QPID-3249: Remove incomplete support for authentication at virtualhost level.

Applied patch from Keith Wall <keith.wall@gmail.com>

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1102258 13f79535-47bb-0310-9956-ffa450edef68

2 files changed, 235 insertions, 0 deletions

diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/VirtualHostConfigurationTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/VirtualHostConfigurationTest.java
index 917755e8a5..593119041d 100644
--- a/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/VirtualHostConfigurationTest.java
+++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/configuration/VirtualHostConfigurationTest.java
@@ -20,6 +20,8 @@
 package org.apache.qpid.server.configuration;
 
 
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.configuration.XMLConfiguration;
 import org.apache.qpid.framing.AMQShortString;
 import org.apache.qpid.server.queue.AMQPriorityQueue;
 import org.apache.qpid.server.queue.AMQQueue;
@@ -203,5 +205,29 @@ public class VirtualHostConfigurationTest extends InternalBrokerBaseCase
 
      }
 
+     /**
+      * Tests that the old element security.authentication.name is rejected.  This element
+      * was never supported properly as authentication  is performed before the virtual host
+      * is considered.
+      */
+     public void testSecurityAuthenticationNameRejected() throws Exception
+     {
+         getConfigXml().addProperty("virtualhosts.virtualhost.testSecurityAuthenticationNameRejected.security.authentication.name",
+                 "testdb");
+         
+         try
+         {
+             super.createBroker();
+             fail("Exception not thrown");
+         }
+         catch(ConfigurationException ce)
+         {
+             assertEquals("Incorrect error message",
+                          "Validation error : security/authentication/name is no longer a supported element within the configuration xml." +
+                          " It appears in virtual host definition : " + getName(),
+                          ce.getMessage());
+         }
+     }
+
 
 }
diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java
new file mode 100644
index 0000000000..f51ce0b6c6
--- /dev/null
+++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java
@@ -0,0 +1,209 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.server.security.auth.manager;
+
+import java.security.Provider;
+import java.security.Security;
+
+import javax.security.sasl.SaslException;
+import javax.security.sasl.SaslServer;
+
+import org.apache.qpid.server.security.auth.AuthenticationResult;
+import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
+import org.apache.qpid.server.util.InternalBrokerBaseCase;
+
+/**
+ *
+ * Tests the public methods of PrincipalDatabaseAuthenticationManager.
+ *
+ */
+public class PrincipalDatabaseAuthenticationManagerTest extends InternalBrokerBaseCase
+{
+    private PrincipalDatabaseAuthenticationManager _manager = null;
+    
+    /**
+     * @see org.apache.qpid.server.util.InternalBrokerBaseCase#tearDown()
+     */
+    @Override
+    public void tearDown() throws Exception
+    {
+        super.tearDown();
+        if (_manager != null)
+        {
+            _manager.close();
+        }
+    }
+
+    /**
+     * @see org.apache.qpid.server.util.InternalBrokerBaseCase#setUp()
+     */
+    @Override
+    public void setUp() throws Exception
+    {
+        super.setUp();
+        
+        _manager = new PrincipalDatabaseAuthenticationManager();
+    }
+
+    /**
+     * Tests that the PDAM registers SASL mechanisms correctly with the runtime.
+     */
+    public void testRegisteredMechanisms() throws Exception
+    {
+        assertNotNull(_manager.getMechanisms());
+        // relies on those mechanisms attached to PropertiesPrincipalDatabaseManager
+        assertEquals("PLAIN CRAM-MD5", _manager.getMechanisms());
+    
+        Provider qpidProvider = Security.getProvider(PrincipalDatabaseAuthenticationManager.PROVIDER_NAME);
+        assertNotNull(qpidProvider);
+    }
+
+    /**
+     * Tests that the SASL factory method createSaslServer correctly
+     * returns a non-null implementation.
+     */
+    public void testSaslMechanismCreation() throws Exception
+    {
+        SaslServer server = _manager.createSaslServer("CRAM-MD5", "localhost");
+        assertNotNull(server);
+        // Merely tests the creation of the mechanism. Mechanisms themselves are tested
+        // by their own tests.
+    }
+    
+    /**
+     * 
+     * Tests that the authenticate method correctly interprets an
+     * authentication success.
+     * 
+     */
+    public void testAuthenticationSuccess() throws Exception
+    {
+        SaslServer testServer = createTestSaslServer(true, false);
+        
+        AuthenticationResult result = _manager.authenticate(testServer, "12345".getBytes());
+        assertEquals(AuthenticationStatus.SUCCESS, result.status);
+    }
+
+    /**
+     * 
+     * Tests that the authenticate method correctly interprets an
+     * authentication not complete.
+     * 
+     */
+    public void testAuthenticationNotCompleted() throws Exception
+    {
+        SaslServer testServer = createTestSaslServer(false, false);
+        
+        AuthenticationResult result = _manager.authenticate(testServer, "12345".getBytes());
+        assertEquals(AuthenticationStatus.CONTINUE, result.status);
+    }
+
+    /**
+     * 
+     * Tests that the authenticate method correctly interprets an
+     * authentication error.
+     * 
+     */
+    public void testAuthenticationError() throws Exception
+    {
+        SaslServer testServer = createTestSaslServer(false, true);
+        
+        AuthenticationResult result = _manager.authenticate(testServer, "12345".getBytes());
+        assertEquals(AuthenticationStatus.ERROR, result.status);
+    }
+    
+    /**
+     * Tests the ability to de-register the provider.
+     */
+    public void testClose() throws Exception
+    {
+        assertEquals("PLAIN CRAM-MD5", _manager.getMechanisms());
+        assertNotNull(Security.getProvider(PrincipalDatabaseAuthenticationManager.PROVIDER_NAME));
+        
+        _manager.close();
+        
+        // Check provider has been removed.
+        assertNull(_manager.getMechanisms());
+        assertNull(Security.getProvider(PrincipalDatabaseAuthenticationManager.PROVIDER_NAME));
+        _manager = null;
+    }
+
+    /**
+     * Test SASL implementation used to test the authenticate() method.
+     */
+    private SaslServer createTestSaslServer(final boolean complete, final boolean throwSaslException)
+    {
+        return new SaslServer()
+        {
+
+            @Override
+            public String getMechanismName()
+            {
+                return null;
+            }
+
+            @Override
+            public byte[] evaluateResponse(byte[] response) throws SaslException
+            {
+                if (throwSaslException)
+                {
+                    throw new SaslException("Mocked exception");
+                }
+                return null;
+            }
+
+            @Override
+            public boolean isComplete()
+            {
+                return complete;
+            }
+
+            @Override
+            public String getAuthorizationID()
+            {
+                return null;
+            }
+
+            @Override
+            public byte[] unwrap(byte[] incoming, int offset, int len) throws SaslException
+            {
+                return null;
+            }
+
+            @Override
+            public byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException
+            {
+                return null;
+            }
+
+            @Override
+            public Object getNegotiatedProperty(String propName)
+            {
+                return null;
+            }
+
+            @Override
+            public void dispose() throws SaslException
+            {
+            }
+        };
+    }
+}