Author: angela
Date: Tue Feb 28 18:26:52 2017
New Revision: 1784790
URL: http://svn.apache.org/viewvc?rev=1784790&view=rev
Log:
OAK-5793 : Improve coverage for security code in oak-core (wip)
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/ThrowingCallbackHandler.java
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModuleTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModuleTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModuleTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModuleTest.java?rev=1784790&r1=1784789&r2=1784790&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModuleTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModuleTest.java
Tue Feb 28 18:26:52 2017
@@ -16,8 +16,10 @@
*/
package org.apache.jackrabbit.oak.spi.security.authentication;
+import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
+import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
@@ -26,33 +28,95 @@ import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.Query;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.api.AuthInfo;
import
org.apache.jackrabbit.oak.spi.security.authentication.callback.CredentialsCallback;
+import
org.apache.jackrabbit.oak.spi.security.authentication.callback.PrincipalProviderCallback;
+import
org.apache.jackrabbit.oak.spi.security.authentication.callback.UserManagerCallback;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.TestPrincipalProvider;
import org.junit.Test;
import static junit.framework.Assert.assertEquals;
import static junit.framework.Assert.assertNull;
import static junit.framework.Assert.assertTrue;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertSame;
/**
* AbstractLoginModuleTest...
*/
public class AbstractLoginModuleTest {
- private AbstractLoginModule initLoginModule(Class supportedCredentials,
Map sharedState) {
+ private static AbstractLoginModule initLoginModule(Class
supportedCredentials, Map sharedState) {
AbstractLoginModule lm = new TestLoginModule(supportedCredentials);
lm.initialize(new Subject(), null, sharedState, null);
return lm;
}
- private AbstractLoginModule initLoginModule(Class supportedCredentials,
CallbackHandler cbh) {
+ private static AbstractLoginModule initLoginModule(Class
supportedCredentials, CallbackHandler cbh) {
AbstractLoginModule lm = new TestLoginModule(supportedCredentials);
lm.initialize(new Subject(), cbh, Collections.<String,
Object>emptyMap(), null);
return lm;
}
@Test
+ public void testLogout() throws LoginException {
+ AbstractLoginModule loginModule =
initLoginModule(TestCredentials.class, ImmutableMap.of());
+
+ assertFalse(loginModule.logout());
+ }
+
+ @Test
+ public void testLogoutSuccess() throws LoginException {
+ Subject subject = new Subject(false, ImmutableSet.<Principal>of(new
PrincipalImpl("pName")), ImmutableSet.of(new TestCredentials()),
ImmutableSet.of());
+
+ AbstractLoginModule loginModule = new
TestLoginModule(TestCredentials.class);
+ loginModule.initialize(subject, null, ImmutableMap.<String,
Object>of(), null);
+
+ assertTrue(loginModule.logout());
+
+ assertTrue(subject.getPublicCredentials().isEmpty());
+ assertTrue(subject.getPrincipals().isEmpty());
+ }
+
+ @Test
+ public void testLogoutSuccess2() throws LoginException {
+ Subject subject = new Subject(true, ImmutableSet.<Principal>of(new
PrincipalImpl("pName")), ImmutableSet.of(new TestCredentials()),
ImmutableSet.of());
+
+ AbstractLoginModule loginModule = new
TestLoginModule(TestCredentials.class);
+ loginModule.initialize(subject, null, ImmutableMap.<String,
Object>of(), null);
+
+ assertTrue(loginModule.logout());
+
+ assertFalse(subject.getPublicCredentials().isEmpty());
+ assertFalse(subject.getPrincipals().isEmpty());
+ }
+
+ @Test
+ public void testAbort() throws LoginException {
+ AbstractLoginModule loginModule =
initLoginModule(TestCredentials.class, ImmutableMap.of());
+
+ assertTrue(loginModule.abort());
+
+ loginModule.login();
+ assertTrue(loginModule.abort());
+ }
+
+ @Test
public void testGetSharedLoginName() {
Map<String, String> sharedState = new HashMap<String, String>();
@@ -112,6 +176,30 @@ public class AbstractLoginModuleTest {
}
@Test
+ public void testGetCredentialsFromSubject() {
+ Subject subject = new Subject();
+
+
+ subject.getPublicCredentials().add(new TestCredentials());
+
+ AbstractLoginModule lm = new TestLoginModule(TestCredentials.class);
+ lm.initialize(subject, null, ImmutableMap.<String, Object>of(), null);
+
+ assertTrue(lm.getCredentials() instanceof TestCredentials);
+ }
+
+ @Test
+ public void testGetCredentialsFromSubjectWrongClass() {
+ Subject subject = new Subject();
+ subject.getPublicCredentials().add(new SimpleCredentials("userid", new
char[0]));
+
+ AbstractLoginModule lm = new TestLoginModule(TestCredentials.class);
+ lm.initialize(subject, null, ImmutableMap.<String, Object>of(), null);
+
+ assertNull(lm.getCredentials());
+ }
+
+ @Test
public void testGetCredentialsFromCallbackHandler() {
CallbackHandler cbh = new CallbackHandler() {
@Override
