User: starksm
Date: 01/07/09 01:54:12
Modified: src/main/org/jboss/test/security/test Tag: Branch_2_4
TestEJBSpec.java
Log:
Added test of an unsecure MDB accessing an internal entity EJB using
the run-as element.
Revision Changes Path
No revision
No revision
1.6.2.2 +291 -253 jbosstest/src/main/org/jboss/test/security/test/TestEJBSpec.java
Index: TestEJBSpec.java
===================================================================
RCS file:
/cvsroot/jboss/jbosstest/src/main/org/jboss/test/security/test/TestEJBSpec.java,v
retrieving revision 1.6.2.1
retrieving revision 1.6.2.2
diff -u -r1.6.2.1 -r1.6.2.2
--- TestEJBSpec.java 2001/07/09 01:06:06 1.6.2.1
+++ TestEJBSpec.java 2001/07/09 08:54:12 1.6.2.2
@@ -6,6 +6,14 @@
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.rmi.PortableRemoteObject;
+import javax.jms.Message;
+import javax.jms.Queue;
+import javax.jms.QueueConnection;
+import javax.jms.QueueConnectionFactory;
+import javax.jms.QueueReceiver;
+import javax.jms.QueueSender;
+import javax.jms.QueueSession;
+import javax.jms.Session;
import javax.security.auth.login.*;
import org.jboss.test.security.interfaces.StatelessSession;
@@ -18,261 +26,291 @@
import org.jboss.test.util.Deploy;
/** Test of EJB spec conformace using the security-spec.jar
-deployment unit. These test the basic role based access model.
-
-@author [EMAIL PROTECTED]
-@version $Revision: 1.6.2.1 $
-*/
+ deployment unit. These test the basic role based access model.
+
+ @author [EMAIL PROTECTED]
+ @version $Revision: 1.6.2.2 $
+ */
public class TestEJBSpec extends junit.framework.TestCase
{
- static String username = "scott";
- static char[] password = "echoman".toCharArray();
-
- LoginContext lc;
- boolean loggedIn;
-
- public TestEJBSpec(String name)
- {
- super(name);
- }
-
- protected void setUp() throws Exception
- {
- // Deploy.deploy("security-spec.jar");
- }
-
- /** Test that:
- 1. SecureBean returns a non-null principal when getCallerPrincipal
- is called with a security context and that this is propagated
- to its Entity bean ref.
-
- 2. UnsecureBean throws an IllegalStateException when getCallerPrincipal
- is called without a security context.
- */
- public void testGetCallerPrincipal() throws Exception
- {
- logout();
- System.out.println("+++ testGetCallerPrincipal()");
- InitialContext jndiContext = new InitialContext();
- Object obj = jndiContext.lookup("spec.UnsecureStatelessSession2");
- obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class);
- StatelessSessionHome home = (StatelessSessionHome) obj;
- System.out.println("Found Unsecure StatelessSessionHome");
- StatelessSession bean = home.create();
- System.out.println("Created spec.UnsecureStatelessSession2");
-
- try
- {
- // This should fail because echo calls getCallerPrincipal()
- bean.echo("Hello from nobody?");
- fail("Was able to call StatelessSession.echo");
- }
- catch(RemoteException e)
- {
- System.out.println("echo failed as expected");
- }
- bean.remove();
-
- login();
- obj = jndiContext.lookup("spec.StatelessSession2");
- obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class);
- home = (StatelessSessionHome) obj;
- System.out.println("Found spec.StatelessSession2");
- bean = home.create();
- System.out.println("Created spec.StatelessSession2");
- // Test that the Entity bean sees username as its principal
- String echo = bean.echo(username);
- System.out.println("bean.echo(username) = "+echo);
- assert("username == echo", echo.equals(username));
- bean.remove();
- }
-
- /** Test that the calling principal is propagated across bean calls.
