rogerrut 2005/01/28 14:36:21
Modified: components/sso/src/java/org/apache/jetspeed/sso/impl
SSOSiteImpl.java PersistenceBrokerSSOProvider.java
components/sso/src/test/org/apache/jetspeed/sso
TestSSOComponent.java
Log:
SSO Update
--> Added group support. You can create an SSO entry for a group. A user will
be checked against each member of the group for a match
--> Added new API's which makes it easier to call from the UI since at that
point no subject is available.
--> Updated SSO Management portlets so that it handles groups
--> Cleanup of code and removal of unused imports
Revision Changes Path
1.6 +5 -57
jakarta-jetspeed-2/components/sso/src/java/org/apache/jetspeed/sso/impl/SSOSiteImpl.java
Index: SSOSiteImpl.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/sso/src/java/org/apache/jetspeed/sso/impl/SSOSiteImpl.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- SSOSiteImpl.java 4 Dec 2004 22:28:19 -0000 1.5
+++ SSOSiteImpl.java 28 Jan 2005 22:36:21 -0000 1.6
@@ -22,7 +22,6 @@
import org.apache.jetspeed.sso.SSOException;
import org.apache.jetspeed.sso.SSOSite;
-import org.apache.jetspeed.security.om.InternalCredential;
import org.apache.jetspeed.sso.SSOPrincipal;
/**
@@ -43,7 +42,6 @@
private boolean isAllowUserSet;
private boolean isCertificateRequired;
- private Collection credentials = new Vector();
private Collection principals = new Vector();
private Collection remotePrincipals = new Vector();
@@ -60,18 +58,6 @@
*/
/**
- * @return Returns the credentials.
- */
- public Collection getCredentials() {
- return this.credentials;
- }
- /**
- * @param credentials The credentials to set.
- */
- public void setCredentials(Collection credentials) {
- this.credentials.addAll(credentials);
- }
- /**
* @return Returns the isAllowUserSet.
*/
public boolean isAllowUserSet() {
@@ -150,49 +136,12 @@
* Adds the credentail to the credentials collection
*
*/
- public void addCredential(InternalCredential credential) throws
SSOException
- {
- boolean bStatus = false;
-
- try
- {
- bStatus = credentials.add(credential);
- }
- catch(Exception e)
- {
- // Adding credentail to coollection failed -- notify
caller with SSOException
- throw new
SSOException(SSOException.FAILED_ADDING_CREDENTIALS_FOR_SITE + e.getMessage());
- }
-
- if ( bStatus == false)
- throw new
SSOException(SSOException.FAILED_ADDING_CREDENTIALS_FOR_SITE );
- }
- /**
- * removeCredential()
- * removes a credentail from the credentials collection
- *
- */
- public void removeCredential(InternalCredential credential) throws
SSOException
- {
- boolean bStatus = false;
-
- try
- {
- bStatus = credentials.remove(credential);
- }
- catch(Exception e)
- {
- // Adding credentail to coollection failed -- notify
caller with SSOException
- throw new
SSOException(SSOException.FAILED_REMOVING_CREDENTIALS_FOR_SITE +
e.getMessage());
- }
-
- if ( bStatus == false)
- throw new
SSOException(SSOException.FAILED_REMOVING_CREDENTIALS_FOR_SITE );
- }
+
/**
- * Adds the credentail to the credentials collection
+ * addPrincipal
+ * Adds the SSOPrincipal to the principals collection
*
*/
public void addPrincipal(SSOPrincipal principal) throws
SSOException {
@@ -231,9 +180,7 @@
try
{
- // TODO: Removing results in an
OJB exception. Ignore it for the moment but it needs to be fixed soon...
