Modified: incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/login/LdapLoginModuleTest.java URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/login/LdapLoginModuleTest.java?rev=804457&r1=804456&r2=804457&view=diff ============================================================================== --- incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/login/LdapLoginModuleTest.java (original) +++ incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/login/LdapLoginModuleTest.java Sat Aug 15 11:53:37 2009 @@ -20,9 +20,13 @@ */ package org.apache.wiki.auth.login; +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; import java.security.Principal; import java.util.HashMap; import java.util.Map; +import java.util.Properties; import java.util.Set; import javax.security.auth.Subject; @@ -32,22 +36,26 @@ import junit.framework.TestCase; -import org.apache.wiki.auth.WikiPrincipal; +import org.apache.wiki.TestEngine; +import org.apache.wiki.WikiSession; +import org.apache.wiki.auth.*; +import org.apache.wiki.auth.authorize.LdapAuthorizer; import org.apache.wiki.auth.authorize.Role; +import org.freshcookies.security.Keychain; /** * @author Andrew R. Jaquith */ public class LdapLoginModuleTest extends TestCase { - private Map<String,String> m_options = null; + private Map<String,String> m_options = new HashMap<String, String>(); public void setUp() { m_options = new HashMap<String, String>(); + m_options.putAll( LdapConfig.OPEN_LDAP_CONFIG ); m_options.put( LdapLoginModule.OPTION_CONNECTION_URL, "ldap://127.0.0.1:4890"; ); m_options.put( LdapLoginModule.OPTION_LOGIN_ID_PATTERN, "uid={0},ou=people,dc=jspwiki,dc=org" ); - m_options.put( LdapLoginModule.OPTION_USER_BASE, "ou=people,dc=jspwiki,dc=org" ); - m_options.put( LdapLoginModule.OPTION_USER_PATTERN, "(&(objectClass=inetOrgPerson)(uid={0}))" ); + m_options.put( LdapLoginModule.OPTION_USER_BASE, "dc=jspwiki,dc=org" ); m_options.put( LdapLoginModule.OPTION_AUTHENTICATION, "simple" ); } @@ -118,29 +126,61 @@ assertTrue( principals.contains( new WikiPrincipal( "FredFlintstone", WikiPrincipal.WIKI_NAME ) ) ); } + /** + * Script for logging into test Active Directory. + * @param args + * @throws Exception + */ + @SuppressWarnings("deprecation") public static final void main( String... args ) throws Exception { - LdapLoginModuleTest t = new LdapLoginModuleTest(); - - t.m_options.clear(); - t.m_options.put( LdapLoginModule.OPTION_AUTHENTICATION, "DIGEST-MD5" ); - t.m_options.put( LdapLoginModule.OPTION_CONNECTION_URL, "ldap://camb-dc01.forrester.loc:389"; ); - t.m_options.put( LdapLoginModule.OPTION_LOGIN_ID_PATTERN, "(uid={0})" ); - t.m_options.put( LdapLoginModule.OPTION_USER_BASE, "OU=users,OU=Cambridge,OU=Office Locations,OU=forrester,DC=forrester,DC=loc" ); - t.m_options.put( LdapLoginModule.OPTION_USER_PATTERN, "(&(objectClass=person)(mailNickname={0}))" ); + // Create the TestEngine properties + Properties props = new Properties(); + props.load( TestEngine.findTestProperties() ); + + // Set the LoginModule options + Map<String,String> options = new HashMap<String,String>(); + options.putAll( LdapConfig.ACTIVE_DIRECTORY_CONFIG ); + options.put( LdapLoginModule.OPTION_CONNECTION_URL, "ldap://camb-dc01.forrester.loc:389"; ); + options.put( LdapLoginModule.OPTION_USER_BASE, "OU=Office Locations,OU=forrester,DC=forrester,DC=loc" ); + options.put( LdapLoginModule.OPTION_AUTHENTICATION, "DIGEST-MD5" ); + options.put( LdapConfig.PROPERTY_SSL, "false" ); + for ( Map.Entry<String,String> option : options.entrySet() ) + { + props.put( AuthenticationManager.PREFIX_LOGIN_MODULE_OPTIONS + option.getKey(), option.getValue() ); + } + props.put( AuthenticationManager.PROP_LOGIN_MODULE, LdapLoginModule.class.getName() ); - // Login with a user that IS in the database + // Set the Authorizer properties + props.put( AuthorizationManager.PROP_AUTHORIZER, LdapAuthorizer.class.getCanonicalName() ); + props.put( LdapConfig.PROPERTY_ROLE_BASE, "OU=Distribution Lists,OU=.Global,OU=forrester,DC=forrester,DC=loc" ); + props.put( LdapConfig.PROPERTY_BIND_DN, "ajaquith" ); + props.put( AuthenticationManager.PROP_KEYCHAIN_PATH, "/Users/arj/workspace/ldap/forrester" ); + props.put( AuthenticationManager.PROP_KEYCHAIN_PASSWORD, "keychain-password" ); + + // Set the UserDatabase properties + props.put( UserManager.PROP_READ_ONLY_PROFILES, "true" ); + + TestEngine engine = new TestEngine( props ); + + // + // 1. Test the LoginModule + // + Keychain keychain = new Keychain(); + InputStream stream = new