+ static String username = "scott";
+ static char[] password = "echoman".toCharArray();
+ static String QUEUE_FACTORY = "QueueConnectionFactory";
+
+ LoginContext lc;
+ boolean loggedIn;
+
+ public TestEJBSpec(String name)
+ {
+ super(name);
+ }
+
+ protected void setUp() throws Exception
+ {
+ // Deploy.deploy("security-spec.jar");
+ }
+
+ /** Test that:
+ 1. SecureBean returns a non-null principal when getCallerPrincipal
+ is called with a security context and that this is propagated
+ to its Entity bean ref.
+
+ 2. UnsecureBean throws an IllegalStateException when getCallerPrincipal
+ is called without a security context.
*/
- public void testPrincipalPropagation() throws Exception
- {
- logout();
- login();
- InitialContext jndiContext = new InitialContext();
- Object obj = jndiContext.lookup("spec.UnsecureStatelessSession2");
- obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class);
- StatelessSessionHome home = (StatelessSessionHome) obj;
- System.out.println("Found Unsecure StatelessSessionHome");
- StatelessSession bean = home.create();
- System.out.println("Created spec.UnsecureStatelessSession2");
- System.out.println("Bean.forward('Hello') -> "+bean.forward("Hello"));
- bean.remove();
- }
-
- /** Test that the echo method is accessible by an Echo
- role. Since the noop() method of the StatelessSession
- bean was not assigned any permissions it should not be
- accessible by any user.
- */
- public void testMethodAccess() throws Exception
- {
- login();
- InitialContext jndiContext = new InitialContext();
- Object obj = jndiContext.lookup("spec.StatelessSession");
- obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class);
- StatelessSessionHome home = (StatelessSessionHome) obj;
- System.out.println("Found StatelessSessionHome");
- StatelessSession bean = home.create();
- System.out.println("Created spec.StatelessSession");
- System.out.println("Bean.echo('Hello') -> "+bean.echo("Hello"));
-
- try
- {
- // This should not be allowed
- bean.noop();
- fail("Was able to call StatelessSession.noop");
- }
- catch(RemoteException e)
- {
- System.out.println("StatelessSession.noop failed as expected");
- }
- bean.remove();
- }
-
- /** Test that a user with a role that has not been assigned any
- method permissions in the ejb-jar descriptor is able to access a
- method that has been marked as unchecked.
- */
- public void testUnchecked() throws Exception
- {
- // Login as scott to create the bean
- login();
- InitialContext jndiContext = new InitialContext();
- Object obj = jndiContext.lookup("spec.StatelessSession");
- obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class);
- StatelessSessionHome home = (StatelessSessionHome) obj;
- System.out.println("Found spec.StatelessSession Home");
- StatelessSession bean = home.create();
- System.out.println("Created spec.StatelessSession");
- // Logout and login back in as stark to test access to the unchecked method
- logout();
- login("stark", "javaman".toCharArray());
- bean.unchecked();
- System.out.println("Called Bean.unchecked()");
- logout();
- }
-
- /** Test that user scott who has the Echo role is not able to
- access the StatelessSession2.excluded method even though
- the Echo role has been granted access to all methods of
- StatelessSession2 to test that the excluded-list takes
- precendence over the method-permissions.
- */
- public void testExcluded() throws Exception
- {
- System.out.println("+++ testExcluded");
- login();
- InitialContext jndiContext = new InitialContext();
- Object obj = jndiContext.lookup("spec.StatelessSession2");
- obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class);
- StatelessSessionHome home = (StatelessSessionHome) obj;
- System.out.println("Found spec.StatelessSession2 Home");
- StatelessSession bean = home.create();
- System.out.println("Created spec.StatelessSession2");
- try
- {
- bean.excluded();
- fail("Was able to call Bean.excluded()");
- }
- catch(Exception e)
- {
- System.out.println("Bean.excluded() failed as expected");
- // This is what we expect
- }
- logout();
- }
-
- /** This method tests the following call chains:
- 1. RunAsStatelessSession.echo() -> PrivateEntity.echo()
- 2. RunAsStatelessSession.noop() -> RunAsStatelessSession.excluded()
- 3. RunAsStatelessSession.forward() -> StatelessSession.echo()
- 1. Should succeed because the run-as identity of RunAsStatelessSession
- is valid for accessing PrivateEntity.