bStatus =
principals.remove(principalObj);
- //bStatus = true;
}
catch(Exception e)
{
@@ -259,4 +206,5 @@
public void setRemotePrincipals(Collection remotePrincipals) {
this.remotePrincipals = remotePrincipals;
}
+
}
1.14 +209 -51
jakarta-jetspeed-2/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java
Index: PersistenceBrokerSSOProvider.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/sso/src/java/org/apache/jetspeed/sso/impl/PersistenceBrokerSSOProvider.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- PersistenceBrokerSSOProvider.java 13 Jan 2005 22:16:59 -0000 1.13
+++ PersistenceBrokerSSOProvider.java 28 Jan 2005 22:36:21 -0000 1.14
@@ -15,11 +15,14 @@
*/
package org.apache.jetspeed.sso.impl;
+import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
+import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
+import java.util.Set;
import java.util.StringTokenizer;
import org.apache.jetspeed.security.UserPrincipal;
@@ -40,9 +43,13 @@
import org.apache.jetspeed.security.SecurityHelper;
import org.apache.jetspeed.security.BasePrincipal;
+import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
+import org.apache.jetspeed.security.impl.UserPrincipalImpl;
import org.apache.jetspeed.security.om.InternalCredential;
+import org.apache.jetspeed.security.om.InternalGroupPrincipal;
import org.apache.jetspeed.security.om.InternalUserPrincipal;
import org.apache.jetspeed.security.om.impl.InternalCredentialImpl;
+import org.apache.jetspeed.security.om.impl.InternalGroupPrincipalImpl;
import org.apache.jetspeed.security.om.impl.InternalUserPrincipalImpl;
import org.apache.jetspeed.security.spi.impl.DefaultPasswordCredentialImpl;
@@ -60,6 +67,10 @@
InitablePersistenceBrokerDaoSupport implements SSOProvider
{
private Hashtable mapSite = new Hashtable();
+
+ private String USER_PATH = "/user/";
+ private String GROUP_PATH = "/group/";
+
/**
* PersitenceBrokerSSOProvider()
* @param repository Location of repository mapping file. Must be
available within the classpath.
@@ -80,6 +91,103 @@
Collection c =
getPersistenceBrokerTemplate().getCollectionByQuery(query);
return c.iterator();
}
+
+ /**
+ * addCredentialsForSite()
+ * @param fullPath
+ * @param remoteUser
+ * @param site
+ * @param pwd
+ * @throws SSOException
+ */
+ public void addCredentialsForSite(String fullPath, String remoteUser,
String site, String pwd) throws SSOException
+ {
+ // Create a Subject for the given path and forward it to the API
addCredentialsForSite()
+ Principal principal = null;
+ String name = null;
+
+ // Group or User
+ if (fullPath.indexOf("/group/") > -1 )
+ {
+ name = fullPath.substring(GROUP_PATH.length());
+ principal = new GroupPrincipalImpl(name);
+ }
+ else
+ {
+ name = fullPath.substring(USER_PATH.length());
+ principal = new UserPrincipalImpl(name);
+ }
+
+ // Create Subject
+ Set principals = new HashSet();
+ principals.add(principal);
+ Subject subject = new Subject(true, principals, new HashSet(), new
HashSet());
+
+ // Call into the API
+ addCredentialsForSite(subject, remoteUser, site, pwd);
+ }
+
+ /**
+ * removeCredentialsForSite()
+ * @param fullPath
+ * @param site
+ * @throws SSOException
+ */
+ public void removeCredentialsForSite(String fullPath, String site)
throws SSOException
+ {
+ // Create a Subject for the given path and forward it to the API
addCredentialsForSite()
+ Principal principal = null;
+ String name = null;
+
+ // Group or User
+ if (fullPath.indexOf("/group/") > -1 )
+ {
+ name = fullPath.substring(GROUP_PATH.length());
+ principal = new GroupPrincipalImpl(name);
+ }
+ else
+ {
+ name = fullPath.substring(USER_PATH.length());
+ principal = new UserPrincipalImpl(name);
+ }
+
+ // Create Subject
+ Set principals = new HashSet();
+ principals.add(principal);
+ Subject subject = new Subject(true, principals, new HashSet(), new
HashSet());
+
+ // Call into the API
+ this.removeCredentialsForSite(subject,site);
+ }
+
+
+ /** Retrive site information
