@Test
public void testRoleExpansion() throws LoginException {
LoginContext context =
new LoginContext(
"ExpandedLDAPLogin",
new CallbackHandler() {
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
((NameCallback) callbacks[i]).setName("first");
} else if (callbacks[i] instanceof PasswordCallback) {
((PasswordCallback) callbacks[i]).setPassword("secret".toCharArray());
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
}
}
});
context.login();
Subject subject = context.getSubject();
boolean isAdmin = false;
boolean isUser = false;
for (Principal principal : subject.getPrincipals()) {
if (principal instanceof GroupPrincipal) {
GroupPrincipal groupPrincipal = (GroupPrincipal) principal;
if (groupPrincipal.getName().equalsIgnoreCase("admins")) isAdmin = true;
if (groupPrincipal.getName().equalsIgnoreCase("users")) isUser = true;
}
}
// Should be in users by virtue of being in admins
assertTrue(isAdmin && isUser);
context.logout();
}
