From: Scott M S. <st...@us...> - 2001-07-09 20:20:49
|
User: starksm Date: 01/07/09 13:20:48 Modified: src/main/org/jboss/test/security/test TestEJBSpec.java Log: Add test of MDB accessing a secured entity using the run-as capability Revision Changes Path 1.8 +291 -253 jbosstest/src/main/org/jboss/test/security/test/TestEJBSpec.java Index: TestEJBSpec.java =================================================================== RCS file: /cvsroot/jboss/jbosstest/src/main/org/jboss/test/security/test/TestEJBSpec.java,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- TestEJBSpec.java 2001/07/06 02:29:21 1.7 +++ TestEJBSpec.java 2001/07/09 20:20:48 1.8 @@ -6,6 +6,14 @@ import javax.naming.InitialContext; import javax.naming.NamingException; import javax.rmi.PortableRemoteObject; +import javax.jms.Message; +import javax.jms.Queue; +import javax.jms.QueueConnection; +import javax.jms.QueueConnectionFactory; +import javax.jms.QueueReceiver; +import javax.jms.QueueSender; +import javax.jms.QueueSession; +import javax.jms.Session; import javax.security.auth.login.*; import org.jboss.test.security.interfaces.StatelessSession; @@ -18,261 +26,291 @@ import org.jboss.test.util.Deploy; /** Test of EJB spec conformace using the security-spec.jar -deployment unit. These test the basic role based access model. - -@author Sco...@jb... -@version $Revision: 1.7 $ -*/ + deployment unit. These test the basic role based access model. + + @author Sco...@jb... + @version $Revision: 1.8 $ + */ public class TestEJBSpec extends junit.framework.TestCase { - static String username = "scott"; - static char[] password = "echoman".toCharArray(); - - LoginContext lc; - boolean loggedIn; - - public TestEJBSpec(String name) - { - super(name); - } - - protected void setUp() throws Exception - { - // Deploy.deploy("security-spec.jar"); - } - - /** Test that: - 1. SecureBean returns a non-null principal when getCallerPrincipal - is called with a security context and that this is propagated - to its Entity bean ref. - - 2. UnsecureBean throws an IllegalStateException when getCallerPrincipal - is called without a security context. - */ - public void testGetCallerPrincipal() throws Exception - { - logout(); - System.out.println("+++ testGetCallerPrincipal()"); - InitialContext jndiContext = new InitialContext(); - Object obj = jndiContext.lookup("spec.UnsecureStatelessSession2"); - obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class); - StatelessSessionHome home = (StatelessSessionHome) obj; - System.out.println("Found Unsecure StatelessSessionHome"); - StatelessSession bean = home.create(); - System.out.println("Created spec.UnsecureStatelessSession2"); - - try - { - // This should fail because echo calls getCallerPrincipal() - bean.echo("Hello from nobody?"); - fail("Was able to call StatelessSession.echo"); - } - catch(RemoteException e) - { - System.out.println("echo failed as expected"); - } - bean.remove(); - - login(); - obj = jndiContext.lookup("spec.StatelessSession2"); - obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class); - home = (StatelessSessionHome) obj; - System.out.println("Found spec.StatelessSession2"); - bean = home.create(); - System.out.println("Created spec.StatelessSession2"); - // Test that the Entity bean sees username as its principal - String echo = bean.echo(username); - System.out.println("bean.echo(username) = "+echo); - assert("username == echo", echo.equals(username)); - bean.remove(); - } - - /** Test that the calling principal is propagated across bean calls. + static String username = "scott"; + static char[] password = "echoman".toCharArray(); + static String QUEUE_FACTORY = "QueueConnectionFactory"; + + LoginContext lc; + boolean loggedIn; + + public TestEJBSpec(String name) + { + super(name); + } + + protected void setUp() throws Exception + { + // Deploy.deploy("security-spec.jar"); + } + + /** Test that: + 1. SecureBean returns a non-null principal when getCallerPrincipal + is called with a security context and that this is propagated + to its Entity bean ref. + + 2. UnsecureBean throws an IllegalStateException when getCallerPrincipal + is called without a security context. */ - public void testPrincipalPropagation() throws Exception - { - logout(); - login(); - InitialContext jndiContext = new InitialContext(); - Object obj = jndiContext.lookup("spec.UnsecureStatelessSession2"); - obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class); - StatelessSessionHome home = (StatelessSessionHome) obj; - System.out.println("Found Unsecure StatelessSessionHome"); - StatelessSession bean = home.create(); - System.out.println("Created