+ *
+ * getSiteURL
+ */
+
+ public String getSiteURL(String site)
+ {
+ // The site is the URL
+ return site;
+ }
+
+ /**
+ * getSiteName
+ */
+ public String getSiteName(String site)
+ {
+ SSOSite ssoSite = getSSOSiteObject(site);
+
+ if ( ssoSite == null)
+ {
+ return ssoSite.getName();
+ }
+ else
+ {
+ return null;
+ }
+ }
/* (non-Javadoc)
* @see
org.apache.jetspeed.sso.SSOProvider#hasSSOCredentials(javax.security.auth.Subject,
java.lang.String)
@@ -97,9 +205,10 @@
BasePrincipal principal =
(BasePrincipal)SecurityHelper.getBestPrincipal(subject, UserPrincipal.class);
String fullPath = principal.getFullPath();
+
// Get remotePrincipals for Site and match them with the Remote
Principal for the Principal attached to site
- Collection principalsForSite = ssoSite.getPrincipals();
- Collection remoteForSite = ssoSite.getRemotePrincipals();
+ Collection remoteForSite =
ssoSite.getRemotePrincipals();
+ Collection principalsForSite = ssoSite.getPrincipals();
// Users
// If any of them don't exist just return
if (principalsForSite == null || remoteForSite== null )
@@ -174,19 +283,25 @@
if (principal == null )
{
- principal = getSSOPrincipa(fullPath);
+ principal = getSSOPrincipal(fullPath);
ssoSite.addPrincipal(principal);
}
else
{
// Check if the entry the user likes to update exists
already
Collection remoteForSite = ssoSite.getRemotePrincipals();
- if ( remoteForSite != null)
+ Collection principalsForSite = ssoSite.getPrincipals();
+
+ if ( remoteForSite != null && principalsForSite != null)
{
- if (findRemoteMatch(principal.getRemotePrincipals(),
remoteForSite) != null )
+ Collection remoteForPrincipals =
this.getRemotePrincipalsForPrincipal(principalsForSite, fullPath);
+ if ( remoteForPrincipals != null)
{
- // Entry exists can't to an add has to call update
- throw new
SSOException(SSOException.REMOTE_PRINCIPAL_EXISTS_CALL_UPDATE);
+ if (findRemoteMatch(remoteForPrincipals,
remoteForSite) != null )
+ {
+ // Entry exists can't to an add has to call
update
+ throw new
SSOException(SSOException.REMOTE_PRINCIPAL_EXISTS_CALL_UPDATE);
+ }
}
}
}
@@ -196,7 +311,16 @@
// Create a remote principal and credentials
InternalUserPrincipalImpl remotePrincipal = new
InternalUserPrincipalImpl(remoteUser);
- remotePrincipal.setFullPath("/sso/user/"+ principalName + "/" +
remoteUser);
+
+ /*
+ * The RemotePrincipal (class InternalUserPrincipal) will have
a fullPath that identifies the entry as an SSO credential.
+ * The entry has to be unique for a site and principal (GROUP
-or- USER ) an therefore it needs to be encoded as following:
+ * The convention for the path is the following:
/sso/SiteID/{user|group}/{user name | group name}/remote user name
+ */
+ if ( fullPath.indexOf("/group/") > -1)
+ remotePrincipal.setFullPath("/sso/" + ssoSite.getSiteId() +
"/group/"+ principalName + "/" + remoteUser);
+ else
+ remotePrincipal.setFullPath("/sso/" + ssoSite.getSiteId() +
"/user/"+ principalName + "/" + remoteUser);
// New credential object for remote principal
InternalCredentialImpl credential =
@@ -271,7 +395,7 @@
// Update assocation tables
ssoSite.getRemotePrincipals().remove(remotePrincipal);
- getRemotePrincipalsForPrincipal(principalsForSite,
fullPath).remove(remotePrincipal);
+ remoteForPrincipals.remove(remotePrincipal);
// delete the remote Principal from the
SECURITY_PRINCIPAL table
getPersistenceBrokerTemplate().delete(remotePrincipal);
@@ -328,8 +452,8 @@
String principalName =
((BasePrincipal)SecurityHelper.getBestPrincipal(subject,
UserPrincipal.class)).getName();
// Get remotePrincipals for Site and match them
with the Remote Principal for the Principal attached to site
- Collection principalsForSite = ssoSite.getPrincipals();
- Collection remoteForSite =
ssoSite.getRemotePrincipals();
+ Collection principalsForSite =
ssoSite.getPrincipals();
+ Collection remoteForSite =
ssoSite.getRemotePrincipals();
// If any of them don't exist just return
