This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new da1e1c1f28 Add JAAS realm test
da1e1c1f28 is described below
commit da1e1c1f28b1eb7bed23bbea429a6ce02cb5c0f3
Author: remm <r...@apache.org>
AuthorDate: Mon Jun 24 11:44:23 2024 +0200
Add JAAS realm test
Based on a test case I got from Red Hat.
---
test/org/apache/catalina/realm/TestJAASRealm.java | 69 ++++++++++
.../apache/catalina/realm/TesterLoginModule.java | 152 +++++++++++++++++++++
.../apache/catalina/realm/TesterRolePrincipal.java | 39 ++++++
3 files changed, 260 insertions(+)
diff --git a/test/org/apache/catalina/realm/TestJAASRealm.java
b/test/org/apache/catalina/realm/TestJAASRealm.java
new file mode 100644
index 0000000000..eeaa89d589
--- /dev/null
+++ b/test/org/apache/catalina/realm/TestJAASRealm.java
@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.realm;
+
+import java.io.File;
+import java.io.PrintWriter;
+import java.security.Principal;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.catalina.startup.TomcatBaseTest;
+
+public class TestJAASRealm extends TomcatBaseTest {
+
+ private static final String CONFIG =
+ "CustomLogin {\n" +
+ " org.apache.catalina.realm.TesterLoginModule\n" +
+ " sufficient;\n" +
+ "};";
+
+ @Test
+ public void testRealm() throws Exception {
+
+ Tomcat tomcat = getTomcatInstance();
+
+ // Write login config to the temp path
+ File loginConfFile = new File(getTemporaryDirectory(),
"customLoginConfig.conf");
+ try (PrintWriter writer = new PrintWriter(loginConfFile)) {
+ writer.write(CONFIG);
+ }
+
+ JAASRealm jaasRealm = new JAASRealm();
+ jaasRealm.setAppName("CustomLogin");
+ jaasRealm.setCredentialHandler(new MessageDigestCredentialHandler());
+ jaasRealm.setUserClassNames(TesterPrincipal.class.getName());
+ jaasRealm.setRoleClassNames(TesterRolePrincipal.class.getName());
+ jaasRealm.setConfigFile(loginConfFile.getAbsolutePath());
+ Context context = tomcat.addContext("/jaastest", null);
+ context.setRealm(jaasRealm);
+
+ tomcat.start();
+
+ Principal p = jaasRealm.authenticate("foo", "bar");
+ Assert.assertNull(p);
+ p = jaasRealm.authenticate("tomcatuser", "pass");
+ Assert.assertNotNull(p);
+ Assert.assertTrue(p instanceof GenericPrincipal);
+ GenericPrincipal gp = (GenericPrincipal) p;
+ Assert.assertTrue(gp.hasRole("role1"));
+ }
+
+}
diff --git a/test/org/apache/catalina/realm/TesterLoginModule.java
b/test/org/apache/catalina/realm/TesterLoginModule.java
new file mode 100644
index 0000000000..dc767a9529
--- /dev/null
+++ b/test/org/apache/catalina/realm/TesterLoginModule.java
@@ -0,0 +1,152 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.realm;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+/**
+ * Login module that simply matches name and password to perform
authentication. If successful, set principal to name
+ * and credential to "role1".
+ */
+public class TesterLoginModule implements LoginModule {
+
+ /** Callback handler to store between initialization and authentication. */
+ private CallbackHandler handler;
+
+ /** Subject to store. */
+ private Subject subject;
+
+ /** Login name. */
+ private String login;
+
+ /**
+ * This implementation always return <code>false</code>.
+ *
+ * @see javax.security.auth.spi.LoginModule#abort()
+ */
+ @Override
+ public boolean abort() throws LoginException {
+
+ return false;
+ }
+
+ /**
+ * This is where, should the entire authentication process succeeds,
principal would be set.
+ *
+ * @see javax.security.auth.spi.LoginModule#commit()
+ */
+ @Override
+ public boolean commit() throws LoginException {
+
+ try {
+
+ TesterPrincipal user = new TesterPrincipal(login);
+ TesterRolePrincipal role = new TesterRolePrincipal("role1");
+
+ subject.getPrincipals().add(user);
+ subject.getPrincipals().add(role);
+
+ return true;
+
+ } catch (Exception e) {
+
+ throw new LoginException(e.getMessage());
+ }
+ }
+
+ /**
+ * This implementation ignores both state and options.
+ *
+ * @see
javax.security.auth.spi.LoginModule#initialize(javax.security.auth.Subject,
+ * javax.security.auth.callback.CallbackHandler, java.util.Map,
java.util.Map)
+ */
+ @Override
+ public void initialize(Subject aSubject, CallbackHandler aCallbackHandler,
Map<String, ?> aSharedState,
+ Map<String, ?> aOptions) {
+
+ handler = aCallbackHandler;
+ subject = aSubject;
+ }
+
+ /**
+ * This method checks whether the name and the password are the same.
+ *
+ * @see javax.security.auth.spi.LoginModule#login()
+ */
+ @Override
+ public boolean login() throws LoginException {
+
+ Callback[] callbacks = new Callback[2];
+ callbacks[0] = new NameCallback("login");
+ callbacks[1] = new PasswordCallback("password", true);
+
+ try {
+
+ handler.handle(callbacks);
+
+ String name = ((NameCallback) callbacks[0]).getName();
+ String password = String.valueOf(((PasswordCallback)
callbacks[1]).getPassword());
+ if (!(name.equals("tomcatuser") && password.equals("pass"))) {
+ throw new FailedLoginException("Authentication failed");
+ }
+
+ login = name;
+
+ return true;
+
+ } catch (IOException e) {
+ throw new LoginException(e.getMessage());
+ } catch (UnsupportedCallbackException e) {
+ throw new LoginException(e.getMessage());
+ }
+ }
+
+ /**
+ * Clears subject from principal and credentials.
+ *
+ * @see javax.security.auth.spi.LoginModule#logout()
+ */
+ @Override
+ public boolean logout() throws LoginException {
+
+ try {
+
+ TesterPrincipal user = new TesterPrincipal(login);
+ TesterRolePrincipal role = new TesterRolePrincipal("role1");
+
+ subject.getPrincipals().remove(user);
+ subject.getPrincipals().remove(role);
+
+ return true;
+
+ } catch (Exception e) {
+
+ throw new LoginException(e.getMessage());
+ }
+ }
+}
diff --git a/test/org/apache/catalina/realm/TesterRolePrincipal.java
b/test/org/apache/catalina/realm/TesterRolePrincipal.java
new file mode 100644
index 0000000000..c899b3b13d
--- /dev/null
+++ b/test/org/apache/catalina/realm/TesterRolePrincipal.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.realm;
+
+import java.security.Principal;
+
+/**
+ * A custom role principal.
+ */
+public class TesterRolePrincipal implements Principal {
+
+ /**
+ * Principal name.
+ */
+ private final String name;
+
+ public TesterRolePrincipal(String aName) {
+ name = aName;
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
