Author: adc Date: Sat Sep 11 11:03:26 2004 New Revision: 45905 Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SimpleSecurityRealm.java geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSimpleRealmTest.java Log: Add gerneric security realm
http://nagoya.apache.org/jira/browse/GERONIMO-292 Added: geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SimpleSecurityRealm.java ============================================================================== --- (empty file) +++ geronimo/trunk/modules/security/src/java/org/apache/geronimo/security/realm/providers/SimpleSecurityRealm.java Sat Sep 11 11:03:26 2004 @@ -0,0 +1,135 @@ +/** + * + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geronimo.security.realm.providers; + +import javax.security.auth.login.AppConfigurationEntry; +import java.util.HashMap; +import java.util.Set; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.regexp.RE; + +import org.apache.geronimo.gbean.GBeanInfo; +import org.apache.geronimo.gbean.GBeanInfoFactory; +import org.apache.geronimo.security.GeronimoSecurityException; + + +/** + * @version $Revision: $ $Date: $ + */ +public class SimpleSecurityRealm extends AbstractSecurityRealm { + + private static Log log = LogFactory.getLog(SimpleSecurityRealm.class); + + private boolean running = false; + private String loginModuleName; + + + public SimpleSecurityRealm(String realmName) { + super(realmName); + } + + public String getLoginModuleName() { + return loginModuleName; + } + + public void setLoginModuleName(String loginModuleName) { + this.loginModuleName = loginModuleName; + } + + public void doStart() { + refresh(); + running = true; + + log.info("Simple Realm - " + getRealmName() + " - started"); + } + + public void doStop() { + running = false; + + log.info("Simple Realm - " + getRealmName() + " - stopped"); + } + + public void doFail() { + running = false; + + log.info("Simple Realm - " + getRealmName() + " - failed"); + } + + public Set getGroupPrincipals() throws GeronimoSecurityException { + if (!running) { + throw new IllegalStateException("Cannot obtain Groups until the realm is started"); + } + return null; + } + + public Set getGroupPrincipals(RE regexExpression) throws GeronimoSecurityException { + if (!running) { + throw new IllegalStateException("Cannot obtain Groups until the realm is started"); + } + return null; + } + + public Set getUserPrincipals() throws GeronimoSecurityException { + if (!running) { + throw new IllegalStateException("Cannot obtain Users until the realm is started"); + } + return null; + } + + public Set getUserPrincipals(RE regexExpression) throws GeronimoSecurityException { + if (!running) { + throw new IllegalStateException("Cannot obtain Users until the realm is started"); + } + return null; + } + + public void refresh() throws GeronimoSecurityException { + log.info("Simple Realm - " + getRealmName() + " - refresh"); + } + + public javax.security.auth.login.AppConfigurationEntry getAppConfigurationEntry() { + HashMap options = new HashMap(); + + AppConfigurationEntry entry = new AppConfigurationEntry(loginModuleName, + AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, + options); + + return entry; + } + + public boolean isLoginModuleLocal() { + return false; + } + + public static final GBeanInfo GBEAN_INFO; + + static { + GBeanInfoFactory infoFactory = new GBeanInfoFactory(SimpleSecurityRealm.class, AbstractSecurityRealm.GBEAN_INFO); + + infoFactory.addAttribute("loginModuleName", String.class, true); + + infoFactory.addOperation("isLoginModuleLocal"); + + GBEAN_INFO = infoFactory.getBeanInfo(); + } + + public static GBeanInfo getGBeanInfo() { + return GBEAN_INFO; + } +} Added: geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSimpleRealmTest.java ============================================================================== --- (empty file) +++ geronimo/trunk/modules/security/src/test/org/apache/geronimo/security/jaas/LoginSimpleRealmTest.java Sat Sep 11 11:03:26 2004 @@ -0,0 +1,191 @@ +/** + * + * Copyright 2003-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.geronimo.security.jaas; + +import javax.management.ObjectName; +import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; +import javax.security.auth.spi.LoginModule; +import java.io.IOException; +import java.util.Map; +import java.util.Properties; +import java.security.Principal; + +import org.apache.geronimo.gbean.jmx.GBeanMBean; +import org.apache.geronimo.security.AbstractTest; +import org.apache.geronimo.security.ContextManager; +import org.apache.geronimo.security.IdentificationPrincipal; +import org.apache.geronimo.security.RealmPrincipal; +import org.apache.geronimo.system.serverinfo.ServerInfo; + + +/** + * @version $Revision: 1.9 $ $Date: 2004-07-12 02:07:52 -0400 (Mon, 12 Jul 2004) $ + */ +public class LoginSimpleRealmTest extends AbstractTest { + + protected ObjectName