Ray Krueger
22 years ago
11 changed files with 622 additions and 1 deletions
@ -0,0 +1,47 @@
@@ -0,0 +1,47 @@
|
||||
package net.sf.acegisecurity.providers.jaas; |
||||
|
||||
import net.sf.acegisecurity.Authentication; |
||||
|
||||
import javax.security.auth.callback.Callback; |
||||
import javax.security.auth.callback.UnsupportedCallbackException; |
||||
import java.io.IOException; |
||||
|
||||
/** |
||||
* The JaasAuthenticationCallbackHandler is similar to the javax.security.auth.callback.CallbackHandler interface
|
||||
* in that it defines a handle method. The JaasAuthenticationCallbackHandler is only asked to handle one Callback instance at at time |
||||
* rather than an array of all Callbacks, as the javax... CallbackHandler defines. |
||||
* <p/> |
||||
* Before a JaasAuthenticationCallbackHandler is asked to 'handle' any callbacks, it is first passed the Authentication |
||||
* object that the login attempt is for. NOTE: The Authentication object has not been 'authenticated' yet. |
||||
* </p> |
||||
* <br> |
||||
* |
||||
* @author Ray Krueger |
||||
* @version $Id$ |
||||
* @see JaasNameCallbackHandler |
||||
* @see JaasPasswordCallbackHandler |
||||
* @see <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback</a> |
||||
* @see <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html">CallbackHandler</a> |
||||
*/ |
||||
public interface JaasAuthenticationCallbackHandler { |
||||
|
||||
/** |
||||
* Called by the JaasAuthenticationProvider before calling the handle method for any Callbacks. |
||||
* |
||||
* @param auth The Authentication object currently being authenticated. |
||||
*/ |
||||
void setAuthentication(Authentication auth); |
||||
|
||||
/** |
||||
* Handle the <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback</a>. |
||||
* The handle method will be called for every callback instance sent from the LoginContext. Meaning that The handle |
||||
* method may be called multiple times for a given JaasAuthenticationCallbackHandler, after a single call |
||||
* to the {@link #setAuthentication(net.sf.acegisecurity.Authentication) setAuthentication} method. |
||||
* |
||||
* @param callback |
||||
* @throws IOException |
||||
* @throws UnsupportedCallbackException |
||||
*/ |
||||
void handle(Callback callback) throws IOException, UnsupportedCallbackException; |
||||
|
||||
} |
||||
@ -0,0 +1,290 @@
@@ -0,0 +1,290 @@
|
||||
package net.sf.acegisecurity.providers.jaas; |
||||
|
||||
import net.sf.acegisecurity.Authentication; |
||||
import net.sf.acegisecurity.AuthenticationException; |
||||
import net.sf.acegisecurity.AuthenticationServiceException; |
||||
import net.sf.acegisecurity.GrantedAuthority; |
||||
import net.sf.acegisecurity.providers.AuthenticationProvider; |
||||
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken; |
||||
import net.sf.acegisecurity.providers.jaas.event.JaasAuthenticationFailedEvent; |
||||
import net.sf.acegisecurity.providers.jaas.event.JaasAuthenticationSuccessEvent; |
||||
import org.springframework.beans.BeansException; |
||||
import org.springframework.beans.factory.InitializingBean; |
||||
import org.springframework.context.ApplicationContext; |
||||
import org.springframework.context.ApplicationContextAware; |
||||
import org.springframework.context.ApplicationContextException; |
||||
import org.springframework.core.io.Resource; |
||||
|
||||
import javax.security.auth.callback.Callback; |
||||
import javax.security.auth.callback.CallbackHandler; |
||||
import javax.security.auth.callback.UnsupportedCallbackException; |
||||
import javax.security.auth.login.LoginContext; |
||||
import javax.security.auth.login.LoginException; |
||||
import java.io.IOException; |
||||
import java.security.Principal; |
||||
