KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > test > aop > bean > SecurityTester


1 /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10   * the License, or (at your option) any later version.
11   *
12   * This software is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15   * Lesser General Public License for more details.
16   *
17   * You should have received a copy of the GNU Lesser General Public
18   * License along with this software; if not, write to the Free
19   * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20   * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21   */
22 package org.jboss.test.aop.bean;
23
24 import org.jboss.logging.Logger;
25 import org.jboss.security.SecurityAssociation;
26 import org.jboss.security.SimplePrincipal;
27 import org.jboss.system.ServiceMBeanSupport;
28
29 import javax.management.MBeanRegistration JavaDoc;
30 import javax.management.MBeanServer JavaDoc;
31 import javax.management.ObjectName JavaDoc;
32 /**
33  *
34  * @see Monitorable
35  * @author <a HREF="mailto:bill@jboss.org">Bill Burke</a>
36  * @version $Revision: 40569 $
37  */
38 public class SecurityTester
39    extends ServiceMBeanSupport
40    implements SecurityTesterMBean, MBeanRegistration JavaDoc
41 {
42    // Constants ----------------------------------------------------
43 // Attributes ---------------------------------------------------
44 static Logger log = Logger.getLogger(SecurityTester.class);
45    MBeanServer JavaDoc m_mbeanServer;
46
47    // Static -------------------------------------------------------
48
49    // Constructors -------------------------------------------------
50 public SecurityTester()
51    {}
52    
53    // Public -------------------------------------------------------
54
55    // MBeanRegistration implementation -----------------------------------
56 public ObjectName JavaDoc preRegister(MBeanServer JavaDoc server, ObjectName JavaDoc name)
57    throws Exception JavaDoc
58    {
59       m_mbeanServer = server;
60       return name;
61    }
62    
63    public void postRegister(Boolean JavaDoc registrationDone)
64    {}
65    public void preDeregister() throws Exception JavaDoc
66    {}
67    public void postDeregister()
68    {}
69
70    protected void startService()
71       throws Exception JavaDoc
72    {
73    }
74
75    protected void stopService() {
76    }
77
78
79    public void testXml()
80    {
81       try{
82          log.info("TESTING XML Security");
83
84          char[] password = "password".toCharArray();
85          SecurityAssociation.pushSubjectContext(null, new SimplePrincipal("somebody"), password);
86
87          log.info("testing unchecked constructor");
88          SecuredPOJO pojo = new SecuredPOJO(); // unchecked construction
89 log.info("testing unchecked method");
90          pojo.unchecked();
91          log.info("testing unchecked field");
92          pojo.uncheckedField = 5;
93
94          SecurityAssociation.popSubjectContext();
95          SecurityAssociation.pushSubjectContext(null, new SimplePrincipal("authfail"), password);
96          
97          boolean securityFailure = true;
98          try
99          {
100             log.info("testing auth failure method");
101             pojo.someMethod();
102          }
103          catch (SecurityException JavaDoc ignored)
104          {
105             log.info(ignored.getMessage());
106             securityFailure = false;
107          }
108
109          if (securityFailure) throw new RuntimeException JavaDoc("auth failure was not caught for method");
110
111          securityFailure = true;
112          try
113          {
114             log.info("testing auth failure field");
115             pojo.someField = 5;
116          }
117          catch (SecurityException JavaDoc ignored)
118          {
119             log.info(ignored.getMessage());
120             securityFailure = false;
121          }
122
123          if (securityFailure) throw new RuntimeException JavaDoc("auth failure was not caught for field");
124          securityFailure = true;
125          try
126          {
127             log.info("testing auth failure constructor");
128             pojo = new SecuredPOJO(4);
129          }
130          catch (SecurityException JavaDoc ignored)
131          {
132             log.info(ignored.getMessage());
133             securityFailure = false;
134          }
135
136          if (securityFailure) throw new RuntimeException JavaDoc("auth failure was not caught for constructor");
137
138          securityFailure = true;
139          SecurityAssociation.popSubjectContext();
140          SecurityAssociation.pushSubjectContext(null, new SimplePrincipal("rolefail"), password);
141          try
142          {
143             log.info("testing role failure method");
144             pojo.someMethod();
145          }
146          catch (SecurityException JavaDoc ignored)
147          {
148             log.info(ignored.getMessage());
149             securityFailure = false;
150          }
151          if (securityFailure) throw new RuntimeException JavaDoc("role failure was not caught for method");
152
153          securityFailure = true;
154          try
155          {
156             log.info("testing role failure field");
157             pojo.someField = 5;
158          }
159          catch (SecurityException JavaDoc ignored)
160          {
161             log.info(ignored.getMessage());
162             securityFailure = false;
163          }
164          if (securityFailure) throw new RuntimeException JavaDoc("role failure was not caught field");
165
166          securityFailure = true;
167          try
168          {
169             log.info("testing role failure constructor");
170             pojo = new SecuredPOJO(4);
171          }
172          catch (SecurityException JavaDoc ignored)
173          {
174             log.info(ignored.getMessage());
175             securityFailure = false;
176          }
177
178          if (securityFailure) throw new RuntimeException JavaDoc("role failure was not caught for constructor");
179
180          SecurityAssociation.popSubjectContext();
181          SecurityAssociation.pushSubjectContext(null, new SimplePrincipal("pass"), password);
182          log.info("test pass");
183          pojo.someMethod();
184          pojo.someField = 5;
185          pojo = new SecuredPOJO(5);
186          
187          log.info("test exclusion");
188          securityFailure = true;
189          try
190          {
191             pojo.excluded();
192          }
193          catch (SecurityException JavaDoc ignored)
194          {
195             log.info(ignored.getMessage());
196             securityFailure = false;
197          }
