/**
* Test if the constructor works as expected.
*
* @return void
*/
public function testConstructor()
{
$this->assertFalse($this->subject->isReadOnly());
$this->assertInstanceOf('AppserverIo\\Collections\\CollectionInterface', $this->subject->getPrincipals());
$this->assertInstanceOf('AppserverIo\\Collections\\CollectionInterface', $this->subject->getPublicCredentials());
$this->assertInstanceOf('AppserverIo\\Collections\\CollectionInterface', $this->subject->getPrivateCredentials());
}
/**
* Method to commit the authentication process (phase 2). If the login
* method completed successfully as indicated by loginOk == true, this
* method adds the getIdentity() value to the subject getPrincipals() Set.
* It also adds the members of each Group returned by getRoleSets()
* to the subject getPrincipals() Set.
*
* @see javax.security.auth.Subject;
* @see java.security.acl.Group;
* @return true always.
* @throws \AppserverIo\Appserver\Psr\Security\Auth\Login\LoginException If login can't be committed'
*/
public function commit()
{
// we can only commit if the login has been successful
if ($this->loginOk === false) {
return false;
}
// add the identity to the subject's principals
$principals = $this->subject->getPrincipals();
$principals->add($this->getIdentity());
// load the groups
$roleSets = $this->getRoleSets();
// iterate over the groups and add them to the subject
for ($g = 0; $g < sizeof($roleSets); $g++) {
// initialize group, name and subject group
$group = $roleSets[$g];
$name = $group->getName();
$subjectGroup = $this->createGroup($name, $principals);
/* if ($subjectGroup instanceof NestableGroup) {
// a NestableGroup only allows Groups to be added to it so we need to add a SimpleGroup to subjectRoles to contain the roles
$tmp = new SimpleGroup('Roles');
$subjectGroup->addMember($tmp);
$subjectGroup = $tmp;
} */
// copy the group members to the Subject group
foreach ($group->getMembers() as $member) {
$subjectGroup->addMember($member);
}
}
// return TRUE if we succeed
return true;
}
/**
* Test if the constructor works as expected.
*
* @return void
*/
public function testConstructorWithPassedValues()
{
// initialize the subject with the passed values
$subject = new Subject($principals = new ArrayList(), $publicCredentials = new ArrayList(), $privateCredentials = new ArrayList(), true);
// assert the values
$this->assertTrue($subject->isReadOnly());
$this->assertSame($principals, $subject->getPrincipals());
$this->assertSame($publicCredentials, $subject->getPublicCredentials());
$this->assertSame($privateCredentials, $subject->getPrivateCredentials());
}
/**
* Identify and return an instance implementing the PrincipalInterface that represens the
* authenticated user for the specified Subject. The Principal is constructed by scanning
* the list of Principals returned by the LoginModule. The first Principal object that
* matches one of the class names supplied as a "user class" is the user Principal. This
* object is returned to the caller. Any remaining principal objects returned by the
* LoginModules are mapped to roles, but only if their respective classes match one of the
* "role class" classes. If a user Principal cannot be constructed, return NULL.
*
* @param \AppserverIo\Lang\String $username The associated user name
* @param \AppserverIo\Psr\Security\Auth\Subject $subject The Subject representing the logged-in user
* @param \AppserverIo\Psr\Security\Auth\Login\LoginContextInterface $loginContext Associated with the Principal so {@link LoginContext#logout()} can be called later
*
* @return \AppserverIo\Security\PrincipalInterface the principal object
*/
protected function createPrincipal(string $username, Subject $subject, LoginContextInterface $loginContext)
{
// initialize the roles and the user principal
$roles = new ArrayList();
$userPrincipal = null;
// scan the Principals for this Subject
foreach ($subject->getPrincipals() as $principal) {
// query whether or not the principal found is a group principal
if ($principal instanceof GroupInterface && $principal->getName()->equals(new String(Util::DEFAULT_GROUP_NAME))) {
// if yes, add the role name
foreach ($principal->getMembers() as $role) {
$roles->add($role->getName());
}
// query whether or not the principal found is a user principal
} elseif ($userPrincipal == null && $principal instanceof PrincipalInterface) {
$userPrincipal = $principal;
} else {
// do nothing, because we've no principal or group to deal with
}
}
// return the resulting Principal for our authenticated user
return new GenericPrincipal($username, null, $roles, $userPrincipal, $loginContext);
}