FileInputStream( new File( "/Users/arj/workspace/ldap/forrester") ); + keychain.load( stream, "keychain-password".toCharArray() ); + Keychain.Password password = (Keychain.Password)keychain.getEntry( LdapConfig.KEYCHAIN_BIND_DN_ENTRY ); Subject subject = new Subject(); - CallbackHandler handler = new WikiCallbackHandler( null, null, "ajaquith", "****" ); + CallbackHandler handler = new WikiCallbackHandler( null, null, "ajaquith", password.getPassword() ); LoginModule module = new LdapLoginModule(); - module.initialize( subject, handler, new HashMap<String, Object>(), t.m_options ); + module.initialize( subject, handler, new HashMap<String, Object>(), options ); module.login(); module.commit(); // Successful login will inject the usual LoginPrincipal Set<Principal> principals = subject.getPrincipals(); assertEquals( 3, principals.size() ); - assertTrue( principals.contains( new WikiPrincipal( "ajaquith", WikiPrincipal.LOGIN_NAME ) ) ); + //assertTrue( principals.contains( new WikiPrincipal( "ajaquith", WikiPrincipal.LOGIN_NAME ) ) ); // PLUS, in this case only, principals for Wiki Name and Full Name assertTrue( principals.contains( new WikiPrincipal( "Andrew Jaquith", WikiPrincipal.FULL_NAME ) ) ); @@ -149,6 +189,23 @@ // AuthenticationManager, NOT the LoginModule, adds the Role principals assertFalse( principals.contains( Role.AUTHENTICATED ) ); assertFalse( principals.contains( Role.ALL ) ); + + // + // 2. Test the LdapAuthorizer + // + assertTrue( engine.getUserManager().isReadOnly() ); + Authorizer authorizer = engine.getAuthorizationManager().getAuthorizer(); + + Principal[] roles = authorizer.getRoles(); + assertNotSame( 0, roles.length ); + + // User does not belong to any roles + WikiSession session = engine.guestSession(); + engine.getAuthenticationManager().login( session, "ajaquith", password.getPassword() ); + Role admin = new Role( "Admin" ); + Role research = new Role( "Research - IT - Analysts" ); + assertFalse( authorizer.isUserInRole( session, admin ) ); + assertTrue( authorizer.isUserInRole( session, research ) ); } public final void testLogout() throws Exception
Modified: incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/AllTests.java URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/AllTests.java?rev=804457&r1=804456&r2=804457&view=diff ============================================================================== --- incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/AllTests.java (original) +++ incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/AllTests.java Sat Aug 15 11:53:37 2009 @@ -39,6 +39,7 @@ TestSuite suite = new TestSuite( "User profile and database tests" ); suite.addTestSuite( UserProfileTest.class ); suite.addTestSuite( JDBCUserDatabaseTest.class ); + suite.addTestSuite( LdapUserDatabaseTest.class ); suite.addTestSuite( XMLUserDatabaseTest.class ); return suite; } Added: incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/LdapUserDatabaseTest.java URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/LdapUserDatabaseTest.java?rev=804457&view=auto ============================================================================== --- incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/LdapUserDatabaseTest.java (added) +++ incubator/jspwiki/trunk/tests/java/org/apache/wiki/auth/user/LdapUserDatabaseTest.java Sat Aug 15 11:53:37 2009 @@ -0,0 +1,191 @@ +/* + JSPWiki - a JSP-based WikiWiki clone. + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + */ +package org.apache.wiki.auth.user; + +import java.security.Principal; +import java.util.Properties; + +import junit.framework.TestCase; + +import org.apache.commons.lang.ArrayUtils; +import org.apache.wiki.TestEngine; +import org.apache.wiki.auth.*; + +/** + * @author Andrew Jaquith + */ +public class LdapUserDatabaseTest extends TestCase +{ + + private LdapUserDatabase m_db; + + private TestEngine m_engine = null; + + /** + * @see junit.framework.TestCase#setUp() + */ + protected void setUp() throws Exception + { + super.setUp(); + Properties props = new Properties(); + props.load( TestEngine.findTestProperties() ); + props.put( UserManager.PROP_DATABASE, "org.apache.wiki.auth.user.LdapUserDatabase" ); + props.put( LdapConfig.PROPERTY_CONNECTION_URL, "ldap://127.0.0.1:4890/"; ); + props.put( LdapConfig.PROPERTY_USER_BASE, "ou=people,dc=jspwiki,dc=org" ); + props.put( LdapConfig.PROPERTY_AUTHENTICATION, "simple" ); + props.put( LdapConfig.PROPERTY_LOGIN_ID_PATTERN, "uid={0},ou=people,dc=jspwiki,dc=org" ); + m_engine = new