import java.security.Security; |
||||
import java.util.Arrays; |
||||
import java.util.HashSet; |
||||
import java.util.Iterator; |
||||
import java.util.Set; |
||||
|
||||
/** |
||||
* An {@link AuthenticationProvider} implementation that retrieves user details |
||||
* from a JAAS login configuration. |
||||
* <p/> |
||||
* This <code>AuthenticationProvider</code> is capable of validating {@link |
||||
* net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken} requests contain the correct username and password. |
||||
* </p> |
||||
* This implementation is backed by a <a href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASRefGuide.html">JAAS</a> configuration. |
||||
* The loginConfig property must be set to a given JAAS configuration file. This setter accepts a Spring |
||||
* {@link org.springframework.core.io.Resource} instance. It should point to a JAAS configuration file |
||||
* containing an index matching the {@link #setLoginContextName(java.lang.String) loginContextName} property. |
||||
* <p/> |
||||
* For example: |
||||
* If this JaasAuthenticationProvider were configured in a Spring WebApplicationContext the xml to set the loginConfiguration |
||||
* could be as follows... |
||||
* <pre> |
||||
* <property name="loginConfig"> |
||||
* <value>/WEB-INF/login.conf</value> |
||||
* </property> |
||||
* </pre> |
||||
* </p> |
||||
* <p/> |
||||
* <p/> |
||||
* The loginContextName should coincide with a given index in the loginConfig specifed. |
||||
* The loginConfig file used in the JUnit tests appears as the following... |
||||
* <pre> |
||||
* JAASTest { |
||||
* net.sf.acegisecurity.providers.jaas.TestLoginModule required; |
||||
* }; |
||||
* </pre> |
||||
* Using the example login configuration above, the loginContextName property would be set as <i>JAASTest</i>... |
||||
* <pre> |
||||
* <property name="loginContextName"> |
||||
* <value>JAASTest</value> |
||||
* </property> |
||||
* </pre> |
||||
* </p> |
||||
* <p/> |
||||
* <p/> |
||||
* When using JAAS login modules as the authentication source, sometimes the |
||||
* <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/LoginContext.html">LoginContext</a> |
||||
* will require <i>CallbackHandler</i>s. |
||||
* The JaasAuthenticationProvider uses an internal <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/CallbackHandler.html">CallbackHandler</a> to |
||||
* wrap the {@link JaasAuthenticationCallbackHandler}s configured in the ApplicationContext. When the LoginContext calls |
||||
* the internal CallbackHandler, control is passed to each {@link JaasAuthenticationCallbackHandler} for each Callback passed. |
||||
* </p> |
||||
* <p/> |
||||
* {@link JaasAuthenticationCallbackHandler}s are passed to the JaasAuthenticationProvider through the |
||||
* {@link #setCallbackHandlers(net.sf.acegisecurity.providers.jaas.JaasAuthenticationCallbackHandler[]) callbackHandlers} property. |
||||
* <pre> |
||||
* <property name="callbackHandlers"> |
||||
* <list> |
||||
* <bean class="net.sf.acegisecurity.providers.jaas.TestCallbackHandler"/> |
||||
* <bean class="{@link JaasNameCallbackHandler net.sf.acegisecurity.providers.jaas.JaasNameCallbackHandler}"/> |
||||
* <bean class="{@link JaasPasswordCallbackHandler net.sf.acegisecurity.providers.jaas.JaasPasswordCallbackHandler}"/> |
||||
* </list> |
||||
* </property> |
||||
* </pre> |
||||
* </p> |
||||
* <p/> |
||||
* <p/> |
||||
* After calling LoginContext.login(), the JaasAuthenticationProvider will retrieve the returned Principals from the Subject (LoginContext.getSubject().getPrincipals). |
||||
* Each returned principal is then passed to the configured {@link AuthorityGranter}s. An AuthorityGranter is a mapping between a returned Principal, and a role name. |
||||
