djencks 2004/01/11 00:27:03
Added: modules/core/src/java/org/apache/geronimo/security/bridge AbstractPrincipalMappingUserPasswordRealmBridge.java AbstractRealmBridge.java CallerIdentityUserPasswordRealmBridge.java ConfiguredIdentityUserPasswordRealmBridge.java PropertiesFilePrincipalMappingUserPasswordRealmBridge.java RealmBridge.java modules/core/src/java/org/apache/geronimo/security/providers GeronimoPasswordCredential.java GeronimoPasswordCredentialLoginModule.java modules/core/src/test/org/apache/geronimo/security/bridge AbstractUserPasswordBridgeTest.java CallerIdentityUserPasswordBridgeTest.java ConfiguredIdentityUserPasswordBridgeTest.java MappingUserPasswordBridgeTest.java TestLoginModule.java TestPrincipal.java TestRealm.java Log: Implement realm bridge concept, with some examples and tests. Revision Changes Path 1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/bridge/AbstractPrincipalMappingUserPasswordRealmBridge.java Index: AbstractPrincipalMappingUserPasswordRealmBridge.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Geronimo" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "Apache", * "Apache Geronimo", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * ==================================================================== */ package org.apache.geronimo.security.bridge; import java.io.IOException; import java.security.Principal; import java.util.Map; import java.util.Set; import java.util.HashMap; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.geronimo.kernel.service.GeronimoMBeanInfo; import org.apache.geronimo.kernel.service.GeronimoAttributeInfo; /** * * * @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:02 $ * * */ public abstract class AbstractPrincipalMappingUserPasswordRealmBridge extends AbstractRealmBridge { protected final Map principalMap = new HashMap(); private Class principalSourceType; private String principalTargetCallbackName; protected final Map userNameMap = new HashMap(); private Class userNameSourceType; private String userNameTargetCallbackName; protected final Map passwordMap = new HashMap(); private Class passwordSourceType; public static GeronimoMBeanInfo getGeronimoMBeanInfo() { GeronimoMBeanInfo mbeanInfo = AbstractRealmBridge.getGeronimoMBeanInfo(); //set target class in concrete subclass mbeanInfo.addAttributeInfo(new GeronimoAttributeInfo("PrincipalSourceType", true, true, "Class of principal to use as source for target principal map key")); mbeanInfo.addAttributeInfo(new GeronimoAttributeInfo("PrincipalTargetCallbackName", true, true, "Pronpt of NameCallback used to query for target principal")); mbeanInfo.addAttributeInfo(new GeronimoAttributeInfo("UserNameSourceType", true, true, "Class of principal to use as source for target user name map key")); mbeanInfo.addAttributeInfo(new GeronimoAttributeInfo("UserNameTargetCallbackName", true, true, "Pronpt of NameCallback used to query for target user name")); mbeanInfo.addAttributeInfo(new GeronimoAttributeInfo("PasswordSourceType", true, true, "Class of principal to use as source for target password map key")); return mbeanInfo; } public Class getPrincipalSourceType() { return principalSourceType; } public void setPrincipalSourceType(Class principalSourceType) { this.principalSourceType = principalSourceType; } public String getPrincipalTargetCallbackName() { return principalTargetCallbackName; } public void setPrincipalTargetCallbackName(String principalTargetCallbackName) { this.principalTargetCallbackName = principalTargetCallbackName; } public Class getUserNameSourceType() { return userNameSourceType; } public void setUserNameSourceType(Class userNameSourceType) { this.userNameSourceType = userNameSourceType; } public String getUserNameTargetCallbackName() { return userNameTargetCallbackName; } public void setUserNameTargetCallbackName(String userNameTargetCallbackName) { this.userNameTargetCallbackName = userNameTargetCallbackName; } public Class getPasswordSourceType() { return passwordSourceType; } public void setPasswordSourceType(Class passwordSourceType) { this.passwordSourceType = passwordSourceType; } protected CallbackHandler getCallbackHandler(final Subject sourceSubject) { return new CallbackHandler() { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { Principal principalSourcePrincipal = findPrincipalOfType(sourceSubject, principalSourceType); Principal userNameSourcePrincipal; if (userNameSourceType == principalSourceType) { userNameSourcePrincipal = principalSourcePrincipal; } else { userNameSourcePrincipal = findPrincipalOfType(sourceSubject, userNameSourceType); } Principal passwordSourcePrincipal; if (passwordSourceType == principalSourceType) { passwordSourcePrincipal = principalSourcePrincipal; } else { passwordSourcePrincipal = findPrincipalOfType(sourceSubject, passwordSourceType); } for (int i = 0; i < callbacks.length; i++) { Callback callback = callbacks[i]; if (callback instanceof NameCallback) { NameCallback nameCallback = (NameCallback)callback; if (nameCallback.getPrompt().equals(principalTargetCallbackName)) { nameCallback.setName((String)principalMap.get(principalSourcePrincipal.getName())); } else if (nameCallback.getPrompt().equals(userNameTargetCallbackName)) { nameCallback.setName((String)userNameMap.get(userNameSourcePrincipal.getName())); } else { throw new UnsupportedCallbackException(callback, "Only name callbacks with prompts " + principalTargetCallbackName + " or " + userNameTargetCallbackName + " are supported"); } } else if (callback instanceof PasswordCallback) { ((PasswordCallback)callback).setPassword((char[])passwordMap.get(passwordSourcePrincipal.getName())); } else { throw new UnsupportedCallbackException(callback, "Only name and password callbacks supported"); } } } private Principal findPrincipalOfType(final Subject sourceSubject, Class principalClass) throws UnsupportedCallbackException { Set principalPrincipals = sourceSubject.getPrincipals(principalClass); if (principalPrincipals == null || principalPrincipals.size() != 1) { throw new UnsupportedCallbackException(null, "No principals of type " + principalClass + " to read"); } Principal principal = (Principal)principalPrincipals.iterator().next(); return principal; } }; } } 1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/bridge/AbstractRealmBridge.java Index: AbstractRealmBridge.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Geronimo" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "Apache", * "Apache Geronimo", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * ==================================================================== */ package org.apache.geronimo.security.bridge; import javax.security.auth.Subject; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.security.auth.callback.CallbackHandler; import org.apache.geronimo.kernel.service.GeronimoMBeanInfo; import org.apache.geronimo.kernel.service.GeronimoAttributeInfo; import org.apache.geronimo.kernel.service.GeronimoOperationInfo; import org.apache.geronimo.kernel.service.GeronimoParameterInfo; /** * * * @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:02 $ * * */ public abstract class AbstractRealmBridge implements RealmBridge { private String targetRealm; public static GeronimoMBeanInfo getGeronimoMBeanInfo() { GeronimoMBeanInfo mbeanInfo = new GeronimoMBeanInfo(); //set target class in concrete subclass mbeanInfo.addAttributeInfo(new GeronimoAttributeInfo("TargetRealm", true, true, "Name of realm to log in to")); mbeanInfo.addOperationInfo(new GeronimoOperationInfo("getSubject", new GeronimoParameterInfo[]{new GeronimoParameterInfo("sourceSubject", Subject.class, "Subject to be translated")}, GeronimoOperationInfo.ACTION, "Log into the target realm using information gleaned from the supplied Subject")); return mbeanInfo; } public Subject mapSubject(Subject sourceSubject) throws LoginException { Subject targetSubject = new Subject(); LoginContext loginContext = new LoginContext(targetRealm, targetSubject, getCallbackHandler(sourceSubject)); loginContext.login(); return targetSubject; } protected abstract CallbackHandler getCallbackHandler(Subject sourceSubject); public String getTargetRealm() { return targetRealm; } public void setTargetRealm(String targetRealm) { this.targetRealm = targetRealm; } } 1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/bridge/CallerIdentityUserPasswordRealmBridge.java Index: CallerIdentityUserPasswordRealmBridge.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Geronimo" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "Apache", * "Apache Geronimo", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * ==================================================================== */ package org.apache.geronimo.security.bridge; import java.io.IOException; import java.util.Set; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.Callback; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.Subject; import org.apache.geronimo.security.providers.GeronimoPasswordCredential; import org.apache.geronimo.security.bridge.AbstractRealmBridge; import org.apache.geronimo.kernel.service.GeronimoMBeanInfo; /** * * * @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:02 $ * * */ public class CallerIdentityUserPasswordRealmBridge extends AbstractRealmBridge { public static GeronimoMBeanInfo getGeronimoMBeanInfo() { GeronimoMBeanInfo mbeanInfo = AbstractRealmBridge.getGeronimoMBeanInfo(); mbeanInfo.setTargetClass(CallerIdentityUserPasswordRealmBridge.class); return mbeanInfo; } protected CallbackHandler getCallbackHandler(final Subject sourceSubject) { return new CallbackHandler() { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { Set credentials = sourceSubject.getPrivateCredentials(GeronimoPasswordCredential.class); if (credentials == null || credentials.size() != 1) { throw new UnsupportedCallbackException(null, "No GeronimoPasswordCredential to read"); } GeronimoPasswordCredential geronimoPasswordCredential = (GeronimoPasswordCredential)credentials.iterator().next(); for (int i = 0; i < callbacks.length; i++) { Callback callback = callbacks[i]; if (callback instanceof NameCallback) { ((NameCallback)callback).setName(geronimoPasswordCredential.getUserName()); } else if (callback instanceof PasswordCallback) { ((PasswordCallback)callback).setPassword(geronimoPasswordCredential.getPassword()); } else { throw new UnsupportedCallbackException(callback, "Only name and password callbacks supported"); } } } }; } } 1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/bridge/ConfiguredIdentityUserPasswordRealmBridge.java Index: ConfiguredIdentityUserPasswordRealmBridge.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Geronimo" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "Apache", * "Apache Geronimo", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * ==================================================================== */ package org.apache.geronimo.security.bridge; import java.io.IOException; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.Callback; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.Subject; import org.apache.geronimo.kernel.service.GeronimoMBeanInfo; import org.apache.geronimo.kernel.service.GeronimoAttributeInfo; import org.apache.geronimo.security.bridge.AbstractRealmBridge; /** * ConfiguredIdentityRealmBridge supplies a constant mapping between realms: * it always returns the configured user and password, no matter what the * source realm or source subject. * * @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:02 $ * * */ public class ConfiguredIdentityUserPasswordRealmBridge extends AbstractRealmBridge { private String configuredUser; private char[] configuredPassword; public static GeronimoMBeanInfo getGeronimoMBeanInfo() { GeronimoMBeanInfo mbeanInfo = AbstractRealmBridge.getGeronimoMBeanInfo(); mbeanInfo.setTargetClass(ConfiguredIdentityUserPasswordRealmBridge.class); mbeanInfo.addAttributeInfo(new GeronimoAttributeInfo("ConfiguredUser", true, true, "Name of user to log in as")); mbeanInfo.addAttributeInfo(new GeronimoAttributeInfo("ConfiguredPassword", true, true, "Password of user to log in as")); return mbeanInfo; } public String getConfiguredUser() { return configuredUser; } public void setConfiguredUser(String configuredUser) { this.configuredUser = configuredUser; } public String getConfiguredPassword() { return new String(configuredPassword); } public void setConfiguredPassword(String configuredPassword) { this.configuredPassword = configuredPassword == null? null: configuredPassword.toCharArray(); } protected CallbackHandler getCallbackHandler(Subject sourceSubject) { return new CallbackHandler() { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { Callback callback = callbacks[i]; if (callback instanceof NameCallback) { ((NameCallback)callback).setName(configuredUser); } else if (callback instanceof PasswordCallback) { ((PasswordCallback)callback).setPassword(configuredPassword); } else { throw new UnsupportedCallbackException(callback); } } } }; } } 1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/bridge/PropertiesFilePrincipalMappingUserPasswordRealmBridge.java Index: PropertiesFilePrincipalMappingUserPasswordRealmBridge.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Geronimo" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "Apache", * "Apache Geronimo", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * ==================================================================== */ package org.apache.geronimo.security.bridge; import java.net.URL; import java.util.Properties; import java.util.Map; import java.util.Iterator; import java.util.StringTokenizer; import java.io.IOException; import org.apache.geronimo.kernel.service.GeronimoMBeanInfo; import org.apache.geronimo.kernel.service.GeronimoAttributeInfo; import org.apache.geronimo.security.bridge.AbstractPrincipalMappingUserPasswordRealmBridge; /** * * * @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:02 $ * * */ public class PropertiesFilePrincipalMappingUserPasswordRealmBridge extends AbstractPrincipalMappingUserPasswordRealmBridge{ private