serverInfo; + protected ObjectName loginConfiguration; + protected ObjectName simpleRealm; + protected ObjectName simpleCE; + + public void setUp() throws Exception { + super.setUp(); + + GBeanMBean gbean; + + gbean = new GBeanMBean(ServerInfo.GBEAN_INFO); + serverInfo = new ObjectName("geronimo.system:role=ServerInfo"); + gbean.setAttribute("baseDirectory", "."); + kernel.loadGBean(serverInfo, gbean); + kernel.startGBean(serverInfo); + + gbean = new GBeanMBean("org.apache.geronimo.security.jaas.GeronimoLoginConfiguration"); + loginConfiguration = new ObjectName("geronimo.security:type=LoginConfiguration"); + kernel.loadGBean(loginConfiguration, gbean); + + gbean = new GBeanMBean("org.apache.geronimo.security.realm.providers.SimpleSecurityRealm"); + simpleRealm = new ObjectName("geronimo.security:type=SecurityRealm,realm=simple-realm"); + gbean.setAttribute("realmName", "simple-realm"); + gbean.setAttribute("loginModuleName", TestLoginModule.class.getName()); + gbean.setAttribute("maxLoginModuleAge", new Long(24 * 60 * 60 * 1000)); + kernel.loadGBean(simpleRealm, gbean); + + gbean = new GBeanMBean("org.apache.geronimo.security.jaas.ConfigurationEntryRealmLocal"); + simpleCE = new ObjectName("geronimo.security:type=ConfigurationEntry,jaasId=properties"); + gbean.setAttribute("applicationConfigName", "simple"); + gbean.setAttribute("realmName", "simple-realm"); + gbean.setAttribute("controlFlag", LoginModuleControlFlag.REQUIRED); + gbean.setAttribute("options", new Properties()); + kernel.loadGBean(simpleCE, gbean); + + kernel.startGBean(loginConfiguration); + kernel.startGBean(simpleRealm); + kernel.startGBean(simpleCE); + } + + public void tearDown() throws Exception { + kernel.stopGBean(simpleCE); + kernel.stopGBean(simpleRealm); + kernel.stopGBean(loginConfiguration); + kernel.stopGBean(serverInfo); + + kernel.unloadGBean(simpleRealm); + kernel.unloadGBean(simpleCE); + kernel.unloadGBean(loginConfiguration); + kernel.unloadGBean(serverInfo); + + super.tearDown(); + } + + public void testLogin() throws Exception { + + LoginContext context = new LoginContext("simple", new UsernamePasswordCallback("alan", "starcraft")); + + context.login(); + Subject subject = context.getSubject(); + + assertTrue("expected non-null subject", subject != null); + assertTrue("subject should have one remote principal", subject.getPrincipals(IdentificationPrincipal.class).size() == 1); + IdentificationPrincipal remote = (IdentificationPrincipal) subject.getPrincipals(IdentificationPrincipal.class).iterator().next(); + assertTrue("subject should be associated with remote id", ContextManager.getRegisteredSubject(remote.getId()) != null); + assertTrue("subject should have five principals", subject.getPrincipals().size() == 5); + assertTrue("subject should have two realm principal", subject.getPrincipals(RealmPrincipal.class).size() == 2); + RealmPrincipal principal = (RealmPrincipal) subject.getPrincipals(RealmPrincipal.class).iterator().next(); + assertTrue("id of principal should be non-zero", principal.getId() != 0); + + context.logout(); + + assertTrue("id of subject should be null", ContextManager.getSubjectId(subject) == null); + } + + public static class TestLoginModule implements LoginModule { + + private Subject subject; + private CallbackHandler handler; + + public boolean abort() throws LoginException { + return true; + } + + public boolean commit() throws LoginException { + subject.getPrincipals().add(new TestPrincipal("alan")); + subject.getPrincipals().add(new TestGroupPrincipal("it")); + return true; + } + + public boolean login() throws LoginException { + Callback[] callbacks = new Callback[2]; + + callbacks[0] = new NameCallback("User name"); + callbacks[1] = new PasswordCallback("Password", false); + try { + handler.handle(callbacks); + } catch (IOException ioe) { + throw (LoginException) new LoginException().initCause(ioe); + } catch (UnsupportedCallbackException uce) { + throw (LoginException) new LoginException().initCause(uce); + } + String username = ((NameCallback) callbacks[0]).getName(); + assert username != null; + String password = new String(((PasswordCallback) callbacks[1]).getPassword()); + assert password != null; + + return "alan".equals(username) && "starcraft".equals(password); + } + + public boolean logout() throws LoginException { + return true; + } + + public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options) { + this.subject = subject; + this.handler = handler; + } + + public class TestPrincipal implements Principal { + private final String name; + + public TestPrincipal(String name) { + this.name = name; + } + + public String getName() { + return name; + } + } + + public class TestGroupPrincipal implements Principal { + private final String name; + + public TestGroupPrincipal(String name) { + this.name = name; + } + + public String getName() { + return name; + } + } + } +}
