0 Replies Latest reply on Aug 10, 2012 6:19 PM by v_m

    Testing Secured EJBs with Arquillian - DatabaseServerLoginModule and DigestAuthentication

    v_m

      Base documentation is available in the following article. But this addresses only UsersRolesLoginModule.

       

      https://community.jboss.org/wiki/TestingSecuredEJBsOnJBossAS71xWithArquillian

       

      I am interested in DatabaseServerLoginModule.

       

      I took the JBossLoginContextFactory class from the above article and modified it as under:

       

      public class JBossLoginContextFactory {

       

       

          static class NamePasswordCallbackHandler implements CallbackHandler {

              private  final String username;

              private  final String password;

       

       

       

       

              private NamePasswordCallbackHandler(String username, String password) {

                  this.username = username;

                  this.password = password;

              }

             

       

       

              public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {

                  for (Callback current : callbacks) {

                      if (current instanceof NameCallback) {

                          ((NameCallback) current).setName(username);

                      } else if (current instanceof PasswordCallback) {

                          ((PasswordCallback) current).setPassword(password.toCharArray());

                      } else {

                          throw new UnsupportedCallbackException(current);

                      }

                  }

              }

          }

       

       

          static class JBossJaasConfiguration extends Configuration {

              private final String configurationName;

       

       

              JBossJaasConfiguration(String configurationName) {

                  this.configurationName = configurationName;

              }

       

       

              @Override

              public AppConfigurationEntry[] getAppConfigurationEntry(String name) {

                  if (!configurationName.equals(name)) {

                      throw new IllegalArgumentException("Unexpected configuration name '" + name + "'");

                  }

       

       

                  return new AppConfigurationEntry[] {

                 

      //replaced the UserRolesLoginModule with DatabaseServerLoginModule

      //            createUsersRolesLoginModuleConfigEntry(),

                  createDatabaseModuleConfigEntry(),

       

       

                  createClientLoginModuleConfigEntry(),

       

       

                  };

              }

       

       

       

       

              private AppConfigurationEntry createDatabaseModuleConfigEntry() {

                  Map<String, String> options = new HashMap<String, String>();

                  options.put("dsJndiName", "java:jboss/datasources/MysqlDS");

                  options.put("principalsQuery", "select Password from Principals where PrincipalID=?");

                  options.put("rolesQuery", "select Role, RoleGroup from Roles where PrincipalID=?");

                  options.put("hashAlgorithm", "MD5");

                  options.put("hashEncoding", "RFC2617");

                  options.put("hashUserPassword", "false");

                  options.put("hashStorePassword", "true");

                  options.put("passwordIsA1Hash", "true");

                  options.put("storeDigestCallback", "org.jboss.security.auth.callback.RFC2617Digest");

                  options.put("password-stacking", "useFirstPass");

                 

                 

                  return new AppConfigurationEntry("org.jboss.security.auth.spi.DatabaseServerLoginModule",

                          AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);

              }

             

              /**

               * The {@link org.jboss.security.auth.spi.UsersRolesLoginModule} creates the association between users and

               * roles.

               *

               * @return

               */

              private AppConfigurationEntry createUsersRolesLoginModuleConfigEntry() {

                  Map<String, String> options = new HashMap<String, String>();

                  return new AppConfigurationEntry("org.jboss.security.auth.spi.UsersRolesLoginModule",

                          AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);

              }

       

       

              /**

               * The {@link org.jboss.security.ClientLoginModule} associates the user credentials with the

               * {@link org.jboss.security.SecurityContext} where the JBoss security runtime can find it.

               *

               * @return

               */

              private AppConfigurationEntry createClientLoginModuleConfigEntry() {

                  Map<String, String> options = new HashMap<String, String>();

                  options.put("multi-threaded", "true");

                  options.put("restore-login-identity", "true");

       

       

                  return new AppConfigurationEntry("org.jboss.security.ClientLoginModule",

                          AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);

              }

          }

       

       

          /**

           * Obtain a LoginContext configured for use with the ClientLoginModule.

           *

           * @return the configured LoginContext.

           */

          public static LoginContext createLoginContext(final String username, final String password) throws LoginException {

              final String configurationName = "Arquillian Testing";

       

              CallbackHandler cbh = new JBossLoginContextFactory.NamePasswordCallbackHandler(username, password);

              Configuration config = new JBossJaasConfiguration(configurationName);

       

       

              return new LoginContext(configurationName, new Subject(), cbh, config);

          }

       

       

      When I create a LoginContext and call

      loginContext.login();

      from my testcase, I get the following exception:

       

      java.lang.IllegalStateException: Error launching test com.pinaka.UserManagement.test.UserMgmtServiceTest public void com.pinaka.UserManagement.test.UserMgmtServiceTest.testFindAllUsers() throws java.lang.Exception

                at org.jboss.arquillian.protocol.servlet.ServletMethodExecutor.invoke(ServletMethodExecutor.java:122)

                at org.jboss.arquillian.container.test.impl.execution.RemoteTestExecuter.execute(RemoteTestExecuter.java:120)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:601)

                at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)

                at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99)

                at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81)

                at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:134)

                at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:114)

                at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:67)

                at org.jboss.arquillian.container.test.impl.execution.ClientTestExecuter.execute(ClientTestExecuter.java:57)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:601)

                at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)

                at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99)

                at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81)

                at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:130)

                at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createTestContext(ContainerEventController.java:117)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:601)

                at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)

                at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)

                at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:82)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:601)

                at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)

                at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)

                at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:68)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:601)

                at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)

                at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)

                at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:54)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:601)

                at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)

                at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)

                at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:134)

                at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.test(EventTestRunnerAdaptor.java:111)

                at org.jboss.arquillian.junit.Arquillian$6.evaluate(Arquillian.java:239)

                at org.jboss.arquillian.junit.Arquillian$4.evaluate(Arquillian.java:202)

                at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:290)

                at org.jboss.arquillian.junit.Arquillian.access$100(Arquillian.java:45)

                at org.jboss.arquillian.junit.Arquillian$5.evaluate(Arquillian.java:216)

                at org.junit.rules.ExpectedException$ExpectedExceptionStatement.evaluate(ExpectedException.java:110)

                at org.junit.rules.RunRules.evaluate(RunRules.java:18)

                at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:263)

                at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:68)

                at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:47)

                at org.junit.runners.ParentRunner$3.run(ParentRunner.java:231)

                at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:60)

                at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:229)

                at org.junit.runners.ParentRunner.access$000(ParentRunner.java:50)

                at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:222)

                at org.jboss.arquillian.junit.Arquillian$2.evaluate(Arquillian.java:161)

                at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:290)

                at org.jboss.arquillian.junit.Arquillian.access$100(Arquillian.java:45)

                at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:175)

                at org.junit.runners.ParentRunner.run(ParentRunner.java:300)

                at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:123)

                at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)

                at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)

                at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)

                at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)

                at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)

                at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)

      Caused by: java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: org.jboss.security.auth.callback.MapCallback

                at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1351)

                at java.io.ObjectInputStream.readObject(ObjectInputStream.java:369)

                at org.jboss.arquillian.test.spi.ExceptionProxy.readExternal(ExceptionProxy.java:300)

                at java.io.ObjectInputStream.readExternalData(ObjectInputStream.java:1810)

                at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1769)

                at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1347)

                at java.io.ObjectInputStream.readObject(ObjectInputStream.java:369)

                at org.jboss.arquillian.test.spi.ExceptionProxy.readExternal(ExceptionProxy.java:295)

                at java.io.ObjectInputStream.readExternalData(ObjectInputStream.java:1810)

                at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1769)

                at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1347)

                at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1964)

                at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1888)

                at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1771)

                at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1347)

                at java.io.ObjectInputStream.readObject(ObjectInputStream.java:369)

                at org.jboss.arquillian.protocol.servlet.ServletMethodExecutor.execute(ServletMethodExecutor.java:214)

                at org.jboss.arquillian.protocol.servlet.ServletMethodExecutor.executeWithRetry(ServletMethodExecutor.java:140)

                at org.jboss.arquillian.protocol.servlet.ServletMethodExecutor.invoke(ServletMethodExecutor.java:118)

                ... 77 more

      Caused by: java.io.NotSerializableException: org.jboss.security.auth.callback.MapCallback

                at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1180)

                at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1528)

                at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1493)

                at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1416)

                at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1174)

                at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:346)

                at org.jboss.arquillian.test.spi.ExceptionProxy.writeExternal(ExceptionProxy.java:358)

                at java.io.ObjectOutputStream.writeExternalData(ObjectOutputStream.java:1443)

                at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1414)

                at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1174)

                at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:346)

                at org.jboss.arquillian.test.spi.ExceptionProxy.writeExternal(ExceptionProxy.java:341)

                at java.io.ObjectOutputStream.writeExternalData(ObjectOutputStream.java:1443)

                at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1414)

                at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1174)

                at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1528)

                at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1493)

                at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1416)

                at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1174)

                at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:346)

                at org.jboss.arquillian.protocol.servlet.runner.ServletTestRunner.writeObject(ServletTestRunner.java:229)

                at org.jboss.arquillian.protocol.servlet.runner.ServletTestRunner.executeTest(ServletTestRunner.java:163)

                at org.jboss.arquillian.protocol.servlet.runner.ServletTestRunner.execute(ServletTestRunner.java:126)

                at org.jboss.arquillian.protocol.servlet.runner.ServletTestRunner.doGet(ServletTestRunner.java:90)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:734)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)

                at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)

                at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50)

                at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)

                at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)

                at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)

                at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)

                at java.lang.Thread.run(Thread.java:722)

       

       

      How can this issue be resolved? Why is org.jboss.security.auth.callback.MapCallback not serializable? If I want to update this class and make it serializable, what steps should I take?

       

      I am using JBoss 7.1.1 Final.