/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2013 ForgeRock Inc.
*/
/**
* Exercises the login context.
*
* @author andrew.forrest@forgerock.com
*/
public class LoginContextTest {
private static final String LOGIN_MODULE = "com.sun.identity.authentication.jaas.LoginContextTest$MockModule";
/**
* This test sets up four mock login modules, each with different control flags. The modules are created with
* control flags in the following order: required, requisite, sufficient and optional.
*
* @throws LoginException
* Can be thrown by invocation of the authentication framework.
*/
// Create required delegate login module.
// Create requisite delegate login module.
// Create sufficient delegate login module.
// Create optional delegate login module.
// Initialise class under test.
}
/**
* When a sufficient module succeeds and no preceding required or requisite modules have failed, the authentication
* chain terminates with a successful login, thereby ignoring any modules further in the chain.
*
* @throws LoginException
* Can be thrown by invocation of the authentication framework.
*/
@Test
verifyNoMoreInteractions(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
}
/**
* Sufficient module failures are only noted when required or requisite modules within the chain are ignored or
* there are no required or requisite modules in the chain and no other module has succeeded in authentication.
*
* @throws LoginException
* Can be thrown by invocation of the authentication framework.
*/
@Test
verifyNoMoreInteractions(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
}
/**
* An authentication failure in a required module is thrown when the authentication chain completes.
*
* @throws LoginException
* Can be thrown by invocation of the authentication framework.
*/
// Sufficient module ignored to stop the chain completing early.
try {
} finally {
verifyNoMoreInteractions(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
}
}
/**
* An authentication failure in a requisite module is thrown immediately, causing the authentication chain to
* terminate.
*
* @throws LoginException
* Can be thrown by invocation of the authentication framework.
*/
try {
} finally {
verifyNoMoreInteractions(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
}
}
/**
* Like with sufficient, optional module failures are only noted when required or requisite modules within the chain
* are ignored or there are no required or requisite modules in the chain and no other module has succeeded in
* authentication.
*
* @throws LoginException
* Can be thrown by invocation of the authentication framework.
*/
@Test
// Sufficient module ignored to stop the chain completing early.
verifyNoMoreInteractions(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
}
/**
* Optional module failures are only noted when required or requisite modules within the chain are ignored or there
* are no required or requisite modules in the chain and no other module has succeeded in authentication.
*
* @throws LoginException
* Can be thrown by invocation of the authentication framework.
*/
try {
} finally {
verifyNoMoreInteractions(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
}
}
/**
* Successful authentication in an optional module is only noted when required or requisite modules within the chain
* are ignored or there are no required or requisite modules in the chain.
*
* @throws LoginException
* Can be thrown by invocation of the authentication framework.
*/
@Test
verifyNoMoreInteractions(requiredDelegate, requisiteDelegate, sufficientDelegate, optionalDelegate);
}
/**
* Convenient method for setting login expectations.
*
* @param modules
* Modules for which the expectations are to be set.
* @throws LoginException
* Can be thrown from module invocation.
*/
}
}
/**
* Convenient method for setting login expectations.
*
* @param modules
* Modules for which the expectations are to be set.
* @throws LoginException
* Can be thrown from module invocation.
*/
}
}
/**
* Convenient method for setting login expectations.
*
* @param modules
* Modules for which the expectations are to be set.
* @throws LoginException
* Can be thrown from module invocation.
*/
}
}
/**
* Convenient method for setting commit expectations.
*
* @param modules
* Modules for which the expectations are to be set.
* @throws LoginException
* Can be thrown from module invocation.
*/
}
}
/**
* Convenient method for setting commit expectations.
*
* @param modules
* Modules for which the expectations are to be set.
* @throws LoginException
* Can be thrown from module invocation.
*/
}
}
/**
* Convenient method for setting abort expectations.
*
* @param modules
* Modules for which the expectations are to be set.
* @throws LoginException
* Can be thrown from module invocation.
*/
}
}
/**
* Convenient method verifying invocation of the initialize method against the passed modules.
*
* @param modules
* Modules for which method invocations are to be verified.
* @throws LoginException
* Can be thrown from module invocation.
*/
// Options use eq() as opposed to same() because the map is wrapped by the authn framework.
}
}
/**
* Convenient method verifying invocation of the login method against the passed modules.
*
* @param modules
* Modules for which method invocations are to be verified.
* @throws LoginException
* Can be thrown from module invocation.
*/
}
}
/**
* Convenient method verifying invocation of the commit method against the passed modules.
*
* @param modules
* Modules for which method invocations are to be verified.
* @throws LoginException
* Can be thrown from module invocation.
*/
}
}
/**
* Convenient method verifying invocation of the abort method against the passed modules.
*
* @param modules
* Modules for which method invocations are to be verified.
* @throws LoginException
* Can be thrown from module invocation.
*/
}
}
/**
* As the authn framework initialises login modules via reflection, this class allows for method calls to be
* push out to a delegate, whereby the delegate is a mocked object that can have condition checking.
*/
public MockModule() {
// No-arg constructor.
}
// Taking advantage of the options map to pass in the delegate module.
}
}
}
}
}
}
}