* If an AuthorityGranter wishes to grant an Authorization a role, it returns that role name from it's {@link AuthorityGranter#grant(java.security.Principal)} method. |
||||
* The returned role will be applied to the Authorization object as a {@link GrantedAuthority}. |
||||
* <p/> |
||||
* AuthorityGranters are configured in spring xml as follows... |
||||
* <pre> |
||||
* <property name="authorityGranters"> |
||||
* <list> |
||||
* <bean class="net.sf.acegisecurity.providers.jaas.TestAuthorityGranter"/> |
||||
* </list> |
||||
* </property> |
||||
* <p/> |
||||
* </pre> |
||||
* </p> |
||||
* |
||||
* @author Ray Krueger |
||||
* @version $Id$ |
||||
*/ |
||||
public class JaasAuthenticationProvider implements AuthenticationProvider, InitializingBean, ApplicationContextAware { |
||||
|
||||
private ApplicationContext context; |
||||
private String loginContextName = "ACEGI"; |
||||
private Resource loginConfig; |
||||
private JaasAuthenticationCallbackHandler[] callbackHandlers; |
||||
private AuthorityGranter[] authorityGranters; |
||||
|
||||
/** |
||||
* Attempts to login the user given the Authentication objects principal and credential |
||||
* |
||||
* @param auth The Authentication object to be authenticated. |
||||
* @return The authenticated Authentication object, with it's grantedAuthorities set. |
||||
* @throws AuthenticationException This implementation does not handle 'locked' or 'disabled' accounts. |
||||
* This method only throws a AuthenticationServiceException, with the message of the LoginException that will be thrown, |
||||
* should the loginContext.login() method fail. |
||||
*/ |
||||
public Authentication authenticate(Authentication auth) throws AuthenticationException { |
||||
if (auth instanceof UsernamePasswordAuthenticationToken) { |
||||
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) auth; |
||||
|
||||
try { |
||||
|
||||
//Create the LoginContext object, and pass our InternallCallbackHandler
|
||||
LoginContext lc = new LoginContext(loginContextName, new InternalCallbackHandler(auth)); |
||||
|
||||
//Attempt to login the user, the LoginContext will call our InternalCallbackHandler at this point.
|
||||
lc.login(); |
||||
|
||||
|
||||
//create a set to hold the authorities, and add any that have already been applied.
|
||||
Set authorities = new HashSet(); |
||||
|
||||
if (token.getAuthorities() != null) { |
||||
authorities.addAll(Arrays.asList(token.getAuthorities())); |
||||
} |
||||
|
||||
//get the subject principals and pass them to each of the AuthorityGranters
|
||||
Set principals = lc.getSubject().getPrincipals(); |
||||
for (Iterator iterator = principals.iterator(); iterator.hasNext();) { |
||||
Principal principal = (Principal) iterator.next(); |
||||
for (int i = 0; i < authorityGranters.length; i++) { |
||||
AuthorityGranter granter = authorityGranters[i]; |
||||
String role = granter.grant(principal); |
||||
//If the granter doesn't wish to grant any authority, it should return null.
|
||||
if (role != null) { |
||||
authorities.add(new JaasGrantedAuthority(role, principal)); |
||||
} |
||||
} |
||||
} |
||||
|
||||
//Convert the authorities set back to an array and apply it to the token.
|
||||
token.setAuthorities((GrantedAuthority[]) authorities.toArray(new GrantedAuthority[authorities.size()])); |
||||
|
||||
//Publish the success event
|
||||
context.publishEvent(new JaasAuthenticationSuccessEvent(token)); |
||||
|
||||
//we're done, return the token.
|
||||
return token; |
||||
|
||||
} catch (LoginException e) { |
||||
context.publishEvent(new JaasAuthenticationFailedEvent(auth, e)); |
||||
//We have no way of knowing what caused the exception, so we cannot throw BadCredentialsException, DisabledException, or LockedException.