if (principalsForSite == null || remoteForSite== null )
@@ -436,7 +560,7 @@
Collection remoteForSite = ssoSite.getRemotePrincipals();
// If any of them don't exist just return
- if (principalsForSite == null || remoteForSite== null )
+ if ( principalsForSite == null || remoteForSite== null )
return null; // no entry
Collection remoteForPrincipals =
getRemotePrincipalsForPrincipal(principalsForSite, fullPath);
@@ -499,8 +623,7 @@
{
SSOPrincipal principal =
(SSOPrincipal)ixPrincipals.next();
if ( principal != null
- &&
principal.getFullPath().compareToIgnoreCase(fullPath) == 0
- && principal.getSiteID() == ssoSite.getSiteId())
+ &&
principal.getFullPath().compareToIgnoreCase(fullPath) == 0 )
{
// Found Principal -- extract remote principals
return principal.getRemotePrincipals();
@@ -518,16 +641,16 @@
private SSOPrincipal getPrincipalForSite(SSOSite ssoSite, String
fullPath)
{
SSOPrincipal principal = null;
+ Collection principalsForSite = ssoSite.getPrincipals();
- if ( ssoSite.getPrincipals() != null)
+ if ( principalsForSite != null)
{
- Iterator itPrincipals =
ssoSite.getPrincipals().iterator();
+ Iterator itPrincipals = principalsForSite.iterator();
while (itPrincipals.hasNext() && principal == null)
{
SSOPrincipal tmp =
(SSOPrincipal)itPrincipals.next();
if ( tmp != null
- &&
tmp.getFullPath().compareToIgnoreCase(fullPath) == 0
- && tmp.getSiteID() ==
ssoSite.getSiteId())
+ &&
tmp.getFullPath().compareToIgnoreCase(fullPath) == 0 )
principal = tmp; // Found
existing entry
}
}
@@ -535,7 +658,7 @@
return principal;
}
- private SSOPrincipal getSSOPrincipa(String fullPath)
+ private SSOPrincipal getSSOPrincipal(String fullPath)
{
// FInd if the principal exists in the SECURITY_PRINCIPAL table
SSOPrincipal principal = null;
@@ -559,27 +682,7 @@
return principal;
}
- /**
- * getCredentialForPrincipal
- * @param site
- * @param principalId
- * @return InternalCredential for the principal ID
- */
- private InternalCredential getCredentialForPrincipal(SSOSite site, long
principalId)
- {
- if ( site.getCredentials() != null)
- {
- Iterator itCredentials =
site.getCredentials().iterator();
- while(itCredentials.hasNext() )
- {
- InternalCredential tmp =
(InternalCredential)itCredentials.next();
- if ( tmp != null && tmp.getPrincipalId() ==
principalId)
- return tmp;
- }
- }
- return null;
- }
/**
* removeRemotePrincipalForPrincipal
@@ -597,8 +700,7 @@
while (itPrincipals.hasNext())
{
SSOPrincipal tmp =
(SSOPrincipal)itPrincipals.next();
- if
(tmp.getFullPath().compareToIgnoreCase(fullPath) == 0
- && tmp.getSiteID() == site.getSiteId())
+ if
(tmp.getFullPath().compareToIgnoreCase(fullPath) == 0)
{
// Found -- get the remotePrincipal
Collection collRemotePrincipals =
tmp.getRemotePrincipals() ;
@@ -647,18 +749,64 @@
return null;
}
+ /*
+ * getRemotePrincipalsForPrincipals
+ * Checks if the user has any remote principals. If the principal is a
group expand the group and
+ * check if the requesting user is a part of the group.
+ */
private Collection getRemotePrincipalsForPrincipal(Collection
principalsForSite, String fullPath)
{
- if (principalsForSite == null )
- return null;
-
- Iterator itPrincipalsForSite = principalsForSite.iterator();
- while (itPrincipalsForSite.hasNext())
+ if (principalsForSite != null )
{
- SSOPrincipal principal =
(SSOPrincipal)itPrincipalsForSite.next();
- if ( principal.getFullPath().compareToIgnoreCase(fullPath) == 0)
- return principal.getRemotePrincipals();
+ Iterator itPrincipalsForSite = principalsForSite.iterator();
+ while (itPrincipalsForSite.hasNext())
+ {
+ String principalFullPath = null;
+ SSOPrincipal principal =
(SSOPrincipal)itPrincipalsForSite.next();
+ principalFullPath = principal.getFullPath();
+
+ /* If the Principal is for a Group expand the Group and
check if the user identified
+ * by the fullPath is a member of the Group. If the user
is a member of the Group
+ * return the remote Credentials for the current
Principal.