@@ -131,11 +219,153 @@ public class AbstractLoginModuleTest {
assertNull(lm.getCredentials());
}
+ @Test
+ public void testGetCredentialsIOException() {
+ AbstractLoginModule lm = initLoginModule(TestCredentials.class, new
ThrowingCallbackHandler(true));
+ assertNull(lm.getCredentials());
+ }
+
+ @Test
+ public void testGetCredentialsUnsupportedCallbackException() {
+ AbstractLoginModule lm = initLoginModule(TestCredentials.class, new
ThrowingCallbackHandler(false));
+ assertNull(lm.getCredentials());
+ }
+
+ @Test
+ public void testGetSharedPreAuthLoginEmptySharedState() {
+ AbstractLoginModule loginModule =
initLoginModule(TestCredentials.class, ImmutableMap.of());
+ assertNull(loginModule.getSharedPreAuthLogin());
+ }
+
+ @Test
+ public void testGetSharedPreAuthLogin() {
+ Map<String, PreAuthenticatedLogin> sharedState = new HashMap();
+ AbstractLoginModule loginModule =
initLoginModule(TestCredentials.class, sharedState);
+
+ PreAuthenticatedLogin preAuthenticatedLogin = new
PreAuthenticatedLogin("userId");
+ sharedState.put(AbstractLoginModule.SHARED_KEY_PRE_AUTH_LOGIN,
preAuthenticatedLogin);
+
+ assertSame(preAuthenticatedLogin, loginModule.getSharedPreAuthLogin());
+ }
+
+ @Test
+ public void testGetSharedPreAuthLoginWrongEntry() {
+ Map sharedState = new HashMap();
+ AbstractLoginModule loginModule =
initLoginModule(TestCredentials.class, sharedState);
+
+ sharedState.put(AbstractLoginModule.SHARED_KEY_PRE_AUTH_LOGIN,
"wrongType");
+
+ assertNull(loginModule.getSharedPreAuthLogin());
+ }
+
+ @Test
+ public void testGetUserManagerFromCallback() {
+ AbstractLoginModule loginModule =
initLoginModule(TestCredentials.class, new TestCallbackHandler(new
TestUserManager()));
+
+ assertNotNull(loginModule.getUserManager());
+ }
+
+ @Test
+ public void testGetUserManagerFromIncompleteCallback() {
+ AbstractLoginModule loginModule =
initLoginModule(TestCredentials.class, new TestCallbackHandler());
+
+ assertNull(loginModule.getUserManager());
+ }
+
+ @Test
+ public void testGetUserManagerIOException() {
+ AbstractLoginModule loginModule =
initLoginModule(TestCredentials.class, new ThrowingCallbackHandler(true));
+
+ assertNull(loginModule.getUserManager());
+ }
+
+ @Test
+ public void testGetUserManagerUnsupportedCallbackException() {
+ AbstractLoginModule loginModule =
initLoginModule(TestCredentials.class, new ThrowingCallbackHandler(false));
+
+ assertNull(loginModule.getUserManager());
+ }
+
+ @Test
+ public void testGetPrincipalProviderFromCallback() {
+ AbstractLoginModule loginModule =
initLoginModule(TestCredentials.class, new TestCallbackHandler(new
TestPrincipalProvider()));
+
+ assertNotNull(loginModule.getPrincipalProvider());
+ }
+
+ @Test
+ public void testGetPrincipalProviderFromIncompleteCallback() {
+ AbstractLoginModule loginModule =
initLoginModule(TestCredentials.class, new TestCallbackHandler());
+
+ assertNull(loginModule.getPrincipalProvider());
+ }
+
+ @Test
+ public void testGetPrincipalProviderIOException() {
+ AbstractLoginModule loginModule =
initLoginModule(TestCredentials.class, new ThrowingCallbackHandler(true));
+
+ assertNull(loginModule.getPrincipalProvider());
+ }
+
+ @Test
+ public void testGetPrincipalProviderUnsupportedCallbackException() {
+ AbstractLoginModule loginModule =
initLoginModule(TestCredentials.class, new ThrowingCallbackHandler(false));
+
+ assertNull(loginModule.getPrincipalProvider());
+ }
+
+ @Test
+ public void testGetPrincipals() {
+ PrincipalProvider principalProvider = new TestPrincipalProvider();
+
+ AbstractLoginModule loginModule =
initLoginModule(TestCredentials.class, new
TestCallbackHandler(principalProvider));
+
+ Principal principal =
principalProvider.findPrincipals(PrincipalManager.SEARCH_TYPE_NOT_GROUP).next();
+ String userId = TestPrincipalProvider.getIDFromPrincipal(principal);
+ Set<? extends Principal> principals =
loginModule.getPrincipals(userId);
+
+ assertFalse(principals.isEmpty());
+ assertEquals(principalProvider.getPrincipals(userId), principals);
+ }
+
+
+ @Test
+ public void testGetPrincipalsMissingProvider() {
+ AbstractLoginModule loginModule =
initLoginModule(TestCredentials.class, new TestCallbackHandler());
+
+ Set<? extends Principal> principals =
loginModule.getPrincipals("userId");
+ assertTrue(principals.isEmpty());
+ }
+
+ @Test
+ public void testSetAuthInfo() {
+ Subject subject = new Subject();
+ AuthInfo authInfo = new AuthInfoImpl("userid", null, null);
+
+ AbstractLoginModule.setAuthInfo(authInfo, subject);
+ Set<AuthInfo> fromSubject =
subject.getPublicCredentials(AuthInfo.class);
+ assertEquals(1, fromSubject.size());
+ assertSame(authInfo, fromSubject.iterator().next());
+ }
+
+ @Test
+ public void testSetAuthInfoPreExisting() {
+ Subject subject = new Subject();
+ subject.getPublicCredentials().add(new AuthInfoImpl(null, null, null));
+
+ AuthInfo authInfo = new AuthInfoImpl("userid", null, null);
+
+ AbstractLoginModule.setAuthInfo(authInfo, subject);
+ Set<AuthInfo> fromSubject =
