Red Hat SummitEste contenido no está disponible en el idioma seleccionado.
Chapter 16. Example of Authorization
The following is a test case for the default implementation's
JBossAuthorizationManager. It tests the web layer's authorization module. The default web layer module permits all actions, because decisions are handled by the Tomcat RealmBase. Note that AuthorizationModule is injected into the AuthorizationInfo class, which is part of the ApplicationPolicy object set in the SecurityConfiguration.
package org.jboss.test.authorization;
import java.security.Principal;
import java.security.acl.Group;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.config.AuthorizationModuleEntry;
import org.jboss.security.authorization.resources.WebResource;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.AuthorizationInfo;
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.jacc.SubjectPolicyContextHandler;
import org.jboss.security.plugins.JBossAuthorizationManager;
import org.jboss.security.plugins.SecurityContextAssociation;
import org.jboss.security.plugins.SecurityContextFactory;
import org.jboss.test.authorization.xacml.TestHttpServletRequest;
import junit.framework.TestCase;
/**
* Unit test the JBossAuthorizationManager
*/
public class JBossAuthorizationManagerUnitTestCase extends TestCase
{
private Principal p = new SimplePrincipal("jduke");
private String contextID = "web.jar";
private String uri = "/xacml-subjectrole/test";
protected void setUp() throws Exception
{
super.setUp();
setSecurityContext();
setUpPolicyContext();
setSecurityConfiguration();
}
public void testAuthorization() throws Exception
{
HashMap cmap = new HashMap();
cmap.put(ResourceKeys.WEB_REQUEST, new TestHttpServletRequest(p,"test", "get"));
WebResource wr = new WebResource(cmap);
AuthorizationManager am = new JBossAuthorizationManager("other");
am.authorize(wr);//This should just pass as the default module PERMITS all
}
private Group getRoleGroup()
{
Group gp = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
gp.addMember(new SimplePrincipal("ServletUserRole"));
return gp;
}
private void setSecurityContext()
{
Subject subj = new Subject();
subj.getPrincipals().add(p);
SecurityContext sc = SecurityContextFactory.createSecurityContext("other");
sc.getUtil().createSubjectInfo(p, "cred", subj);
sc.getUtil().setRoles(getRoleGroup());
SecurityContextAssociation.setSecurityContext(sc);
}
private void setUpPolicyContext() throws Exception
{
PolicyContext.setContextID(contextID);
PolicyContext.registerHandler(SecurityConstants.SUBJECT_CONTEXT_KEY,
new SubjectPolicyContextHandler(), true);
}
private void setSecurityConfiguration() throws Exception
{
String name = "org.jboss.security.authorization.modules.web.WebAuthorizationModule";
ApplicationPolicy ap = new ApplicationPolicy("other");
AuthorizationInfo ai = new AuthorizationInfo("other");
AuthorizationModuleEntry ame = new AuthorizationModuleEntry(name);
ai.add(ame);
ap.setAuthorizationInfo(ai);
SecurityConfiguration.addApplicationPolicy(ap);
}
}
package org.jboss.test.authorization;
import java.security.Principal;
import java.security.acl.Group;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.config.AuthorizationModuleEntry;
import org.jboss.security.authorization.resources.WebResource;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.AuthorizationInfo;
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.jacc.SubjectPolicyContextHandler;
import org.jboss.security.plugins.JBossAuthorizationManager;
import org.jboss.security.plugins.SecurityContextAssociation;
import org.jboss.security.plugins.SecurityContextFactory;
import org.jboss.test.authorization.xacml.TestHttpServletRequest;
import junit.framework.TestCase;
/**
* Unit test the JBossAuthorizationManager
*/
public class JBossAuthorizationManagerUnitTestCase extends TestCase
{
private Principal p = new SimplePrincipal("jduke");
private String contextID = "web.jar";
private String uri = "/xacml-subjectrole/test";
protected void setUp() throws Exception
{
super.setUp();
setSecurityContext();
setUpPolicyContext();
setSecurityConfiguration();
}
public void testAuthorization() throws Exception
{
HashMap cmap = new HashMap();
cmap.put(ResourceKeys.WEB_REQUEST, new TestHttpServletRequest(p,"test", "get"));
WebResource wr = new WebResource(cmap);
AuthorizationManager am = new JBossAuthorizationManager("other");
am.authorize(wr);//This should just pass as the default module PERMITS all
}
private Group getRoleGroup()
{
Group gp = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
gp.addMember(new SimplePrincipal("ServletUserRole"));
return gp;
}
private void setSecurityContext()
{
Subject subj = new Subject();
subj.getPrincipals().add(p);
SecurityContext sc = SecurityContextFactory.createSecurityContext("other");
sc.getUtil().createSubjectInfo(p, "cred", subj);
sc.getUtil().setRoles(getRoleGroup());
SecurityContextAssociation.setSecurityContext(sc);
}
private void setUpPolicyContext() throws Exception
{
PolicyContext.setContextID(contextID);
PolicyContext.registerHandler(SecurityConstants.SUBJECT_CONTEXT_KEY,
new SubjectPolicyContextHandler(), true);
}
private void setSecurityConfiguration() throws Exception
{
String name = "org.jboss.security.authorization.modules.web.WebAuthorizationModule";
ApplicationPolicy ap = new ApplicationPolicy("other");
AuthorizationInfo ai = new AuthorizationInfo("other");
AuthorizationModuleEntry ame = new AuthorizationModuleEntry(name);
ai.add(ame);
ap.setAuthorizationInfo(ai);
SecurityConfiguration.addApplicationPolicy(ap);
}
}
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}