URL propertyFileURL; public URL getPropertyFileURL() { return propertyFileURL; } public static GeronimoMBeanInfo getGeronimoMBeanInfo() { GeronimoMBeanInfo mbeanInfo = AbstractPrincipalMappingUserPasswordRealmBridge.getGeronimoMBeanInfo(); mbeanInfo.setTargetClass(PropertiesFilePrincipalMappingUserPasswordRealmBridge.class); mbeanInfo.addAttributeInfo(new GeronimoAttributeInfo("PropertyFileURL", true, true, "URL to read the mapping from in sourcePrincipal=targetPrincipal:targetUserName:targetPassword format0")); return mbeanInfo; } public void setPropertyFileURL(URL propertyFileURL) throws IOException { this.propertyFileURL = propertyFileURL; principalMap.clear(); userNameMap.clear(); passwordMap.clear(); Properties properties = new Properties(); properties.load(propertyFileURL.openStream()); setMaps(properties, principalMap, userNameMap, passwordMap); } void setMaps(Properties properties, Map principalMap, Map userNameMap, Map passwordMap) { for (Iterator iterator = properties.entrySet().iterator(); iterator.hasNext();) { Map.Entry entry = (Map.Entry) iterator.next(); String key = (String) entry.getKey(); String values = (String)entry.getValue(); StringTokenizer tokenizer = new StringTokenizer(values, ":"); String targetPrincipal = tokenizer.nextToken(); String targetUserName = tokenizer.nextToken(); char[] targetPassword = tokenizer.nextToken().toCharArray(); principalMap.put(key, targetPrincipal); userNameMap.put(key, targetUserName); passwordMap.put(key, targetPassword); } } } 1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/bridge/RealmBridge.java Index: RealmBridge.java =================================================================== package org.apache.geronimo.security.bridge; import javax.security.auth.Subject; import javax.security.auth.login.LoginException; /** * Interface for bridging between realms. Subject from a source realm is supplied, and * the RealmBridge logs into a target realm using identity and credential information from * source realm, mapped as appropriate. * * @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:02 $ * * */ public interface RealmBridge { Subject mapSubject(Subject sourceSubject) throws LoginException; } 1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/providers/GeronimoPasswordCredential.java Index: GeronimoPasswordCredential.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Geronimo" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "Apache", * "Apache Geronimo", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * ==================================================================== */ package org.apache.geronimo.security.providers; /** * * * @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:02 $ * * */ public class GeronimoPasswordCredential { private String userName; private char[] password; public GeronimoPasswordCredential(String userName, char[] password) { this.userName = userName; this.password = password; } public String getUserName() { return userName; } public char[] getPassword() { return password; } } 1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/providers/GeronimoPasswordCredentialLoginModule.java Index: GeronimoPasswordCredentialLoginModule.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Geronimo" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "Apache", * "Apache Geronimo", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * ==================================================================== */ package org.apache.geronimo.security.providers; import java.util.Map; import javax.security.auth.spi.LoginModule; import javax.security.auth.Subject; import javax.security.auth.login.LoginException; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.Callback; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; /** * * * @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:02 $ * * */ public class GeronimoPasswordCredentialLoginModule implements LoginModule{ private Subject subject; private CallbackHandler callbackHandler; private GeronimoPasswordCredential geronimoPasswordCredential; public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { this.subject = subject; this.callbackHandler = callbackHandler; } public boolean login() throws LoginException { Callback[] callbacks = new Callback[2]; callbacks[0] = new NameCallback(""); callbacks[1] = new PasswordCallback("", false); try { callbackHandler.handle(callbacks); } catch (java.io.IOException e) { } catch (UnsupportedCallbackException e) { throw (LoginException)new LoginException("Unlikely UnsupportedCallbackException").initCause(e); } geronimoPasswordCredential = new GeronimoPasswordCredential( ((NameCallback)callbacks[0]).getName(), ((PasswordCallback)callbacks[1]).getPassword()); return true; } public boolean commit() throws LoginException { subject.getPrivateCredentials().add(geronimoPasswordCredential); return true; } public boolean abort() throws LoginException { geronimoPasswordCredential = null; return true; } public boolean logout() throws LoginException { geronimoPasswordCredential = null; return true; } } 1.1 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/bridge/AbstractUserPasswordBridgeTest.java Index: AbstractUserPasswordBridgeTest.