--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/security/auth/login/LoginContext/DummyLoginModule.java Thu Sep 24 10:23:01 2015 +0800
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.security.auth.login.LoginException;
+
+/**
+ * Login module which passes all the time
+ */
+
+public class DummyLoginModule extends SmartLoginModule {
+ private final String header;
+
+ public DummyLoginModule() {
+ header = "DummyLoginModule: ";
+ }
+
+ @Override
+ public boolean login() throws LoginException {
+ System.out.println("\t\t" + header + " login method is called ");
+ System.out.println("\t\t" + header + " login:PASS");
+ return true;
+ }
+
+ @Override
+ public boolean commit() throws LoginException {
+ System.out.println("\t\t" + header + " commit method is called");
+ System.out.println("\t\t" + header + " commit:PASS");
+ return true;
+ }
+
+ @Override
+ public boolean abort() throws LoginException {
+ System.out.println("\t\t" + header + " abort method is called ");
+ System.out.println("\t\t" + header + " abort:PASS");
+
+ return true;
+ }
+
+ @Override
+ public boolean logout() throws LoginException {
+ System.out.println("\t\t" + header + " logout method is called");
+ System.out.println("\t\t" + header + " logout:PASS");
+ return true;
+ }
+
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/security/auth/login/LoginContext/DynamicConfigurationTest.java Thu Sep 24 10:23:01 2015 +0800
@@ -0,0 +1,165 @@
+/*
+ * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.IOException;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+/**
+ * @test
+ * @bug 8050427 4703361
+ * @summary Test case for RFE: 4703361. Tests the Dynamic Configuration of
+ * Authentication Modules with different methods
+ * @compile SmartLoginModule.java DummyLoginModule.java MyConfiguration.java
+ * @run main/othervm DynamicConfigurationTest
+ */
+public class DynamicConfigurationTest {
+
+ public static void main(String... args) {
+ String rightConfigName = "PT";
+ String wrongConfigName = "NT";
+ char[] rightPwd = new char[]{'t', 'e', 's', 't', 'P', 'a', 's', 's',
+ 'w', 'o', 'r', 'd', '1'};
+ char[] wrongPwd = new char[]{'w', 'r', 'o', 'n', 'g', 'P', 'a', 's',
+ 's','w', 'o', 'r', 'd'};
+
+ // Test with wrong configuration name
+ // Expect LoginException when initiate a new LoginContext object
+ testConfigName(wrongConfigName, true);
+ System.out.println("Wrong Config Name Test passed ");
+
+ // Spedify two loginModules: SmartLoginModule and DummyLoginModule
+ // Flags: required-required
+ // Test with right password for SmartLoginModule
+ // No exception is expected
+ Configuration cf = new MyConfiguration();
+ testLogin(rightConfigName, rightPwd, cf, false);
+ System.out.println("Positive test passed");
+
+ // Spedify two loginModules: SmartLoginModule and DummyLoginModule
+ // Flags: required-required
+ // Test with wrong password for SmartLoginModule
+ // Expect LoginException by calling LoginContext.login() method
+ testLogin(rightConfigName, wrongPwd, cf, true);
+ System.out.println("Should fail test passed");
+
+ // Spedify two loginModules: SmartLoginModule and DummyLoginModule
+ // Change the flags from required-required to optional-sufficient
+ // Test with wrong password for SmartLoginModule, while DummyLoginModule
+ // always passes
+ // No Exception is expected
+ cf = new MyConfiguration(true);
+ testLogin(rightConfigName, wrongPwd, cf, false);
+ System.out.println("One module fails where are other module succeeeds "
+ + "Test passed with optional-sufficient flags");
+ }
+
+ public static void testConfigName(String confName,
+ boolean expectException) {
+ String expectedMsg = "No LoginModules configured for " + confName;
+ try {
+ LoginContext lc = new LoginContext(confName, new Subject(),
+ new MyCallbackHandler(), new MyConfiguration());
+
+ if (expectException) {
+ throw new RuntimeException("Wrong Config Name Test failed: "
+ + "expected LoginException not thrown.");
+ }
+ } catch (LoginException le) {
+ if (!expectException || !le.getMessage().equals(expectedMsg)) {
+ System.out.println("Wrong Config Name Test failed: "
+ + "received Unexpected exception.");
+ throw new RuntimeException(le);
+ }
+ }
+ }
+
+ public static void testLogin(String confName, char[] passwd,
+ Configuration cf, boolean expectException) {
+ try {
+ CallbackHandler ch = new MyCallbackHandler("testUser", passwd);
+ LoginContext lc = new LoginContext(confName, new Subject(),
+ ch, cf);
+ lc.login();
+ if (expectException) {
+ throw new RuntimeException("Login Test failed: "
+ + "expected LoginException not thrown");
+ }
+ } catch (LoginException le) {
+ if (!expectException) {
+ System.out.println("Login Test failed: "
+ + "received Unexpected exception.");
+ throw new RuntimeException(le);
+ }
+ }
+ }
+}
+
+/**
+ * The application simulates the CallbackHandler. It simulates! which means all
+ * process to get username and password is ignored. We have to take this
+ * approach for automation purpose. So, this is not a real world example at all.