|
||||
//So we'll just throw an AuthenticationServiceException
|
||||
throw new AuthenticationServiceException(e.toString()); |
||||
} |
||||
} |
||||
return null; |
||||
} |
||||
|
||||
public boolean supports(Class aClass) { |
||||
return UsernamePasswordAuthenticationToken.class.isAssignableFrom(aClass); |
||||
} |
||||
|
||||
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException { |
||||
this.context = applicationContext; |
||||
} |
||||
|
||||
public String getLoginContextName() { |
||||
return loginContextName; |
||||
} |
||||
|
||||
/** |
||||
* Set the loginContextName, this name is used as the index to the configuration specified in the loginConfig property. |
||||
* |
||||
* @param loginContextName |
||||
*/ |
||||
public void setLoginContextName(String loginContextName) { |
||||
this.loginContextName = loginContextName; |
||||
} |
||||
|
||||
public Resource getLoginConfig() { |
||||
return loginConfig; |
||||
} |
||||
|
||||
/** |
||||
* Set the JAAS login configuration file. |
||||
* |
||||
* @param loginConfig <a href="http://www.springframework.org/docs/api/org/springframework/core/io/Resource.html">Spring Resource</a> |
||||
* @see <a href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASRefGuide.html">JAAS Reference</a> |
||||
*/ |
||||
public void setLoginConfig(Resource loginConfig) { |
||||
this.loginConfig = loginConfig; |
||||
} |
||||
|
||||
public void afterPropertiesSet() throws Exception { |
||||
|
||||
if (loginConfig == null) |
||||
throw new ApplicationContextException("loginConfig must be set on " + getClass()); |
||||
|
||||
if (loginContextName == null) |
||||
throw new ApplicationContextException("loginContextName must be set on " + getClass()); |
||||
|
||||
int n = 1; |
||||
while (Security.getProperty("login.config.url." + n) != null) n++; |
||||
|
||||
Security.setProperty("login.config.url." + n, loginConfig.getURL().toString()); |
||||
} |
||||
|
||||
/** |
||||
* @return the JAASAuthenticationCallbackHandlers. |
||||
* @see #setCallbackHandlers(net.sf.acegisecurity.providers.jaas.JaasAuthenticationCallbackHandler[]) |
||||
*/ |
||||
public JaasAuthenticationCallbackHandler[] getCallbackHandlers() { |
||||
return callbackHandlers; |
||||
} |
||||
|
||||
/** |
||||
* Set the JAASAuthentcationCallbackHandler array to handle callback objects generated by the |
||||
* LoginContext.login method. |
||||
* |
||||
* @param callbackHandlers Array of JAASAuthenticationCallbackHandlers |
||||
*/ |
||||
public void setCallbackHandlers(JaasAuthenticationCallbackHandler[] callbackHandlers) { |
||||
this.callbackHandlers = callbackHandlers; |
||||
} |
||||
|
||||
/** |
||||
* @return The AuthorityGranter array |
||||
* @see #setAuthorityGranters(net.sf.acegisecurity.providers.jaas.AuthorityGranter[]) |
||||
*/ |
||||
public AuthorityGranter[] getAuthorityGranters() { |
||||
return authorityGranters; |
||||
} |
||||
|
||||
/** |
||||
* Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication. |
||||
* |
||||
* @param authorityGranters AuthorityGranter array |
||||
* @see JaasAuthenticationProvider |
||||
*/ |
||||
public void setAuthorityGranters(AuthorityGranter[] authorityGranters) { |
||||
this.authorityGranters = authorityGranters; |
||||
} |
||||
|
||||
|
||||
/** |
||||
* Wrapper class for JAASAuthenticationCallbackHandlers |
||||
*/ |
||||
private class InternalCallbackHandler implements CallbackHandler { |
||||
|
||||
private Authentication authentication; |
||||
|
||||
public InternalCallbackHandler(Authentication authentication) { |
||||
this.authentication = authentication; |
||||
} |
||||
|
||||
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { |
||||
|
||||
for (int i = 0; i < callbackHandlers.length; i++) { |
||||
