507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * The contents of this file are subject to the terms of the Common Development and
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Distribution License (the License). You may not use this file except in compliance with the
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * specific language governing permission and limitations under the License.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * When distributing Covered Software, include this CDDL Header Notice in each file and include
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Header, with the fields enclosed by brackets [] replaced by your own identifying
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * information: "Portions copyright [year] [name of copyright owner]".
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Copyright 2013 ForgeRock Inc.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrestimport com.sun.identity.authentication.spi.InvalidPasswordException;
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrestimport javax.security.auth.callback.CallbackHandler;
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrestimport javax.security.auth.login.AppConfigurationEntry;
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrestimport javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrestimport javax.security.auth.login.LoginException;
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrestimport static org.mockito.Mockito.verifyNoMoreInteractions;
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Exercises the login context.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @author andrew.forrest@forgerock.com
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest private static final String LOGIN_MODULE = "com.sun.identity.authentication.jaas.LoginContextTest$MockModule";
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest private static final String DELEGATE_MODULE = "delegate";
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest private Map<LoginModule, Map<String, Object>> optionCache;
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * This test sets up four mock login modules, each with different control flags. The modules are created with
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * control flags in the following order: required, requisite, sufficient and optional.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @throws LoginException
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Can be thrown by invocation of the authentication framework.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest optionCache = new HashMap<LoginModule, Map<String, Object>>();
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest // Create required delegate login module.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest Map<String, Object> requiredOptions = new HashMap<String, Object>();
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest requiredOptions.put(DELEGATE_MODULE, requiredDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest optionCache.put(requiredDelegate, requiredOptions);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest AppConfigurationEntry requiredEntry = new AppConfigurationEntry(LOGIN_MODULE,
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest LoginModuleControlFlag.REQUIRED, requiredOptions);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest // Create requisite delegate login module.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest Map<String, Object> requisiteOptions = new HashMap<String, Object>();
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest requisiteOptions.put(DELEGATE_MODULE, requisiteDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest optionCache.put(requisiteDelegate, requisiteOptions);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest AppConfigurationEntry requisiteEntry = new AppConfigurationEntry(LOGIN_MODULE,
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest LoginModuleControlFlag.REQUISITE, requisiteOptions);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest // Create sufficient delegate login module.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest sufficientDelegate = mock(LoginModule.class);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest Map<String, Object> sufficientOptions = new HashMap<String, Object>();
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest sufficientOptions.put(DELEGATE_MODULE, sufficientDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest optionCache.put(sufficientDelegate, sufficientOptions);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest AppConfigurationEntry sufficientEntry = new AppConfigurationEntry(LOGIN_MODULE,
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest LoginModuleControlFlag.SUFFICIENT, sufficientOptions);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest // Create optional delegate login module.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest Map<String, Object> optionalOptions = new HashMap<String, Object>();
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest optionalOptions.put(DELEGATE_MODULE, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest optionCache.put(optionalDelegate, optionalOptions);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest AppConfigurationEntry optionalEntry = new AppConfigurationEntry(LOGIN_MODULE,
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest LoginModuleControlFlag.OPTIONAL, optionalOptions);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest new AppConfigurationEntry[] {requiredEntry, requisiteEntry, sufficientEntry, optionalEntry};
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest // Initialise class under test.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest context = new LoginContext(entries, subject, handler);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * When a sufficient module succeeds and no preceding required or requisite modules have failed, the authentication
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * chain terminates with a successful login, thereby ignoring any modules further in the chain.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @throws LoginException
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Can be thrown by invocation of the authentication framework.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest public void sufficientSuccess() throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenLoginReturnTrue(requiredDelegate, requisiteDelegate, sufficientDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenCommitReturnTrue(requiredDelegate, requisiteDelegate, sufficientDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyInitialize(requiredDelegate, requisiteDelegate, sufficientDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyLogin(requiredDelegate, requisiteDelegate, sufficientDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyCommit(requiredDelegate, requisiteDelegate, sufficientDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyNoMoreInteractions(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Sufficient module failures are only noted when required or requisite modules within the chain are ignored or
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * there are no required or requisite modules in the chain and no other module has succeeded in authentication.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @throws LoginException
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Can be thrown by invocation of the authentication framework.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest public void sufficientFailureIgnored() throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenLoginReturnTrue(requiredDelegate, requisiteDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenLoginThrowInvalidPasswordException(sufficientDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenCommitReturnTrue(requiredDelegate, requisiteDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyInitialize(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyLogin(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyCommit(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyNoMoreInteractions(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * An authentication failure in a required module is thrown when the authentication chain completes.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @throws LoginException
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Can be thrown by invocation of the authentication framework.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest @Test(expectedExceptions = InvalidPasswordException.class)
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest public void requiredFailure() throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenLoginThrowInvalidPasswordException(requiredDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenLoginReturnTrue(requisiteDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest // Sufficient module ignored to stop the chain completing early.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenAbortReturnTrue(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyInitialize(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyLogin(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyAbort(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyNoMoreInteractions(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * An authentication failure in a requisite module is thrown immediately, causing the authentication chain to
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @throws LoginException
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Can be thrown by invocation of the authentication framework.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest @Test(expectedExceptions = InvalidPasswordException.class)
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest public void requisiteFailure() throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenLoginThrowInvalidPasswordException(requisiteDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenAbortReturnTrue(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyInitialize(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyLogin(requiredDelegate, requisiteDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyAbort(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyNoMoreInteractions(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Like with sufficient, optional module failures are only noted when required or requisite modules within the chain
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * are ignored or there are no required or requisite modules in the chain and no other module has succeeded in
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * authentication.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @throws LoginException