- 2. Should succeed ecause the run-as identity of RunAsStatelessSession
- is valid for accessing RunAsStatelessSession.excluded().
- 3. Should fail because the run-as identity of RunAsStatelessSession
- is not Echo.
- */
- public void testRunAs() throws Exception
- {
- login();
- InitialContext jndiContext = new InitialContext();
- Object obj = jndiContext.lookup("spec.RunAsStatelessSession");
- obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class);
- StatelessSessionHome home = (StatelessSessionHome) obj;
- System.out.println("Found RunAsStatelessSession Home");
- StatelessSession bean = home.create();
- System.out.println("Created spec.RunAsStatelessSession");
- System.out.println("Bean.echo('Hello') -> "+bean.echo("Hello"));
- bean.noop();
- System.out.println("Bean.noop(), ok");
-
- try
- {
- // This should not be allowed
- bean.forward("Hello");
- fail("Was able to call RunAsStatelessSession.forward");
- }
- catch(RemoteException e)
- {
- System.out.println("StatelessSession.forward failed as expected");
- }
- bean.remove();
- }
-
- /** Login as user scott using the conf.name login config or
- 'spec-test' if conf.name is not defined.
- */
- private void login() throws Exception
- {
- login(username, password);
- }
- private void login(String username, char[] password) throws Exception
- {
- if( loggedIn )
- return;
-
- lc = null;
- String confName = System.getProperty("conf.name", "spec-test");
- AppCallbackHandler handler = new AppCallbackHandler(username, password);
- System.out.println("Creating LoginContext("+confName+")");
- lc = new LoginContext(confName, handler);
- lc.login();
- System.out.println("Created LoginContext, subject="+lc.getSubject());
- loggedIn = true;
- }
- private void logout() throws Exception
- {
- if( loggedIn )
- {
- loggedIn = false;
- lc.logout();
- }
- }
-
- public static Test suite() {
- TestSuite suite = new TestSuite();
-
- try {
- String filename = "security-spec.jar";
- System.out.println("Deploying...");
- Deploy.deploy(filename);
-
- suite.addTest(new TestSuite(TestEJBSpec.class));
-
- // add a test case to undeploy our support applications
- suite.addTest(new Deploy.Undeployer(filename));
- }
- catch (Throwable t) {
- t.printStackTrace();
- System.exit(0);
- }
+ public void testGetCallerPrincipal() throws Exception
+ {
+ logout();
+ System.out.println("+++ testGetCallerPrincipal()");
+ InitialContext jndiContext = new InitialContext();
+ Object obj = jndiContext.lookup("spec.UnsecureStatelessSession2");
+ obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class);
+ StatelessSessionHome home = (StatelessSessionHome) obj;
+ System.out.println("Found Unsecure StatelessSessionHome");
+ StatelessSession bean = home.create();
+ System.out.println("Created spec.UnsecureStatelessSession2");
+
+ try
+ {
+ // This should fail because echo calls getCallerPrincipal()
+ bean.echo("Hello from nobody?");
+ fail("Was able to call StatelessSession.echo");
+ }
+ catch(RemoteException e)
+ {
+ System.out.println("echo failed as expected");
+ }
+ bean.remove();
+
+ login();
+ obj = jndiContext.lookup("spec.StatelessSession2");
+ obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class);
+ home = (StatelessSessionHome) obj;
+ System.out.println("Found spec.StatelessSession2");
+ bean = home.create();
+ System.out.println("Created spec.StatelessSession2");
+ // Test that the Entity bean sees username as its principal
+ String echo = bean.echo(username);
+ System.out.println("bean.echo(username) = "+echo);
+ assert("username == echo", echo.equals(username));
+ bean.remove();
+ }
+
+ /** Test that the calling principal is propagated across bean calls.
