summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian Campo2008-04-08 09:43:52 (EDT)
committerChristian Campo2008-04-08 09:43:52 (EDT)
commitadc491c9f87898970377feb23ea8f78002df8ee6 (patch)
tree07810391cc26fbde5cd0fef71e162d2a86d86095
parent0972cb3b2cb5f065b8284021aec864c2cb543969 (diff)
downloadorg.eclipse.riena-adc491c9f87898970377feb23ea8f78002df8ee6.zip
org.eclipse.riena-adc491c9f87898970377feb23ea8f78002df8ee6.tar.gz
org.eclipse.riena-adc491c9f87898970377feb23ea8f78002df8ee6.tar.bz2
BasicAuthenticationHook that transmits the current principal as BasicAuthentication Header.
-rw-r--r--org.eclipse.riena.sample.app.server/META-INF/MANIFEST.MF7
-rw-r--r--org.eclipse.riena.sample.app.server/Riena Sample App Server.launch2
-rw-r--r--org.eclipse.riena.sample.app.server/build.properties3
-rw-r--r--org.eclipse.riena.sample.app.server/plugin.xml13
-rw-r--r--org.eclipse.riena.sample.app.server/src/org/eclipse/riena/internal/sample/app/server/BasicAuthenticationTestServlet.java41
-rw-r--r--org.eclipse.riena.tests/src/org/eclipse/riena/security/services/itest/authentication/BasicAuthenticationITest.java149
6 files changed, 211 insertions, 4 deletions
diff --git a/org.eclipse.riena.sample.app.server/META-INF/MANIFEST.MF b/org.eclipse.riena.sample.app.server/META-INF/MANIFEST.MF
index aaf0d79..744f5ee 100644
--- a/org.eclipse.riena.sample.app.server/META-INF/MANIFEST.MF
+++ b/org.eclipse.riena.sample.app.server/META-INF/MANIFEST.MF
@@ -1,9 +1,12 @@
Manifest-Version: 1.0
Bundle-ManifestVersion: 2
Bundle-Name: Riena Sample App Server (Incubation)
-Bundle-SymbolicName: org.eclipse.riena.sample.app.server
+Bundle-SymbolicName: org.eclipse.riena.sample.app.server;singleton:=true
Bundle-Version: 1.0.0.M2
Bundle-Activator: org.eclipse.riena.internal.sample.app.server.Activator
Require-Bundle: org.eclipse.core.runtime,
org.eclipse.riena.sample.app.common,
- org.eclipse.riena.communication.core
+ org.eclipse.riena.communication.core,
+ org.eclipse.equinox.http.registry
+Import-Package: javax.servlet;version="2.4.0",
+ javax.servlet.http;version="2.4.0"
diff --git a/org.eclipse.riena.sample.app.server/Riena Sample App Server.launch b/org.eclipse.riena.sample.app.server/Riena Sample App Server.launch
index 0029c5b..effe9d5 100644
--- a/org.eclipse.riena.sample.app.server/Riena Sample App Server.launch
+++ b/org.eclipse.riena.sample.app.server/Riena Sample App Server.launch
@@ -20,5 +20,5 @@
<stringAttribute key="target_bundles" value="javax.servlet@default:default,org.apache.commons.logging@default:default,org.eclipse.core.contenttype@default:default,org.eclipse.core.jobs@default:default,org.eclipse.core.runtime@default:default,org.eclipse.core.runtime.compatibility.auth@default:default,org.eclipse.equinox.app@default:default,org.eclipse.equinox.common@default:default,org.eclipse.equinox.http.jetty@default:default,org.eclipse.equinox.http.registry@default:default,org.eclipse.equinox.http.servlet@default:default,org.eclipse.equinox.preferences@default:default,org.eclipse.equinox.registry@default:default,org.eclipse.osgi@:,org.eclipse.osgi.services@default:default,org.mortbay.jetty@default:default"/>
<booleanAttribute key="tracing" value="false"/>
<booleanAttribute key="useDefaultConfigArea" value="true"/>
-<stringAttribute key="workspace_bundles" value="com.caucho.hessian@default:default,org.apache.log4j@default:default,org.eclipse.equinox.cm@default:default,org.eclipse.equinox.log@default:default,org.eclipse.riena.communication.console@default:default,org.eclipse.riena.communication.core@default:default,org.eclipse.riena.communication.publisher@default:default,org.eclipse.riena.communication.publisher.hessian@5:default,org.eclipse.riena.core@default:default,org.eclipse.riena.sample.app.common@6:default,org.eclipse.riena.sample.app.server@6:default,org.eclipse.riena.security.common@default:default,org.eclipse.riena.security.server@default:default,org.eclipse.riena.security.services@default:default,org.eclipse.riena.security.simpleservices@default:default"/>
+<stringAttribute key="workspace_bundles" value="com.caucho.hessian@default:default,org.apache.log4j@default:default,org.eclipse.equinox.cm@default:default,org.eclipse.equinox.log@default:default,org.eclipse.riena.communication.console@default:default,org.eclipse.riena.communication.core@default:default,org.eclipse.riena.communication.publisher@default:default,org.eclipse.riena.communication.publisher.hessian@default:default,org.eclipse.riena.core@default:default,org.eclipse.riena.sample.app.common@default:default,org.eclipse.riena.sample.app.server@default:default,org.eclipse.riena.security.common@default:default,org.eclipse.riena.security.server@default:default,org.eclipse.riena.security.services@default:default,org.eclipse.riena.security.simpleservices@default:default"/>
</launchConfiguration>
diff --git a/org.eclipse.riena.sample.app.server/build.properties b/org.eclipse.riena.sample.app.server/build.properties
index 34d2e4d..e9863e2 100644
--- a/org.eclipse.riena.sample.app.server/build.properties
+++ b/org.eclipse.riena.sample.app.server/build.properties
@@ -1,4 +1,5 @@
source.. = src/
output.. = bin/
bin.includes = META-INF/,\
- .