198          if (securityFailure) throw new RuntimeException JavaDoc("excluded failure was not caught for method");
199
200          securityFailure = true;
201          try
202          {
203             pojo.excludedField = "hello";
204          }
205          catch (SecurityException JavaDoc ignored)
206          {
207             log.info(ignored.getMessage());
208             securityFailure = false;
209          }
210          if (securityFailure) throw new RuntimeException JavaDoc("excluded failure was not caught for field");
211
212          securityFailure = true;
213          try
214          {
215             pojo = new SecuredPOJO("hello");
216          }
217          catch (SecurityException JavaDoc ignored)
218          {
219             log.info(ignored.getMessage());
220             securityFailure = false;
221          }
222          if (securityFailure) throw new RuntimeException JavaDoc("excluded failure was not caught for constructor");
223       }
224       catch (Throwable JavaDoc ex)
225       {
226          log.error("failed", ex);
227          throw new RuntimeException JavaDoc(ex.getMessage());
228       }
229    }
230
231    public void testAnnotated()
232    {
233       try{
234          log.info("TESTING Annotated Security");
235
236          char[] password = "password".toCharArray();
237          SecurityAssociation.pushSubjectContext(null, new SimplePrincipal("somebody"), password);
238
239          log.info("testing unchecked constructor");
240          AnnotatedSecuredPOJO pojo = new AnnotatedSecuredPOJO(); // unchecked construction
241 log.info("testing unchecked method");
242          pojo.unchecked();
243          log.info("testing unchecked field");
244          pojo.uncheckedField = 5;
245
246          SecurityAssociation.popSubjectContext();
247          SecurityAssociation.pushSubjectContext(null, new SimplePrincipal("authfail"), password);
248
249          boolean securityFailure = true;
250          try
251          {
252             log.info("testing auth failure method");
253             pojo.someMethod();
254          }
255          catch (SecurityException JavaDoc ignored)
256          {
257             log.info(ignored.getMessage());
258             securityFailure = false;
259          }
260
261          if (securityFailure) throw new RuntimeException JavaDoc("auth failure was not caught for method");
262
263          securityFailure = true;
264          try
265          {
266             log.info("testing auth failure field");
267             pojo.someField = 5;
268          }
269          catch (SecurityException JavaDoc ignored)
270          {
271             log.info(ignored.getMessage());
272             securityFailure = false;
273          }
274
275          if (securityFailure) throw new RuntimeException JavaDoc("auth failure was not caught for field");
276          securityFailure = true;
277          try
278          {
279             log.info("testing auth failure constructor");
280             pojo = new AnnotatedSecuredPOJO(4);
281          }
282          catch (SecurityException JavaDoc ignored)
283          {
284             log.info(ignored.getMessage());
285             securityFailure = false;
286          }
287
288          if (securityFailure) throw new RuntimeException JavaDoc("auth failure was not caught for constructor");
289
290          securityFailure = true;
291          SecurityAssociation.popSubjectContext();
292          SecurityAssociation.pushSubjectContext(null, new SimplePrincipal("rolefail"), password);
293          try
294          {
295             log.info("testing role failure method");
296             pojo.someMethod();
297          }
298          catch (SecurityException JavaDoc ignored)
299          {
300             log.info(ignored.getMessage());
301             securityFailure = false;
302          }
303          if (securityFailure) throw new RuntimeException JavaDoc("role failure was not caught for method");
304
305          securityFailure = true;
306          try
307          {
308             log.info("testing role failure field");
309             pojo.someField = 5;
310          }
311          catch (SecurityException JavaDoc ignored)
312          {
313             log.info(ignored.getMessage());
314             securityFailure = false;
315          }
316          if (securityFailure) throw new RuntimeException JavaDoc("role failure was not caught field");
317
318          securityFailure = true;
319          try
320          {
321             log.info("testing role failure constructor");
322             pojo = new AnnotatedSecuredPOJO(4);
323          }
324          catch (SecurityException JavaDoc ignored)
325          {
326             log.info(ignored.getMessage());
327             securityFailure = false;
328          }
329
330          if (securityFailure) throw new RuntimeException JavaDoc("role failure was not caught for constructor");
331
332          SecurityAssociation.popSubjectContext();
333          SecurityAssociation.pushSubjectContext(null, new SimplePrincipal("pass"), password);
334          
335          log.info("test pass");
336          pojo.someMethod();
337          pojo.someField = 5;
338          pojo = new AnnotatedSecuredPOJO(5);
339
340          log.info("test exclusion");
341          securityFailure = true;
342          try
343          {
344             pojo.excluded();
345          }
346          catch (SecurityException JavaDoc ignored)
347          {
348             log.info(ignored.getMessage());
349             securityFailure = false;
350          }
351          if (securityFailure) throw new RuntimeException JavaDoc("excluded failure was not caught for method");
352
353          securityFailure = true;
354          try
355          {
356             pojo.excludedField = "hello";
357          }
358          catch (SecurityException JavaDoc ignored)
359          {
360             log.info(ignored.getMessage());
361             securityFailure = false;
362          }
363          if (securityFailure) throw new RuntimeException JavaDoc("excluded failure was not caught for field");
364
365          securityFailure = true;
366          try
367          {
368             pojo = new AnnotatedSecuredPOJO("hello");
369          }
370          catch (SecurityException JavaDoc ignored)
371          {
372             log.info(ignored.getMessage());
373             securityFailure = false;
374          }
375          if (securityFailure) throw new RuntimeException JavaDoc("excluded failure was not caught for constructor");
376       }
377       catch (Throwable JavaDoc ex)
378       {
379          log.error("failed", ex);
380          throw new RuntimeException JavaDoc(ex.getMessage());
381       }
382    }
383 }
384
385
Popular Tags