+ */
+ public void testPrincipalPropagation() throws Exception
+ {
+ System.out.println("+++ testPrincipalPropagation");
+ logout();
+ login();
+ InitialContext jndiContext = new InitialContext();
+ Object obj = jndiContext.lookup("spec.UnsecureStatelessSession2");
+ obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class);
+ StatelessSessionHome home = (StatelessSessionHome) obj;
+ System.out.println("Found Unsecure StatelessSessionHome");
+ StatelessSession bean = home.create();
+ System.out.println("Created spec.UnsecureStatelessSession2");
+ System.out.println("Bean.forward('Hello') -> "+bean.forward("Hello"));
+ bean.remove();
+ }
+
+ /** Test that the echo method is accessible by an Echo
+ role. Since the noop() method of the StatelessSession
+ bean was not assigned any permissions it should not be
+ accessible by any user.
+ */
+ public void testMethodAccess() throws Exception
+ {
+ System.out.println("+++ testMethodAccess");
+ login();
+ InitialContext jndiContext = new InitialContext();
+ Object obj = jndiContext.lookup("spec.StatelessSession");
+ obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class);
+ StatelessSessionHome home = (StatelessSessionHome) obj;
+ System.out.println("Found StatelessSessionHome");
+ StatelessSession bean = home.create();
+ System.out.println("Created spec.StatelessSession");
+ System.out.println("Bean.echo('Hello') -> "+bean.echo("Hello"));
+
+ try
+ {
+ // This should not be allowed
+ bean.noop();
+ fail("Was able to call StatelessSession.noop");
+ }
+ catch(RemoteException e)
+ {
+ System.out.println("StatelessSession.noop failed as expected");
+ }
+ bean.remove();
+ }
+
+ /** Test that a user with a role that has not been assigned any
+ method permissions in the ejb-jar descriptor is able to access a
+ method that has been marked as unchecked.
+ */
+ public void testUnchecked() throws Exception
+ {
+ System.out.println("+++ testUnchecked");
+ // Login as scott to create the bean
+ login();
+ InitialContext jndiContext = new InitialContext();
+ Object obj = jndiContext.lookup("spec.StatelessSession");
+ obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class);
+ StatelessSessionHome home = (StatelessSessionHome) obj;
+ System.out.println("Found spec.StatelessSession Home");
+ StatelessSession bean = home.create();
+ System.out.println("Created spec.StatelessSession");
+ // Logout and login back in as stark to test access to the unchecked method
+ logout();
+ login("stark", "javaman".toCharArray());
+ bean.unchecked();
+ System.out.println("Called Bean.unchecked()");
+ logout();
+ }
+
+ /** Test that user scott who has the Echo role is not able to
+ access the StatelessSession2.excluded method even though
+ the Echo role has been granted access to all methods of
+ StatelessSession2 to test that the excluded-list takes
+ precendence over the method-permissions.
+ */
+ public void testExcluded() throws Exception
+ {
+ System.out.println("+++ testExcluded");
+ login();
+ InitialContext jndiContext = new InitialContext();
+ Object obj = jndiContext.lookup("spec.StatelessSession2");
+ obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class);
+ StatelessSessionHome home = (StatelessSessionHome) obj;
+ System.out.println("Found spec.StatelessSession2 Home");
+ StatelessSession bean = home.create();
+ System.out.println("Created spec.StatelessSession2");
+ try
+ {
+ bean.excluded();
+ fail("Was able to call Bean.excluded()");
+ }
+ catch(Exception e)
+ {
+ System.out.println("Bean.excluded() failed as expected");
+ // This is what we expect
+ }
+ logout();
+ }
+
+ /** This method tests the following call chains:
+ 1. RunAsStatelessSession.echo() -> PrivateEntity.echo()
+ 2. RunAsStatelessSession.noop() -> RunAsStatelessSession.excluded()
+ 3. RunAsStatelessSession.forward() -> StatelessSession.echo()
+ 1. Should succeed because the run-as identity of RunAsStatelessSession
+ is valid for accessing PrivateEntity.
