Search in sources :

Example 6 with NamePasswordCallbackHandler

use of org.apache.karaf.jaas.modules.NamePasswordCallbackHandler in project karaf by apache.

the class GSSAPILdapLoginModuleTest method testNoRealm.

@Test(expected = LoginException.class)
public void testNoRealm() throws Exception {
    Properties options = ldapLoginModuleOptions();
    options.remove(GSSAPILdapLoginModule.REALM_PROPERTY);
    GSSAPILdapLoginModule module = new GSSAPILdapLoginModule();
    Subject subject = new Subject();
    module.initialize(subject, new NamePasswordCallbackHandler("hnelson0", "secret"), null, options);
    assertEquals("Precondition", 0, subject.getPrincipals().size());
    // should throw LoginException
    assertTrue(module.login());
}
Also used : NamePasswordCallbackHandler(org.apache.karaf.jaas.modules.NamePasswordCallbackHandler) Properties(org.apache.felix.utils.properties.Properties) Subject(javax.security.auth.Subject) AbstractKerberosITest(org.apache.directory.server.kerberos.kdc.AbstractKerberosITest) Test(org.junit.Test)

Example 7 with NamePasswordCallbackHandler

use of org.apache.karaf.jaas.modules.NamePasswordCallbackHandler in project karaf by apache.

the class GSSAPILdapLoginModuleTest method testUsernameFailure.

@Test(expected = LoginException.class)
public void testUsernameFailure() throws Exception {
    Properties options = ldapLoginModuleOptions();
    GSSAPILdapLoginModule module = new GSSAPILdapLoginModule();
    Subject subject = new Subject();
    module.initialize(subject, new NamePasswordCallbackHandler("hnelson0", "secret"), null, options);
    assertEquals("Precondition", 0, subject.getPrincipals().size());
    // should throw LoginException
    assertTrue(module.login());
}
Also used : NamePasswordCallbackHandler(org.apache.karaf.jaas.modules.NamePasswordCallbackHandler) Properties(org.apache.felix.utils.properties.Properties) Subject(javax.security.auth.Subject) AbstractKerberosITest(org.apache.directory.server.kerberos.kdc.AbstractKerberosITest) Test(org.junit.Test)

Example 8 with NamePasswordCallbackHandler

use of org.apache.karaf.jaas.modules.NamePasswordCallbackHandler in project karaf by apache.

the class GSSAPILdapLoginModuleTest method testSuccess.

@Test
public void testSuccess() throws Exception {
    Properties options = ldapLoginModuleOptions();
    GSSAPILdapLoginModule module = new GSSAPILdapLoginModule();
    Subject subject = new Subject();
    module.initialize(subject, new NamePasswordCallbackHandler("hnelson", "secret"), null, options);
    assertEquals("Precondition", 0, subject.getPrincipals().size());
    assertTrue(module.login());
    assertTrue(module.commit());
    assertEquals(3, subject.getPrincipals().size());
    boolean foundKrb5User = false;
    boolean foundUser = false;
    boolean foundRole = false;
    boolean foundTicket = false;
    for (Principal pr : subject.getPrincipals()) {
        if (pr instanceof KerberosPrincipal) {
            assertEquals("hnelson@EXAMPLE.COM", pr.getName());
            foundKrb5User = true;
        } else if (pr instanceof UserPrincipal) {
            assertEquals("hnelson", pr.getName());
            foundUser = true;
        } else if (pr instanceof RolePrincipal) {
            assertEquals("admin", pr.getName());
            foundRole = true;
        }
    }
    for (Object crd : subject.getPrivateCredentials()) {
        if (crd instanceof KerberosTicket) {
            assertEquals("hnelson@EXAMPLE.COM", ((KerberosTicket) crd).getClient().getName());
            assertEquals("krbtgt/EXAMPLE.COM@EXAMPLE.COM", ((KerberosTicket) crd).getServer().getName());
            foundTicket = true;
            break;
        }
    }
    assertTrue("Principals should contains kerberos user", foundKrb5User);
    assertTrue("Principals should contains ldap user", foundUser);
    assertTrue("Principals should contains ldap role", foundRole);
    assertTrue("PricatePrincipals should contains kerberos ticket", foundTicket);
    assertTrue(module.logout());
    assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) KerberosTicket(javax.security.auth.kerberos.KerberosTicket) NamePasswordCallbackHandler(org.apache.karaf.jaas.modules.NamePasswordCallbackHandler) Properties(org.apache.felix.utils.properties.Properties) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Subject(javax.security.auth.Subject) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Principal(java.security.Principal) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) AbstractKerberosITest(org.apache.directory.server.kerberos.kdc.AbstractKerberosITest) Test(org.junit.Test)