+ */
+ if ( principalFullPath.indexOf("/group/") == -1)
+ {
+ // USER
+ if (
principalFullPath.compareToIgnoreCase(fullPath) == 0)
+ return principal.getRemotePrincipals();
+ }
+ else
+ {
+ /* GROUP
+ * If the full path is for a group (delete/add)
just return the the list of remotePrincipals
+ * For a lookup (hasCredentials) the user needs to
be mapped against each member of the group
+ */
+ if (
principalFullPath.compareToIgnoreCase(fullPath) == 0)
+ return principal.getRemotePrincipals();
+
+ /* Expand the Group and find a match */
+ InternalGroupPrincipal groupPrincipal =
getGroupPrincipals(principalFullPath);
+
+ // Found Group that matches the name
+ if (groupPrincipal != null)
+ {
+ Collection usersInGroup =
groupPrincipal.getUserPrincipals();
+ Iterator itUsers = usersInGroup.iterator();
+ while (itUsers.hasNext())
+ {
+ InternalUserPrincipal user =
(InternalUserPrincipal)itUsers.next();
+ if
(user.getFullPath().compareToIgnoreCase(fullPath) == 0)
+ {
+ // User is member of the group
+ return principal.getRemotePrincipals();
+ }
+ }
+ }
+ }
+ }
}
+
+ // No match found
return null;
}
@@ -754,9 +902,9 @@
while (tokenizer.hasMoreTokens())
{
String token = tokenizer.nextToken();
- if (token.equals("user"))
+ if (token.equals("user") || token.equals("group"))
{
- if (tokenizer.hasMoreTokens())
+ if (tokenizer.hasMoreTokens())
{
return tokenizer.nextToken();
}
@@ -765,4 +913,14 @@
return fullPath;
}
+ private InternalGroupPrincipal getGroupPrincipals(String
principalFullPath)
+ {
+ // Get to the backend to return the group that matches the full path
+ Criteria filter = new Criteria();
+ filter.addEqualTo("fullPath", principalFullPath);
+ Query query =
QueryFactory.newQuery(InternalGroupPrincipalImpl.class, filter);
+ InternalGroupPrincipal group = (InternalGroupPrincipal)
getPersistenceBrokerTemplate().getObjectByQuery(query);
+ return group;
+ }
+
}
1.11 +150 -1
jakarta-jetspeed-2/components/sso/src/test/org/apache/jetspeed/sso/TestSSOComponent.java
Index: TestSSOComponent.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/sso/src/test/org/apache/jetspeed/sso/TestSSOComponent.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- TestSSOComponent.java 4 Jan 2005 23:17:45 -0000 1.10
+++ TestSSOComponent.java 28 Jan 2005 22:36:21 -0000 1.11
@@ -15,8 +15,10 @@
package org.apache.jetspeed.sso;
+import org.apache.jetspeed.security.GroupManager;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.UserManager;
+import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
import org.apache.jetspeed.security.impl.UserPrincipalImpl;
import org.apache.jetspeed.sso.SSOProvider;
@@ -57,11 +59,15 @@
static private String REMOTE_PWD_1 = "remote_1";
static private String REMOTE_PWD_2 = "remote_2";
+ static private String TEST_GROUP= "engineers";
+ static private String TEST_GROUP_USER= "jack";
+
/** The property manager. */
private static SSOProvider ssoBroker = null;
/** The user manager. */
protected UserManager ums;
+ protected GroupManager gms; // Group Manager
/**
* @see junit.framework.TestCase#setUp()
@@ -74,6 +80,7 @@
{
ssoBroker = (SSOProvider) ctx.getBean("ssoProvider");
ums = (UserManager)
ctx.getBean("org.apache.jetspeed.security.UserManager");
+ gms = (GroupManager)
ctx.getBean("org.apache.jetspeed.security.GroupManager");
}
catch (Exception ex)
{
@@ -107,8 +114,134 @@
// TODO: FIXME: test fails on HSQL Oracle
}
*/
+ public void testSSOGroup() throws Exception
+ {
+ System.out.println("*************************************\nStart
Unit Test for SSO Group Support\n*************************************");
+
+ // Create a user
+ try
+ {
+ ums.addUser(TEST_GROUP_USER, "password");
+ }
+ catch (SecurityException sex)
+ {
+ //assertTrue("user already exists. exception caught: " + sex,
false);
+ }
+
+ // Create a group
+ try
+ {
+ gms.addGroup(TEST_GROUP);
+ // Add user to Group
+ gms.addUserToGroup(TEST_GROUP_USER,TEST_GROUP);
+
+ System.out.println("Creating Group " + TEST_GROUP + " and adding
User " + TEST_GROUP_USER + " succeeded!.");
+ }