subject.getPublicCredentials(AuthInfo.class);
+ assertEquals(1, fromSubject.size());
+ assertSame(authInfo, fromSubject.iterator().next());
+ }
+
//--------------------------------------------------------------------------
private final class TestCredentials implements Credentials {}
- private final class TestLoginModule extends AbstractLoginModule {
+ private static final class TestLoginModule extends AbstractLoginModule {
private Class supportedCredentialsClass;
@@ -159,4 +389,119 @@ public class AbstractLoginModuleTest {
return true;
}
}
+
+ private final class TestCallbackHandler implements CallbackHandler {
+
+ private UserManager userManager = null;
+ private PrincipalProvider principalProvider = null;
+
+ private TestCallbackHandler() {
+ }
+
+ private TestCallbackHandler(@Nonnull UserManager userManager) {
+ this.userManager = userManager;
+ }
+
+ private TestCallbackHandler(@Nonnull PrincipalProvider
principalProvider) {
+ this.principalProvider = principalProvider;
+ }
+
+ @Override
+ public void handle(Callback[] callbacks) throws
UnsupportedCallbackException {
+ for (Callback cb : callbacks) {
+ if (cb instanceof PrincipalProviderCallback) {
+ ((PrincipalProviderCallback)
cb).setPrincipalProvider(principalProvider);
+ } else if (cb instanceof UserManagerCallback) {
+ ((UserManagerCallback) cb).setUserManager(userManager);
+ } else {
+ throw new UnsupportedCallbackException(cb);
+ }
+ }
+
+ }
+
+ }
+
+ private final class TestUserManager implements UserManager {
+ @Override
+ public Authorizable getAuthorizable(String s) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public <T extends Authorizable> T getAuthorizable(String s, Class<T>
aClass) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Authorizable getAuthorizable(Principal principal) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Authorizable getAuthorizableByPath(String s) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Iterator<Authorizable> findAuthorizables(String s, String s1) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Iterator<Authorizable> findAuthorizables(String s, String s1,
int i) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Iterator<Authorizable> findAuthorizables(Query query) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public User createUser(String s, String s1) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public User createUser(String s, String s1, Principal principal,
String s2) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public User createSystemUser(String s, String s1) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Group createGroup(String s) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Group createGroup(Principal principal) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Group createGroup(Principal principal, String s) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Group createGroup(String s, Principal principal, String s1) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public boolean isAutoSave() {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public void autoSave(boolean b) {
+ throw new UnsupportedOperationException();
+
+ }
+ }
}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModuleTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModuleTest.java?rev=1784790&r1=1784789&r2=1784790&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModuleTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModuleTest.java
Tue Feb 28 18:26:52 2017
@@ -161,21 +161,4 @@ public class GuestLoginModuleTest {
}
}
- private class ThrowingCallbackHandler implements CallbackHandler {
-
- private boolean throwIOException;
-
- private ThrowingCallbackHandler(boolean throwIOException) {
- this.throwIOException = throwIOException;
- }
-
- @Override
- public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
- if (throwIOException) {
- throw new IOException();
- } else {
- throw new UnsupportedCallbackException(new Callback() {});
- }
- }
- }
}
\ No newline at end of file
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/ThrowingCallbackHandler.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/ThrowingCallbackHandler.java?rev=1784790&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/ThrowingCallbackHandler.java
(added)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/ThrowingCallbackHandler.java
Tue Feb 28 18:26:52 2017
@@ -0,0 +1,28 @@
+package org.apache.jackrabbit.oak.spi.security.authentication;
+
+import java.io.IOException;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+/**
+ * Created by angela on 28/02/17.
+ */
+class ThrowingCallbackHandler implements CallbackHandler {
+
+ private boolean throwIOException;
+
+ ThrowingCallbackHandler(boolean throwIOException) {
+ this.throwIOException = throwIOException;
+ }
+
+ @Override
+ public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
+ if (throwIOException) {
+ throw new IOException();
+ } else {
+ throw new UnsupportedCallbackException(new Callback() {
+ });
+ }
+ }
+}
