[9] RFR: 8048138: Tests for JAAS callbacks

Weijun Wang weijun.wang at oracle.com
Thu Apr 23 08:21:40 UTC 2015


All codes fine.

Thanks
Max

On 4/23/2015 2:18 PM, Artem Smotrakov wrote:
> Hi Max,
>
> Please see inline.
>
> On 04/22/2015 06:24 PM, Weijun Wang wrote:
>> Hi Artem
>>
>> In StandardCallbacks.java, you provide an array of callbacks with an
>> unsupported one at the end, hoping all supported ones are processed
>> before the last one fails. It is very natural for a LoginModule
>> implementation to process them one by one in their original order
>> (like what CustomLoginModule does) but I am not sure if this is a
>> strict requirement. For example, what if it tries the last one first
>> and in this case fails before trying all the others?
>>
>> Can you find any specification on it? Or maybe in a technote article?
> Yes, the test relies on original order of callbacks. But
> CustomLoginModule calls a callback handler directly, and it doesn't seem
> that JAAS framework may affect the order. That's why I make the test
> rely on original order of callbacks. I think it is okay for test since
> we control both login module and callback handler. In real applications,
> a login module and handler may be provided by independent parties, and
> they should not rely on order of callback.
>>
>> Another one:
>>
>> - SharedState: If the callback handler is not used, does the
>> constructor without the argument work?
> The test uses DummyCallbackHandler that actually does nothing, but
> actually I forgot to call a callback handler in the login modules. I
> think it may be better it the test doesn't use a callback handler at
> all. According to the spec, it should work fine
>
> http://docs.oracle.com/javase/8/docs/api/javax/security/auth/login/LoginContext.html
>
>
> Please see an updated webrev:
>
> http://cr.openjdk.java.net/~asmotrak/8048138/webrev.01/
>
> Artem
>>
>> Thanks
>> Max
>>
>> On 4/21/2015 10:22 PM, Artem Smotrakov wrote:
>>> Hello,
>>>
>>> Please review a couple of new tests for JAAS:
>>> - StandardCallbacks.java is for standard JAAS callbacks (except
>>> RealmCallback and RealmChoiceCallback since the test is not about Sasl,
>>> and actually those two callback extends ChoiceCallback which is used in
>>> the test)
>>> - SharedState.java checks if a shared state is passed to login modules
>>>
>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8048138
>>> Webrev: http://cr.openjdk.java.net/~asmotrak/8048138/webrev.00/
>>>
>>> Artem
>


More information about the security-dev mailing list