JaasAuthenticationCallbackHandler handler = callbackHandlers[i]; |
||||
handler.setAuthentication(authentication); |
||||
for (int j = 0; j < callbacks.length; j++) { |
||||
Callback callback = callbacks[j]; |
||||
handler.handle(callback); |
||||
} |
||||
} |
||||
} |
||||
} |
||||
} |
||||
@ -0,0 +1,27 @@
@@ -0,0 +1,27 @@
|
||||
package net.sf.acegisecurity.providers.jaas; |
||||
|
||||
import net.sf.acegisecurity.GrantedAuthorityImpl; |
||||
|
||||
import java.security.Principal; |
||||
|
||||
/** |
||||
* Extends GrantedAuthorityImpl to hold the principal that an AuthorityGranter justified as a reason to grant this Authority. |
||||
* <br> |
||||
* |
||||
* @author Ray Krueger |
||||
* @version $Id$ |
||||
* @see AuthorityGranter |
||||
*/ |
||||
public class JaasGrantedAuthority extends GrantedAuthorityImpl { |
||||
|
||||
private Principal principal; |
||||
|
||||
public JaasGrantedAuthority(String role, Principal principal) { |
||||
super(role); |
||||
this.principal = principal; |
||||
} |
||||
|
||||
public Principal getPrincipal() { |
||||
return principal; |
||||
} |
||||
} |
||||
@ -0,0 +1,43 @@
@@ -0,0 +1,43 @@
|
||||
package net.sf.acegisecurity.providers.jaas; |
||||
|
||||
import net.sf.acegisecurity.Authentication; |
||||
|
||||
import javax.security.auth.callback.Callback; |
||||
import javax.security.auth.callback.NameCallback; |
||||
import javax.security.auth.callback.UnsupportedCallbackException; |
||||
import java.io.IOException; |
||||
|
||||
/** |
||||
* The most basic Callbacks to be handled when using a LoginContext from JAAS, are the NameCallback and PasswordCallback. |
||||
* The acegi security framework provides the JaasNameCallbackHandler specifically tailored to handling the NameCallback. |
||||
* <br> |
||||
* |
||||
* @author Ray Krueger |
||||
* @version $Id$ |
||||
* @see <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback</a> |
||||
* @see <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/NameCallback.html">NameCallback</a> |
||||
*/ |
||||
public class JaasNameCallbackHandler implements JaasAuthenticationCallbackHandler { |
||||
|
||||
private Authentication authentication; |
||||
|
||||
public void setAuthentication(Authentication authentication) { |
||||
this.authentication = authentication; |
||||
} |
||||
|
||||
/** |
||||
* If the callback passed to the 'handle' method is an instance of NameCallback, the JaasNameCallbackHandler will call, |
||||
* callback.setName(authentication.getPrincipal().toString()). Where 'authentication' is the {@link Authentication} |
||||
* object used in the {@link #setAuthentication(net.sf.acegisecurity.Authentication) setAuthentication} method. |
||||
* |
||||
* @param callback |
||||
* @throws IOException |
||||
* @throws UnsupportedCallbackException |
||||
*/ |
||||
public void handle(Callback callback) throws IOException, UnsupportedCallbackException { |
||||
if (callback instanceof NameCallback) { |
||||
NameCallback ncb = (NameCallback) callback; |
||||
ncb.setName(authentication.getPrincipal().toString()); |
||||
} |
||||
} |
||||
} |
||||
@ -0,0 +1,43 @@
@@ -0,0 +1,43 @@
|
||||
package net.sf.acegisecurity.providers.jaas; |
||||
|
||||
import net.sf.acegisecurity.Authentication; |
||||
|
||||
import javax.security.auth.callback.Callback; |
||||
import javax.security.auth.callback.PasswordCallback; |
||||
import javax.security.auth.callback.UnsupportedCallbackException; |
||||
import java.io.IOException; |
||||
|
||||
/** |
||||
* The most basic Callbacks to be handled when using a LoginContext from JAAS, are the NameCallback and PasswordCallback. |
||||
* The acegi security framework provides the JaasPasswordCallbackHandler specifically tailored to handling the PasswordCallback. |
||||
* <br> |
||||
* |
||||
* @author Ray Krueger |
||||