+ .,\
+ plugin.xml
diff --git a/org.eclipse.riena.sample.app.server/plugin.xml b/org.eclipse.riena.sample.app.server/plugin.xml
new file mode 100644
index 0000000..065a4e3
--- /dev/null
+++ b/org.eclipse.riena.sample.app.server/plugin.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?eclipse version="3.2"?>
+<plugin>
+ <extension
+ point="org.eclipse.equinox.http.registry.servlets">
+ <servlet
+ alias="/junit/protected"
+ class="org.eclipse.riena.internal.sample.app.server.BasicAuthenticationTestServlet"
+ load-on-startup="true">
+ </servlet>
+ </extension>
+
+</plugin>
diff --git a/org.eclipse.riena.sample.app.server/src/org/eclipse/riena/internal/sample/app/server/BasicAuthenticationTestServlet.java b/org.eclipse.riena.sample.app.server/src/org/eclipse/riena/internal/sample/app/server/BasicAuthenticationTestServlet.java
new file mode 100644
index 0000000..2dfa366
--- /dev/null
+++ b/org.eclipse.riena.sample.app.server/src/org/eclipse/riena/internal/sample/app/server/BasicAuthenticationTestServlet.java
@@ -0,0 +1,41 @@
+/*******************************************************************************
+ * Copyright (c) 2007, 2008 compeople AG and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * compeople AG - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.riena.internal.sample.app.server;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ *
+ */
+public class BasicAuthenticationTestServlet extends HttpServlet {
+
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+ String auth = req.getHeader("Authorization");
+ String correctAuth = "Basic c2NwOnNjcHRlc3RwYXNzd29yZA==";// encoded
+ // version
+ // of
+ // userid=scp,
+ // password=scptestpassword
+ if (auth != null && auth.equals(correctAuth)) {
+ resp.getOutputStream().write(new String("OK").getBytes());
+ } else {
+ resp.sendError(401);
+ }
+
+ }
+
+}
diff --git a/org.eclipse.riena.tests/src/org/eclipse/riena/security/services/itest/authentication/BasicAuthenticationITest.java b/org.eclipse.riena.tests/src/org/eclipse/riena/security/services/itest/authentication/BasicAuthenticationITest.java
new file mode 100644
index 0000000..995de88
--- /dev/null
+++ b/org.eclipse.riena.tests/src/org/eclipse/riena/security/services/itest/authentication/BasicAuthenticationITest.java
@@ -0,0 +1,149 @@
+/*******************************************************************************
+ * Copyright (c) 2007, 2008 compeople AG and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * compeople AG - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.riena.security.services.itest.authentication;
+
+import javax.security.auth.Subject;
+
+import org.eclipse.riena.communication.core.IRemoteServiceRegistration;
+import org.eclipse.riena.communication.core.RemoteFailure;
+import org.eclipse.riena.communication.core.factory.RemoteServiceFactory;
+import org.eclipse.riena.communication.core.hooks.ICallHook;
+import org.eclipse.riena.internal.tests.Activator;
+import org.eclipse.riena.security.common.BasicAuthenticationCallHook;
+import org.eclipse.riena.security.common.ISubjectHolderService;
+import org.eclipse.riena.security.common.authentication.SimplePrincipal;
+import org.eclipse.riena.security.server.session.ISessionService;
+import org.eclipse.riena.tests.RienaTestCase;
+import org.osgi.framework.ServiceRegistration;
+
+/**
+ *
+ */
+public class BasicAuthenticationITest extends RienaTestCase {
+
+ private IRemoteServiceRegistration sessionServiceRegistration;
+
+ private final static String TESTURL = "http://localhost:8080/junit/protected";
+
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+ startBundles("org\\.eclipse\\.equinox\\.cm.*", null); //$NON-NLS-1$
+ startBundles("org\\.eclipse\\.equinox\\.log.*", null); //$NON-NLS-1$
+ startBundles("org\\.eclipse\\.riena.communication.core", null); //$NON-NLS-1$
