|
|
@@ -1,56 +1,72 @@
|
|
|
package net.sf.acegisecurity.providers.dao.ldap;
|
|
|
|
|
|
-import javax.naming.NamingEnumeration;
|
|
|
import javax.naming.NamingException;
|
|
|
-import javax.naming.directory.Attributes;
|
|
|
-import javax.naming.directory.BasicAttribute;
|
|
|
-import javax.naming.directory.BasicAttributes;
|
|
|
|
|
|
+import net.sf.acegisecurity.BadCredentialsException;
|
|
|
import net.sf.acegisecurity.UserDetails;
|
|
|
import net.sf.acegisecurity.GrantedAuthority;
|
|
|
|
|
|
public class LdapPasswordAuthenticationTest extends BaseLdapTestCase {
|
|
|
|
|
|
-
|
|
|
- /** Simply test the connection to the test LDAP server;
|
|
|
- * if this test fails we know the server setup needs checked.
|
|
|
- * @throws NamingException
|
|
|
- */
|
|
|
- public void testConnection() throws NamingException {
|
|
|
- Object obj = getClientContext().lookup("ou=users");
|
|
|
- //System.out.println( obj );
|
|
|
- assertNotNull( obj );
|
|
|
- }
|
|
|
+ private LdapPasswordAuthenticationDao dao;
|
|
|
+
|
|
|
+ private String DEFAULT_ROLE = "DEFAULT_ROLE";
|
|
|
|
|
|
+ /** Setup the basic properties of our LdapPasswordAuthenticationDao */
|
|
|
+ protected void setUp() {
|
|
|
+ dao = new LdapPasswordAuthenticationDao();
|
|
|
+ dao.setURL("ldap://localhost:389/ou=system");
|
|
|
+ }
|
|
|
|
|
|
- public void testSetupOne() throws NamingException {
|
|
|
- // add a simple user object so we can test it:
|
|
|
-
|
|
|
- //String name = "cn=User One,ou=users";
|
|
|
- String name = "uid=one.user,ou=users";
|
|
|
- Attributes attrs = new BasicAttributes();
|
|
|
- attrs.put("dn", name + ",ou=system");
|
|
|
- attrs.put("cn", "User One");
|
|
|
- attrs.put("sn", "One");
|
|
|
- attrs.put("givenName", "User");
|
|
|
- attrs.put("uid", "user.one");
|
|
|
- attrs.put("mail", "user.one@hotmail.com");
|
|
|
- attrs.put("userPassword", "plaintext");
|
|
|
- attrs.put("objectClass", "inetOrgPerson");
|
|
|
- attrs.put("objectClass", "top");
|
|
|
- getServerContext().createSubcontext(name, attrs);
|
|
|
-
|
|
|
- Attributes myAttrs = getClientContext().getAttributes("uid=one.user,ou=users");
|
|
|
- assertEquals(8, myAttrs.size());
|
|
|
-
|
|
|
- assertEquals("uid=one.user,ou=users,ou=system", myAttrs.get("dn").get() );
|
|
|
- //System.out.println("DN = " + myAttrs.get("dn").get() );
|
|
|
- /*
|
|
|
- NamingEnumeration names = myAttrs.getIDs();
|
|
|
- while (names.hasMoreElements()) {
|
|
|
- System.out.println("Found id: " + names.nextElement() );
|
|
|
- } */
|
|
|
+
|
|
|
+ public void testSimpleUidUser() throws NamingException {
|
|
|
+ dao.setUserContext("uid={0},ou=users,ou=system");
|
|
|
+ dao.setDefaultRole(DEFAULT_ROLE);
|
|
|
+ try {
|
|
|
+ UserDetails userDetails = dao.loadUserByUsernameAndPassword("one.user", "plaintext");
|
|
|
+ assertEquals(1, userDetails.getAuthorities().length );
|
|
|
+ assertEquals(DEFAULT_ROLE, userDetails.getAuthorities()[0].getAuthority() );
|
|
|
+ } catch (BadCredentialsException ex) {
|
|
|
+ fail();
|
|
|
+ }
|
|
|
}
|
|
|
|
|
|
+ public void testSimpleCnUser() throws NamingException {
|
|
|
+ dao.setUserContext("cn={0},ou=users,ou=system");
|
|
|
+ dao.setDefaultRole(DEFAULT_ROLE);
|
|
|
+ try {
|
|
|
+ UserDetails userDetails = dao.loadUserByUsernameAndPassword("user.two", "plaintext2");
|
|
|
+ assertEquals(1, userDetails.getAuthorities().length );
|
|
|
+ assertEquals(DEFAULT_ROLE, userDetails.getAuthorities()[0].getAuthority() );
|
|
|
+ } catch (BadCredentialsException ex) {
|
|
|
+ fail();
|
|
|
+ }
|
|
|
+ }
|
|
|
|
|
|
+ public void testSimpleMultiUserContext() throws NamingException {
|
|
|
+ dao.setUserContexts(new String[]{"uid={0},ou=users,ou=system", "cn={0},ou=users,ou=system"});
|
|
|
+ dao.setDefaultRole(DEFAULT_ROLE);
|
|
|
+ try {
|
|
|
+ UserDetails userDetails = dao.loadUserByUsernameAndPassword("one.user", "plaintext");
|
|
|
+ assertEquals(1, userDetails.getAuthorities().length );
|
|
|
+ assertEquals(DEFAULT_ROLE, userDetails.getAuthorities()[0].getAuthority() );
|
|
|
+
|
|
|
+ UserDetails userDetails2 = dao.loadUserByUsernameAndPassword("user.two", "plaintext2");
|
|
|
+ assertEquals(1, userDetails2.getAuthorities().length );
|
|
|
+ assertEquals(DEFAULT_ROLE, userDetails2.getAuthorities()[0].getAuthority() );
|
|
|
+ } catch (BadCredentialsException ex) {
|
|
|
+ fail();
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ public void testEmptyRoles() {
|
|
|
+ dao.setUserContext("uid={0},ou=users,ou=system");
|
|
|
+ try {
|
|
|
+ UserDetails userDetails = dao.loadUserByUsernameAndPassword("user.two", "plaintext2");
|
|
|
+ fail("No roles are accessible for user; this test _should_ fail.");
|
|
|
+ } catch (BadCredentialsException ex) {
|
|
|
+ assertTrue("No roles are accessible for user; this test _should_ fail.",
|
|
|
+ ex.getMessage().startsWith(LdapPasswordAuthenticationDao.BAD_CREDENTIALS_EXCEPTION_MESSAGE) );
|
|
|
+ }
|
|
|
+ }
|
|
|
}
|
Robert Sanders