+ */
+class MyCallbackHandler implements CallbackHandler {
+
+ String userName;
+ char[] password;
+
+ /**
+ * This is simply a workaround approach for IO approach to get username and
+ * password. For automation purpose only.
+ */
+ public MyCallbackHandler() {
+ super();
+ }
+
+ public MyCallbackHandler(String username, char[] password) {
+ super();
+ userName = username;
+ this.password = password;
+ }
+
+ @Override
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (Callback callback : callbacks) {
+ if (callback instanceof NameCallback) {
+ NameCallback nc = (NameCallback) callback;
+ nc.setName(userName);
+ } else if (callback instanceof PasswordCallback) {
+ PasswordCallback pc = (PasswordCallback) callback;
+ pc.setPassword(password);
+ } else {
+ throw new UnsupportedCallbackException(callback,
+ "Unrecognized Callback");
+ }
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/security/auth/login/LoginContext/MyConfiguration.java Thu Sep 24 10:23:01 2015 +0800
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.util.HashMap;
+import javax.security.auth.login.AppConfigurationEntry;
+import static javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL;
+import static javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
+import static javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT;
+import javax.security.auth.login.Configuration;
+
+/**
+ * This class is used to test LoginContext constructor API. It simply contains
+ * one configuration entry: PT.
+ */
+public class MyConfiguration extends Configuration {
+
+ private static final AppConfigurationEntry[] ptAE
+ = new AppConfigurationEntry[2];
+ private static final HashMap<String, String> map = new HashMap<>();
+ private boolean optionOrder = false;
+
+ public MyConfiguration() {
+ setupConfiguration();
+ }
+
+ public MyConfiguration(boolean optionOrder) {
+ this.optionOrder = optionOrder;
+ setupConfiguration();
+ }
+
+ private void setupConfiguration() {
+ ptAE[0] = new AppConfigurationEntry("SmartLoginModule",
+ optionOrder ? OPTIONAL : REQUIRED,
+ map);
+ ptAE[1] = new AppConfigurationEntry("DummyLoginModule",
+ optionOrder ? SUFFICIENT : REQUIRED,
+ map);
+ }
+
+ @Override
+ public AppConfigurationEntry[]
+ getAppConfigurationEntry(String applicationName) {
+ if (applicationName.equals("PT")) {
+ return ptAE;
+ } else {
+ return null;
+ }
+ }
+
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/security/auth/login/LoginContext/SmartLoginModule.java Thu Sep 24 10:23:01 2015 +0800
@@ -0,0 +1,253 @@
+/*
+ * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.Map;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+/**
+ * This code was based on JAAS demo code, small modification is made for testing
+ * purpose.
+ */
+public class SmartLoginModule implements LoginModule {
+
+ // initial state
+ private Subject subject;
+ private CallbackHandler callbackHandler;
+
+ // the authentication status
+ private boolean succeeded = false;
+ private boolean commitSucceeded = false;
+
+ // username and password
+ private String username;
+ private char[] password;
+
+ // Default values for this login module. In real world,
+ // don't do it in this way!