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Can be thrown by invocation of the authentication framework.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest public void optionalFailureIgnored() throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenLoginReturnTrue(requiredDelegate, requisiteDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest // Sufficient module ignored to stop the chain completing early.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenLoginThrowInvalidPasswordException(optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenCommitReturnTrue(requiredDelegate, requisiteDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenCommitReturnFalse(sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyInitialize(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyLogin(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyCommit(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyNoMoreInteractions(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Optional module failures are only noted when required or requisite modules within the chain are ignored or there
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * are no required or requisite modules in the chain and no other module has succeeded in authentication.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @throws LoginException
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Can be thrown by invocation of the authentication framework.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest @Test(expectedExceptions = InvalidPasswordException.class)
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest public void optionalFailureNoted() throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenLoginReturnFalse(requiredDelegate, requisiteDelegate, sufficientDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenLoginThrowInvalidPasswordException(optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenAbortReturnTrue(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyInitialize(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyLogin(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyAbort(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyNoMoreInteractions(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Successful authentication in an optional module is only noted when required or requisite modules within the chain
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * are ignored or there are no required or requisite modules in the chain.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @throws LoginException
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Can be thrown by invocation of the authentication framework.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest public void optionalSuccessNoted() throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenLoginReturnFalse(requiredDelegate, requisiteDelegate, sufficientDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest whenCommitReturnFalse(requiredDelegate, requisiteDelegate, sufficientDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyInitialize(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyLogin(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyCommit(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verifyNoMoreInteractions(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Convenient method for setting login expectations.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @param modules
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Modules for which the expectations are to be set.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @throws LoginException
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Can be thrown from module invocation.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest private void whenLoginReturnTrue(LoginModule... modules) throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Convenient method for setting login expectations.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @param modules
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Modules for which the expectations are to be set.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @throws LoginException
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Can be thrown from module invocation.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest private void whenLoginThrowInvalidPasswordException(LoginModule... modules) throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest when(module.login()).thenThrow(new InvalidPasswordException("test-pw-failure"));
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Convenient method for setting login expectations.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @param modules
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Modules for which the expectations are to be set.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @throws LoginException
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Can be thrown from module invocation.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest private void whenLoginReturnFalse(LoginModule... modules) throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Convenient method for setting commit expectations.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @param modules
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Modules for which the expectations are to be set.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @throws LoginException
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Can be thrown from module invocation.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest private void whenCommitReturnTrue(LoginModule... modules) throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Convenient method for setting commit expectations.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @param modules
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Modules for which the expectations are to be set.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @throws LoginException
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Can be thrown from module invocation.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest private void whenCommitReturnFalse(LoginModule... modules) throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Convenient method for setting abort expectations.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @param modules
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Modules for which the expectations are to be set.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @throws LoginException
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Can be thrown from module invocation.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest private void whenAbortReturnTrue(LoginModule... modules) throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Convenient method verifying invocation of the initialize method against the passed modules.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @param modules
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Modules for which method invocations are to be verified.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @throws LoginException
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Can be thrown from module invocation.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest private void verifyInitialize(LoginModule... modules) {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest // Options use eq() as opposed to same() because the map is wrapped by the authn framework.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest verify(module).initialize(same(subject), same(handler), anyMap(), eq(optionCache.get(module)));
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Convenient method verifying invocation of the login method against the passed modules.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @param modules
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Modules for which method invocations are to be verified.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @throws LoginException
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Can be thrown from module invocation.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest private void verifyLogin(LoginModule... modules) throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Convenient method verifying invocation of the commit method against the passed modules.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @param modules
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Modules for which method invocations are to be verified.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @throws LoginException
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Can be thrown from module invocation.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest private void verifyCommit(LoginModule... modules) throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Convenient method verifying invocation of the abort method against the passed modules.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @param modules
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Modules for which method invocations are to be verified.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * @throws LoginException
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * Can be thrown from module invocation.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest private void verifyAbort(LoginModule... modules) throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * As the authn framework initialises login modules via reflection, this class allows for method calls to be
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest * push out to a delegate, whereby the delegate is a mocked object that can have condition checking.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest private static class MockModule implements LoginModule {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest // No-arg constructor.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest public void initialize(Subject subject, CallbackHandler callbackHandler,
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest Map<String, ?> sharedState, Map<String, ?> options) {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest // Taking advantage of the options map to pass in the delegate module.
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest delegate = (LoginModule)options.get(DELEGATE_MODULE);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest delegate.initialize(subject, callbackHandler, sharedState, options);
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest public boolean login() throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest public boolean commit() throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest public boolean abort() throws LoginException {
507f293cae556f4b7077d3bcfc882525da3cfe6bAndrew Forrest public boolean logout() throws LoginException {