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Geronimo" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "Apache", * "Apache Geronimo", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * ==================================================================== */ package org.apache.geronimo.security.bridge; import java.util.Collections; import javax.security.auth.Subject; import junit.framework.TestCase; import org.apache.geronimo.security.SecurityService; import org.apache.geronimo.security.providers.GeronimoPasswordCredential; /** * * * @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:03 $ * * */ public abstract class AbstractUserPasswordBridgeTest extends TestCase { private SecurityService securityService; protected final static String USER = "testuser"; protected final static String PASSWORD = "testpassword"; protected void setUp() { securityService = new SecurityService(); securityService.setRealms(Collections.singleton(new TestRealm())); } protected void checkValidSubject(Subject targetSubject) { assertEquals("Expected one TestPrincipal", 1, targetSubject.getPrincipals(TestPrincipal.class).size()); Object p = targetSubject.getPrincipals(TestPrincipal.class).iterator().next(); assertSame("Expected ResourcePrincipal", TestPrincipal.class, p.getClass()); assertEquals("Expected name of TestPrincipal to be " + ConfiguredIdentityUserPasswordBridgeTest.USER, ConfiguredIdentityUserPasswordBridgeTest.USER, ((TestPrincipal) p).getName()); assertEquals("Expected no public credential", 0, targetSubject.getPublicCredentials().size()); assertEquals("Expected one private credential", 1, targetSubject.getPrivateCredentials().size()); Object cred = targetSubject.getPrivateCredentials().iterator().next(); assertSame("Expected GeronimoPasswordCredential", GeronimoPasswordCredential.class, cred.getClass()); assertEquals("Expected user", ConfiguredIdentityUserPasswordBridgeTest.USER, ((GeronimoPasswordCredential) cred).getUserName()); assertEquals("Expected password", ConfiguredIdentityUserPasswordBridgeTest.PASSWORD, new String(((GeronimoPasswordCredential) cred).getPassword())); } } 1.1 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/bridge/CallerIdentityUserPasswordBridgeTest.java Index: CallerIdentityUserPasswordBridgeTest.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Geronimo" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "Apache", * "Apache Geronimo", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * ==================================================================== */ package org.apache.geronimo.security.bridge; import javax.security.auth.Subject; import javax.security.auth.login.LoginException; import org.apache.geronimo.security.providers.GeronimoPasswordCredential; /** * * * @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:03 $ * * */ public class CallerIdentityUserPasswordBridgeTest extends AbstractUserPasswordBridgeTest{ private CallerIdentityUserPasswordRealmBridge bridge; protected void setUp() { super.setUp(); bridge = new CallerIdentityUserPasswordRealmBridge(); bridge.setTargetRealm(TestRealm.REALM_NAME); } public void testCallerIdentityBridge() throws Exception { Subject sourceSubject = new Subject(); sourceSubject.getPrivateCredentials().add(new GeronimoPasswordCredential(AbstractUserPasswordBridgeTest.USER, AbstractUserPasswordBridgeTest.PASSWORD.toCharArray())); Subject targetSubject = bridge.mapSubject(sourceSubject); checkValidSubject(targetSubject); } public void testNoCredentials() throws Exception { Subject sourceSubject = new Subject(); try { bridge.mapSubject(sourceSubject); fail(); } catch (LoginException e) { } } } 1.1 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/bridge/ConfiguredIdentityUserPasswordBridgeTest.java Index: ConfiguredIdentityUserPasswordBridgeTest.