[9] RFR: 8048138: Tests for JAAS callbacks

Artem Smotrakov artem.smotrakov at oracle.com
Thu Apr 23 06:18:14 UTC 2015


Hi Max,

Please see inline.

On 04/22/2015 06:24 PM, Weijun Wang wrote:
> Hi Artem
>
> In StandardCallbacks.java, you provide an array of callbacks with an 
> unsupported one at the end, hoping all supported ones are processed 
> before the last one fails. It is very natural for a LoginModule 
> implementation to process them one by one in their original order 
> (like what CustomLoginModule does) but I am not sure if this is a 
> strict requirement. For example, what if it tries the last one first 
> and in this case fails before trying all the others?
>
> Can you find any specification on it? Or maybe in a technote article?
Yes, the test relies on original order of callbacks. But 
CustomLoginModule calls a callback handler directly, and it doesn't seem 
that JAAS framework may affect the order. That's why I make the test 
rely on original order of callbacks. I think it is okay for test since 
we control both login module and callback handler. In real applications, 
a login module and handler may be provided by independent parties, and 
they should not rely on order of callback.
>
> Another one:
>
> - SharedState: If the callback handler is not used, does the 
> constructor without the argument work?
The test uses DummyCallbackHandler that actually does nothing, but 
actually I forgot to call a callback handler in the login modules. I 
think it may be better it the test doesn't use a callback handler at 
all. According to the spec, it should work fine

http://docs.oracle.com/javase/8/docs/api/javax/security/auth/login/LoginContext.html

Please see an updated webrev:

http://cr.openjdk.java.net/~asmotrak/8048138/webrev.01/

Artem
>
> Thanks
> Max
>
> On 4/21/2015 10:22 PM, Artem Smotrakov wrote:
>> Hello,
>>
>> Please review a couple of new tests for JAAS:
>> - StandardCallbacks.java is for standard JAAS callbacks (except
>> RealmCallback and RealmChoiceCallback since the test is not about Sasl,
>> and actually those two callback extends ChoiceCallback which is used in
>> the test)
>> - SharedState.java checks if a shared state is passed to login modules
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8048138
>> Webrev: http://cr.openjdk.java.net/~asmotrak/8048138/webrev.00/
>>
>> Artem



More information about the security-dev mailing list