TestEngine( props ); + m_db = new LdapUserDatabase(); + m_db.initialize( m_engine, props ); + } + + protected void tearDown() throws Exception + { + super.tearDown(); + m_engine.shutdown(); + } + + public void testFindByEmail() throws Exception + { + UserProfile profile = m_db.findByEmail( "[email protected]" ); + assertEquals( "uid=janne,ou=people,dc=jspwiki,dc=org", profile.getUid() ); + assertEquals( "janne", profile.getLoginName() ); + assertEquals( "Janne Jalkanen", profile.getFullname() ); + assertEquals( "JanneJalkanen", profile.getWikiName() ); + assertEquals( "[email protected]", profile.getEmail() ); + + try + { + m_db.findByEmail( "[email protected]" ); + // We should never get here + fail( "Found nonexistent user!" ); + } + catch( NoSuchPrincipalException e ) + { + } + } + + public void testFindByFullName() throws Exception + { + UserProfile profile = m_db.findByFullName( "Janne Jalkanen" ); + assertEquals( "uid=janne,ou=people,dc=jspwiki,dc=org", profile.getUid() ); + assertEquals( "janne", profile.getLoginName() ); + assertEquals( "Janne Jalkanen", profile.getFullname() ); + assertEquals( "JanneJalkanen", profile.getWikiName() ); + assertEquals( "[email protected]", profile.getEmail() ); + + try + { + m_db.findByEmail( "[email protected]" ); + // We should never get here + fail( "Found nonexistent user!" ); + } + catch( NoSuchPrincipalException e ) + { + assertTrue( true ); + } + } + + public void testFindByUid() throws Exception + { + UserProfile profile = m_db.findByUid( "uid=janne,ou=people,dc=jspwiki,dc=org" ); + assertEquals( "uid=janne,ou=people,dc=jspwiki,dc=org", profile.getUid() ); + assertEquals( "janne", profile.getLoginName() ); + assertEquals( "Janne Jalkanen", profile.getFullname() ); + assertEquals( "JanneJalkanen", profile.getWikiName() ); + assertEquals( "[email protected]", profile.getEmail() ); + + try + { + m_db.findByEmail( "[email protected]" ); + // We should never get here + fail( "Found nonexistent user!" ); + } + catch( NoSuchPrincipalException e ) + { + assertTrue( true ); + } + } + + public void testFindByWikiName() throws Exception + { + UserProfile profile = m_db.findByWikiName( "JanneJalkanen" ); + assertEquals( "uid=janne,ou=people,dc=jspwiki,dc=org", profile.getUid() ); + assertEquals( "janne", profile.getLoginName() ); + assertEquals( "Janne Jalkanen", profile.getFullname() ); + assertEquals( "JanneJalkanen", profile.getWikiName() ); + assertEquals( "[email protected]", profile.getEmail() ); + + try + { + m_db.findByEmail( "foo" ); + // We should never get here + fail( "Found nonexistent user!" ); + } + catch( NoSuchPrincipalException e ) + { + assertTrue( true ); + } + } + + public void testFindByLoginName() throws Exception + { + UserProfile profile = m_db.findByLoginName( "janne" ); + assertEquals( "uid=janne,ou=people,dc=jspwiki,dc=org", profile.getUid() ); + assertEquals( "janne", profile.getLoginName() ); + assertEquals( "Janne Jalkanen", profile.getFullname() ); + assertEquals( "JanneJalkanen", profile.getWikiName() ); + assertEquals( "[email protected]", profile.getEmail() ); + try + { + m_db.findByEmail( "FooBar" ); + // We should never get here + fail( "Found nonexistent user!" ); + } + catch( NoSuchPrincipalException e ) + { + assertTrue( true ); + } + } + + public void testGetWikiNames() throws WikiSecurityException + { + // There are 8 test users in the database + Principal[] p = m_db.getWikiNames(); + assertEquals( 8, p.length ); + assertTrue( ArrayUtils.contains( p, new WikiPrincipal( "JanneJalkanen", WikiPrincipal.WIKI_NAME ) ) ); + assertTrue( ArrayUtils.contains( p, new WikiPrincipal( "TestUser", WikiPrincipal.WIKI_NAME ) ) ); + assertTrue( ArrayUtils.contains( p, new WikiPrincipal( "Administrator", WikiPrincipal.WIKI_NAME ) ) ); + assertTrue( ArrayUtils.contains( p, new WikiPrincipal( Users.ALICE, WikiPrincipal.WIKI_NAME ) ) ); + assertTrue( ArrayUtils.contains( p, new WikiPrincipal( Users.BOB, WikiPrincipal.WIKI_NAME ) ) ); + assertTrue( ArrayUtils.contains( p, new WikiPrincipal( Users.CHARLIE, WikiPrincipal.WIKI_NAME ) ) ); + assertTrue( ArrayUtils.contains( p, new WikiPrincipal( "FredFlintstone", WikiPrincipal.WIKI_NAME ) ) ); + assertTrue( ArrayUtils.contains( p, new WikiPrincipal( Users.BIFF, WikiPrincipal.WIKI_NAME ) ) ); + } + + public void testValidatePassword() + { + assertFalse( m_db.validatePassword( "janne", "test" ) ); + assertTrue( m_db.validatePassword( "janne", "m...@5sw0rd" ) ); + assertTrue( m_db.validatePassword( "user", "password" ) ); + } + +}