+ private String myUsername;
+ private char[] myPassword;
+ private String header;
+
+ // testUser's SamplePrincipal
+ private SamplePrincipal userPrincipal;
+
+ public SmartLoginModule() {
+ this("testUser",
+ new char[]{'t', 'e', 's', 't', 'P', 'a', 's', 's',
+ 'w', 'o', 'r', 'd', '1'},
+ "SmartLoginModule1: ");
+ }
+
+ public SmartLoginModule(String userName, char[] password, String header) {
+ myUsername = userName;
+ myPassword = password;
+ this.header = header;
+ }
+
+ @Override
+ public boolean abort() throws LoginException {
+ if (!succeeded) {
+ return false;
+ } else if (succeeded && !commitSucceeded) {
+ // login succeeded but overall authentication failed
+ succeeded = false;
+ username = null;
+ password = null;
+ userPrincipal = null;
+ } else {
+ // overall authentication succeeded and commit succeeded,
+ // but someone else's commit failed
+ logout();
+ }
+ return true;
+ }
+
+ @Override
+ public boolean commit() throws LoginException {
+ if (!succeeded) {
+ return false;
+ } else {
+ // add a Principal (authenticated identity) to the Subject
+ // assume the user we authenticated is the SamplePrincipal
+ userPrincipal = new SamplePrincipal(username);
+ if (!subject.getPrincipals().contains(userPrincipal)) {
+ subject.getPrincipals().add(userPrincipal);
+ }
+ // in any case, clean out state
+ username = null;
+ password = null;
+ commitSucceeded = true;
+ return true;
+ }
+ }
+
+ @Override
+ public void initialize(Subject subject, CallbackHandler callbackHandler,
+ Map<String, ?> sharedState, Map<String, ?> options) {
+ this.subject = subject;
+ this.callbackHandler = callbackHandler;
+ }
+
+ @Override
+ public boolean login() throws LoginException {
+ if (callbackHandler == null) {
+ throw new LoginException("Error: no CallbackHandler available to "
+ + "garner authentication information from the user");
+ }
+
+ Callback[] callbacks = new Callback[2];
+ callbacks[0] = new NameCallback(header + "user name: ");
+ callbacks[1] = new PasswordCallback(header + "password: ", false);
+
+ try {
+ callbackHandler.handle(callbacks);
+ username = ((NameCallback) callbacks[0]).getName();
+ char[] tmpPassword
+ = ((PasswordCallback) callbacks[1]).getPassword();
+ if (tmpPassword == null) {
+ tmpPassword = new char[0];
+ }
+ password = new char[tmpPassword.length];
+ System.arraycopy(tmpPassword, 0, password, 0, tmpPassword.length);
+ ((PasswordCallback) callbacks[1]).clearPassword();
+ } catch (java.io.IOException ioe) {
+ throw (LoginException) new LoginException().initCause(ioe);
+ } catch (UnsupportedCallbackException uce) {
+ throw new LoginException("Error: " + header
+ + uce.getCallback().toString()
+ + " not available to garner authentication information "
+ + "from the user");
+ }
+
+ // verify the username/password
+ if (username.equals(myUsername)
+ && Arrays.equals(password, myPassword)) {
+ System.out.println("\t\t" + header + " authentication succeeded");
+ succeeded = true;
+ return true;
+ } else {
+ // authentication failed -- clean out state
+ System.out.println("\t\t" + header + " authentication failed");
+ printDebugInfo();
+ succeeded = false;
+ username = null;
+ password = null;
+ throw new FailedLoginException("User Name or Password Incorrect");
+ }
+ }
+
+ @Override
+ public boolean logout() throws LoginException {
+ subject.getPrincipals().remove(userPrincipal);
+ succeeded = false;
+ succeeded = commitSucceeded;
+ username = null;
+ password = null;
+ userPrincipal = null;
+ return true;
+ }
+
+ // print debugging information
+ private void printDebugInfo() {
+ System.out.println("\t\t" + header + " correct user name: "
+ + myUsername);
+ System.out.println("\t\t" + header + " user entered user name: "
+ + username);
+ System.out.print("\t\t" + header + " correct password: ");
+ for (char c : myPassword) {
+ System.out.print(c);
+ }
+ System.out.println();
+ System.out.print("\t\t" + header + " user entered password: ");
+ for (char c : password) {
+ System.out.print(c);
+ }
+ System.out.println();
+ }
+}
+
+class SamplePrincipal implements Principal, java.io.Serializable {
+
+ /**
+ * @serial
+ */
+ private String name;
+
+ /**
+ * Create a SamplePrincipal with a Sample username.
+ *
+ * @param name the Sample username for this user.
+ * @exception NullPointerException if the <code>name</code> is
+ * <code>null</code>.
+ */
+ public SamplePrincipal(String name) {
+ if (name == null) {
+ throw new NullPointerException("illegal null input");
+ }
+
+ this.name = name;
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+
+ @Override
+ public String toString() {
+ return "SamplePrincipal: " + name;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (o == null) {
+ return false;
+ }
+
+ if (this == o) {
+ return true;
+ }
+
+ if (!(o instanceof SamplePrincipal)) {
+ return false;
+ }
+ SamplePrincipal that = (SamplePrincipal) o;
+
+ return this.getName().equals(that.getName());
+ }
+
+ @Override
+ public int hashCode() {
+ return name.hashCode();
+ }
+}