0 Replies Latest reply: Aug 10, 2012 6:19 PM by Veer Muchandi RSS

Testing Secured EJBs with Arquillian - DatabaseServerLoginModule and DigestAuthentication

Veer Muchandi Newbie

Base documentation is available in the following article. But this addresses only UsersRolesLoginModule.

 

https://community.jboss.org/wiki/TestingSecuredEJBsOnJBossAS71xWithArquillian

 

I am interested in DatabaseServerLoginModule.

 

I took the JBossLoginContextFactory class from the above article and modified it as under:

 

public class JBossLoginContextFactory {

 

 

    static class NamePasswordCallbackHandler implements CallbackHandler {

        private  final String username;

        private  final String password;

 

 

 

 

        private NamePasswordCallbackHandler(String username, String password) {

            this.username = username;

            this.password = password;

        }

       

 

 

        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {

            for (Callback current : callbacks) {

                if (current instanceof NameCallback) {

                    ((NameCallback) current).setName(username);

                } else if (current instanceof PasswordCallback) {

                    ((PasswordCallback) current).setPassword(password.toCharArray());

                } else {

                    throw new UnsupportedCallbackException(current);

                }

            }

        }

    }

 

 

    static class JBossJaasConfiguration extends Configuration {

        private final String configurationName;

 

 

        JBossJaasConfiguration(String configurationName) {

            this.configurationName = configurationName;

        }

 

 

        @Override

        public AppConfigurationEntry[] getAppConfigurationEntry(String name) {

            if (!configurationName.equals(name)) {

                throw new IllegalArgumentException("Unexpected configuration name '" + name + "'");

            }

 

 

            return new AppConfigurationEntry[] {

           

//replaced the UserRolesLoginModule with DatabaseServerLoginModule

//            createUsersRolesLoginModuleConfigEntry(),

            createDatabaseModuleConfigEntry(),

 

 

            createClientLoginModuleConfigEntry(),

 

 

            };

        }

 

 

 

 

        private AppConfigurationEntry createDatabaseModuleConfigEntry() {

            Map<String, String> options = new HashMap<String, String>();

            options.put("dsJndiName", "java:jboss/datasources/MysqlDS");

            options.put("principalsQuery", "select Password from Principals where PrincipalID=?");

            options.put("rolesQuery", "select Role, RoleGroup from Roles where PrincipalID=?");

            options.put("hashAlgorithm", "MD5");

            options.put("hashEncoding", "RFC2617");

            options.put("hashUserPassword", "false");

            options.put("hashStorePassword", "true");

            options.put("passwordIsA1Hash", "true");

            options.put("storeDigestCallback", "org.jboss.security.auth.callback.RFC2617Digest");

            options.put("password-stacking", "useFirstPass");

           

           

            return new AppConfigurationEntry("org.jboss.security.auth.spi.DatabaseServerLoginModule",

                    AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);

        }

       

        /**

         * The {@link org.jboss.security.auth.spi.UsersRolesLoginModule} creates the association between users and

         * roles.

         *

         * @return

         */

        private AppConfigurationEntry createUsersRolesLoginModuleConfigEntry() {

            Map<String, String> options = new HashMap<String, String>();

            return new AppConfigurationEntry("org.jboss.security.auth.spi.UsersRolesLoginModule",

                    AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);

        }

 

 

        /**

         * The {@link org.jboss.security.ClientLoginModule} associates the user credentials with the

         * {@link org.jboss.security.SecurityContext} where the JBoss security runtime can find it.

         *

         * @return

         */

        private AppConfigurationEntry createClientLoginModuleConfigEntry() {

            Map<String, String> options = new HashMap<String, String>();

            options.put("multi-threaded", "true");

            options.put("restore-login-identity", "true");

 

 

            return new AppConfigurationEntry("org.jboss.security.ClientLoginModule",

                    AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);

        }

    }

 

 

    /**

     * Obtain a LoginContext configured for use with the ClientLoginModule.

     *

     * @return the configured LoginContext.

     */

    public static LoginContext createLoginContext(final String username, final String password) throws LoginException {

        final String configurationName = "Arquillian Testing";

 

        CallbackHandler cbh = new JBossLoginContextFactory.NamePasswordCallbackHandler(username, password);

        Configuration config = new JBossJaasConfiguration(configurationName);

 

 

        return new LoginContext(configurationName, new Subject(), cbh, config);

    }

 

 

When I create a LoginContext and call

loginContext.login();

from my testcase, I get the following exception:

 

java.lang.IllegalStateException: Error launching test com.pinaka.UserManagement.test.UserMgmtServiceTest public void com.pinaka.UserManagement.test.UserMgmtServiceTest.testFindAllUsers() throws java.lang.Exception

          at org.jboss.arquillian.protocol.servlet.ServletMethodExecutor.invoke(ServletMethodExecutor.java:122)

          at org.jboss.arquillian.container.test.impl.execution.RemoteTestExecuter.execute(RemoteTestExecuter.java:120)

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

          at java.lang.reflect.Method.invoke(Method.java:601)

          at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)

          at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99)

          at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81)

          at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:134)

          at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:114)

          at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:67)

          at org.jboss.arquillian.container.test.impl.execution.ClientTestExecuter.execute(ClientTestExecuter.java:57)

