Apache
/
activemq-artemis
mirror of https://github.com/apache/activemq-artemis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ARTEMIS-1821 LDAPLoginModule always returns true on commit()

This commit is contained in:
Justin Bertram 2018-04-20 13:58:53 -05:00 committed by Howard Gao
parent d1c3ed5543
commit a2ade00a54
2 changed files with 31 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
View File

@ -181,15 +181,16 @@ public class LDAPLoginModule implements LoginModule {
@Override @Override
public boolean logout() throws LoginException { public boolean logout() throws LoginException {
username = null; clear();
return true; return true;
} }
@Override @Override
public boolean commit() throws LoginException { public boolean commit() throws LoginException {
boolean result = userAuthenticated;
Set<UserPrincipal> authenticatedUsers = subject.getPrincipals(UserPrincipal.class); Set<UserPrincipal> authenticatedUsers = subject.getPrincipals(UserPrincipal.class);
Set<Principal> principals = subject.getPrincipals(); Set<Principal> principals = subject.getPrincipals();
if (userAuthenticated) { if (result) {
principals.add(new UserPrincipal(username)); principals.add(new UserPrincipal(username));
} }
@ -210,12 +211,18 @@ public class LDAPLoginModule implements LoginModule {
for (RolePrincipal gp : groups) { for (RolePrincipal gp : groups) {
principals.add(gp); principals.add(gp);
} }
return true; clear();
return result;
}
private void clear() {
username = null;
userAuthenticated = false;
} }
@Override @Override
public boolean abort() throws LoginException { public boolean abort() throws LoginException {
username = null; clear();
return true; return true;
} }

20
artemis-server/src/test/java/org/apache/activemq/artemis/core/security/jaas/LDAPLoginModuleTest.java
View File

@ -21,6 +21,7 @@ import javax.naming.NameClassPair;
import javax.naming.NamingEnumeration; import javax.naming.NamingEnumeration;
import javax.naming.directory.DirContext; import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext; import javax.naming.directory.InitialDirContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback; import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.NameCallback;
@ -28,10 +29,14 @@ import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException; import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import java.io.IOException; import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.Hashtable; import java.util.Hashtable;
import org.apache.activemq.artemis.spi.core.security.jaas.JaasCallbackHandler;
import org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule;
import org.apache.directory.server.annotations.CreateLdapServer; import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport; import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.ApplyLdifFiles; import org.apache.directory.server.core.annotations.ApplyLdifFiles;
@ -43,6 +48,7 @@ import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail; import static org.junit.Assert.fail;
@ -142,4 +148,18 @@ public class LDAPLoginModuleTest extends AbstractLdapTestUnit {
} }
fail("Should have failed authenticating"); fail("Should have failed authenticating");
} }
@Test
public void testCommitOnFailedLogin() throws LoginException {
LoginModule loginModule = new LDAPLoginModule();
JaasCallbackHandler callbackHandler = new JaasCallbackHandler(null, null, null);
loginModule.initialize(new Subject(), callbackHandler, null, new HashMap<String, Object>());
// login should return false due to null username
assertFalse(loginModule.login());
// since login failed commit should return false as well
assertFalse(loginModule.commit());
}
} }