/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6765491
* @summary Krb5LoginModule a little too restrictive, and the doc is not clear.
*/
public class LoginModuleOptions {
// All 4 works: keytab, shared state, callback, cache
// Fallbacks
// 1. ccache -> keytab
"useKeyTab", "true", "principal", "dummy");
// 2. keytab -> shared
"keyTab", "ktab_non_exist",
// 3. shared -> callback
// 3.1. useFirstPass, no callback
boolean failed = false;
try {
"useFirstPass", "true",
} catch (Exception e) {
failed = true;
}
if (!failed) {
throw new Exception("useFirstPass should not fallback to callback");
}
// 3.2. tryFirstPass, has callback
"tryFirstPass", "true",
// Preferences of type
// 1. ccache preferred to keytab
"useTicketCache", "true", "ticketCache", "krbcc",
"useKeyTab", "true");
// 2. keytab preferred to shared. This test case is not exactly correct,
// because principal=dummy would shadow the PWD setting in the shared
// state. So by only looking at the final authentication user name
// (which is how this program does), there's no way to tell if keyTab
// is picked first, or shared is tried first but fallback to keytab.
// 3. shared preferred to callback
// Preferences of username
// 1. principal preferred to NAME (NAME can be wrong or missing)
// 2. NAME preferred to callback
// 3. With tryFirstPass, NAME preferred to callback
// 3.1. you must provide a NAME (when there's no principal)
failed = false;
try {
} catch (Exception e) {
failed = true;
}
if (!failed) {
throw new Exception("useFirstPass must provide a NAME");
}
// 3.2 Hybrid, you can use NAME as "", and provide it using callback.
// I don't think this is designed.
// Test for the bug fix: doNotPrompt can be true if tryFirstPass=true
}
throws Exception {
for (int i = 0; i < count; i++) {
} else {
}
}
}
}
private char[] password;
}
if (callback instanceof NameCallback) {
}
if (callback instanceof PasswordCallback) {
}
}
}
}
}