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

          at java.lang.reflect.Method.invoke(Method.java:601)

          at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)

          at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99)

          at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81)

          at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:130)

          at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createTestContext(ContainerEventController.java:117)

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

          at java.lang.reflect.Method.invoke(Method.java:601)

          at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)

          at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)

          at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:82)

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

          at java.lang.reflect.Method.invoke(Method.java:601)

          at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)

          at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)

          at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:68)

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

          at java.lang.reflect.Method.invoke(Method.java:601)

          at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)

          at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)

          at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:54)

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

          at java.lang.reflect.Method.invoke(Method.java:601)

          at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:90)

          at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)

          at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:134)

          at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.test(EventTestRunnerAdaptor.java:111)

          at org.jboss.arquillian.junit.Arquillian$6.evaluate(Arquillian.java:239)

          at org.jboss.arquillian.junit.Arquillian$4.evaluate(Arquillian.java:202)

          at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:290)

          at org.jboss.arquillian.junit.Arquillian.access$100(Arquillian.java:45)

          at org.jboss.arquillian.junit.Arquillian$5.evaluate(Arquillian.java:216)

          at org.junit.rules.ExpectedException$ExpectedExceptionStatement.evaluate(ExpectedException.java:110)

          at org.junit.rules.RunRules.evaluate(RunRules.java:18)

          at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:263)

          at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:68)

          at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:47)

          at org.junit.runners.ParentRunner$3.run(ParentRunner.java:231)

          at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:60)

          at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:229)

          at org.junit.runners.ParentRunner.access$000(ParentRunner.java:50)

          at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:222)

          at org.jboss.arquillian.junit.Arquillian$2.evaluate(Arquillian.java:161)

          at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:290)

          at org.jboss.arquillian.junit.Arquillian.access$100(Arquillian.java:45)

          at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:175)

          at org.junit.runners.ParentRunner.run(ParentRunner.java:300)

          at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:123)

          at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)

          at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)

          at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)

          at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)

          at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)

          at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)

Caused by: java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: org.jboss.security.auth.callback.MapCallback

          at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1351)

          at java.io.ObjectInputStream.readObject(ObjectInputStream.java:369)

          at org.jboss.arquillian.test.spi.ExceptionProxy.readExternal(ExceptionProxy.java:300)

          at java.io.ObjectInputStream.readExternalData(ObjectInputStream.java:1810)

          at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1769)

          at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1347)

          at java.io.ObjectInputStream.readObject(ObjectInputStream.java:369)

          at org.jboss.arquillian.test.spi.ExceptionProxy.readExternal(ExceptionProxy.java:295)

          at java.io.ObjectInputStream.readExternalData(ObjectInputStream.java:1810)

          at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1769)

          at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1347)

          at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1964)

          at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1888)

          at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1771)

          at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1347)

          at java.io.ObjectInputStream.readObject(ObjectInputStream.java:369)

          at org.jboss.arquillian.protocol.servlet.ServletMethodExecutor.execute(ServletMethodExecutor.java:214)

          at org.jboss.arquillian.protocol.servlet.ServletMethodExecutor.executeWithRetry(ServletMethodExecutor.java:140)

          at org.jboss.arquillian.protocol.servlet.ServletMethodExecutor.invoke(ServletMethodExecutor.java:118)

          ... 77 more

Caused by: java.io.NotSerializableException: org.jboss.security.auth.callback.MapCallback

          at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1180)

          at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1528)

          at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1493)

          at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1416)

          at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1174)

          at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:346)

          at org.jboss.arquillian.test.spi.ExceptionProxy.writeExternal(ExceptionProxy.java:358)

          at java.io.ObjectOutputStream.writeExternalData(ObjectOutputStream.java:1443)

          at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1414)

          at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1174)

          at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:346)

          at org.jboss.arquillian.test.spi.ExceptionProxy.writeExternal(ExceptionProxy.java:341)

          at java.io.ObjectOutputStream.writeExternalData(ObjectOutputStream.java:1443)

          at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1414)

          at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1174)

          at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1528)

          at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1493)

          at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1416)

          at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1174)

          at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:346)

          at org.jboss.arquillian.protocol.servlet.runner.ServletTestRunner.writeObject(ServletTestRunner.java:229)

          at org.jboss.arquillian.protocol.servlet.runner.ServletTestRunner.executeTest(ServletTestRunner.java:163)

          at org.jboss.arquillian.protocol.servlet.runner.ServletTestRunner.execute(ServletTestRunner.java:126)

          at org.jboss.arquillian.protocol.servlet.runner.ServletTestRunner.doGet(ServletTestRunner.java:90)

          at javax.servlet.http.HttpServlet.service(HttpServlet.java:734)

          at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)

          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)

          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)

          at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62)

          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)

          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)

          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)

          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)

          at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50)

          at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)

          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)

          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)

          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)

          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)

          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)

          at java.lang.Thread.run(Thread.java:722)

 

 

How can this issue be resolved? Why is org.jboss.security.auth.callback.MapCallback not serializable? If I want to update this class and make it serializable, what steps should I take?

 

I am using JBoss 7.1.1 Final.