/**
  * Test if the constructor works as expected.
  *
  * @return void
  */
 public function testConstructor()
 {
     $this->assertFalse($this->subject->isReadOnly());
     $this->assertInstanceOf('AppserverIo\\Collections\\CollectionInterface', $this->subject->getPrincipals());
     $this->assertInstanceOf('AppserverIo\\Collections\\CollectionInterface', $this->subject->getPublicCredentials());
     $this->assertInstanceOf('AppserverIo\\Collections\\CollectionInterface', $this->subject->getPrivateCredentials());
 }
 /**
  * Method to commit the authentication process (phase 2). If the login
  * method completed successfully as indicated by loginOk == true, this
  * method adds the getIdentity() value to the subject getPrincipals() Set.
  * It also adds the members of each Group returned by getRoleSets()
  * to the subject getPrincipals() Set.
  *
  * @see javax.security.auth.Subject;
  * @see java.security.acl.Group;
  * @return true always.
  * @throws \AppserverIo\Appserver\Psr\Security\Auth\Login\LoginException If login can't be committed'
  */
 public function commit()
 {
     // we can only commit if the login has been successful
     if ($this->loginOk === false) {
         return false;
     }
     // add the identity to the subject's principals
     $principals = $this->subject->getPrincipals();
     $principals->add($this->getIdentity());
     // load the groups
     $roleSets = $this->getRoleSets();
     // iterate over the groups and add them to the subject
     for ($g = 0; $g < sizeof($roleSets); $g++) {
         // initialize group, name and subject group
         $group = $roleSets[$g];
         $name = $group->getName();
         $subjectGroup = $this->createGroup($name, $principals);
         /* if ($subjectGroup instanceof NestableGroup) {
                // a NestableGroup only allows Groups to be added to it so we need to add a SimpleGroup to subjectRoles to contain the roles
                $tmp = new SimpleGroup('Roles');
                $subjectGroup->addMember($tmp);
                $subjectGroup = $tmp;
            } */
         // copy the group members to the Subject group
         foreach ($group->getMembers() as $member) {
             $subjectGroup->addMember($member);
         }
     }
     // return TRUE if we succeed
     return true;
 }
 /**
  * Test if the constructor works as expected.
  *
  * @return void
  */
 public function testConstructorWithPassedValues()
 {
     // initialize the subject with the passed values
     $subject = new Subject($principals = new ArrayList(), $publicCredentials = new ArrayList(), $privateCredentials = new ArrayList(), true);
     // assert the values
     $this->assertTrue($subject->isReadOnly());
     $this->assertSame($principals, $subject->getPrincipals());
     $this->assertSame($publicCredentials, $subject->getPublicCredentials());
     $this->assertSame($privateCredentials, $subject->getPrivateCredentials());
 }
Example #4
0
 /**
  * Identify and return an instance implementing the PrincipalInterface that represens the
  * authenticated user for the specified Subject. The Principal is constructed by scanning
  * the list of Principals returned by the LoginModule. The first Principal object that
  * matches one of the class names supplied as a "user class" is the user Principal. This
  * object is returned to the caller. Any remaining principal objects returned by the
  * LoginModules are mapped to roles, but only if their respective classes match one of the
  * "role class" classes. If a user Principal cannot be constructed, return NULL.
  *
  * @param \AppserverIo\Lang\String                                   $username     The associated user name
  * @param \AppserverIo\Psr\Security\Auth\Subject                     $subject      The Subject representing the logged-in user
  * @param \AppserverIo\Psr\Security\Auth\Login\LoginContextInterface $loginContext Associated with the Principal so {@link LoginContext#logout()} can be called later
  *
  * @return \AppserverIo\Security\PrincipalInterface the principal object
  */
 protected function createPrincipal(string $username, Subject $subject, LoginContextInterface $loginContext)
 {
     // initialize the roles and the user principal
     $roles = new ArrayList();
     $userPrincipal = null;
     // scan the Principals for this Subject
     foreach ($subject->getPrincipals() as $principal) {
         // query whether or not the principal found is a group principal
         if ($principal instanceof GroupInterface && $principal->getName()->equals(new String(Util::DEFAULT_GROUP_NAME))) {
             // if yes, add the role name
             foreach ($principal->getMembers() as $role) {
                 $roles->add($role->getName());
             }
             // query whether or not the principal found is a user principal
         } elseif ($userPrincipal == null && $principal instanceof PrincipalInterface) {
             $userPrincipal = $principal;
         } else {
             // do nothing, because we've no principal or group to deal with
         }
     }
     // return the resulting Principal for our authenticated user
     return new GenericPrincipal($username, null, $roles, $userPrincipal, $loginContext);
 }