+ catch (SecurityException secex)
+ {
+ System.out.println("Creating Group " + TEST_GROUP + " and adding
User " + TEST_GROUP_USER + " failed. Group might already exist. Continue
test...");
+ //secex.printStackTrace();
+ //throw new Exception(secex.getMessage());
+ }
+
+
+
+ // Initialization of Group
+ Principal principal = new GroupPrincipalImpl(TEST_GROUP);
+ Set principals = new HashSet();
+ principals.add(principal);
+ Subject subject = new Subject(true, principals, new HashSet(), new
HashSet());
+
+ // Add SSO Credentail for Group
+ if ( ssoBroker.hasSSOCredentials(subject, TEST_URL) == false)
+ {
+ try
+ {
+ ssoBroker.addCredentialsForSite(subject,
REMOTE_USER, TEST_URL,REMOTE_PWD_1);
+ System.out.println("SSO Credential added for
Group:" + TEST_GROUP+ " site: " + TEST_URL);
+ }
+ catch(SSOException ssoex)
+ {
+ System.out.println("SSO Credential add FAILED for
Group:" + TEST_GROUP+ " site: " + TEST_URL);
+ ssoex.printStackTrace();
+ throw new Exception(ssoex.getMessage());
+ }
+ }
+ else
+ {
+ System.out.println("Group:" + TEST_GROUP+ " site: " + TEST_URL +
" has already a remote credential");
+ }
+
+ // Create Principal for User
+ principal = new UserPrincipalImpl(TEST_GROUP_USER);
+ principals = new HashSet();
+ principals.add(principal);
+ subject = new Subject(true, principals, new HashSet(), new
HashSet());
+
+ // User should have credential for site
+ if ( ssoBroker.hasSSOCredentials(subject, TEST_URL) == false)
+ {
+ // Group expansion failed. User not recognized
+ System.out.println("No SSO Credential for user:" +
TEST_GROUP_USER+ " site: " + TEST_URL);
+
+ // Test failure
+ try
+ {
+ ums.removeUser(TEST_GROUP_USER);
+ gms.removeGroup(TEST_GROUP);
+ }
+ catch (SecurityException sex)
+ {
+ assertTrue("could not remove user and group. exception
caught: " + sex, false);
+ }
+
+ throw new Exception("SSO Unit test for Group support failed");
+ }
+ else
+ {
+ // Group lookup succesful
+ System.out.println("SSO Test for Group support successful\nSSO
Credential for user:" + TEST_GROUP_USER + " site: " + TEST_URL + " found. User
is member of Group " + TEST_GROUP);
+ }
+
+ // Cleanup test.
+
+ /*
+ * For hypersonic the cascading deletes are not generated by Torque and
the remove credentials
+ * fails with a constraint error.
+ * Comment test out for M1 release but the problem needs to be
addressed for the upcoming releases
+ */
+ /*
+ try
+ {
+ // Remove credential for Site
+ ssoBroker.removeCredentialsForSite("/group/"+TEST_GROUP,
TEST_URL);
+ System.out.println("SSO Credential removed for Group:" +
TEST_GROUP+ " site: " + TEST_URL);
+ }
+ catch(SSOException ssoex)
+ {
+ System.out.println("SSO Credential remove FAILED for Group:" +
TEST_GROUP+ " site: " + TEST_URL);
+ throw new Exception(ssoex.getMessage());
+ }
+ */
+
+ try
+ {
+ ums.removeUser(TEST_GROUP_USER);
+ gms.removeGroup(TEST_GROUP);
+ }
+ catch (SecurityException sex)
+ {
+ assertTrue("could not remove user and group. exception caught: "
+ sex, false);
+ }
+
+
+
+ }
+
public void testSSO() throws Exception
{
+ System.out.println("***************************\nStart Unit Test for
SSO API\n***************************");
+
// Create a user
try
{
@@ -164,12 +297,28 @@
ssoex.printStackTrace();
throw new Exception(ssoex.getMessage());
}
- }
+ }
else
{
System.out.println("SSO Credential found for user:" +
TEST_USER+ " site: " + TEST_URL2);
}
+ // Add the credentail again -- should get an error
+ try
+ {
+ ssoBroker.addCredentialsForSite(subject, REMOTE_USER2,
TEST_URL2,REMOTE_PWD_1);
+ throw new Exception("Added same credentail twice -- API
should prevent users from doing that.");
+
+ }
+ catch(SSOException ssoex)
+ {
+ System.out.println("Adding same SSO Credentialtwice failed (as
expected) Message :" + ssoex.getMessage());
+ }
+ catch( Exception e)
+ {
+ throw new Exception("Adding SSO Credential twice throw an
unandled exception. Error: " + e.getMessage());
+ }
+
// Test if the credential where persisted
// Test credential update
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