* @version $Id$ |
||||
* @see <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/Callback.html">Callback</a> |
||||
* @see <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/callback/PasswordCallback.html">PasswordCallback</a> |
||||
*/ |
||||
public class JaasPasswordCallbackHandler implements JaasAuthenticationCallbackHandler { |
||||
|
||||
private Authentication auth; |
||||
|
||||
public void setAuthentication(Authentication auth) { |
||||
this.auth = auth; |
||||
} |
||||
|
||||
/** |
||||
* If the callback passed to the 'handle' method is an instance of PasswordCallback, the JaasPasswordCallbackHandler will call, |
||||
* callback.setPassword(authentication.getCredentials().toString()). Where 'authentication' is the {@link Authentication} |
||||
* object used in the {@link JaasAuthenticationCallbackHandler#setAuthentication(net.sf.acegisecurity.Authentication) setAuthentication} method. |
||||
* |
||||
* @param callback |
||||
* @throws IOException |
||||
* @throws UnsupportedCallbackException |
||||
*/ |
||||
public void handle(Callback callback) throws IOException, UnsupportedCallbackException { |
||||
if (callback instanceof PasswordCallback) { |
||||
PasswordCallback pc = (PasswordCallback) callback; |
||||
pc.setPassword(auth.getCredentials().toString().toCharArray()); |
||||
} |
||||
} |
||||
} |
||||
@ -0,0 +1,31 @@
@@ -0,0 +1,31 @@
|
||||
package net.sf.acegisecurity.providers.jaas.event; |
||||
|
||||
import net.sf.acegisecurity.Authentication; |
||||
import org.springframework.context.ApplicationEvent; |
||||
|
||||
/** |
||||
* Parent class for events fired by the {@link net.sf.acegisecurity.providers.jaas.JaasAuthenticationProvider JaasAuthenticationProvider}. |
||||
* |
||||
* @author Ray Krueger |
||||
* @version $Id$ |
||||
*/ |
||||
public abstract class JaasAuthenticationEvent extends ApplicationEvent { |
||||
|
||||
/** |
||||
* The Authentication object is stored as the ApplicationEvent 'source'. |
||||
* |
||||
* @param auth |
||||
*/ |
||||
public JaasAuthenticationEvent(Authentication auth) { |
||||
super(auth); |
||||
} |
||||
|
||||
/** |
||||
* Pre-casted method that returns the 'source' of the event. |
||||
* |
||||
* @return |
||||
*/ |
||||
public Authentication getAuthentication() { |
||||
return (Authentication) source; |
||||
} |
||||
} |
||||
@ -0,0 +1,25 @@
@@ -0,0 +1,25 @@
|
||||
package net.sf.acegisecurity.providers.jaas.event; |
||||
|
||||
import net.sf.acegisecurity.Authentication; |
||||
|
||||
/** |
||||
* Fired when LoginContext.login throws a LoginException, or if any other exception is thrown during that time. |
||||
* <br> |
||||
* |
||||
* @author Ray Krueger |
||||
* @version $Id$ |
||||
*/ |
||||
public class JaasAuthenticationFailedEvent extends JaasAuthenticationEvent { |
||||
|
||||
private Exception exception; |
||||
|
||||
public JaasAuthenticationFailedEvent(Authentication auth, Exception exception) { |
||||
super(auth); |
||||
this.exception = exception; |
||||
} |
||||
|
||||
public Exception getException() { |
||||
return exception; |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,19 @@
@@ -0,0 +1,19 @@
|
||||
package net.sf.acegisecurity.providers.jaas.event; |
||||
|
||||
import net.sf.acegisecurity.Authentication; |
||||
|
||||
/** |
||||
* Fired by the {@link net.sf.acegisecurity.providers.jaas.JaasAuthenticationProvider JaasAuthenticationProvider} after |
||||
* successfully logging the user into the LoginContext, handling all callbacks, and calling all AuthorityGranters. |
||||
* <br> |
||||
* |
||||
* @author Ray Krueger |
||||
* @version $Id$ |
||||
*/ |
||||
public class JaasAuthenticationSuccessEvent extends JaasAuthenticationEvent { |
||||
|
||||
public JaasAuthenticationSuccessEvent(Authentication auth) { |
||||