+ startBundles("org\\.eclipse\\.riena.communication.factory.hessian", null); //$NON-NLS-1$
+
+ sessionServiceRegistration = new RemoteServiceFactory().createAndRegisterProxy(ISessionService.class, TESTURL,
+ "hessian", null); //$NON-NLS-1$
+ }
+
+ @Override
+ protected void tearDown() throws Exception {
+ super.tearDown();
+ sessionServiceRegistration.unregister();
+ }
+
+ /**
+ * nomen est omen
+ */
+ public void testNoCallHook() {
+ try {
+ ISessionService sessionService = (ISessionService) Activator.getContext().getService(
+ Activator.getContext().getServiceReference(ISessionService.class.getName()));
+
+ sessionService.isValidSession(null);
+ fail("RemoteFailure HTTP=401 expected"); //$NON-NLS-1$
+ } catch (RemoteFailure e) {
+ assertTrue(e.getCause().getCause().getMessage().contains("401")); //$NON-NLS-1$
+ }
+ }
+
+ /**
+ * nomen est omen
+ */
+ public void testWithCallHookNoAuthorization() {
+ try {
+ ISessionService sessionService = (ISessionService) Activator.getContext().getService(
+ Activator.getContext().getServiceReference(ISessionService.class.getName()));
+
+ ServiceRegistration serviceReg = Activator.getContext().registerService(ICallHook.class.getName(),
+ new BasicAuthenticationCallHook(), null);
+
+ sessionService.isValidSession(null);
+
+ serviceReg.unregister();
+ fail("RemoteFailure HTTP=401 expected"); //$NON-NLS-1$
+ } catch (RemoteFailure e) {
+ assertTrue(e.getCause().getCause().getMessage().contains("401")); //$NON-NLS-1$
+ }
+
+ }
+
+ /**
+ * nomen est omen
+ */
+ public void testWithCallHookWithInvalidAuthorization() {
+ try {
+ ISessionService sessionService = (ISessionService) Activator.getContext().getService(
+ Activator.getContext().getServiceReference(ISessionService.class.getName()));
+
+ ServiceRegistration serviceReg = Activator.getContext().registerService(ICallHook.class.getName(),
+ new BasicAuthenticationCallHook(), null);
+
+ ISubjectHolderService subjectHolderService = (ISubjectHolderService) Activator.getContext().getService(
+ Activator.getContext().getServiceReference(ISubjectHolderService.class.getName()));
+
+ Subject subject = new Subject();
+ subject.getPrincipals().add(new SimplePrincipal("christian"));
+ subject.getPrivateCredentials().add("password");
+ subjectHolderService.fetchSubjectHolder().setSubject(subject);
+
+ sessionService.isValidSession(null);
+
+ serviceReg.unregister();
+ fail("RemoteFailure HTTP=401 expected"); //$NON-NLS-1$
+ } catch (RemoteFailure e) {
+ assertTrue(e.getCause().getCause().getMessage().contains("401")); //$NON-NLS-1$
+ }
+
+ }
+
+ /**
+ * nomen est omen
+ */
+ public void testWithCallHookWithValidAuthorization() {
+ try {
+ ISessionService sessionService = (ISessionService) Activator.getContext().getService(
+ Activator.getContext().getServiceReference(ISessionService.class.getName()));
+
+ ServiceRegistration serviceReg = Activator.getContext().registerService(ICallHook.class.getName(),
+ new BasicAuthenticationCallHook(), null);
+
+ ISubjectHolderService subjectHolderService = (ISubjectHolderService) Activator.getContext().getService(
+ Activator.getContext().getServiceReference(ISubjectHolderService.class.getName()));
+
+ Subject subject = new Subject();
+ subject.getPrincipals().add(new SimplePrincipal("scp")); //$NON-NLS-1$
+ subject.getPrivateCredentials().add("scptestpassword"); //$NON-NLS-1$
+ subjectHolderService.fetchSubjectHolder().setSubject(subject);
+
+ sessionService.isValidSession(null);
+
+ serviceReg.unregister();
+ fail("RemoteFailure with Protocol Error expected"); //$NON-NLS-1$
+ // ok()
+ } catch (RemoteFailure e) {
+ assertFalse(e.getCause().getCause().getMessage().contains("401")); //$NON-NLS-1$
+ assertTrue(e.getCause().getCause().getMessage().contains("expected boolean")); //$NON-NLS-1$
+ }
+
+ }
+}