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Geronimo" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "Apache", * "Apache Geronimo", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * ==================================================================== */ package org.apache.geronimo.security.bridge; import javax.security.auth.Subject; /** * * * @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:03 $ * * */ public class ConfiguredIdentityUserPasswordBridgeTest extends AbstractUserPasswordBridgeTest { private ConfiguredIdentityUserPasswordRealmBridge bridge; protected void setUp() { super.setUp(); bridge = new ConfiguredIdentityUserPasswordRealmBridge(); bridge.setTargetRealm(TestRealm.REALM_NAME); bridge.setConfiguredUser(AbstractUserPasswordBridgeTest.USER); bridge.setConfiguredPassword(AbstractUserPasswordBridgeTest.PASSWORD); } public void testConfiguredIdentityBridge() throws Exception { Subject sourceSubject = new Subject(); Subject targetSubject = bridge.mapSubject(sourceSubject); checkValidSubject(targetSubject); } } 1.1 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/bridge/MappingUserPasswordBridgeTest.java Index: MappingUserPasswordBridgeTest.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Geronimo" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "Apache", * "Apache Geronimo", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * ==================================================================== */ package org.apache.geronimo.security.bridge; import java.util.Map; import java.util.HashMap; import java.security.Principal; import javax.security.auth.Subject; /** * * * @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:03 $ * * */ public class MappingUserPasswordBridgeTest extends AbstractUserPasswordBridgeTest { private static final String SOURCE_USER_1 = "sourceUser1"; private static final String SOURCE_USER_2 = "sourceUser2"; private static final String SOURCE_PRINCIPAL_1 = "sourcePrincipal1"; private static final String SOURCE_PRINCIPAL_2 = "sourcePrincipal2"; private static final String SOURCE_PASSWORD_1 = "sourcePassword1"; private static final String SOURCE_PASSWORD_2 = "sourcePassword2"; private TestMappingBridge bridge; protected void setUp() { super.setUp(); bridge = new TestMappingBridge(); bridge.setTargetRealm(TestRealm.REALM_NAME); bridge.setPrincipalSourceType(TestPrincipalPrincipal.class); bridge.setPrincipalTargetCallbackName("Resource Principal"); Map principalMap = new HashMap(); principalMap.put(SOURCE_PRINCIPAL_1, AbstractUserPasswordBridgeTest.USER); principalMap.put(SOURCE_PRINCIPAL_2, "no-one"); bridge.setPrincipalMap(principalMap); bridge.setUserNameSourceType(TestUserNamePrincipal.class); bridge.setUserNameTargetCallbackName("User Name"); Map userNameMap = new HashMap(); userNameMap.put(SOURCE_USER_1, AbstractUserPasswordBridgeTest.USER); userNameMap.put(SOURCE_USER_2, "no-one"); bridge.setUserNameMap(userNameMap); bridge.setPasswordSourceType(TestPasswordPrincipal.class); Map passwordMap = new HashMap(); passwordMap.put(SOURCE_PASSWORD_1, AbstractUserPasswordBridgeTest.PASSWORD.toCharArray()); passwordMap.put(SOURCE_PASSWORD_2, "no-password".toCharArray()); bridge.setPasswordMap(passwordMap); } public void testMapping() throws Exception { Subject subject = new Subject(); subject.getPrincipals().add(new TestPrincipalPrincipal(SOURCE_PRINCIPAL_1)); subject.getPrincipals().add(new TestUserNamePrincipal(SOURCE_USER_1)); subject.getPrincipals().add(new TestPasswordPrincipal(SOURCE_PASSWORD_1)); Subject targetSubject = bridge.mapSubject(subject); checkValidSubject(targetSubject); } public void testInsufficientSourcePrincipals() throws Exception { Subject subject = new Subject(); subject.getPrincipals().add(new TestPrincipalPrincipal(SOURCE_PRINCIPAL_1)); subject.getPrincipals().add(new TestPasswordPrincipal(SOURCE_PASSWORD_1)); try { bridge.mapSubject(subject); fail(); } catch (Exception e) { } } public void testNotInMap() throws Exception { Subject subject = new Subject(); subject.getPrincipals().add(new TestPrincipalPrincipal(SOURCE_PRINCIPAL_1 + "xxx")); subject.getPrincipals().add(new TestUserNamePrincipal(SOURCE_USER_1)); subject.getPrincipals().add(new TestPasswordPrincipal(SOURCE_PASSWORD_1)); try { bridge.mapSubject(subject); fail(); } catch (Exception e) { } } public static class TestPrincipalPrincipal implements Principal { private String name; public TestPrincipalPrincipal(String name) { this.name = name; } public String getName() { return name; } } public static class TestUserNamePrincipal implements Principal { private String name; public TestUserNamePrincipal(String name) { this.name = name; } public String getName() { return name; } } public static class TestPasswordPrincipal implements Principal { private String name; public TestPasswordPrincipal(String name) { this.name = name; } public String getName() { return name; } } public static class TestMappingBridge extends AbstractPrincipalMappingUserPasswordRealmBridge { public void setPrincipalMap(Map principalMap) { this.principalMap.clear(); this.principalMap.putAll(principalMap); } public void setUserNameMap(Map userNameMap) { this.userNameMap.clear(); this.userNameMap.putAll(userNameMap); } public void setPasswordMap(Map passwordMap) { this.passwordMap.clear(); this.passwordMap.putAll(passwordMap); } } } 1.1 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/bridge/TestLoginModule.java Index: TestLoginModule.