SecurityContextLoginModuleTests xref


1   /* Copyright 2004, 2005 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.providers.jaas;
17  
18  import junit.framework.TestCase;
19  
20  import org.acegisecurity.context.SecurityContextHolder;
21  import org.acegisecurity.context.SecurityContextImpl;
22  import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
23  
24  import java.util.HashSet;
25  import java.util.Map;
26  import java.util.HashMap;
27  
28  import javax.security.auth.Subject;
29  import javax.security.auth.login.LoginException;
30  
31  
32  /***
33   * Tests SecurityContextLoginModule
34   *
35   * @author Ray Krueger
36   */
37  public class SecurityContextLoginModuleTests extends TestCase {
38      //~ Instance fields ========================================================
39  
40      private SecurityContextLoginModule module = null;
41      private Subject subject = new Subject(false, new HashSet(), new HashSet(),
42              new HashSet());
43      private UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("principal",
44              "credentials");
45  
46      //~ Methods ================================================================
47  
48      public void testAbort() throws Exception {
49          assertFalse("Should return false, no auth is set", module.abort());
50          SecurityContextHolder.getContext().setAuthentication(auth);
51          module.login();
52          module.commit();
53          assertTrue(module.abort());
54      }
55  
56      public void testLoginException() throws Exception {
57          try {
58              module.login();
59              fail(
60                  "LoginException expected, there is no Authentication in the SecurityContext");
61          } catch (LoginException e) {}
62      }
63  
64      public void testLoginSuccess() throws Exception {
65          SecurityContextHolder.getContext().setAuthentication(auth);
66          assertTrue("Login should succeed, there is an authentication set",
67              module.login());
68          assertTrue("The authentication is not null, this should return true",
69              module.commit());
70          assertTrue("Principals should contain the authentication",
71              subject.getPrincipals().contains(auth));
72      }
73  
74      public void testLogout() throws Exception {
75          SecurityContextHolder.getContext().setAuthentication(auth);
76          module.login();
77          assertTrue("Should return true as it succeeds", module.logout());
78          assertEquals("Authentication should be null", null,
79              module.getAuthentication());
80  
81          assertFalse("Principals should not contain the authentication after logout",
82              subject.getPrincipals().contains(auth));
83      }
84  
85      public void testNullAuthenticationInSecurityContext()
86          throws Exception {
87          try {
88              SecurityContextHolder.getContext().setAuthentication(null);
89              module.login();
90              fail("LoginException expected, the authentication is null in the SecurityContext");
91          } catch (Exception e) {
92          }
93      }
94  
95      public void testNullAuthenticationInSecurityContextIgnored()
96          throws Exception {
97          module = new SecurityContextLoginModule();
98  
99          Map options = new HashMap();
100         options.put("ignoreMissingAuthentication", "true");
101 
102         module.initialize(subject, null, null, options);
103         SecurityContextHolder.getContext().setAuthentication(null);
104         assertFalse("Should return false and ask to be ignored", module.login());
105     }
106 
107     public void testNullLogout() throws Exception {
108         assertFalse(module.logout());
109     }
110 
111     protected void setUp() throws Exception {
112         module = new SecurityContextLoginModule();
113         module.initialize(subject, null, null, null);
114         SecurityContextHolder.setContext(new SecurityContextImpl());
115     }
116 
117     protected void tearDown() throws Exception {
118         SecurityContextHolder.setContext(new SecurityContextImpl());
119         module = null;
120     }
121 }