1 17 18 package org.apache.geronimo.security.jaas; 19 20 import org.apache.geronimo.gbean.AbstractName; 21 import org.apache.geronimo.gbean.GBeanData; 22 import org.apache.geronimo.security.AbstractTest; 23 import org.apache.geronimo.security.ContextManager; 24 import org.apache.geronimo.security.IdentificationPrincipal; 25 import org.apache.geronimo.security.RealmPrincipal; 26 import org.apache.geronimo.security.realm.GenericSecurityRealm; 27 28 import javax.security.auth.Subject ; 29 import javax.security.auth.kerberos.KerberosPrincipal ; 30 import javax.security.auth.login.LoginContext ; 31 import javax.security.auth.login.LoginException ; 32 import java.util.Properties ; 33 34 35 38 public class LoginKerberosTest extends AbstractTest { 39 40 protected AbstractName kerberosRealm; 41 protected AbstractName kerberosLM; 42 43 public void setUp() throws Exception { 44 super.setUp(); 45 46 GBeanData gbean = buildGBeanData("name", "KerberosLoginModule", LoginModuleGBean.getGBeanInfo()); 47 kerberosLM = gbean.getAbstractName(); 48 gbean.setAttribute("loginModuleClass", "com.sun.security.auth.module.Krb5LoginModule"); 49 gbean.setAttribute("serverSide", Boolean.TRUE); Properties props = new Properties (); 51 props.put("debug", "true"); 52 props.put("useTicketCache", "true"); 53 props.put("doNotPrompt", "true"); 54 gbean.setAttribute("options", props); 55 kernel.loadGBean(gbean, LoginModuleGBean.class.getClassLoader()); 56 57 gbean = buildGBeanData("name", "KerberosLoginModuleUse", JaasLoginModuleUse.getGBeanInfo()); 58 AbstractName testUseName = gbean.getAbstractName(); 59 gbean.setAttribute("controlFlag", "REQUIRED"); 60 gbean.setReferencePattern("LoginModule", kerberosLM); 61 kernel.loadGBean(gbean, JaasLoginModuleUse.class.getClassLoader()); 62 63 gbean = buildGBeanData("name", "KerberosSecurityRealm", GenericSecurityRealm.getGBeanInfo()); 64 kerberosRealm = gbean.getAbstractName(); 65 gbean.setAttribute("realmName", "TOOLAZYDOGS.COM"); 66 gbean.setReferencePattern("LoginModuleConfiguration", testUseName); 67 kernel.loadGBean(gbean, GenericSecurityRealm.class.getClassLoader()); 68 kernel.startGBean(kerberosLM); 69 kernel.startGBean(testUseName); 70 kernel.startGBean(kerberosRealm); 71 } 72 73 public void tearDown() throws Exception { 74 kernel.stopGBean(kerberosRealm); 75 kernel.unloadGBean(kerberosRealm); 76 kernel.stopGBean(kerberosLM); 77 kernel.unloadGBean(kerberosLM); 78 79 super.tearDown(); 80 } 81 82 public void testLogin() throws Exception { 83 try { 84 LoginContext context = new LoginContext ("kerberos-local"); 85 86 context.login(); 87 Subject subject = context.getSubject(); 88 89 assertTrue("expected non-null client-side subject", subject != null); 90 subject = ContextManager.getServerSideSubject(subject); 91 92 assertTrue("expected non-null server-side subject", subject != null); 93 assertTrue("id of server-side subject should be non-null", ContextManager.getSubjectId(subject) != null); 94 assertEquals("server-side subject should have three principals", 3, subject.getPrincipals().size()); 95 assertEquals("server-side subject should have one realm principal", 1, subject.getPrincipals(RealmPrincipal.class).size()); 96 assertEquals("server-side subject should have one identification principal", 1, subject.getPrincipals(IdentificationPrincipal.class).size()); 97 assertEquals("server-side subject should have one kerberos principal", 1, subject.getPrincipals(KerberosPrincipal .class).size()); 98 RealmPrincipal principal = (RealmPrincipal) subject.getPrincipals(RealmPrincipal.class).iterator().next(); 99 100 context.logout(); 101 102 assertTrue("id of subject should be null", ContextManager.getSubjectId(subject) == null); 103 } catch (LoginException e) { 104 e.printStackTrace(); 105 } 107 } 108 } 109 | Popular Tags |