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Geronimo" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "Apache", * "Apache Geronimo", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * ==================================================================== */ package org.apache.geronimo.security.bridge; import java.io.IOException; import java.util.Map; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; import org.apache.geronimo.security.providers.GeronimoPasswordCredential; /** * * * @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:03 $ * * */ public class TestLoginModule implements LoginModule { private Subject subject; private CallbackHandler callbackHandler; private String resourcePrincipalName; private String userName; private char[] password; public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { this.subject = subject; this.callbackHandler = callbackHandler; } public boolean login() throws LoginException { Callback[] callbacks = new Callback[3]; callbacks[0] = new NameCallback("Resource Principal"); callbacks[1] = new NameCallback("User Name"); callbacks[2] = new PasswordCallback("Password", false); try { callbackHandler.handle(callbacks); } catch (IOException ioe) { throw (LoginException) new LoginException().initCause(ioe); } catch (UnsupportedCallbackException uce) { throw (LoginException) new LoginException().initCause(uce); } resourcePrincipalName = ((NameCallback) callbacks[0]).getName(); userName = ((NameCallback) callbacks[1]).getName(); password = ((PasswordCallback) callbacks[2]).getPassword(); return resourcePrincipalName != null && userName != null && password != null; } public boolean commit() throws LoginException { subject.getPrincipals().add(new TestPrincipal(resourcePrincipalName)); GeronimoPasswordCredential passwordCredential = new GeronimoPasswordCredential(userName, password); subject.getPrivateCredentials().add(passwordCredential); return true; } public boolean abort() throws LoginException { return false; } public boolean logout() throws LoginException { return false; } } 1.1 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/bridge/TestPrincipal.java Index: TestPrincipal.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Geronimo" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "Apache", * "Apache Geronimo", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * ==================================================================== */ package org.apache.geronimo.security.bridge; import java.security.Principal; /** * * * @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:03 $ * * */ public class TestPrincipal implements Principal { private String name; public TestPrincipal(String name) { this.name = name; } public String getName() { return name; } } 1.1 incubator-geronimo/modules/core/src/test/org/apache/geronimo/security/bridge/TestRealm.java Index: TestRealm.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Geronimo" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "Apache", * "Apache Geronimo", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * ==================================================================== */ package org.apache.geronimo.security.bridge; import java.util.Set; import java.util.HashMap; import javax.security.auth.login.AppConfigurationEntry; import javax.security.auth.login.LoginContext; import javax.security.auth.spi.LoginModule; import org.apache.geronimo.security.SecurityRealm; import org.apache.geronimo.security.GeronimoSecurityException; import org.apache.regexp.RE; /** * * * @version $Revision: 1.1 $ $Date: 2004/01/11 08:27:03 $ * * */ public class TestRealm implements SecurityRealm { public final static String REALM_NAME = "testrealm"; public String getRealmName() { return REALM_NAME; } public Set getGroupPrincipals() throws GeronimoSecurityException { return null; } public Set getGroupPrincipals(RE regexExpression) throws GeronimoSecurityException { return null; } public Set getUserPrincipals() throws GeronimoSecurityException { return null; } public Set getUserPrincipals(RE regexExpression) throws GeronimoSecurityException { return null; } public void refresh() throws GeronimoSecurityException { } public AppConfigurationEntry[] getAppConfigurationEntry() { return new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUISITE, new HashMap() ) }; } }