Example 9 with NamePasswordCallbackHandler

use of org.apache.karaf.jaas.modules.NamePasswordCallbackHandler in project karaf by apache.

the class LdapLoginModuleTest method testEmptyPassword.

@Test
public void testEmptyPassword() throws Exception {
    Properties options = ldapLoginModuleOptions();
    LDAPLoginModule module = new LDAPLoginModule();
    Subject subject = new Subject();
    module.initialize(subject, new NamePasswordCallbackHandler("imnothere", ""), null, options);
    assertEquals("Precondition", 0, subject.getPrincipals().size());
    try {
        module.login();
        fail("Should have failed");
    } catch (LoginException e) {
        assertTrue(e.getMessage().equals("Empty passwords not allowed"));
    }
}
Also used : NamePasswordCallbackHandler(org.apache.karaf.jaas.modules.NamePasswordCallbackHandler) LoginException(javax.security.auth.login.LoginException) Properties(org.apache.felix.utils.properties.Properties) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 10 with NamePasswordCallbackHandler

use of org.apache.karaf.jaas.modules.NamePasswordCallbackHandler in project karaf by apache.

the class LdapLoginModuleTest method testBadPassword.

@Test
public void testBadPassword() throws Exception {
    Properties options = ldapLoginModuleOptions();
    LDAPLoginModule module = new LDAPLoginModule();
    Subject subject = new Subject();
    module.initialize(subject, new NamePasswordCallbackHandler("admin", "blahblah"), null, options);
    assertEquals("Precondition", 0, subject.getPrincipals().size());
    try {
        module.login();
        fail("Should have thrown LoginException");
    } catch (LoginException e) {
        assertTrue(e.getMessage().startsWith("Authentication failed"));
    }
}
Also used : NamePasswordCallbackHandler(org.apache.karaf.jaas.modules.NamePasswordCallbackHandler) LoginException(javax.security.auth.login.LoginException) Properties(org.apache.felix.utils.properties.Properties) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Aggregations

Subject (javax.security.auth.Subject)26 NamePasswordCallbackHandler (org.apache.karaf.jaas.modules.NamePasswordCallbackHandler)26 Test (org.junit.Test)25 Properties (org.apache.felix.utils.properties.Properties)21 Principal (java.security.Principal)13 RolePrincipal (org.apache.karaf.jaas.boot.principal.RolePrincipal)13 UserPrincipal (org.apache.karaf.jaas.boot.principal.UserPrincipal)13 AbstractKerberosITest (org.apache.directory.server.kerberos.kdc.AbstractKerberosITest)8 File (java.io.File)4 HashMap (java.util.HashMap)4 ArrayList (java.util.ArrayList)3 GroupPrincipal (org.apache.karaf.jaas.boot.principal.GroupPrincipal)3 KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)2 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)2 FailedLoginException (javax.security.auth.login.FailedLoginException)2 LoginException (javax.security.auth.login.LoginException)2 Attribute (javax.naming.directory.Attribute)1 Attributes (javax.naming.directory.Attributes)1 BasicAttribute (javax.naming.directory.BasicAttribute)1 BasicAttributes (javax.naming.directory.BasicAttributes)1