super(auth); |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,71 @@
@@ -0,0 +1,71 @@
|
||||
package net.sf.acegisecurity.providers.jaas; |
||||
|
||||
import junit.framework.TestCase; |
||||
import net.sf.acegisecurity.Authentication; |
||||
import net.sf.acegisecurity.AuthenticationException; |
||||
import net.sf.acegisecurity.GrantedAuthority; |
||||
import net.sf.acegisecurity.GrantedAuthorityImpl; |
||||
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken; |
||||
import org.springframework.context.support.FileSystemXmlApplicationContext; |
||||
|
||||
import java.util.Arrays; |
||||
import java.util.List; |
||||
|
||||
/** |
||||
* Insert comments here... |
||||
* <br> |
||||
* |
||||
* @author Ray Krueger |
||||
* @version $Id$ |
||||
*/ |
||||
public class JaasAuthenticationProviderTests extends TestCase { |
||||
|
||||
private JaasAuthenticationProvider jaasProvider; |
||||
|
||||
protected void setUp() throws Exception { |
||||
String resName = "/" + getClass().getName().replace('.', '/') + ".xml"; |
||||
FileSystemXmlApplicationContext context = new FileSystemXmlApplicationContext(getClass().getResource(resName).toString()); |
||||
jaasProvider = (JaasAuthenticationProvider) context.getBean("jaasAuthenticationProvider"); |
||||
} |
||||
|
||||
public void testFull() throws Exception { |
||||
|
||||
GrantedAuthorityImpl role1 = new GrantedAuthorityImpl("ROLE_1"); |
||||
GrantedAuthorityImpl role2 = new GrantedAuthorityImpl("ROLE_2"); |
||||
|
||||
GrantedAuthority[] defaultAuths = new GrantedAuthority[]{ |
||||
role1, |
||||
role2, |
||||
}; |
||||
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password", defaultAuths); |
||||
|
||||
Authentication auth = jaasProvider.authenticate(token); |
||||
|
||||
List list = Arrays.asList(auth.getAuthorities()); |
||||
|
||||
assertTrue("GrantedAuthorities does not contain ROLE_TEST", |
||||
list.contains(new GrantedAuthorityImpl("ROLE_TEST"))); |
||||
|
||||
assertTrue("GrantedAuthorities does not contain ROLE_1", list.contains(role1)); |
||||
|
||||
assertTrue("GrantedAuthorities does not contain ROLE_2", list.contains(role2)); |
||||
} |
||||
|
||||
public void testBadUser() { |
||||
try { |
||||
jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("asdf", "password")); |
||||
fail("LoginException should have been thrown for the bad user"); |
||||
} catch (AuthenticationException e) { |
||||
} |
||||
} |
||||
|
||||
public void testBadPassword() { |
||||
try { |
||||
jaasProvider.authenticate(new UsernamePasswordAuthenticationToken("user", "asdf")); |
||||
fail("LoginException should have been thrown for the bad password"); |
||||
} catch (AuthenticationException e) { |
||||
} |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,25 @@
@@ -0,0 +1,25 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> |
||||
|
||||
<beans> |
||||
<bean id="jaasAuthenticationProvider" class="net.sf.acegisecurity.providers.jaas.JaasAuthenticationProvider"> |
||||
<property name="loginContextName"> |
||||
<value>JAASTest</value> |
||||
</property> |
||||
<property name="loginConfig"> |
||||
<value>classpath:net/sf/acegisecurity/providers/jaas/login.conf</value> |
||||
</property> |
||||
<property name="callbackHandlers"> |
||||
<list> |
||||
<bean class="net.sf.acegisecurity.providers.jaas.TestCallbackHandler"/> |
||||
<bean class="net.sf.acegisecurity.providers.jaas.JaasNameCallbackHandler"/> |
||||
<bean class="net.sf.acegisecurity.providers.jaas.JaasPasswordCallbackHandler"/> |
||||
</list> |
||||
</property> |
||||
<property name="authorityGranters"> |
||||
<list> |
||||
<bean class="net.sf.acegisecurity.providers.jaas.TestAuthorityGranter"/> |
||||
</list> |
||||
</property> |
||||
</bean> |
||||
</beans> |
||||
Loading…
Reference in new issue