spec.UnsecureStatelessSession2"); - System.out.println("Bean.forward('Hello') -> "+bean.forward("Hello")); - bean.remove(); - } - - /** Test that the echo method is accessible by an Echo - role. Since the noop() method of the StatelessSession - bean was not assigned any permissions it should not be - accessible by any user. - */ - public void testMethodAccess() throws Exception - { - login(); - InitialContext jndiContext = new InitialContext(); - Object obj = jndiContext.lookup("spec.StatelessSession"); - obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class); - StatelessSessionHome home = (StatelessSessionHome) obj; - System.out.println("Found StatelessSessionHome"); - StatelessSession bean = home.create(); - System.out.println("Created spec.StatelessSession"); - System.out.println("Bean.echo('Hello') -> "+bean.echo("Hello")); - - try - { - // This should not be allowed - bean.noop(); - fail("Was able to call StatelessSession.noop"); - } - catch(RemoteException e) - { - System.out.println("StatelessSession.noop failed as expected"); - } - bean.remove(); - } - - /** Test that a user with a role that has not been assigned any - method permissions in the ejb-jar descriptor is able to access a - method that has been marked as unchecked. - */ - public void testUnchecked() throws Exception - { - // Login as scott to create the bean - login(); - InitialContext jndiContext = new InitialContext(); - Object obj = jndiContext.lookup("spec.StatelessSession"); - obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class); - StatelessSessionHome home = (StatelessSessionHome) obj; - System.out.println("Found spec.StatelessSession Home"); - StatelessSession bean = home.create(); - System.out.println("Created spec.StatelessSession"); - // Logout and login back in as stark to test access to the unchecked method - logout(); - login("stark", "javaman".toCharArray()); - bean.unchecked(); - System.out.println("Called Bean.unchecked()"); - logout(); - } - - /** Test that user scott who has the Echo role is not able to - access the StatelessSession2.excluded method even though - the Echo role has been granted access to all methods of - StatelessSession2 to test that the excluded-list takes - precendence over the method-permissions. - */ - public void testExcluded() throws Exception - { - System.out.println("+++ testExcluded"); - login(); - InitialContext jndiContext = new InitialContext(); - Object obj = jndiContext.lookup("spec.StatelessSession2"); - obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class); - StatelessSessionHome home = (StatelessSessionHome) obj; - System.out.println("Found spec.StatelessSession2 Home"); - StatelessSession bean = home.create(); - System.out.println("Created spec.StatelessSession2"); - try - { - bean.excluded(); - fail("Was able to call Bean.excluded()"); - } - catch(Exception e) - { - System.out.println("Bean.excluded() failed as expected"); - // This is what we expect - } - logout(); - } - - /** This method tests the following call chains: - 1. RunAsStatelessSession.echo() -> PrivateEntity.echo() - 2. RunAsStatelessSession.noop() -> RunAsStatelessSession.excluded() - 3. RunAsStatelessSession.forward() -> StatelessSession.echo() - 1. Should succeed because the run-as identity of RunAsStatelessSession - is valid for accessing PrivateEntity. - 2. Should succeed ecause the run-as identity of RunAsStatelessSession - is valid for accessing RunAsStatelessSession.excluded(). - 3. Should fail because the run-as identity of RunAsStatelessSession - is not Echo. - */ - public void testRunAs() throws Exception - { - login(); - InitialContext jndiContext = new InitialContext(); - Object obj = jndiContext.lookup("spec.RunAsStatelessSession"); - obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class); - StatelessSessionHome home = (StatelessSessionHome) obj; - System.out.println("Found RunAsStatelessSession Home"); - StatelessSession bean = home.create(); - System.out.println("Created spec.RunAsStatelessSession"); - System.out.println("Bean.echo('Hello') -> "+bean.echo("Hello")); - bean.noop(); - System.out.println("Bean.noop(), ok"); - - try - { - // This should not be allowed - bean.forward("Hello"); - fail("Was able to call RunAsStatelessSession.forward"); - } - catch(RemoteException e) - { - System.out.println("StatelessSession.forward failed as expected"); - } - bean.remove(); - } - - /** Login as user scott using the conf.name login config or - 'spec-test' if conf.name is not defined. - */ - private void login() throws Exception - { - login(username, password); - } - private void login(String username, char[] password) throws Exception - { - if( loggedIn ) - return; - - lc = null; - String confName = System.getProperty("conf.name", "spec-test"); - AppCallbackHandler handler = new AppCallbackHandler(username, password); - System.out.println("Creating LoginContext("+confName+")"); - lc = new LoginContext(confName, handler); - lc.login(); - System.out.println("Created LoginContext, subject="+lc.getSubject()); - loggedIn = true; - } - private void logout() throws Exception - { - if( loggedIn ) - { - loggedIn = false; - lc.logout(); - } - } - - public static Test suite() { - TestSuite suite = new TestSuite(); - - try { - String filename = "security-spec.jar"; - System.out.println("Deploying..."); - Deploy.deploy(filename); - - suite.addTest(new TestSuite(TestEJBSpec.class)); - - // add a test case to undeploy our support applications - suite.addTest(new Deploy.Undeployer(filename)); - } - catch (Throwable t) { - t.printStackTrace(); - System.exit(0); - } + public void testGetCallerPrincipal() throws Exception + { + logout(); + System.out.println("+++ testGetCallerPrincipal()"); + InitialContext jndiContext = new InitialContext(); + Object obj = jndiContext.lookup("spec.UnsecureStatelessSession2"); + obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class); + StatelessSessionHome home = (StatelessSessionHome) obj; + System.out.println("Found Unsecure StatelessSessionHome"); + StatelessSession bean = home.create(); + System.out.println("Created spec.UnsecureStatelessSession2"); + + try + { + // This should fail because echo calls getCallerPrincipal() + bean.echo("Hello from nobody?"); + fail("Was able to call StatelessSession.echo"); + } + catch(RemoteException e) + { + System.out.println("echo failed as expected"); + } + bean.remove(); + + login(); + obj = jndiContext.lookup("spec.StatelessSession2"); + obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class); + home = (StatelessSessionHome) obj; + System.out.println("Found spec.StatelessSession2"); + bean = home.create(); + System.out.println("Created spec.StatelessSession2"); + // Test that the Entity bean sees username as its principal + String echo = bean.echo(username); + System.out.println("bean.echo(username) = "+echo); + assert("username == echo", echo.equals(username)); + bean.remove(); + } + + /** Test that the calling principal is propagated across bean calls. + */ + public void testPrincipalPropagation() throws Exception + { + System.out.println("+++ testPrincipalPropagation"); + logout(); + login(); + InitialContext jndiContext = new InitialContext(); + Object obj = jndiContext.lookup("spec.UnsecureStatelessSession2"); + obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class); + StatelessSessionHome home = (StatelessSessionHome) obj; + System.out.println("Found Unsecure StatelessSessionHome"); + StatelessSession bean = home.create(); + System.out.println("Created spec.UnsecureStatelessSession2"); + System.out.println("Bean.forward('Hello') -> "+bean.forward("Hello")); + bean.remove(); + } + + /** Test that the echo method is accessible by an Echo + role. Since the noop() method of the StatelessSession + bean was not assigned any permissions it should not be + accessible by any user. + */ + public void testMethodAccess() throws Exception + { + System.out.println("+++ testMethodAccess"); + login(); + InitialContext jndiContext = new InitialContext(); + Object obj = jndiContext.lookup("spec.StatelessSession"); + obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class); + StatelessSessionHome home = (StatelessSessionHome) obj; + System.out.println("Found StatelessSessionHome"); + StatelessSession bean = home.create(); + System.out.println("Created spec.StatelessSession"); + System.out.println("Bean.echo('Hello') -> "+bean.echo("Hello")); + + try + { + // This should not be allowed + bean.noop(); + fail("Was able to call StatelessSession.noop"); + } + catch(RemoteException e) + { + System.out.println("StatelessSession.noop failed as expected"); + } + bean.remove(); + } + + /** Test that a user with a role that has not been assigned any + method permissions in the ejb-jar descriptor is able to access a + method that has been marked as unchecked. + */ + public void testUnchecked() throws Exception + { + System.out.println("+++ testUnchecked"); + // Login as scott to create the bean + login(); + InitialContext jndiContext = new InitialContext(); + Object obj = jndiContext.lookup("spec.StatelessSession"); + obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class); + StatelessSessionHome home = (StatelessSessionHome) obj; + System.out.println("Found spec.StatelessSession Home"); + StatelessSession bean = home.create(); + System.out.println("Created spec.StatelessSession"); + // Logout and login back in as stark to test access to the unchecked method + logout(); + login("stark", "javaman".toCharArray()); + bean.unchecked(); + System.out.println("Called Bean.unchecked()"); + logout(); + } + + /** Test that user scott who has the Echo role is not able to + access the StatelessSession2.excluded method even though + the Echo role has been granted access to all methods of + StatelessSession2 to test that the excluded-list takes + precendence over the method-permissions. + */ + public void testExcluded() throws Exception + { + System.out.println("+++ testExcluded"); + login(); + InitialContext jndiContext = new InitialContext(); + Object obj = jndiContext.lookup("spec.StatelessSession2"); + obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class); + StatelessSessionHome home = (StatelessSessionHome) obj; + System.out.println("Found spec.StatelessSession2 Home"); + StatelessSession bean = home.create(); + System.out.println("Created spec.StatelessSession2"); + try + { + bean.excluded(); + fail("Was able to call Bean.excluded()"); + } + catch(Exception e) + { + System.out.println("Bean.excluded() failed as expected"); + // This is what we expect + } + logout(); + } + + /** This method tests the following call chains: + 1. RunAsStatelessSession.echo() -> PrivateEntity.echo() + 2. RunAsStatelessSession.noop() -> RunAsStatelessSession.excluded() + 3. RunAsStatelessSession.forward() -> StatelessSession.echo() + 1. Should succeed because the run-as identity of RunAsStatelessSession + is valid for accessing PrivateEntity. + 2. Should succeed ecause the run-as identity of RunAsStatelessSession + is valid for accessing RunAsStatelessSession.excluded(). + 3. Should fail because the run-as identity of RunAsStatelessSession + is not Echo. + */ + public void testRunAs() throws Exception + { + System.out.println("+++ testRunAs"); + login(); + InitialContext jndiContext = new InitialContext(); + Object obj = jndiContext.lookup("spec.RunAsStatelessSession"); + obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class); + StatelessSessionHome home = (StatelessSessionHome) obj; + System.out.println("Found RunAsStatelessSession Home"); + StatelessSession bean = home.create(); + System.out.println("Created spec.RunAsStatelessSession"); + System.out.println("Bean.echo('Hello') -> "+bean.echo("Hello")); + bean.noop(); + System.out.println("Bean.noop(), ok"); + + try + { + // This should not be allowed + bean.forward("Hello"); + fail("Was able to call RunAsStatelessSession.forward"); + } + catch(RemoteException e) + { + System.out.println("StatelessSession.forward failed as expected"); + } + bean.remove(); + } + + public void testMDBRunAs() throws Exception + { + System.out.println("+++ testMDBRunAs"); + logout(); + InitialContext jndiContext = new InitialContext(); + QueueConnectionFactory queueFactory = (QueueConnectionFactory) jndiContext.lookup(QUEUE_FACTORY); + Queue que = (Queue) jndiContext.lookup("queue/A"); + QueueConnection queueConn = queueFactory.createQueueConnection(); + QueueSession session = queueConn.createQueueSession(false, Session.AUTO_ACKNOWLEDGE); + Message msg = session.createMessage(); + msg.setStringProperty("arg", "HelloMDB"); + QueueSender sender = session.createSender(que); + sender.send(msg); + sender.close(); + System.out.println("Sent msg to queue/A"); + QueueReceiver recv = session.createReceiver(que); + msg = recv.receive(5000); + System.out.println("Recv msg: "+msg); + recv.close(); + session.close(); + queueConn.close(); + } - return suite; - } + /** Login as user scott using the conf.name login config or + 'spec-test' if conf.name is not defined. + */ + private void login() throws Exception + { + login(username, password); + } + private void login(String username, char[] password) throws Exception + { + if( loggedIn ) + return; + + lc = null; + String confName = System.getProperty("conf.name", "spec-test"); + AppCallbackHandler handler = new AppCallbackHandler(username, password); + System.out.println("Creating LoginContext("+confName+")"); + lc = new LoginContext(confName, handler); + lc.login(); + System.out.println("Created LoginContext, subject="+lc.getSubject()); + loggedIn = true; + } + private void logout() throws Exception + { + if( loggedIn ) + { + loggedIn = false; + lc.logout(); + } + } + + public static Test suite() + { + TestSuite suite = new TestSuite(); + + try + { + String filename = "security-spec.jar"; + System.out.println("Deploying..."); + Deploy.deploy(filename); + + suite.addTest(new TestSuite(TestEJBSpec.class)); + // add a test case to undeploy our support applications + suite.addTest(new Deploy.Undeployer(filename)); + } + catch (Throwable t) + { + t.printStackTrace(); + System.exit(0); + } + + return suite; + } } |