+ 2. Should succeed ecause the run-as identity of RunAsStatelessSession
+ is valid for accessing RunAsStatelessSession.excluded().
+ 3. Should fail because the run-as identity of RunAsStatelessSession
+ is not Echo.
+ */
+ public void testRunAs() throws Exception
+ {
+ System.out.println("+++ testRunAs");
+ login();
+ InitialContext jndiContext = new InitialContext();
+ Object obj = jndiContext.lookup("spec.RunAsStatelessSession");
+ obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class);
+ StatelessSessionHome home = (StatelessSessionHome) obj;
+ System.out.println("Found RunAsStatelessSession Home");
+ StatelessSession bean = home.create();
+ System.out.println("Created spec.RunAsStatelessSession");
+ System.out.println("Bean.echo('Hello') -> "+bean.echo("Hello"));
+ bean.noop();
+ System.out.println("Bean.noop(), ok");
+
+ try
+ {
+ // This should not be allowed
+ bean.forward("Hello");
+ fail("Was able to call RunAsStatelessSession.forward");
+ }
+ catch(RemoteException e)
+ {
+ System.out.println("StatelessSession.forward failed as expected");
+ }
+ bean.remove();
+ }
+
+ public void testMDBRunAs() throws Exception
+ {
+ System.out.println("+++ testMDBRunAs");
+ logout();
+ InitialContext jndiContext = new InitialContext();
+ QueueConnectionFactory queueFactory = (QueueConnectionFactory)
jndiContext.lookup(QUEUE_FACTORY);
+ Queue que = (Queue) jndiContext.lookup("queue/A");
+ QueueConnection queueConn = queueFactory.createQueueConnection();
+ QueueSession session = queueConn.createQueueSession(false,
Session.AUTO_ACKNOWLEDGE);
+ Message msg = session.createMessage();
+ msg.setStringProperty("arg", "HelloMDB");
+ QueueSender sender = session.createSender(que);
+ sender.send(msg);
+ sender.close();
+ System.out.println("Sent msg to queue/A");
+ QueueReceiver recv = session.createReceiver(que);
+ msg = recv.receive(5000);
+ System.out.println("Recv msg: "+msg);
+ recv.close();
+ session.close();
+ queueConn.close();
+ }
- return suite;
- }
+ /** Login as user scott using the conf.name login config or
+ 'spec-test' if conf.name is not defined.
+ */
+ private void login() throws Exception
+ {
+ login(username, password);
+ }
+ private void login(String username, char[] password) throws Exception
+ {
+ if( loggedIn )
+ return;
+
+ lc = null;
+ String confName = System.getProperty("conf.name", "spec-test");
+ AppCallbackHandler handler = new AppCallbackHandler(username, password);
+ System.out.println("Creating LoginContext("+confName+")");
+ lc = new LoginContext(confName, handler);
+ lc.login();
+ System.out.println("Created LoginContext, subject="+lc.getSubject());
+ loggedIn = true;
+ }
+ private void logout() throws Exception
+ {
+ if( loggedIn )
+ {
+ loggedIn = false;
+ lc.logout();
+ }
+ }
+
+ public static Test suite()
+ {
+ TestSuite suite = new TestSuite();
+
+ try
+ {
+ String filename = "security-spec.jar";
+ System.out.println("Deploying...");
+ Deploy.deploy(filename);
+
+ suite.addTest(new TestSuite(TestEJBSpec.class));
+ // add a test case to undeploy our support applications
+ suite.addTest(new Deploy.Undeployer(filename));
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ System.exit(0);
+ }
+
+ return suite;
+ }
}
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development