true");
        }

        public TestAppConfigurationEntry(LoginModuleControlFlag controlFlag,
                                         boolean ignore) {
            super(TestLoginModule.class.getName(), controlFlag, ignore ? IGNORE : EMPTY);
        }
    }

    public static class TestLoginModule extends AbstractLoginModule {

        private boolean ignore = false;

        @Override
        protected void doInit(CallbackHandler callbackHandler,
                              Session session,
                              Map options) throws LoginException {
            if (options.containsKey("ignore")) {
                ignore = true;
            }
        }

        @Override
        protected boolean impersonate(Principal principal,
                                      Credentials credentials)
                throws RepositoryException, LoginException {
            return false;
        }

        @Override
        protected Authentication getAuthentication(Principal principal,
                                                   Credentials creds)
                throws RepositoryException {
            if (ignore) {
                return null;
            } else {
                return new Authentication() {
                    public boolean canHandle(Credentials credentials) {
                        return true;
                    }

                    public boolean authenticate(Credentials credentials)
                            throws RepositoryException {
                        return true;
                    }
                };
            }
        }

        @Override
        protected Principal getPrincipal(Credentials credentials) {
            if (ignore) {
                return null;
            } else {
                return new TestPrincipal(((SimpleCredentials) credentials).getUserID());
            }
        }
    }
}