/** * Test if the constructor works as expected. * * @return void */ public function testConstructorWithPassedValues() { // initialize the subject with the passed values $subject = new Subject($principals = new ArrayList(), $publicCredentials = new ArrayList(), $privateCredentials = new ArrayList(), true); // assert the values $this->assertTrue($subject->isReadOnly()); $this->assertSame($principals, $subject->getPrincipals()); $this->assertSame($publicCredentials, $subject->getPublicCredentials()); $this->assertSame($privateCredentials, $subject->getPrivateCredentials()); }
/** * Method to commit the authentication process (phase 2). If the login * method completed successfully as indicated by loginOk == true, this * method adds the getIdentity() value to the subject getPrincipals() Set. * It also adds the members of each Group returned by getRoleSets() * to the subject getPrincipals() Set. * * @see javax.security.auth.Subject; * @see java.security.acl.Group; * @return true always. * @throws \AppserverIo\Appserver\Psr\Security\Auth\Login\LoginException If login can't be committed' */ public function commit() { // we can only commit if the login has been successful if ($this->loginOk === false) { return false; } // add the identity to the subject's principals $principals = $this->subject->getPrincipals(); $principals->add($this->getIdentity()); // load the groups $roleSets = $this->getRoleSets(); // iterate over the groups and add them to the subject for ($g = 0; $g < sizeof($roleSets); $g++) { // initialize group, name and subject group $group = $roleSets[$g]; $name = $group->getName(); $subjectGroup = $this->createGroup($name, $principals); /* if ($subjectGroup instanceof NestableGroup) { // a NestableGroup only allows Groups to be added to it so we need to add a SimpleGroup to subjectRoles to contain the roles $tmp = new SimpleGroup('Roles'); $subjectGroup->addMember($tmp); $subjectGroup = $tmp; } */ // copy the group members to the Subject group foreach ($group->getMembers() as $member) { $subjectGroup->addMember($member); } } // return TRUE if we succeed return true; }
/** * Identify and return an instance implementing the PrincipalInterface that represens the * authenticated user for the specified Subject. The Principal is constructed by scanning * the list of Principals returned by the LoginModule. The first Principal object that * matches one of the class names supplied as a "user class" is the user Principal. This * object is returned to the caller. Any remaining principal objects returned by the * LoginModules are mapped to roles, but only if their respective classes match one of the * "role class" classes. If a user Principal cannot be constructed, return NULL. * * @param \AppserverIo\Lang\String $username The associated user name * @param \AppserverIo\Psr\Security\Auth\Subject $subject The Subject representing the logged-in user * @param \AppserverIo\Psr\Security\Auth\Login\LoginContextInterface $loginContext Associated with the Principal so {@link LoginContext#logout()} can be called later * * @return \AppserverIo\Security\PrincipalInterface the principal object */ protected function createPrincipal(string $username, Subject $subject, LoginContextInterface $loginContext) { // initialize the roles and the user principal $roles = new ArrayList(); $userPrincipal = null; // scan the Principals for this Subject foreach ($subject->getPrincipals() as $principal) { // query whether or not the principal found is a group principal if ($principal instanceof GroupInterface && $principal->getName()->equals(new String(Util::DEFAULT_GROUP_NAME))) { // if yes, add the role name foreach ($principal->getMembers() as $role) { $roles->add($role->getName()); } // query whether or not the principal found is a user principal } elseif ($userPrincipal == null && $principal instanceof PrincipalInterface) { $userPrincipal = $principal; } else { // do nothing, because we've no principal or group to deal with } } // return the resulting Principal for our authenticated user return new GenericPrincipal($username, null, $roles, $userPrincipal, $loginContext); }
/** * Test the setter for the read only setter. * * @return void */ public function testSetReadOnly() { $this->subject->setReadOnly(); $this->assertTrue($this->subject->isReadOnly()); }